Author: Arthur

I was born in Kiev and have been living in Los Angeles for almost 25 years. I've been in IT pretty much since I was 13 and got my first computer. My specialties lie in the area of devops and web security, although I've pretty much done everything at one time or another.

English in India

Great quora post about the idiosyncrasies of English as spoken in India. When I first started working with an offshore Indian team, the phrase “please do the needful” confused the hell out of me. They also seem to use Mr. First Name a lot.

I remember looking it up at some point. There was a theory that this all stems from the time of East India Company. Apparently that’s how English was spoken at the time and after the British left, a lot of schools and textbooks remained the same. So while English evolved into the modern day version, a lot of Indians continue to learn and speak the version that was brought to them by the British a few centuries back.

Securing users

I was reading an edition of PenTest Magazine (attached here for convenience). They’ve had a few decent articles in there, but one was talking specifically about securing your users. That’s an interesting topic. An attack against your company is very likely to come through the “meatware” vector. It’s often much easier then trying to find the latest 0-day or buffer overflow. Of course you have your security policies and user training, but even the security pros fall for a well crafted phishing attack. Your expectation of the extent that you’ll be able to harden and train your userbase should be limited. You need to be prepared for a breach to come through that direction.

A lot of defenses should be focused on isolating the user population from critical systems, so that when a breach does occur, the impact is limited. Of course users do need some access in order to perform their jobs and that’s where it’s critical to focus on granular access controls, specifically RBAC. You also need to have the capacity to detect and respond to any anomalies in user behavior. That’s what ultimately will allow you to contain the threat and limit it’s impact.