I’m sitting in a meeting at my day job, listening to a prospective vendor lyrically describing their lush infosec management capabilities and my mid morning reverie was broken by the following phrases in rapid succession:
We use a labyrinth of firewalls. Four in series because you can sometimes see past the first few.
I asked what he meant when he said “see past the first few” — he answered something mumbling about traceroute.
We use a proprietary encryption algorithmn.
I’ve read enough Schneier to positively flip out at this one.
The data is protected by 4096-bit MD5 encryption.
Ok… I’m not even going to get into it with this guy.
SSL is not safe for our environment, one of our engineers broke SSL in 3 minutes.
OMFG – YOU BROKE THE INTERNET!!!!1!!! – WTFBBQ
Ahem, May I please attend the special press conference you’re going to call when you release this information? I want to see what happens when the guys with the mirrors on the inside of the glasses take you out with a NATO round to the cranium.
If you want SSL, we’ll change the encryption key once per day.
I’m sorry, did I mis-read the RFC where it describes per session keys?
It’s not that I’m nervous, but, well, I’m nervous. You may all return to your regularly scheduled programme.
[tags]Security Consultants, Infosec, Funny, Encryption, Bruce Schneier[/tags]
you should submit this to schneier for inclusion in the dog-house… they dug deep and struck snake-oil…
@kurt,
It’s not so much that they struck snake oil as the look on their face when I slid my card across the table and they realized I wasn’t a garden variety IT guy, but the very guy that they really needed to impress. Priceless.