Tue Jun 19 11:13:28 2007


I think it is safe to assume that every kid learns in school, or, to be more precise during the school breaks, that the more you brag, the better you should be able to defend yourself. What I find interesting is the fact that businesses tend to overlook this simple social rule from childhood. There have been examples of businesses intentionally or unintentionally bragging too much in the past. Think Oracle's "unbreakable" campaign, rewarded with a massive amount of reported security vulnerabilities.

Some may have seen the movie "The Devil Wears Prada". In one scene, the protagonist is ordered to obtain a copy of the latest Harry Potter book, which is not available in stores yet. This being a movie, she manages to get it. The script author referred to the hype created by the Harry Potter publishers Bloomsbury Publishing Plc. around every single release of the book.

I always wondered why the script of an upcoming Harry Potter is not obtained beforehand simply by breaking into the publisher's network. My guess was that the people with the required abilities and skills probably have better things to do. But of course, the stakes are higher with the (hopefully) last book in the series.

Today, a post on the Full Disclosure mailing list claims that a copy of the script for the upcoming book was successfully obtained and presents a spoiler with the ending of story, as it will be released in 32 days or so. The post mentions that the way to get it was to send an email with a link to a web page that contained some well-known exploit from milw0rm. The post mentions that it is surprising how many people in the company have the script somewhere on their computer. Game over.

A copy of the new Harry Potter: $34.99.
The global value of the Harry Potter brand according to Forbes.com: $
Getting the final marketing move p0wned: priceless.

It doesn't really matter if the Full Disclosure post is a fake or really contains the ending of the next book. If your content is as valuable as this script and your marketing campaign is about the fact that nobody knows about the ending, you should better prepare for someone raining onto your parade.

Now would be a good time to sit back and think about the value of your company's intellectual property assets and if you can be sure that nobody else knows about them. Start with the following, non-exhaustive list of checks:

  • Is the information known to exist outside of the company? How do you know?
  • Is the information always stored encrypted? If so, how do you know?
  • Is the information always destroyed when printed? How do you know?
  • Are the backups encrypted? Who got the key? How do you know?

Next time when your laptop is stolen and you fill into the forms an estimated monetary loss of more than $4000, it would be an indication that you did in fact think about the questions above.

Posted by FX | Permanent link | File under: humor