Every breach report contains the words “sophisticated attack.” Security pros like me see it as pure spin. Here’s why.
Late last week, Home Depot finally released a statement about its data breach. At least they had the decency to call the attack “custom” and not spin it as “advanced” or “sophisticated.” Even “custom” is really a euphemism, as the attack wasn’t all that different from what other retailers experienced earlier in the year. It may have been as simple as recompressing the BlackPOS malware using a different compression algorithm or compression ratio to evade antivirus.
The worst Mondays have to be the day after a long weekend, or, as I’m fond of putting it, when Monday happens on Tuesday.
This particular Monday-on-a-Tuesday didn’t start well. I staggered in to work at 6 AM, and my boss said, well, let’s just say he didn’t say I looked well.
At 11 AM, lunchtime finally came. My lunchtime routine for years now has been to bring a frozen meal from home and microwave it. Everyone knows it. But not today, I didn’t. I went looking for my lunch, and couldn’t find it. “What are you doing?” my boss asked. “And why do you have your coat?”
“I lost my lunch,” I told my boss. That phrase has some history in my parts. Continue reading Losing my lunch
I mentioned my history with CTS/RSI in passing recently. I’ve been asked to elaborate, so I’ll elaborate on beating carpal tunnel.
It’s something I struggled with off and on for a good 10 years. Mostly off, in recent years, which is good. At one point, it was so bad I wasn’t able to unload my dishwasher, because I couldn’t grip the plates long enough. It was career threatening too. Continue reading Beating carpal tunnel/repetitive stress injury
I revisit the topic of what to look for in a router every six or seven years. As important as it always was, I think it’s even more important today, as there are a number of underpowered routers on the market and it’s best to avoid them.
This post originated in 2010. I revised it for 2017 needs, and by the time I was done, I’m not sure much of my 2010 text was left. But that’s OK.
I didn’t believe it when the news broke late Friday that Mark Hurd, CEO of Hewlett-Packard, had suddenly resigned under fire.
Hurd wasn’t flamboyant or a quote machine like many technology CEOs. He just steadily turned HP around, increasing profits, passing Dell in sales of PCs and IBM in sales of servers, and buying companies like EDS and 3Com. He was exactly what investors liked.
In the following days, it turned out there was more to the story.Some people believe the infraction that HP cited for Hurd’s downfall was a cover, that HP wanted him out. The reasons make some sense. The one that resonates with me the most is the logic that Hurd increased profits by squeezing expenses to the bone, slashing the workforce to the minimum, then slashing salaries. Doing more with less, in other words–the mantra of IT during the entire previous decade.
The result? Record numbers of applications from HP employees at competitors. So far, no Steven Slater-style meltdowns, but when demanding more and more while paying less isn’t a good long-term strategy. The Slater story brought attention to this problem and got people talking about it, and it looks like HP may have been a few days ahead of the curve on that.
Other accounts have said employees don’t like working for Hurd and he’s unpleasant toward him. Which lead to some defenders questioning when "being nice" was a job qualification for a CEO.
Well, five years ago I was consulting for a Fortune 500 company. I stepped onto an elevator, and the company CEO stepped on right after me. He extended his hand, introduced himself, and asked me my name, what department I worked in, and what I did there. It was a 30-second exchange.
He stepped off the elevator and literally never saw me again. I don’t know whether he forgot about me the moment I stepped off the elevator, or if he jotted down a note that if he needed a printer fixed he could call Dave Farquhar and filed it away. But unlike a certain very famous CEO, he gave me no reason to fear sharing an elevator ride with him.
And I do think an important qualification of being a CEO is knowing who to call when they need something done quickly and done right. Being friendly is conducive to that. Being ruthless at all times is not. Even Genghis Khan and Attila the Hun knew when to be kind.
Then there’s the question of the consultant. The consultant who had, among other duties, the questionable job duty of "keeping Mr. Hurd company on trips," but with whom Hurd didn’t have an affair (both deny any sexual element to the relationship), and whom Hurd didn’t sexually harass (HP said no harassment took place, and the two settled out of court and kept the terms private). The consultant with whom Hurd concealed $20,000 in expenses in order to hide the relationship.
To a CEO of a multibillion-dollar company, 20 grand isn’t much. Hurd could have paid that back, and he offered. The amount of money isn’t the question nearly so much as the motive. Why did he feel the need to conceal having dinner with one particular subordinate?
The sexual harassment claim gives weight to the claim of it not being a sexual affair. But the job duty of "keeping [any male in a position of power] company" is a common euphemism for something less innocent. I’ve also read speculation that some of this consultant’s past work–namely, acting roles in several R-rated films of the type that gave the cable TV channel Cinemax the nickname "Skinamax"–may have contributed to these expectations.
Some have said that’s blaming the victim. But no means no, and the definition is the same no matter what the person’s job description was for most of the 1990s.
If Mr. Hurd jumped to certain conclusions because his consultant once had a starring role in "Body of Evidence 2," that says more about him than it says about her.
If I remember one thing from my freshman orientation in college, it’s sitting in an auditorium and being told repeatedly that no means no. Regardless of how much she’s had to drink, or what she’s wearing, or what reputation she has for whatever reason.
Since the charge was harassment rather than something else, it sounds like perhaps someone thought a no on Monday might not be followed by a no on Tuesday. That’s better than thinking no means yes based on reputation, but it was still problematic enough to settle out of court rather than try to get it dismissed.
We’ll probably never know HP’s full motivation behind the dismissal. Mark Hurd left over what appears now to be a relatively minor matter of $20,000 worth of incorrect expense reports and a slightly inappropriate relationship with a subordinate, both things that would go completely unnoticed or be easily rectified if it was a different company, or, perhaps, a different person.
The key is to not leave that something relatively minor laying around.