Why books matter not just reading

So I am developer and maker – basically a keen person who is interested in almost everything which sounds logical. As hard it is to understand more interested I become in something.

In current “vast” space of information, On an average I read 10-15 articles a day that is being done since last 8 years but there hasn’t been a sense of knowledge satisfaction. If I compare it to my school days where I used to read through books which were related to computers, technical but outdated there is significant difference in satisfaction. (Do note, here I am not debating about articles in digital form & books in physical form.)

To understand the problem I started by creating a new habit.

Reading books – few pages as I wake up, few pages in evening. (Not a strict goal but 2 books/month – where each book averages to 200 pages and isn’t fictional )

So far it has been good and satisfaction level is quiet high !

but why ?

It seems it has to do with us :

  1. We skim not read, We skim news paper for information, we usually skim articles for information which we seek, we skim most of the content. With time, when brain see’s similar organization of content it activates the skimming mode.
  2. Information online is volatile; You might find similar or same piece of advise everywhere, copied & in few days it might disappear – & when not used it is trashed by brain. We need to see something once in a while to automatically recall & become more persistent.

    Eg: You read a book, keep it somewhere, you might stumble across it someday & open it – might check few things – you brain will start recalling many events but how many times you re-read same article ?
  3. Content doesn’t have a sense of authenticity; You come across articles, read them, understand them but mostly you can’t trust a content. How many people spend a month or a year in writing an article ?
    Articles have one key focus SEO, even if content is genuine it should have click baits, keywords etc but authenticity is not something search engines seek.
  4. Effort is missing; Again I am not talking about every article but publishing an article doesn’t require enough effort. While writing a book takes money, getting a publication house to agree and years of effort to put down thought – because once it is printed – it is printed.

    if you write something wrong – you can’t take book from people, there is error – it will persist for your lifetime. People will judge you by your book and it’s cover.
  5. Information is not organized; When you get a book, it’s always on specific theme and in all those pages it will talk just about that. You read related content such that slowly it starts persisting in your brain. And that how I got a sense of knowledge.

Irony is – this is an article.

This doesn’t mean that articles are bad but I have following perception on how articles should or shouldn’t be :

  1. Not for SEO : Yes, check the site if a lot of articles are of clickbait nature they will actually not convey good enough information. if a person is writing articles very frequently – those are there just for sake of being there.
  2. Should convey meaningful information : Now days most articles are just DERIVED from some other article, it is a good thing if article can innovate in certain manner or atleast put effort to organise certain information.
  3. There is no way but experience – on one hand you should not trust every source and should get information from trusted sources, but on other a good source doesn’t write frequently or broad topics. With time if one observes he/she can come to know how to identify bogus sources.
  4. Refer to official sources for information, yes just as in programming there are millions of tutorials but if I ever want to learn about something new I refer to official documentation – it doesn’t matter how badly it is written but usually documentations are accurate and explain logic as they are written by developers not content writer having bleak understanding about underlying principles. Same if for everything – if you want to read about some rules refer to government issued rule book – might not sound good – but it’s best way to have accurate information.

I know this is not a popular blog and there are not million followers but since you have read this articles feel free to comment and share what I missed – what else should be incorporated.

Solving the problem of phishing !

Phishing is a never ending war thug of war where one side is only trying to stop other side from winning, “Attackers are always trying to be innovative while defenders are trying to innovate on the innovation done by defenders.”

Ironic as it may sound, but this is what it is.

This article is not about blaming some organisation not doing enough to protect the customers here it is more about the vendors who are trying to defend, while current time doesn’t demand defence – instead it needs aggressive attack mechanism, even proactive attacks before damage could be done.

Approach

To solve the problem I am proposing a N step approach to solve the problem of phishing.

  1. Get ready with your defences – Just as in war, first strengthen your defences. It can be done by proactively doing following:
    1. Training your employees
    2. Asking cybersecurity team to be vigilant
    3. Performing vulnerability assessment and penetration testing.
    4. DDOS prevention (you might need, DDOS is cheap these days)
    5. DMARC, Cousin domains monitoring
    6. WAF, SIEM & other stuff.
  2. A small attack ( to know capabilities )
    1. To get an idea monitor what type of attacks are originating.
    2. Measure similarity among phishing attacks – you might be able to figure out active APT groups.
    3. Initiate takedown’s, publish something about them in media (yes, you heard me – more aggressively, see how they react)
  3. Attack the psychology
    1. Setting up “honeypot” (honeypot is key, I cannot write the process in detail, but trust me – they are something you will need) to gather information.
    2. Giving the attacker bogus information
    3. You win !

But how ?, the key part of approach is psychology – if you attack infrastructure it can be bought easily, success of a phishing attack depends on how good results the attacker gets.

Reasoning

if you ever conducted an actual phishing attack or have observed programmatic logics – attackers have adopted methods to get 2FA from clients but once verified data is valuable. Let’s do some math.

Let’s say you are conducting a phishing attack & it costs you to 100$ to compromise a web site or host it, sending email might cost you 0.001$.
Assuming 1/1000 spam are clicked – you are technically going to spend 1$ per click, let’s say 10% of clickers turn to victim. To get useful data you will require 10$.

if captured data is being sold in market at 20$ for every good data – you are going to make profit of 10$ excluding hosting cost.

but what if you are getting bogus data, which feels just good but now it is useless since 2FA has failed, or may be the server’s are not responding. Overall if vendors can make cost of Phishing high, only those will survive who have willingness to catch a whale.