A BBC report on Africa reminds me of trying to manage proper firewall rules in a fast-paced enterprise.

Hundreds of villagers are helping to map parts of the Democratic Republic of Congo where thick forest and conflict have prevented effective mapping.

So far about 190 villages have been found in one area of Bandundu province where old maps show only 30, UK-based charity The Rainforest Foundation says.

Ever had someone demand that you open the firewall immediately so they can start reaping rewards? The proper security response is to pause and try to estimate their actual needs, keeping role-based access and similar principles of good governance in mind. The reality is business units often do not see the risks and/or value in precise measurements…I’m tempted to throw in a pun about logging here.

“In one of the sectors of the territory that the groups are mapping at the moment, there are something like 190 villages but on the official map there are about 30,” Cath Long of the Rainforest Foundation which is organising the project told the BBC’s Network Africa.

She said millions of Congolese depend on the forest for their existence.

“The real worry is that permits to cut timber, permits to extract resources will be given to external companies without recognising the fact that people are already there and already using the forest,” she said.

I may try to work in this story the next time an executive calls me and rants about the firewall processes blocking his/her business plan, deadlines and profitability/savings goals.

Can’t wait to see the reaction when I reference the forests of DR Congo.

Mobile and wireless technology is really making some interesting models in Africa. Something tells me these small instances are signs of opportunities for security devices and designs, perhaps even forming the majority of future markets for communication tools in unstructured/ungoverned spaces.

“Dumpster diving” is more relevant to security than ever. People seem to print confidential files on a daily basis. I don’t know what happened to the digital transition, but this continues to be a source of major concern. The story today involves the building plans for the future WTC.

Two sets of confidential blueprints for the planned Freedom Tower, which is set to rise at Ground Zero, were carelessly dumped in a city garbage can on the corner of West Houston and Sullivan streets, The Post has learned.

Experts said the detailed, floor-by-floor schematics contain enough detail for terrorists to plot a devastating attack.

“Secure Document – Confidential,” warns the title page on each of the two copies of the 150-page schematic that a homeless, recovering drug addict discovered in the public trash can.

Don’t let this happen to you. Just don’t print anything anymore. And if you do, treat hard copy like you would a stack of $100 bills. Really, give it a try. It cuts down on paper use. Similarly, if you work at a company with printer addiction issues try using a clear-tray policy — each printer gets a person assigned the duty of clearing the tray every so many hours (e.g. at lunch and end of day). They will not only keep confidential material from floating around, but also give good validation of printer use logs.

Imagine if the man in the story had made a shelter out of the papers. Hmm, that makes me wonder if future fashion statements will include clothes decorated with random company data mixed in with “secret” and “confidential” stamps.

I just heard about a story that should be filed in the “too strange to be fiction” category of security:

Mr Lyalin, an electrician, had spent the evening drinking with a watchman at his workplace when they got into an argument, Interfax news agency reports.

The morning found him waking up in the watchman’s office but instead of going back to work, he decided to take the bus home.

At home, Mr Lyalin had some sausage from the fridge and lay down to sleep, the Komsomolskaya Pravda newspaper says.

After a couple of hours, his wife noticed the handle sticking out of his back and called an ambulance.

Viktor Belov, a surgeon who treated him, found a kitchen knife in Mr Lyalin’s back but “by good fortune, it had gone through soft tissue without touching vital organs”.

I don’t know why they have to report on the sausage. Pork or beef? Anyway, here’s the real punchline:

His alleged attacker reported the crime to the police himself, Interfax adds. Mr Lyalin apparently feels fine and bears no ill-will.

“We were drinking and what doesn’t happen when you’re drunk?” he was quoted by Komsomolskaya Pravda as saying.

Just the sort of logic you might want in your watchman and their friends, no? I suppose he’s right; if you are drinking often then everything does in fact happen when you are drunk. At least they both were honest about it. Wonder if the watchman’s log reads something like: “Started drinking heavily in the office, argued with visiting friend, stabbed friend in the back, reported incident to police, went home.”

Several sources are reporting massive issues from the recent email scam. US-CERT even has a warning called “spear phishing attack“. My favorite write up so far has been in The Register. They used the phrase “whaling expedition” to describe events:

About 2,000 executives took the bait on Monday, and an additional 70 have fallen for the latest scam, Richard said. Operating under the assumption that as many as 10 percent of recipients fell for the ruse, he estimated that 21,000 executives may have received the email. Only eight of the top 35 anti-virus products detected the malware on Monday, and on Wednesday, only 11 programs were flagging the new payload, which has been modified to further evade being caught.

Those are staggeringly poor numbers that nicely illustrate the problem with malware detection strategies. User education is the bedrock of security, while technology is usually just a tool. Like using a hammer, if someone suddenly puts screws in front of you and you do not know what defines a nail, and/or you rely on the vendor to figure it out for you…oops, I guess I need a fishing analogy.