The human mind is capable of some amazing feats. The conceptual capabilities of a young child, for example, astound me. I am a fairly good chess player, and recently my 6 year old son decided he wanted to learn chess (having seen "Wizard Chess" played in a Harry Potter movie), and I decided to indulge him.
Being a firm believer that children are far more capable of what some tend to give then credit for, I play him just as hard as I would play anyone, which meant the first few games resulted in quick checkmates. It did not take long for him to figure out how to think ahead and use inference as a strategic method, and he has since managed to achieve stalemate. Games now frequently last for an hour or more. Not bad for a 6 year old. Pappa is so proud!
What amazes me is watching him "think". I swear I can almost feel his brain thinking, and I swear I can sense his "brain muscles" getting stronger. I also believe that ANYONE can build those "brain muscles" if the drive exists to do so.
Let's consider an interesting story I read this morning. It was an article on esquire.com about a Wheel of Fortune contestant who solved the puzzle with 1 letter (and a freebie apostrophe). I read the story and realized that she was using a highly tuned level of inference in order to arrive at her conclusion. It reminded me of a conversation I recently had with Dr. Fred Cohen (we occasionally meet at the local Peet's for coffee and conversation). He stated that he believes that inference is impossible to prevent, and I have to say that I tend to agree with him.
A hacker (researcher, penetration tester, whatever term you like) is presented with overwhelming amounts of information surrounding a system all the time. In fact, the challenge is not where to find the information, but how to filter out what does not matter. With a little mental exercise, this can be accomplished very quickly...mainly because most organizations charged with protecting information are inherently lazy, and fail to understand the power of aggregation and inference. I have discovered countless pieces of company "confidential" information from piecing together bits of information available in various "sanitized" versions of documents. Bear in mind, I am not a "hacker" (at least not in the modern sense of the word), but I get how hackers think...at least to some degree.
I think about this a lot when I consider Smart Grid technologies, as well as health care information technologies. As these technologies grow we are going to see new sources of information emerge, and in our inherent somewhat lackadaisical manner of dealing with security at the decision making helm of our corporate culture, we will create plenty of early opportunities for aggregation and inference.
Things are going to get interesting....