86%: Would you buy an IDS this good?

A number of commenters on yesterday’s post, “Noh Entry: Halvar’s experience and American Legalisms” are taking me to task for being idealistic about rule of law. I agree strongly with what Nicko wrote in the comments:

[C]ountries are at liberty to apply “complex, stupid, and complete arbitrary” rules but one of the fundamental tenants of the rule of law is that any rules should be applied consistently. It’s naive to suggest that all travellers should be fully knowledgeable of all aspects of immigration law; that’s an expertise for which people pay hundreds of dollars an hour.

Since this is sometimes an information security blog, I’d like to put this another way. Imagine you’re testing an IDS that watches 7 identical packets flow by, and flags one of them. It either has an 86% success rate or a 14% success rate.

Without paying someone several hundred dollars, I don’t know if Halvar got lucky 6 times, or unlucky once.

I do know that I’m upset that our border agents aren’t consistent. If they were an IDS system, and that’s all the data I had, I wouldn’t be buying right now.

Noh Entry: Halvar’s experience and American Legalisms

He writes:

It appears I can’t attend Blackhat this year. I was denied entry to the US for carrying trainings materials for the Blackhat trainings, and intending to hold these trainings as a private citizen instead of as a company.

A little background: For the last 7 years, I have attended / presented at the ‘Blackhat Briefings’, a security conference in the US. Prior to the conference itself, Blackhat conducts a trainings session, and for the past 6 years, I have given two days of trainings at these events. The largest part of the attendees of the trainings are US-Government related folks, mostly working on US National Security in some form. I have trained people from the DoD, DoE, DHS and most other agencies that come to mind.

Each time I came to the US, I told immigration that I was coming to the US to present at a conference and hold a trainings class. I was never stopped before…

Halvar has been coming to the US to train people for six years. So here’s my question: Has the law changed? Why did this happen? What’s happened may be that he didn’t use precisely the right words to get through the line, and now he’ll be spending (my guess) $10,000 on lawyers to be able to re-enter the US.

I’m increasingly concerned about this–the police can detain you in a variety of ways, offer implicit threats of arrest, and there are certain very specific legal formulas you can invoke. For example, I’ve been told that you must ‘demand’ and attorney, rather than saying “I’d like an attorney,” in order to preserve your rights. If a cop is asking you questions, you must ask “are you detaining me?” in order to get an honest answer. No one should be required to know these formulas–not me to preserve my rights through an encounter with the police, and not Halvar to preserve his ability to enter the US.

I have a friend who has a US denied stamp on his Canadian passport because he was driving a co-worker to the border so that person could enter the US for 2 minutes, turn around, and re-enter Canada (to get a new Visa). The driver said “Oh, I don’t really care if you let me into the US,” and boom, his passport was marked and he was entered into the refused-entry list.

Now Halvar has to choose: he can spend probably thousands of dollars to clear his passport, or he can stop entering the US. Way to preserve jobs for Americans!

The title is a reference to the ultra-stylized ‘Noh‘ Japanese plays, where actors rehearse their lines in a vacuum.

Maybe if I yell at you, you'll trust in what I'm saying

Tourists visiting the White House must now adhere to a dress code which bans jeans, sneakers, shorts, miniskirts, T-shirts, tank tops, and flip-flops.
Since this is an extremely important rule, signs were posted and emails sent White House staff (writes Al Kamen in the Washington Post).
A telling detail, per the WaPo:

The e-mail reminder was all in capital letters.

(Title yanked from some Luna lyrics, .sig fragment from the Usenet Oracle via Wikipedia)

Camouflage as Security


This is a new twist on an old trick. SFGate reports in, “‘I didn’t eat and I didn’t sleep’ — Coin dealer flies dime worth $1.9 million to NYC’” that coin dealer John Feigenbaum transported a $1.9M rare coin (an 1894-S dime) from its previous owner, Daniel Rosenthal, who lives in the Bay Area to its new, unidentified owner in New York, by hand-carrying it.

Feigenbaum dressed in a T-shirt, “grubby” jeans, and flip-flops and flew on the red eye from San Jose to Newark, carrying it himself with little fanfare.

There was an unexpected problem, however:

Feigenbaum had purchased a coach ticket, to avoid suspicion, but found himself upgraded to first class. That was a worry, because people in flip-flops, T-shirts and grubby jeans do not regularly ride in first class. But it would have been more suspicious to decline a free upgrade. So Feigenbaum forced himself to sit in first class, where he found himself to be the only passenger in flip-flops.

He shouldn’t have worried too much, actually. Scruffy people often do fly first class, trust me. They’re the ones who travel too much, so they want to be comfy. Read the whole article, it’s amusing.

I am reminded of another occasion when a similar trick was used, although for a diamond.

Photo courtesy of Tiffibunny.

Help EFF Analyze Formerly Secret FBI Docs

In “Help EFF Examine Once-Secret FBI Docs,” the folks at EFF ask for your help doing what Congress won’t. Engaging in oversight of our civil servants:

We’ve already started scouring newly-released documents relating to the misuse of National Security Letters to collect Americans’ private information. But don’t let us have all fun — you, too, can dive into the docs and help uncover the truth about the FBI’s abuse of power. All 1138 pages are freely downloadable (with searchable text) from EFF’s website, and we’ll be posting a new batch every month.

A related request, from Ryan Single over at 27B-6, is to “Help Wired News Make Sense of FBI Computer Crime Stats.”

Really, there hasn’t been such a good opportunity to uncover illegal activity by Uncle Sam the Church Committee hearings. It’s like shootin’ fish in a barrel.

Go take a look.

Full Disclosure debate, 2.0

A poor choice of names (I guess “best UNIX editor” was their second choice), but Silicon.com is doing something that seems worthwhile by launching their Full Disclosure Campaign.

Silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if there is a chance the breach has put individuals’ sensitive personal data at risk.

The first salami attack?

A salami attack is when you take a very small amount of money from an awful lot of accounts. The canonical example is a bank programmer depositing sub-cent amounts of interest in a special account. These rounding errors add up.

I’m trying to find the first actual documented theft or attempted theft using this attack.

I’m hoping that a reader will know, when the first reports of salami attacks came out.

Please comment if you have an idea.

Photo: “Salami & cheese – food heaven,” taken by SanFranAnnie with a Cannon SD400, which is not the camera mentioned in Mordaxus’ post yesterday.

[Update, Jan 5, 2008: Steve Lipner provided me with a cite! Thomas Whiteside, Computer Capers, 1978. The copyright page states that most of the material first appeared in the New Yorker.]

Canon Says Over 50% of Cameras Repaired in First Three Years


In the Times Online article, “Digital DNA could finger Harry Potter leaker,” we learn that the person who leaked photos of the last Harry Potter novel has yielded up the serial number of their camera, which was in the metadata of the pictures they took.

From this, we lean that it was a Canon, likely a Rebel 350D, which means that the perp bought it in the US or Canada. (This doesn’t mean that the perp is there, as lots of people buy electronics in the US or Canada).

However, I blinked when I read something from Vic Solomon, a product intelligence officer at Canon UK:

From what we know, the device is one of the original Rebel cameras, probably a 350D, and given that they’ve been out for three years, it’s likely the owner would have had it cleaned or repaired in that time.

Likely? I take likely to be better than a coin flip — over 50% chance. I’m a huge fan of Canon cameras, and while I don’t yet own have a digital SLR (I’m very happy with my SD 700IS), I’d like one, and this makes makes me wary to hear that it is “likely” that I’ll be taking it into the shop in three years. I have a twenty-five-year-old A1 SLR, and it’s never been cleaned or repaired. Is Canon’s well-deserved reputation for quality a thing of the past?

Or was Mr Solomon merely shooting his mouth off? He also said:

The EXIF data is like the picture’s DNA; you can’t switch it off. Every image has it. Some software can be used to strip or edit the information, but you can’t edit every field.

That’s not precisely accurate. EXIF metadata is nothing like DNA. It’s metadata rather than code; it’s annotations about the picture such as date and time, f-stop, exposure values, orientation of the photo, and of course the serial number of the camera. While photo-editing software often doesn’t let you edit it, there are plenty of ways to get rid of it, and I’ll bet that very shortly there will be more of them, particularly if they catch the person who did this because of the embedded serial number.

Photo courtesy Lone Primate.