![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mjg59Working in information security means building controls, developing technologies that ensure that sensitive material can only be accessed by people that you trust. It also means categorising people into "trustworthy" and "untrustworthy", and trying to come up with a reasonable way to apply that such that people can do their jobs without all your secrets being available to just anyone in the company who wants to sell them to a competitor. It means ensuring that accounts who you consider to be threats shouldn't be able to do any damage, because if someone compromises an internal account you need to be able to shut them down quickly.
And like pretty much any security control, this can be used for both good and bad. The technologies you develop to monitor users to identify compromised accounts can also be used to compromise legitimate users who management don't like. The infrastructure you build to push updates to users can also be used to push browser extensions that interfere with labour organisation efforts. In many cases there's no technical barrier between something you've developed to flag compromised accounts and the same technology being used to flag users who are unhappy with certain aspects of management.
If you're asked to build technology that lets you make this sort of decision, think about whether that's what you want to be doing. Think about who can compel you to use it in ways other than how it was intended. Consider whether that's something you want on your conscience. And then think about whether you can meet those requirements in a different way. If they can simply compel one junior engineer to alter configuration, that's very different to an implementation that requires sign-offs from multiple senior developers. Make sure that all such policy changes have to be clearly documented, including not just who signed off on it but who asked them to. Build infrastructure that creates a record of who decided to fuck over your coworkers, rather than just blaming whoever committed the config update. The blame trail should never terminate in the person who was told to do something or get fired - the blame trail should clearly indicate who ordered them to do that.
But most importantly: build security features as if they'll be used against you.
And like pretty much any security control, this can be used for both good and bad. The technologies you develop to monitor users to identify compromised accounts can also be used to compromise legitimate users who management don't like. The infrastructure you build to push updates to users can also be used to push browser extensions that interfere with labour organisation efforts. In many cases there's no technical barrier between something you've developed to flag compromised accounts and the same technology being used to flag users who are unhappy with certain aspects of management.
If you're asked to build technology that lets you make this sort of decision, think about whether that's what you want to be doing. Think about who can compel you to use it in ways other than how it was intended. Consider whether that's something you want on your conscience. And then think about whether you can meet those requirements in a different way. If they can simply compel one junior engineer to alter configuration, that's very different to an implementation that requires sign-offs from multiple senior developers. Make sure that all such policy changes have to be clearly documented, including not just who signed off on it but who asked them to. Build infrastructure that creates a record of who decided to fuck over your coworkers, rather than just blaming whoever committed the config update. The blame trail should never terminate in the person who was told to do something or get fired - the blame trail should clearly indicate who ordered them to do that.
But most importantly: build security features as if they'll be used against you.
no subject
Date: 2023-01-23 01:32 pm (UTC)(no subject)
From:Secure boot?
Date: 2023-01-23 10:37 pm (UTC)Re: Secure boot?
From:Re: Secure boot?
From: (Anonymous) - Date: 2023-03-31 01:15 pm (UTC) - Expandno subject
Date: 2023-01-24 01:37 pm (UTC)Thank you Matthew for the SecureBoot support in Linux.
(no subject)
From: (Anonymous) - Date: 2023-01-24 04:23 pm (UTC) - Expand(no subject)
From: (Anonymous) - Date: 2023-01-24 11:25 pm (UTC) - Expandno subject
Date: 2023-01-25 01:12 am (UTC)no subject
Date: 2023-01-25 07:37 am (UTC)Gatekeeping 'undesirables' out of the banking system; patients with chronic 'timewasting' conditions out of access to medical care; excluding developers with dyslexia or sensory deficits from online-testing shortlists for interviews...
All of these things are available for use against the dangerous fools who implemented them.
And don't get me started on the dangers of flagging a company or personal bank account with 'suspected money laundering': the same mechanism, and the same opportunity for malice without review redress or accountability is available e to anyone in the know who wishes to denounce a neighbour for housing employing or being an undocumented immigrant.
I doubt that the systems that do this are competently secured against malicious misuse. Or indeed, intentional 'misuse': the purpose of a system os whatever the system actually does.