The Encrypter’s Creed

This is my private key. There are many like it, but this one is mine.

My private key is my best friend. It is my life. I must secure it as I must secure my life.

My private key, without my data, is useless. Without my private key, my data is useless. I must deploy my public and private keys true. I must encrypt better than my enemy who is trying to steal from me. I must defeat him before he defeats me. I will…

My private key and I know that what counts in cyber war is not the bits we fire, the noise of our modems, nor the bandwidth we consume. We know that it is the control over access to our data that counts. We will control access to our data…

My private key is human, even as I, because it is my life. Thus, I will learn it as a brother. I will learn its weaknesses, its strength, its parts, its software, its bits and its bytes. I will keep my private key clean and ready, even as I am clean and ready. We will become part of each other. We will…

Before God, I swear this creed. My private key and I are the defenders of my company. We are the masters of our enemy. We are the saviors of my company’s data.

So be it, until victory is ours and there is no enemy, but peace!

My mind often goes to strange places when the problem of emphasizing the importance of something to users comes up. How can one possibly impart the importance of safeguarding one’s private encryption key to someone that may not fully appreciate what encryption is, or why it is even being used? Granted most people on the Internet have a passing understanding of encryption, at least as far as how it intersects with their web browsing in the form of HTTPS pages using SSL (thanks, Heartbleed), but even its use is mostly automatic. Protecting data at rest, say for backups, requires a slightly more complicated approach. For some reason my mind leaped to adapting the Rifleman’s Creed to drive home the point of the importance of a private key in public key encryption. I’m weird. I know. And if you have found this offensive in any way, I apologize…I sincerely hope you can find a way to call it art, and move on.

Trust Turned to Trussed

I spend a fair amount of my commute time reading. Mostly just catching up on a seemingly endless pile of magazines covering topics of interest to me professionally and personally. Among my most favorite is IEEE Security & Privacy. It always manages to capture my attention, and holds my interest until I’ve wound up reading the issue very nearly cover-to-cover…sometimes with a chuckle or two.

Usually when an article on the very serious issues surrounding computer security and privacy produces a chuckle or laugh, it seldom has anything to do with the topic, or the author’s coverage of it. Most often, I get tickled over my own mental contortions of what is being said…generally, outside of the original context. As an example:

Continue reading

The de facto standard response…

Saw something today on Slashdot, and had to capture it for my own future amusement.

In response to a recently proposed anti-spam solution, a link to this “standard” response form was provided, giving a very dark, but humorous reminder of the hopelessness we all face in fighting spam.

Anything that can make you laugh-out-loud after 3PM is worth sharing.