I've been in the throws of capitalism of late, which is why I haven't had time to do much posting. I've been juggling 3 clients, getting no weekends and not much sleep. The stress has been offset by the fact that much of my coding time has been all in telecommute- it's amazing that even if you are "at work" 14 hours a day how much of a destresser it is if you have the ability to surf pr0n, make snacks in the kitchen and waltz around nekkid.
In the past couple of weeks, I've been playing infosec analyst for a bank in SF's financial district. Much to my surprise, about half of the interbank transactions- collateral holdings, quarterly reports, loan data, etc in the financial industry right now is CLEARTEXT EMAILED EXCEL SPREADSHEETS. The only reason this is changing is because of a recent california law that passed after a laptop from Wells Fargo containing many end user financial data was stolen. In a case where a legistlation has created a market, suddenly california banks are scrambling to a PKI strategy to meet legistlated encryption and non repudiation standards.
What is somewhat amazing in working with these banks is the burning need and the severe lack of market players
1) providing a useable client interface to identify management (this has been discussed in many papers in the crypto community over the past years, but still remains a largely unfinished body of work)
2) an online trusted third party services company briding the finanical, consumer, and general b2b sectors.
Much to my surprise, PGP is considered a serious option in the financial world... However the ppl at PGP (from what I've seen at codecon) seem largely unaware of the great markets they could tackle...
In other news, I've moved out of smark and metahcet's apt and into neshura's apt. I now have space for anyone wanting to visit me for an extended period of time.