What is Black Alchemy?
"Businesses are not going to expend money fixing any problem, no matter how severly it affects me as a customer, until it starts to affect their profitability. I wouldn't expect them to; they are a construct created with the express purpose of optimizing profitability. My goal as a security- conscious consumer is to -make- it the corporation's best interest to fix any problems that would have a detrimental effect on me as quickly as possible."
anonymous ISP customer, January 2002
Computer security is not rocket science. It's been in existence for a few decades. Many of the practices remain unchanged today.
In computer security, the difficulty arises in the implementation of these security practice fundamentals within the ever changing noise of systems environments. Security vulnerabilities are announced every day. It seems like we can never get it quite right.
Getting it right begins at the inception of a product.
Computer security can be summed up quite simply. It is the process of creating, deploying and managing a business environment in a controlled manner. I say business environment because security exists to protect something. Not just the data for the data's sake, but rather for the business that the data makes possible.
Could microwave ovens have been created without security? Nuclear Bombs? Dry-weave fabrics? The next fancy motorcar? No. What about businesses that are not in the "business" of making money? Do these need security too? Look at open source efforts. How can you protect the integrity of a CVS tree? What about your own email, or the hard drive on your computer at home? Data can exist that is your business and no one else's. The practice of security exists to protect; whatever business you're up to.
Designing, developing and deploying systems that are relatively secure (there is no such thing as absolutely secure) is not difficult. A common breakdown of many security environments exists in the day to day management. People get comfortable. People get sloppy. People get lazy. Only through tenacious attention to detail can one succeed in managing a security environment.
Black Alchemy focuses on understanding the technologies, techniques and people engaged in protecting information.