I should be able to resume posting shortly.

Video: Three Natural Laws of Security is currently unavailable. Seeking new hosting site.

2010-01-31

It's odd that they were in such a rush that they didn't bother to make sure they were pointing at the right person before dropping the hammer. It's not like they didn't know where to find her ...
Hmmm ... something new to worry about ...
A whole day ... that's kind of excessive, don't you think ...
Don't worry. Wearing one [or more] of these won't attract attention ...
A better question is "Why are they able to accurately assess how much espionage we're doing?" ...
Increased security, like being sorry, is only helpful if it occurs before an incident ...
While running FBI Firearms Instructor schools to certify instructors for other agencies, I’d always included several target identification courses. The targets would either consist of typical geometric shapes and colors or would be a series of life-size face photographs of diverse individuals. Each target board would contain six to eight of the different, smaller targets. I would ensure the compilation and placement of the smaller targets on each target board were unique. Targets would be faced away from the shooters. Once in position, I would call out a description of the “shoot” target and face the targets for a few seconds. The Firearms Instructors were to shoot only the called target before it faced away. On command, they would then step to the right to a new target stand, and continue the drill for several rotations. Consistently, in every class, officers would shoot at their target upon hearing others shoot, even when their particular target board did not contain the called target. When asked why they shot at a no-shoot target, the typical response was either, “I don’t know” or “Everyone else was shooting, so I thought I was supposed to be shooting too.” Remember, this is a class of Firearms Instructors in a low-stress atmosphere (other than they wanted to get their certificates) - not a bunch of new recruits. I would also occasionally call out a non-existent target, and again, inevitably some in the class would fire. The number of instructors shooting at “no-shoot” targets was even greater when we did the night-firing exercises and they were required to use flashlights to see the targets. This indicates they trusted their partner’s judgment (or eyesight) better than their own.
A high-altitude balloon made of polyethylene fabric, the thickness of a dry-cleaning bag and filled with helium, will lift a capsule containing Baumgartner to near the top of the stratosphere. With a volume of 29 million cubic feet, it will span 600 feet across at altitude and stretch 600 feet tall. According to Kittinger, “We used a balloon 50 years ago because it was the most practical way to get up there, and it still is.” The capsule developed for the Red Bull Stratos Mission is a 6-foot-diameter fiberglass pressure sphere with a half-inch-thick acrylic door and two side windows. "We started building a gondola and ended up building a spacecraft," says Art Thompson, the mission’s technical project director. After Baumgartner has landed, the capsule will be separated from the balloon remotely. The balloon and cable will fall back to Earth in a clump, and the capsule’s descent will be slowed by a main parachute and stabilized by a drogue. The capsule has a corrugated crunch pad on the base so that it lands with minimal damage. 
Hmmm ... Red Bull ...
If college was always this fun, everyone would go ...
You gotta give him this, he knows how to have a good time ...
Identity thefts, invasion by spywares, attacks by cyber-criminals are just some of the real dangers. Using simple IP tracing tools (sniffers) someone can exploit vulnerabilities and hack into your computer. Very commonly, IP addresses are tracked and logged along with your surfing activities to deliver targeted ads to your browser or even spam mail to your inbox. In an extreme case scenario, your passwords are hacked through. All the above dangers have a solution through anonymous surfing. But hey, didn't I say that it's a myth? Well, it is usually, but a few tools do make it possible. The core for most of anonymous browsing is the Tor network. Also called Onion routing, the technology uses a series of encrypted network relays around the world to protect your traffic from prying eyes. Hence, the likeness with an onion.
You need a really fast connection to begin with because all of the TOR configurations really slow things down. Also, keep in mind that nothing is fool-proof ...

2010-01-29

This got me to thinking about what would happen in a similar situation if, for example, hackers used an insurance customer’s password to compromise an insurer’s systems, then stole valuable personal or financial information that was later sold or used in a criminal manner. Who is to blame then? Is it the insurer for not having adequate security safeguards on its networks; or is it the customer for not having enough security on his home or business computer? Where is King Solomon when we need him? One would think that insurance companies would be in no hurry to sue their valued business customers, but on the other hand if the business loss were significant enough, maybe they would take a shot at blaming the victim. Such a case would be widely publicized, however, and I find it difficult to believe that an insurer would want to be seen as trying to foist blame on its own customers. If I were one of that insurer’s other customers, I would certainly be calling my broker or agent in a heartbeat to change carriers. And what about insurers who include cyber-theft as part of their business interruption coverage? Might they be tempted to preemptively sue their customers who file claims, alleging that the theft took place because the customer didn’t have the latest security measures in place? It could happen, and that’s why the resolution of the Texas case could have repercussions far beyond the Lone Star State. For the first time, it seems, courts are being asked to define exactly what constitutes adequate systems security. Yet I wonder whether most courts are equipped with the knowledge and expertise to make such a judgment—and how such judgments would hold up over time given the rapid advances in security technology.
It'll be interesting to see how this suit goes ...
This should not be necessary; a gun ban is a reasonable policy.
No it isn't ...
Slices, dices, rips, maims and severs ...
Good for Utah ...
Always worth reiterating ...
Lawfully armed citizens aren't the problem. They never have been. It is true that on rare occasions someone will commit a crime and it later turns out they had a concealed carry license. Anti-gunners are quick to seize upon them as shining examples of why they were right to want to ban such practices, but it is the very rarely of such acts that make them newsworthy in the first place. There are far more stories of police officers assaulting their wives and doctors killing their patients than there are of ccw licensees misusing their firearm. The truth is that the sort of person who supports "park bans" or any other firearm ban isn't really interested in reducing crime. They know such policies will not work (how can a law prohibiting guns stop a murder when a law prohibiting killing someone in the first place fails to do so?). What they're really looking to do is further their gun ban agenda in a wild fantasy that gun bans will make them less accessible to criminals. Because, of course, that worked so well with drugs.

2010-01-28

I know I would be damn reluctant to drive a vehicle into a crowd of pedestrians and then jump out an start randomly stabbing them to death if there were any chance of it being seen on a video monitor ... especially in a police state ...
If college was always this cool, everyone would go ...
Never hurts to reiterate ...
Let's start with the basics. How do you project information about yourself to others in the normal course of your day? At your residence, is your mailbox or front door adorned with your family's name? When you discard mail or files, do you toss the paper intact into the trash and recycling bin? When you make a purchase at a store, when the clerk requests your phone number, do you provide it? What data do you include in application forms filed for your children's activities? If you let a valet park your car, what data is available for perusal in the glove compartment? If your billfold should drop from your pocket or bag, what data has just gone missing? Take a moment and reflect at the variety and volume of actions and interactions in your daily life that involve your personal data. Which actions result in allowing unencumbered access to your data by those to whom you haven't granted explicit permission?
Interesting piece ...
I would be interested to see a scientific comparison to a $12.00 adata 4GB jumper sporting Truecrypt ...
Hmmm ...
Not the sub ...
The threat hasn't really evolved all that much. A few righteous hometown Americans are more than a match for those whose plan involves blowing their weasels off. Yeah, we might not be ready for Jack Bauer-esque pocket-nukes, but considering most of these guys seem to be low-level, rock-throwers, I'm not convinced that we need to do anything more than offer a standing reward to any citizen or group of citizens (or their heirs) that take down a tango op ...
Don't know what to say on this one ...

2010-01-27

There's an old saying that goes: If you don't know who the patsy is, there's a good chance that it's you ...
I wonder how this is going to work out ...
Interesting ...

I bet you didn't see that comin' ...
As an example, let’s say that our subject denies stealing a woman’s purse from the local library at 4:00 p.m. The subject acknowledges that he was at the library during the day but claims that he left at about 2:00 p.m. Later in the day when the subject walked past the library at 5:00 p.m. he was stopped for questioning by the police based on the fact that he very closely resembled the description of the individual whom the victim had seen in the immediate area when her purse was stolen. The bait dialogue would be as follows: “Lou, you told us that you left the library at two o’clock and later walked past the library at five o’clock. Now, I’m sure that you are aware that there are surveillance cameras throughout the building. Is there any reason why when we finish viewing all of the security videos that we will see you inside the library at about four o’clock? I am not saying that you were involved in taking the woman’s purse, but you know how easy it is to lose track of time. Is it possible that you could be mistaken on the time and were inside the library at around four o’clock?” 
Hmmm ...

2010-01-25

Yes, but your actions would have the opposite effect. Most CSU students, and all but one of their representatives, don’t want the ban for one basic reason: They don’t want to become sitting ducks for violent criminals. They don’t want to become the next victims, such as those at Virginia Tech, watching helplessly as some psychopath shoots up a university, unimpeded for hours, in direct violation of a gun ban. They don’t care much about left wing or right wing ideology. They just want to be safe. Nearly ever mass shooting in this country has occurred in a gun-free zone, such as the one CSU’s governing board plans to create next month with the blessing of faculty and administration. That’s because maniacs on suicidal mass murder missions have amazingly dismissive attitudes toward gun bans. They do respect the bans, they just don’t obey them. They respect the fact these gun bans guarantee them thousands of defenseless human targets who can’t shoot back. Rapists and deranged stalkers also have a fondness for campus gun bans. Do the math: Law abiding people obey gun bans; dangerous criminals do not.
Finally, our political system is structured to overreact to attacks on aircraft and to underreact to other kinds of attacks, particularly shooting sprees. In reaction to the "shoe bomber," we now all take off our shoes at security checkpoints. Because of the "underwear bomber," we now may be subject to thorough body scans before boarding a flight. The 2006 plot to blow up seven transatlantic flights out of London cursed us with the inability to bring a bottle of water on board. Security agencies feel duty-bound to do something, and politicians wring their hands about whether they are doing enough. In comparison, there appears to be no limit to the number of fatalities that can be inflicted by automatic weapons fire in the United States without generating a political reaction. Politicians limit themselves to expressions of sorrow for the victims and the families, and then the matter is quietly dropped.
It WOULD be interesting to know why this is ...
Although getting the info straight from PGP is probably reliable, I strongly recommend practicing on a USB stick or an outboard hard-drive with non-essential data on it for awhile until you are absolutely certain you are ready to encrypt the stuff you still need access to ...
If the tango is denying it, just show the judge the video of him waiving his rights and agreeing to answer their questions ...

2010-01-24

If we were to divide the cost equally among 34 million Canadians, each of us will be contributing $26. That would be a little over $100 for our family of four. As British Columbians, we'll be paying a lot more than that, since as the province is picking up $252 million of the $900 million directly, or about $60 each, so my family's share of the Olympic security costs rises to more than $300. Now we're talking real money. So much, in fact, that I think it's time to start asking whether the cost of security has become a game-changer for the Olympics. We are approaching the point where it is costing almost as much to protect the Olympics as it does to stage them. Leave out the big-ticket items that have value on their own -- the Sea to Sky Highway, the convention centre expansion and the Canada Line -- and security is the largest single budget item for Canadian taxpayers. In London, planners for the 2012 Games are now looking at a tab that is headed toward £1.5 billion, or $2.5 billion.
Wait 'til you see what you're actually getting for all that money ...
Gotta love it ...
Looks like someone needs voted out of office ...
Hmmm ...
I know ..., it's fun ..., but don't do it!

2010-01-21

These are probably improving the security breed, a bit ...
There are so many interferences that withdrawing just the one probably wouldn't result in much improvement. If the airlines were able to work toward profits across decades instead of chasing the next quarters results, then the market would be much more likely to create good flight security ...
Top 10 network security tips
Probably a good starting place anyway ...
Interesting ...

2010-01-20

When it comes to combatting terrorist bombers and hijackers on airplanes, Canada has a secret weapon that is the envy of every nation: our sky marshals, a covert cadre of elite RCMP officers. Armed undercover operatives, they are rigorously trained to detect and eliminate any and every threat to passengers, flight crew and aircraft, and they must be re-certified twice a year. “What happens at 30,000 feet must end very quickly,” the officer in charge of the Canadian Air Carrier Protective Program told Maclean’s on condition of anonymity. “The only way to do that is to be very­, very good at your job.” Canadian sky marshals are so good at their job, in fact, that they have trained Thailand’s unit, and played a major role in creating the French, Dutch, Czech, Polish and British in-flight security programs. Now even Israel, whose Ben Gurion International Airport in Tel Aviv is considered the gold standard of airport security, wants to learn from Canadian sky marshals. “Their training is first-class, next to none,” says Rafi Sela, president of AR Challenges, a security consulting agency active in Israel and North America, who has chastised other aspects of Canadian air transport security. “The air marshal program in Canada,” he told Maclean’s, “is the best in the world.”
They manage to avoid being the Great Satan, as well, hmmm ...
Gotta love it ...
Richard's 2nd Law of Security: It's cheaper to be invisible that it is to be invincible.
Sounds like a hard sell, to me ...
That's what I'd do with 'em ...

2010-01-18

Hmmm ... John Lott's website ...
The ISS is a synthesis of several space station projects that includes the American Freedom, the Soviet/Russian Mir-2, the European Columbus and the Japanese Kibō. Budget constraints led to the merger of these projects into a single multi-national programme. The ISS project began in 1994 with the Shuttle-Mir programme, and the first module of the station, Zarya, was launched in 1998 by Russia. Assembly continues, as pressurised modules, external trusses and other components are launched by American space shuttles, Russian Proton rockets and Russian Soyuz rockets. As of November 2009[update], the station consisted of 11 pressurised modules and an extensive integrated truss structure (ITS). Power is provided by 16 solar arrays mounted on the external truss, in addition to four smaller arrays on the Russian modules. The station is maintained at an orbit between 278 km (173 mi) and 460 km (286 mi) altitude, and travels at an average speed of 27,724 km (17,227 mi) per hour, completing 15.7 orbits per day.
Plus some really cool pics ...

2010-01-16

Considering what they do there, the reaction probably wasn't out of line ... no one died ...
More Kool-aid, anyone ...
I think that DHS and TSA are both just to big to ever be effective ... to difficult to find the right person to blame and get rid of ...
I seriously doubt that it was ever very good there to begin with ...
Never hurts to reiterate ...
The true objective of self-defense is to survive and escape death or serious injury from an attack. That objective is very clearly first and best accomplished by conflict avoidance which is made much more possible by knowing the ways of the human predators. That is how they think, how they chose their victims and thus how not to appear as an unattractive and ideally unacceptable victim to them. Self-Defense training must also include de-escalation and conflict avoidance training and skills. Asian martial arts do not even address or acknowledge the need or existence of any of these critical survival self-defense skills at all. Instead Asian Martial Arts follows a syllabus almost wholly devoted to the practice of physical technique alone. The majority of that physical technique is wholly impractical for most people to employ effectively in an actual self-defense situation too.
This article paints with a rather broad brush. There are quality teachers, students and arts out there ...
Where Google’s new stance on China’s censorship and violation of dissidents’ privacy seems at odds with CEO Eric Schmidt’s recent statement that “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” an interesting implication of this statement about what information was compromised brings things back into expected focus. That sort of information is exactly the kind of thing that can legally be acquired by United States law enforcement agencies by way of a court order. This suggests that some part of the process of handing over private information to law enforcement personnel serving a court order has been automated, and that security crackers working for the Chinese government found a way to exploit that automated access.
Interesting ...
Video shown a couple of different ways to emphasize the rock and roll aspect ...
This is one of the modern Tai Chi Chuan forms, but she is very, very good at demonstrating it ...
Today's the day, every day ...
It'll be interesting to see whether this makes them stop doing them ...

2010-01-15

Without directly accusing the Chinese government, Google said that in mid-December it became aware that sophisticated attacks from China had resulted in theft of intellectual property. Attackers also tried to access the Gmail accounts of Chinese human rights activists, with limited success, Google revealed. Google went public and insisted it will no longer adhere to the  Chinese government's online censorship rules, even though that may mean ending business operations there. In doing so, Google has taken a stand that could have historic ramifications politically and defies conventional reactions to security incidents, many say. "When these kinds of attacks happen, no company wants to step forward and say 'it happened to us,'" notes Mary Landesman, senior security researcher at ScanSafe. But Google, which "has the technological ability to make credible assertions" by declaring it happened to them, "is shedding light on a problem that everyone in the security industry has been talking about and worrying about."
Doing the right thing, but for the wrong reason ...

2010-01-14

Sounds like a coup, alright ...
You gotta love that ...
Ahh ... the solution to EVERY problem ...
Interesting ...
Reason is my favorite ...
Profiling is like taking DayQuil for your cold. It’ll make you feel better, but it isn’t going to cure your cold. The editors say, “we, as a society confronted by implacable enemies, should not shrink from [profiling’s] use.” They present us with the idea of profiling as if it were heroic. In actuality, it’s our cowardice that forces us to entertain using profiling as a method to curtail terrorism. We’re scared of what we don’t know, and, thankfully, we don’t know what it is like to be so extreme in our beliefs that we can use those beliefs as an excuse to murder innocent men, women, and children. We will never conquer terrorism if we don’t understand its ideology, and open ourselves up to the potential of peaceful compromise with the religious and world leaders, because as long as nothing changes in the way we conduct ourselves, and how we treat our enemies, we will still be the target of hatred by these terrorist regimes. Compromise is surely better than more lives lost or fighting more wars.
Do you really think compromise will work with the folks you just described ...?
While I agree that arguing that terrorism is statistically harmless isn't going to win any converts, I still think it's an important point to make. We routinely overestimate rare risks and underestimate common risks, and the more we recognize that cognitive bias, the better chance we have for overcoming it. And Kevin illustrates another cognitive bias: we fear risks deliberately perpetrated by other people more than we do risks that occur by accident. And while we fear the unknown -- the "reminder that al-Qaeda is still out there and still eager to expand its reach and kill thousands if we ever decide to let our guard down a little bit" -- more than the familiar, the reality is that automobiles will kill over 3,000 people this month, next month, and every month from now until the foreseeable future, irrespective of whether we let our guard down or not. There simply isn't any reasonable scenario by which terrorism even approaches that death toll.

2010-01-13

Gee whilickers ...
This is a damn good idea ...
I don't think this is a good argument against using the back-scatter scanners. There are probably far fewer Muslims that want to 'meet Allah' having just jammed a boomer up their whatchacallit than there are willing to do it otherwise. Knowing that they'll have to put their bomb where the sun never shines in order to blow up a plane will make planes invisible as targets to most bombers ...
For example, is a SHA-256 hash of the user's password enough? Or do we need SHA-384? SHA-512, maybe? Would that really be any more secure? It's hard to know. And yet, all sorts of investment and deployment questions depend on the basic question "is the security good enough?" When similar products based on the SHA-3 family arrive, should we immediately scrap those based on SHA-2? Or can we continue using them happily until a natural replacement opportunity? Keep in mind, this is a USB drive we're talking about. One, single, small component. Replicate these questions, this complexity, throughout all of the other IT components-the disk drives, the network cards, the database engines, the application software, the everything-and you start to get an idea why security is so hard. The vulnerabilities can be anywhere, the complexities are everywhere. That's why we can't have nice security--at least, not with the simplicity and assurance we so crave.
So true, at least where computers are involved ...
India seems to be getting after the whole space thing. Glad they're allies ...

2010-01-10

I'm thinking they're still not getting that whole 'rule of law' thingy ...


That is typically how it will be in a free society ...
It does, but not the one you were hopin' for ...
Interesting legal strategy, there dude ...
Hmmm ... I wonder how they know it was without provocation if they don't know who did it ...

The FCC has granted Cablevision a waiver of its encryption rule prohibiting cable operators from scrambling their basic tiers for the cable operator's New York franchise--Bronx and the majority of Brooklyn--which it is converting to all-digital. The Consumer Electronics Association (CEA) and the Association for Maximum Service Television had opposed the waiver. They argued that it would negatively affect thousands of consumer devices, disenfranchise those consumers and could put some companies out of business. The wavier was announced just as CEA is meeting in Las Vegas for its annual Consumer Electronics Show, and at almost the same time FCC Chairman Julius Genachowski was scheduled for a Q&A session with CEA president Gary Shapiro. The encryption rule was adopted to insure that viewers with cable-ready sets would not have to buy/rent set-tops to get their programming. But the FCC left room for waivers in some circumstances, and said Jan. 8 that Cablevision had made a strong case for the waiver. Cablevision said the waiver would allow it to connect and disconnect remotely, though that means its subs would have to have either a set-top or a TV set with the CableCARD security hardware.
As a result, hardware-encrypted USB sticks have seemed like a good idea, even if they are hideously expensive (the SanDisk Cruzer Enterprise 8GB retails for nearly £300 at the time of writing; 10 times more than a non-encrypted version). Trouble is, it turns out they’re utter rubbish. When it comes down to it, all Verbatim, SanDisk, and Kingston hardware-encrypted USB sticks use the same encryption system. That system uses AES-256. Unfortunately, every single stick uses the same encryption key, regardless of the password the user sets, as reported on ZDNet:
“The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used.”
Good work, morons. Nice to see you’re taking this security lark seriously.
 Hmmm ... also troubling ...
It will be interesting to see whether the country breaks up into civil war over this ...
Interesting ...
Yesss, both rightly and wrongly ...
Words do seem to significantly affect how we think ...

2010-01-09

Interesting ...
DIY at its very best ...
I don't think that magical thinking is all that helpful ...
I wonder how many completely innocent folks can't travel by air from Ben Gurion ...
Score this one for the hackers ...

Interesting, even if somewhat crunchy ...
I wonder if the report will address how many of the wrongfully detained 'return' to terrorism ...?

2010-01-04

Gee, whilickers ...
Releasing the video would tend to give away info such as camera resolution and effect of lighting (can you see VPL on a black skirt, etc?), but in a tax-payer-subsidized public environment, you should expect to give it up to anyone with a legitimate cause of action ...
About damn time, too ...
On the one hand, the folks watching the monitors are going to be extremely jaded almost immediately, and on the other hand, I'm good with passing out guns and frangible ammo at the boarding gate, too, if you prefer ...
And not in the 'Mother May I?' sense, either ...