Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

[OT] What is "the German Institute for Security in Information Technology"?

by BrowserUk (Pope)
on Jul 31, 2007 at 17:07 UTC ( #629873=perlquestion: print w/ replies, xml ) Need Help??
BrowserUk has asked for the wisdom of the Perl Monks concerning the following question:

Have any of you good monks any knowledge of an organisation called German Institute for Security in Information Technology?

This name turned up in a web page whilst I was doing some research into what makes Math::Random::MT unsuitable fro cryptographic purposes (that's the Perl link:).

That page cites this very impressive organisation as having produced this very impressive sounding set of criteria for evaluating CSPRNGs.

So, I went looking to see who these guys were, with a view to trying to find out how the came up with those criteria--and that's where things start getting confusing. Google lists exactly two references to this organisation. One is the earlier referenced wikipedia page; the other is a pdf at the springerlink website that it refuses to let me see.

If you expand the "search with omitted results included", you'll find a dozen more references that all appear to be plagiarised from the original wikipedia page.

I also tried searching for "GESIT", and that gets more hits, and the first looks likely but turns out to be something to do with geography, and in any case, the link redirects to a .cx url, which tells you nothing and doesn't inspire confidence.

Now if these 4 criteria are so authoritative, one would expect that the organisation that produced them would have done some other important work in the field of IT security. And as such, you might expect that it would have a web footprint. You might also expect that there might be some documentation of the basis upon which it arrived at these 4 criteria. You might also expect that work to (at least) be referenced from one or more of the established clearing houses for citations and IT-related papers: like ACM, or CiteSeer, or one of the dozen or so others. But nada, zip, ziltch, nary a mench.

The question.

So, does anyone know anything about this organisation? Is it an authoritative government institution? A fly-by-night quango? A private company with an official sounding title? A complete ghost?

In the field of security more than any other I've tried, the internet abounds with "security" companies and organisations doling out reams of sophisticated sounding advice and judgement criteria, but so often when I try to track these to source, they end up being dead ends(*).

The only other thing that comes close is "medical advice". I once tried to track down the basis of the World Health Organisation radiation exposure guidelines, and to the best of my ability to find out, they seem to have been plucked from the air by some committee at some point in the past and have become the defacto-standard ever since.

(*)Note: I'm not saying that is the case with GISIT, just that it seems possible given what I have been able to discover so far.


Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

Comment on [OT] What is "the German Institute for Security in Information Technology"?
Re: [OT] What is " German Institute for Security in Information Technology"?
by neniro (Priest) on Jul 31, 2007 at 17:16 UTC
    I'm not quite sure, but I suspect you mean the: "Bundesamt für Sicherheit in der Informationstechnik". They have a list of publications
Re: [OT] What is "the German Institute for Security in Information Technology"?
by moritz (Cardinal) on Jul 31, 2007 at 17:19 UTC
    In German it's call bsi and is a governmental organization. They inform about new viruses (sometimes), give advice which software to use (they recommend gpg) etc.

    I think it does solid work, but they're not known to employ ubergeeks as well.

Re: [OT] What is "the German Institute for Security in Information Technology"?
by Corion (Pope) on Jul 31, 2007 at 17:29 UTC
[OT over OT] Re: [OT] What is "the German Institute for Security in Information Technology"?
by polettix (Vicar) on Jul 31, 2007 at 23:01 UTC
    The only other thing that comes close is "medical advice". I once tried to track down the basis of the World Health Organisation radiation exposure guidelines, and to the best of my ability to find out, they seem to have been plucked from the air by some committee at some point in the past and have become the defacto-standard ever since.
    I don't know how far your quest went, but the radiation exposure guidelines are managed by the International Commission on Non-Ionizing Radiation Protection (ICNIRP) for what - ehr - non-ionising radiation are concerned. Back in 2002, the office I work in produced a survey of the available references about this, you can find it here (only in Italian, but there are many URLs to re-start from). Of course, 5 years passed, and much water below bridges...

    Flavio
    perl -ple'$_=reverse' <<<ti.xittelop@oivalf

    Don't fool yourself.

      Thanks. (Though we're really getting off-topic now:)

      The radiation in question was from Radon gas. We were looking at a property a few years ago and it was disclosed in the documentation that a survey has been done and over a 3 month period the level had never exceeded 114 Bq/M3. This being well below the UK government 'action limit' for households of 200 Bq/M3, it was, we were assured, "nothing to worry about".

      A little research discovered that the 200 level was correct for households, and that for businesses it was 400. But looking around, the recommendations in different countries vary quite widely from as high as 1200, to as low as 150, and some research pointed to increased cancer risk at levels lower than 100 or even 80 of them Bq (whatever they are) /M3.

      The variation, and the breadth of the variation got me to thinking about how the limits were determined, by whom, when, where and why. And without trying to retrace all the paths I took, I was left with the conclusion that they were quite literally "plucked from thin air". There seemed to be no one value, nor piece of definitive research, nor authoritative body that determined such values. That I could find anyway.

      Since then I've read several articles and a seen a TV program about the aftermath of Chernobyl, and the most surprising and significant thing about them is that so far the affects of the radiation are not living up to their original cataclysmic predictions.

      Of course there is some question as to whether there is full disclosure of the human costs by the local authorities. But other indicators, like birds nesting on the reactor building without any apparent harm coming to them, and the dramatic increases in wildlife, especially large mammalian wildlife in the exclusion zone. All these things make you wonder: a) how were those original cataclysmic predictions made; b) how do they decide upon the 'safe values' for short and long term exposure?


      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
        I followed the issue quite closely here in Italy, and I can assure that most of the limits have been set for political reasons. The reasoning is more or less this: "ICNIRP identifies some thresholds, and sets limits that are 50 times below (for population)? Well, we can do better, we can drop it by other 3 dBs!". This at a national level. Then comes the local authority and says: "national limits? We can do better! Shove another 3 dBs!". There you go, without any real connection with the studies.

        The rationale for this lowering is simple: "brief" studies can only apply to short-term effects (heating). But what if there are more subtle, long-term effects? Here come lower thresholds, but note that this issue can be addressed only with statistical studies over reasonable timespans. So the "I can do better" lowering race can be brought to whatever level you like: it's something that we don't know much about, so a lower level makes a better politician.

        One interesting thing we had to reflect upon is that science will never, ever be able to say that radiations, at any level, aren't harmful. As a matter of fact, it cannot say this for anything we are aware of: we're only allowed to demonstrate that something can be harmful, not that it cannot be. So, it makes me laugh when they ask me "do EM fields harm?" - the only truthful answer being "we can never be sure they don't harm, evidence so far shows this and that, but it could be discovered something different in the future". Which sounds much like "we don't have a clue, just avoid them". So you have massive campaigns against "antennas" on the buildings, where a big chunk of the very same people is willing to put an EM emitter 3cm from the brain. Go figure!

        Last, but not least, there is the issue of the non-disclosure of results, for political or economical reasons. Many research centers are privately funded, and are less likely to spread results that could harm "the industry". This is really sad, and eventually backfires to "the industry" itself.

        Flavio
        perl -ple'$_=reverse' <<<ti.xittelop@oivalf

        Don't fool yourself.

        Bq is Bequerel, but I can't exactly recall its definition. I think it's either the number or energy of emissions per unit of time. My nuke books are all buried at the moment and CRC is unhelpful on the subject.

        The data for massive radiation exposure came from Hiroshima and Nagasaki. It was not really possible to seperate radiation injury from blast and heat with any exactness. Lower level exposure data mostly comes from medical radiation treatment records. Those are generally distorted by the presence of cancer.

        There is a big difference between external radiation exposure and the more dangerous incorporation of emitters in tissue. The latter is the case with Radon gas. Its alpha emission is stopped and absorbed by any amount of clothing or moisture or outer skin, but any that decays in the lungs injures the live cells and deposits radioactive heavy metals (Polonium isotopes) which do further damage while decaying to lead. Chemically toxic, too. Nasty stuff.

        Obviously, controlled experiments can't be conducted in this realm.

        After Compline,
        Zaxo

        The definition of becquerel is very easy: it is 1 / s (one per second), meaning one nucleus decays per second. So 150 Bq/m3 means that per cubic metre 150 nuclei will decay per second. It is thus just a measure of activity. It says nothing whether these decays make for harmful radiation. For all it means, these decays could produce quite harmless alpha radiation or hard x-rays.

        CountZero

        A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

        As was pointed out earlier, Bq is just a number of decay events per time unit (1 second, I think) and says nothing about the possible harm on living organisms.

        To measure that you have to know the dose equivalent in sievert. That's harder to measure, but only that value lets you asses the dangers of radioactive source reliably.

Re: [OT] What is "the German Institute for Security in Information Technology"?
by zentara (Archbishop) on Aug 01, 2007 at 12:29 UTC
    Whilst we are on the subject of invisible energy packets violating our bodies,

    100,000 billion neutrinos pass through your body each second from the sun

    Your body will stop ~1 neutrino which passes through it in a lifetime!

    Remember we are not innocent either....

    " Our body's 20 milligrams of beta radioactive Potassium 40 emit about 340 million neutrinos per day, which go at well-nigh lightspeed to the ends of the universe!..even thru the earth."

    Now I know why eating bannanas gives your skin such a nice "glow" :-)

    The problem with fearing radiation is that we look at it like it causes permanent damage...... but our body's repair system easily fixes most damage. Even the chromozomes have secondary and tertiary backup systems, to detect if the genes have been damaged. So don't worry. Nuclear power is going to make a big comeback if the human race is to survive at this standard of living.

    So concentrate on being a "dynamic-repairable system" with a good immune system, and take the minute damages from radiation in stride.


    I'm not really a human, but I play one on earth. Cogito ergo sum a bum

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://629873]
Approved by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2014-08-20 05:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (105 votes), past polls