Remember, I wrote about the flawed concept of security that the people who manage our SAP portal have? I was chatting with Prerit today (he works in the same company) and he mentioned that the portal’s security really sucks. He logged out of the system and closed the browser window. On reloading the site in a new window, he was logged in automatically! This speaks a lot about the company that’s implemented the portal: Capgemini. I believe they are one of the largest players in this business.

My response to Prerit’s comments was this - there are three kinds of security: * Real security * Security through obscurity * Security through posturing

Capgemini seems to believe in the third kind.

In addition to the excellent Crypto-Gram newsletter, Bruce Schneier now writes a blog.