Shostack + Friends Blog Archive

 

Sheep outsmart Britons

The BBC reports that in Yorkshire, crafty sheep conquer cattle grids: Hungry sheep on the Yorkshire moors have taught themselves to roll 8ft (3m) across hoof-proof metal cattle grids – and raid villagers’ valley gardens. … A National Farmers’ Union spokeswoman in York said: “We have never seen anything like it. We have looked at […]

 

What Secure Flight Really thinks about you

You can find out, by making a request under the privacy act. “Read Your Own DHS Travel Dossier.” Good commentary and context at Threat Level, “Howto: Check Your Homeland Security Travel File.”

 

SmartHippo Launches

Have you ever wondered how banks make so much money in the mortgage business? If you stop to think about it, mortgages are the ultimate commodity product these days. The bank collects information from you, gives you a loan, outsources the customer service to a loan servicing company, and securitizes your loan. So how do […]

 

Making a Positive Impression With The Business

Larry Hughes has a great post over on Riskbloggers with tips on how to demonstrate that security is invested in the success of the business. There’s some really good stuff here. Especially these two: Say “no” by saying “yes.” Somebody wants to uncork that remote access bottle, and let a thousand new contractors VPN into […]

 

Bayesian battlefield

According to court papers referenced in this VOA report, U.S. sniper teams in Iraq are using an interesting tactic: [A] so-called baiting program developed at the Pentagon by the Asymmetrical Warfare Group….the baiting was described as putting items, including plastic explosives, ammunition and detonation cords on the battlefield then killing suspected insurgents who picked up […]

 

Once more into the Ameritrade Breach

Last week, I wrote: It appears that Ameritrade is getting ahead of the story. Rather than have it dribble out by accident, they’re shaping the news by sending out a press release. On further reading, both from readers commenting on that article, and things like Network World, “Ameritrade customers vent about data breach:” The Ameritrade […]

 

MIT, Logan, the Chilling Effect and Emergent Chaos

If you’re not hidden under a rock, you know about the latest bomb scare in Boston. Some MIT kid forgot that Boston cops think anything with an LED on it is a bomb. A lot of people are saying she got what she deserved, or that she’s lucky to be alive. These people probably think […]

 

Family Guy Does Usability

A funny clip for Saturday. I can’t figure out how to embed the video here, so click on the picture to be taken to Gizmodo.

 

How unladylike

Like most EC readers, I have been following the story of the MIT student with the breadboard and Duracell fashion accessory who nearly got ventilated at Logan airport in the most LED-hostile city in the US, Boston. The Associated Press was quick to repeat the claim that the student was wearing a “fake bomb”, when […]

 

Transparency in Government

The Privacy Commissioner of Canada is blogging. Welcome to the blogosphere! In unrelated news, the Canadian dollar reached parity with the US dollar for the first time in thirty years. See the Canadian Broadcasting Company, “$1 Cdn = $1 US.”

 

TSA knows what you read

Privacy advocates obtained database records showing that the government routinely records the race of people pulled aside for extra screening as they enter the country, along with cursory answers given to U.S. border inspectors about their purpose in traveling. In one case, the records note Electronic Frontier Foundation co-founder John Gilmore’s choice of reading material, […]

 

Free, as in milk

What the hell are the idiots at Facebook thinking? If there’s anything stupider than banning a woman from breastfeeding in public, it is banning a picture of a woman breastfeeding on the grounds that it is “obscene”, which is what the morons at Facebook have done, as reported (for example) by the Toronto Star. Attention […]

 

Those scurvy dogs!

The scurvy dogs at TD Ameritrade may have tricked us! Well, maybe. The comments on “Analyzing the TD Ameritrade Disclosure” and articles like “Lawsuit Raises Questions on TD Ameritrade Breach” and “Ameritrade Customers’ contact information hacked” have been demanding a re-think of what I want to think on the subject. But less importantly, today is […]

 

Motley Fool on SIAC

Case in point: SAIC confessed in July that “information … stored on a single, SAIC-owned, non-secure server at a small SAIC location, and in some cases … transmitted over the Internet in an unencrypted form … was placed at risk for potential compromise.” In the context of other firms having actual knowledge of miscreants accessing […]

 

Trendspotting?

Adam mentioned the recently-announced Ameritrade incident. One thing I found interesting is their decision to hire ID Analytics to determine whether ID theft follows this data breach. According to an ID Analytics press release, the US Veterans’ Administration did something similar when several million veterans’ information was revealed. At a cost of $25,000 (according to […]

 

Analyzing The TD Ameritrade Disclosure

In a press release, TD Ameritrade this morning confirmed reports that it has been informing customers of a potential security breach. The release does not confirm the figure of 6.3 million customers, but a company spokesperson did give that number to reporters in interviews. (Dark Reading, “TD Ameritrade Breach Affects 6.3M Customers.”) It appeared that […]

 

No word on the lupins

NSW Police are investigating the possible compromise of an online florist’s database and theft of customers’ credit card details. The Fraud Squad has set up Strike Force Parkview to investigate the case that involves the retailer Roses Only. There are unconfirmed reports that the details were used to make a string of luxury purchases in […]

 

Who Likes a Cheater?

If you don’t follow sports news, the New England Patriots and their coach have been fined about three quarters of a million dollars and a draft pick. This is reported in articles like “Belichick given record fine for video cheating.” (Times Online, UK) That may seem like a lot, until you realize that that’s less […]

 

Invasion Of The Password Snatchers

As I’ve mentioned in the past my wife is a linguistics professor. Yesterday she came home from work with the following poster. A little research revealed that it and several others were originally commissioned in 2005 by Indiana University as part of their security awareness program that they assembled for national cyber security awareness month. […]

 

When Hackers Don't Strike

Today the New York Times asks us: “Who Needs Hackers?” The article itself which discusses the recent outages at LAX and with Skype is fairly fluffy but has some great quotes which really cover the issues that we should be looking at as an industry. Security isn’t just about hackers, but about managing threats and […]

 

HSPD-12 Does Not Require JPL Background Checks

Adam writes about the brouhaha at NASA over HSPD-12 background checks. A friend of a friend who is in the business of implementing HSPD-12 sent me a tidbit about it, along with a link so that you can read the primary source — something always needed when you get emails from FOAFs. In paragraph 3, […]

 

The Fight Against HSPD12

There’s a fascinating court fight, being run by people at the Jet Propulsion Lab. See “JPL Employees File Suit to End Background Investigations” From the press release: The plaintiffs include highly placed engineers and research scientists at JPL who have been involved in critical roles in NASA’s most successful recent programs, including leading engineers and […]

 

"I'm in Love with a Girl"

Another in the occasional EC weekend series highlighting awesome covers. I’d like this video even if it was silent. That stage is perfect for a Big Star tune, and the sound is right on. [If only they also performed “Thirteen“…Chilton and friends are too old (or indifferent) to play it properly now].

 
 

Pfizer's little problem

For the third straight month, the pharmaceutical giant is reporting a serious security breach that may have resulted in the loss of personal data belonging to current and/or former employees. The most recent breach, reported last week, involves the potential theft of personal data on some 34,000 current and former workers at the company. … […]

 

The analog hole strikes again!

I had occasion to park at a rather large parking garage attached to a rather larger complex of hospitals in downtown Chicago today. The company that runs this garage does something smart — in addition to numbering the floors of the garage and giving them a characteristic color, they also play a well-known musician’s tunes […]

 

1.5 billion, and whaddaya get?

I wrote this post sitting on a plane to Montreal. There were all sorts of announcements about how you had to be on international flights thirty minutes before takeoff, to make Congress happy: Congress mandated that DHS’ Customs and Border Protection (CBP) establish a requirement to receive advance information on international passengers traveling by air […]

 

From the Advances in Aviation Desk

The Beeb reports, “Goats sacrificed to fix Nepal jet,” in which we learn that two goats were slaughtered in sacrifice to the Hindu god of sky protection, Akash Bhairab, in front of a Boeing 757. Airline official Raju KC said to Reuters, “The snag in the plane has now been fixed and the aircraft has […]

 
 

Happy Labor Day

…from Chicago. (May 1st was jettisoned as a date for reasons near and dear to EC — it was too political.)

 

Links of the day

http://plato.stanford.edu/entries/economics/ http://faculty.fuqua.duke.edu/~rnau/choice/whoswho.htm (Also useful as a reading list for a possible upcoming cage match between Hutton and Bejtlich ;^))