Skip to main content

security policy <--> system design <--> contents design

Last week end, I went to Tokyo for recruit activity.

After finishing everything, I met with my friend's couple. We enjoyed the time. And we went to showroom for a thing (I should not say more ^^;;;), because we had small time. Then the organization provides a terminal which introduce about their activities. I found security hall in the system, which comes from weak communication when they design the system. The system is following.

The system has only one input device, which is mouse. The system provides full screen web browser. The web browser is limited version for function.  The system has no keyboard. So, users can use only the limited web browser. And the organization uses twitter. The twitter account publishes about their activity with no link or link to inside of there contents. This meaning is that users can not exit from their contents. (usually....) If the system provides only above, then this system is completely perfect. However, the twitter's account profile links to another web site in their organization. And the page links to their facebook account. This is problem. Usually, if user publish something onto facebook and some other user push like button, then all users can go his/her personal timeline on facebook from a list what provide a users who push like button. Even if the organization did not publish any links to other site, however the system user can go out to 3rd parties' page. If the time line has malicious link then the site will have problems.

This problem comes from communication miss. (I think.) There is 4 pages. Homepage on the system, twitter, other official page, and facebook. The system designer considered about only homepage showing. Accidentally, the homepage designer needed to link to their twitter account. And, the twitter account manager was different team from the system manager team. And (maybe) the twitter manager did not know the twitter is linked from such limited system. Then the team linked other official page. Sure, the page manager clearly don't know first homepage. The team linked both of twitter and facebook account for promoting. If at least one engineer or manager knew every services then the error was not occurred.....

When I saw the site, I really felt scared. The system itself, the organization considered about security. However, the contents management can easy break the security policy, if they don't have security concern.......

(maybe) I will write mail to them about this problem.......If I have time and stamina  ^^;;;;;

Comments

Popular posts from this blog

gDisk 0.6.1

Today, I try to use new gDisk version 0.6.1. Before version, I cannot see what files are on the server side. But current version I could do it. I think it is better than before version and it began to useful for backup software. But it has one problem.... When I uploaded more than 10 files at same time, it was clash down. I try to do it at 2-3 times but result was same..... I think it is one of the bag or the documents said about it (Actuary I read no document about it for this version)

Bicycle insurance in japan

Long time, I was considering about bicycle insurance. Many japanese are not consider about insurance for bicycle in japan. Because japan is weak country for insurance. Many people considered about when they are attacked by car. They didn't have an idea what they may be going to be individual at fault. However, road bikes are faster than my MTB. And, many of city bikes do not turn on a head light after sunset. The old person has also no idea what the bicycles can ride so fast as 50cc motar bike. Then they easy enter in front of bicycles. Such kind of accident is not few in japan. And, the worst case of such accident, the road bike rider needed to pay 40 millions yen to attacked person. Bicycle ride's bad manner have begun to social issues. Some bicycle riders do not follow the traffic lights or traffic signs. In such background, sometime, I have risks what I will be attacked by such bicycle riders when I ride my MTB. However, as above reason, many riders have no insurance ...

Pocket WiFi + Nexus One

Last a month, I used PocketWiFi with B-Mobile SIM + Google Nexus One with Softbank mobile SIM. I used this combination for a month because the softbank mobile had problem for 3G data communication due to the wrong parameter written by staff. The communication speed was too slow. So, I try to use B-Mobile for data communication. I wanted to use b-mobile but I didn't want to change the phone plan from softbank. Then, I try to use Pocket WiFi. The largest merit of using PocketWiFi is that we can use 3G network at most 6 devices at a same time. When we are starbacks, some coffee stand, or some other places we can use 3G network through the wifi. The speed was enough for web browser. However, for the data communicating through the android application, some of them didn't work. And, the buttery power also had problem. I need to charge the buttery every 1-2 days, even if i didn't use it. And, I had some situation that I wanted to use it however I forgot to bring it with me or to c...