Well I never!
For the past few months I have been ranting about the importance of access to customer credit card information and the possible ramifications if someone untrust worth working in an organization got hold of the information. Tonight I hear that this has happened.
We are so busy protecting ourselves from external intruders that we sometimes miss the most obvious point of attack, from inside.
I was investigating the possibility of inegrating a well known piece of accounting software into our CRM and realised that the credit card info is stored in plain text. Imagine my horror as I started scrolling through credit card details which contained verification numbers and suddenly I was overwhelmed with the thought of what could be done with this info.
I understand that you can't stop everyone from accessing this data BUT you can audit the access. The idea of allowing call centre staff to access this information is WAY beyond me. Call centres probably have the highest staff turn over and they say that a large percentage of hacks are done by disgruntled employees.
I am putting some more thought into this topic and will post my solutions when I have some.
Till then stay safe and stick to the rubber cheques :)
Thursday, May 10, 2007
Tuesday, April 24, 2007
Shuddup about Microsoft already!
Everyone gets the point!. No one likes Microsoft. No one likes there marketing strategy, no one likes their release software etc etc. I am sick and tired of hearing how unsecure Windows and IE is. The truth of the matter is this. They own the largest market share, that would lead one to believe that the major reason for getting nuked with viruses is the major audience.
Think about it, if 10% of the world ran windows and the rest ran *nix, you think there would be viruses for Windows? Neither do I.
As for the vulnerabilities, all machines are. Every vendor has holes. Patch your OS and if you really want to be safe, never connect to any network including the internet. Every browser has flaws it just seems that jealousy makes you nasty.
That being said, I hate Bill as well but if I had his money I wouldn't :)
Stop whining about nonsense and get back to work.
Think about it, if 10% of the world ran windows and the rest ran *nix, you think there would be viruses for Windows? Neither do I.
As for the vulnerabilities, all machines are. Every vendor has holes. Patch your OS and if you really want to be safe, never connect to any network including the internet. Every browser has flaws it just seems that jealousy makes you nasty.
That being said, I hate Bill as well but if I had his money I wouldn't :)
Stop whining about nonsense and get back to work.
Thursday, February 15, 2007
South Africa my sad country
You are dying and make me tired, why should I fight for you any longer when you continue to rape me?
Friday, February 09, 2007
The misconception of cheap development environments
How many times have you heard that the development environment doesn't need to have decent machines in it? How many times have you heard that you can continue to develop on that clunky Pentium 2 with 512 megs of RAM?
Well sitting and thinking about it I decided to have my say.
First thing I thought about was the rate that development is expected at. Now let us think about this. Working on a large application that consumes a large amount of resources during deployment is very exciting. Unless you have to wait 5 minutes for the clunker to deploy to find out you spelt one of your annotations wrong. Then it is back to the IDE, make changes, recompile and redeploy. Another five minutes. So now every time you deploy (which could be a hefty number during the dev and debug phases) you have to wait five minutes.
8 * 60 = 480 minutes in a business day
480 / 5 = 96 deployments.
See where I am going? Rather get a stronger machine so the developers can focus on what they do best, develop, not wait for deployments.
Another thing. All changes get made to development (theoretically) before being pushed to production. Now you working on BIG project. BIG project almost complete. About to be deployed to projection. Dev machine crashes due to the old hardware. SIRENS!
I can hear you mumbling backups, backups, backups. Now I have backed up my BIG project. Hard disk gets replaced. Now due to lack of resources it takes another 54 years (exaggeration) to restore your backups. Now all of a sudden the move to production has been pushed back 54 years.
Okay one last example and I am willing to bet we have all done this. Developers hitting development environment hard. Development environment slows down to a stand still. Get tired of waiting. Hmmmm, my machine is quicker than the dev machine. Hack, hack, copy, paste, scribble, reboot. Ah now my machine is my development environment. All developers realise the bliss of working in a quick development environment. All developers switch to standalone environments. Now you have 50 disparate development environments that have to deploy on the same production environment.
The moral of the story is that your development environment is not your production environment BUT it is just a critical. Never underestimate the importance of a good development environment.
Once upon a time ...
Well sitting and thinking about it I decided to have my say.
First thing I thought about was the rate that development is expected at. Now let us think about this. Working on a large application that consumes a large amount of resources during deployment is very exciting. Unless you have to wait 5 minutes for the clunker to deploy to find out you spelt one of your annotations wrong. Then it is back to the IDE, make changes, recompile and redeploy. Another five minutes. So now every time you deploy (which could be a hefty number during the dev and debug phases) you have to wait five minutes.
8 * 60 = 480 minutes in a business day
480 / 5 = 96 deployments.
See where I am going? Rather get a stronger machine so the developers can focus on what they do best, develop, not wait for deployments.
Another thing. All changes get made to development (theoretically) before being pushed to production. Now you working on BIG project. BIG project almost complete. About to be deployed to projection. Dev machine crashes due to the old hardware. SIRENS!
I can hear you mumbling backups, backups, backups. Now I have backed up my BIG project. Hard disk gets replaced. Now due to lack of resources it takes another 54 years (exaggeration) to restore your backups. Now all of a sudden the move to production has been pushed back 54 years.
Okay one last example and I am willing to bet we have all done this. Developers hitting development environment hard. Development environment slows down to a stand still. Get tired of waiting. Hmmmm, my machine is quicker than the dev machine. Hack, hack, copy, paste, scribble, reboot. Ah now my machine is my development environment. All developers realise the bliss of working in a quick development environment. All developers switch to standalone environments. Now you have 50 disparate development environments that have to deploy on the same production environment.
The moral of the story is that your development environment is not your production environment BUT it is just a critical. Never underestimate the importance of a good development environment.
Once upon a time ...
Subscribe to:
Comments (Atom)