Shostack + Friends Blog Archive

 

Australia dumps National ID

Opponents of Australia’s controversial Access Card received an early Christmas present earlier this month when the incoming Rudd Labor Government finally axed the controversial ID program. Had it been implemented, the Access Card program would have required Australians to present the smart card anytime they dealt with certain federal departments, including Medicare, Centrelink, the Child […]

 

"Security Vulnerability Research & Defense"

My co-workers in SWI have a new blog up, “Security Vulnerability Research & Defense.” They’re planning to…well, I’ll let them speak for themselves: …share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities… The two posts below are examples of the type of […]

 

Emergent Privacy Reporting

On December 19th, Denebola, the student run newspaper of Newton South High School, broke the news that video cameras had been secretly installed in their school. Not only were students and parents not notified of the cameras but apparently neither were any of the teachers. From the student article: According to Salzer, only he, Superintendent […]

 

Aaron Burr and Compulsory Key Disclosure

Orin Kerr has a fascinating tidbit at Volokh, “Encryption, the Fifth Ammendment, and Aaron Burr:” Following my posts last week on encryption and the Fifth Amendment, a few readers asked about how courts have dealt with such issues before. As far as I know, there is only one other judicial decision specifically addressing the Fifth […]

 

Merry Christmas, Dr. Hansen!

A surgeon who allegedly took a photo of a patient’s penis during an operation at a US hospital is no longer working there, it has been announced. Dr Adam Hansen, of Arizona’s Mayo Clinic Hospital, is accused of taking the snap while conducting gallbladder surgery earlier in December. (BBC, “US ‘penis photo doctor’ loses job.”) […]

 

Evan Schuman: TJX gets the BB gun

Not much naughtier than other retailers: I’d say yes to coal for most of the major retailers for dropping the ball on security. Bigger chunks of coal need to go to state legislators and the U.S. House and Senate for failing to pass any laws protecting consumer data (although Minnesota got quite close). But to […]

 

Anarchy in the UK

“Anger as NHS patient records lost” “Patient data loss affects 168,000” “Post Office sends wrong details” “Discs ‘worth £1.5bn’ to criminals” “£20,000 reward offered for discs“* “More firms ‘admit disc failings’” * Readers are invited to comment on the contrast. Thanks to Ant, Cat and Steven Murdoch for links. Image: Teton dam, Wikipedia.

 

Guinness is Good For You, but don’t tell anyone

A pint of the black stuff a day may work as well as an aspirin to prevent heart clots that raise the risk of heart attacks. Drinking lager does not yield the same benefits, experts from University of Wisconsin told a conference in the US. … The researchers told a meeting of the American Heart […]

 

"There’s supposed to be a Mars-shattering Ka-boom!"

Here at Emergent Chaos, we’re big fans of large objects hitting other large objects at high speed. Which is why it’s important to tell you that 2007-WD5 is a 50 meter asteroid that’s set to pass within 48,000 kilometers of Mars next month. “We estimate such impacts occur on Mars every thousand years or so,” […]

 
 

Bonobos!

Check out this amazing video from TED.

 

Six breach reports in the UK: the floodgates are open

In Dissent’s weekly roundup of breaches, there were six breaches reported for the UK, versus nine in the US. It seems that the duty of care approach is really taking off. Newly reported incidents in the U.K. and Ireland: In Ireland, the Driver and Vehicle Licensing Agency has lost the personal details of 6,000 people. […]

 

Transparency lessons from the NFL

I think the NFL’s handling of spying by the New England Patriots is poor. Of course, I expect retrograde, authoritarian, clumsy behavior from the NFL, and I haven’t been disappointed in the few decades I’ve been paying attention. The New York Times covered this issue (the spying, not the decades). In their December 16 article, […]

 

Flower Chaser

My eyes feel better now. Calla Lily macro 3, by Edwin Bartlett.

 

Hassling the Hoff

I’m way to lazy to take the time in Photoshop to make this look good, so just use your imagination and pretend I put Beaker’s head on this. Y’all should just be grateful that I didn’t use this animated gif instead….

 

The Words of our (Founding) Fathers

There’s an article in the Washington Post, “In the Course of Human Events, Still Unpublished.” It’s about how the papers of the founding fathers of the United States are still not available except in physical form, and the scholarly practice that keeps them there. Many of the founding fathers’ letters have been transcribed and made […]

 

Deloitte & Touche, Ponemon Study on Breaches

According to Dark Reading, “Study: Breaches of Personal Data Now Prevalent in Enterprises:” According to a study released yesterday by the Ponemon Institute and Deloitte & Touche, 85 percent of the security or privacy executive surveyed — some 800 individuals — claimed at least one reportable security incident in the past 12 months. Sixty-three percent […]

 

Clark Kent Ervin on TSA Security

Normally, it’s not news when someone takes aim at TSA policies like this: If you are someone who suspects that what is billed as “aviation security” is often more show than substance, you are not alone. In fact, you are part of what Nixon aides used to call the “silent majority.” The security bureaucracy seems […]

 

Ask.com is not asking "Will Privacy Sell"

There’s a bunch of press around Ask.com’s marketing of their new privacy service. I applaud them for thinking about this, and for drawing attention to the issue of search privacy. The New York Times had a story, “Ask.com Puts a Bet on Privacy” and now Slashdot jumps in with “Will Privacy Sell?” This is the […]

 

So when's the Chicago gig, gents?

‘Good Times Bad Times’ ‘Ramble On’ ‘Black Dog’ ‘In My Time Of Dying’ (full version) ‘For Your Life’ ‘Trampled Under Foot’ ‘Nobody’s Fault But Mine’ ‘No Quarter’ ‘Since I’ve Been Loving You’ ‘Dazed And Confused’ ‘Stairway To Heaven’ ‘The Song Remains The Same’ ‘Misty Mountain Hop’ ‘Kashmir’ ‘Whole Lotta Love’ ‘Rock And Roll’ Playlist via: […]

 

Data Thefts Triple This Year?

So says USA Today, in “Theft of personal data more than triples this year.” A few small quibbles: I’d prefer if Byron Acohido had said “reported” thefts It’s not clear if thefts or reports tripled. I suspect the reports, but proving that would be tough. Both of those things said, it’s a good article, and […]

 

The Emergent Chaos of the US Presidential Campaign

This New York Times really is interesting. It’s all about how candidates are losing control of their campaigns, and they’re in a new relationship with emergent phenomenon on the internet. Now, as we come to the end of a tumultuous political year, it seems clear that the candidates and their advisers absorbed the wrong lessons […]

 

Paddigton Bear, Illegal Immigrant

In the new book [Paddington] bear, who arrived in the country as a stowaway, is interviewed about his right to stay in England. He has no papers to prove his identity as his Aunt Lucy arranged for him to hide on a ship’s lifeboat from Peru when she went to live in the Home for […]

 

Stupid Safety Feature Of The Week

I love my Prius. It’s fun to drive, eco-friendly and even has lots of geek appeal. However it has one incredibly moronic safety feature which I was reminded of while driving through the snow the other day. Now I have the base model which means I don’t have fancy features like the automatic skid prevention. […]

 

CA1386 meet AB1298

Life is about to get a lot more complicated for companies that do business in California. I completely missed this getting signed back in October, but on 10/14, the Governator signed AB1298 which updates CA1386 to mandate that medical and health insurance policy information also are to be treated as PII. To say that this […]

 

Working on the Traveling Band

If you travel a lot, you’re used to dealing with many network difficulties. For a while now, I’ve been traveling with an Airport Express, which has made life a lot easier. I set it up to use DHCP, plug it into the hotel Ethernet, and go. At the very least, it means I can work […]

 

Thoughts on "Internet Miscreants"

I’ve been thinking about Franklin, Perrig, Paxson, and Savage’s “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants” for about three weeks now. This is a very good paper. For the infosec empiricist, the dataset itself is noteworthy. It consists of 13 million public IRC messages (that is, in-channel stuff, not […]

 

Toasting Repeal Day

Today marks the 64th 74th anniversary of the repeal of Prohibition in the United States. For 14 years, Americans were unable to legally have a drink. This led to a dramatic growth in the acceptance of organized crime and violence. Al Capone made his money in the demon rum, and was willing to fight for […]

 

Gartner the omniscient

This in reference to the recent HMRC breach… However, [Gartner VP Avivah] Litan warned that the chance of identity theft was actually small, at just 1%. Digitaltrends.com The probability of this estimate being scientifically defensible is 0.00%. I’ll have something to say about learning (for real) from the HMRC breach in a soon-to-come post.

 

Book on Boyd

Frans Osinga’s book on Boyd, “Science, Strategy and War: The Strategic Theory of John Boyd” has been issued in paperback. Previously, it was $90 for a copy. The new paperback edition is $35.95, and is easily worthwhile at that price. Science, Strategy and War is an academic analysis of the John Boyd’s thinking and its […]

 

This stock is da bomb!

OK. So while researching the stock tout scam noted in another post, I came across a blog which discussed a similar mechanism, but one using text messages. An obvious variant, but the part I absolutely adored was when they linked to this August 31, 2007 article from MaineToday.com (emphases added to save your time): An […]

 

Open Letter to Chris Dodd

Dear Chris: I think you’re a smart person who cares about honesty and the rule of law. I also think your e-mail fundraising campaign is undermining that message by sending what I believe to be deliberately deceptive emails. To be clear, I am not referring to deception in the political message — spinning words, being […]