Those Boy Scouts…Always Building Nuclear Reactors


Now 17, David hit on the idea of building a model breeder reactor, a
nuclear reactor that not only generates electricity, but also produces new
fuel. His model would use the actual radioactive elements and produce real
reactions. His blueprint was a schematic in one of his father’s textbooks.

Ignoring safety, David mixed his radium and americium with beryllium and
aluminum, all of which he wrapped in aluminum foil, forming a makeshift
reactor core. He surrounded this radioactive ball with a blanket of small
foil-wrapped cubes of thorium ash and uranium powder, tenuously held
together with duct tape.

From “TALE OF THE RADIOACTIVE BOY SCOUT,” found via a comment by Tom Holsinger on the Radiation Surveillance thread on Volokh Conspiracy. It turns out that the article has been turned into a book (The Radioactive Boy Scout). Picture from this site.

13 Meter Straw Goat Met His Match

goat-frame.jpgI am deeply saddened to have missed this story until now:

Vandals set light to a giant straw goat Saturday night in a central Swedish town, police said, an event that has happened so frequently it has almost become a Christmas tradition.

It was the 22nd time that the goat had gone up in smoke since merchants in Gavle, 150 kilometers (90 miles) north of Stockholm, began erecting it to mark the holiday season.Police spokeswoman Margareta Olander said officers received a call just after 9 p.m. to report that the goat was ablaze.

From “Vandals burn giant Christmas straw goat in Sweden, again,” via Charlie Stross.

Relentless Navel Gazing, Part 6

navel-gazing.jpgI’ve made a bunch of changes to style and template stuff. Most noticeable should be that post titles are now links to the posts. There’s also a whole lot of consistency improvements for the Moveable Type 3.2 software. The one remaining change is to bring full (extended) entries into the RSS feed.

That Mt3.2 software has this cool “include” feature, and I was fairly aggressive about moving a lot of complex code into modules that get pulled in. I hope that the folks at Six Apart will consider making modules of more and more of their default templates, because it will make life a whole lot easier.

Please let me know if I’ve broken anything.

BancorpSouth, 6500 debit cards, unknown

In a report remarkable for what it doesn’t say, WLBT TV of Jackson, MS reports:

A possible security breach has one bank giving customers new debit cards. BancorpSouth is sending out new cards to about 6500 customers.
The vice president of the banks security department says account numbers were either lost or they were somehow hacked into.

From The Northeast Mississipi Daily Journal comes word that an unnamed merchant, not the issuing bank itself, was breached:

The Daily Journal reported Friday that BancorpSouth had notified about 6,500 customers in recent days that their MasterMoney debit cards “may have been compromised.” The bank is sending the customers new cards.
BancorpSouth officials noted late Friday in a release that their bank was not the only one with the problem. The release said “other banks across the country are facing a situation in which a small percentage of customers’ debit cards and credit cards have been compromised.”
Account numbers were either lost or hacked into, said Cathy Talbot, president of BancorpSouth’s security department. “It wasn’t BancorpSouth, but with a merchant,” she said in the story in Friday’s Daily Journal.
The merchant wasn’t identified by MasterCard International.

So, MasterCard knows who got 0wned, but they won’t say, leaving an issuer to assume the worst. Sounds similar to something we noted earlier. Meanwhile, the cardholders are already being phished.
Update 01/03/2006: The 12/30/2005 American Banker reports that, according to Visa, the merchant affected by this breach is not Sam’s Club.

Florida workers claim outsourced HR system reveals PII, lacks audit trail

The Tallahassee Democrat reports on an interesting disclosure instance: whistleblowers revealing allegedly shoddy data security practices at their former employer. The twist is that those doing the talking are not the folks whose jobs were outsourced, but former employees of the outsourcing firm.
From the article:

In an affidavit taken for a lawsuit by five state workers who say they were put at risk of identity theft, a former Convergys employee alleges that some People First workers playfully poked through personnel files of Bush, Attorney General Charlie Crist, Chief Financial Officer Tom Gallagher and DMS Secretary Tom Lewis, whose agency has been laboring with Convergys for two years to work out chronic kinks in People First. Another ex-employee signed an affidavit saying she was told by Convergys bosses not to let state employees know their information was at risk.

If these claims are true, it’d hardly be a shock that a consultant-built system paid for with government money turned out to be lousy. Now that disclosure has garnered widespread acceptance, though, tales of how such systems get built are not confined to departure lounge banter among consultants, or the water-cooler grousing of the rank and file subjected to the resulting “deliverables”.
A separate article describes how a subcontractor of Convergsys has also been accused of shenanigans involving PII:

Despite assurances by Convergys that personal information on state employees is safely kept on computers in the United States, a once-secret lawsuit against a former subcontractor alleges that private data was sent to India, Barbados and possibly China.
[… Plaintiff attorney] Newcomer said GDXdata used overseas scanning and indexing services “to save money” without telling Convergys. The suit says Convergys had billed the state at least $32 million when the case was filed, for work the company and the state thought was done domestically.

Now it’s time for me to try out a new toy. Tip o’ the hat to Eric Rescorla, from whose blog I learned of Etymotic.

US Department of Justice, several SSNs, Process Errors

The federal government is responsible for issuing Social Security numbers, but it may not be doing enough to protect these critically personal pieces of information on its own Web sites. Acting on a tip, InformationWeek was able to access Web pages that include the names and Social Security numbers of people involved in Justice Department-related legal actions. It’s a discomforting discovery at a time when identity theft and fraud are on the rise.

One document on the Justice Department Executive Office for Immigration Review’s site listed the name and Social Security number of a woman involved in a 2003 immigration-review case. Another document from 2002 listed the name and Social Security number of a man who was being prosecuted for committing insurance fraud. Other searches of the Justice Department’s site yielded more Social Security numbers and identifying information.

From “Justice Department Reveals Social Security Numbers,” Information Week.