Is that enough acronyms yet? In Adam’s previous post, Justin Mason commented:
There’s another danger of this — even if the number is an opaque ID, the *presence* of the RFID chip means than an attacker can remotely detect the presence of an I-94, therefore a foreign passport, therefore a tourist ripe for a mugging (or whatever the attacker may have in mind).
This brings me back to my post from yesterday about RFIDs in passports. As our friends at Flexilis have shown us, this can get even more insidious. To wit:
Additionally, it may be possible to determine the nationality of a passport holder by “fingerprinting” the characteristics inherent in each country’s RFID chips. Taken to a logical extreme, this security vulnerability could make it possible for terrorists to craft explosives that detonate only when someone from the U.S. is nearby.
Check out their video of the risk of an unshielded RFID…
Barry Ritholz, an NYC hedge fund manager, blogs about a WSJ story. The gist:
On Sept. 21, 2001, rescuers dug through the smoldering remains of the World Trade Center. Across town, families buried two firefighters found a week earlier. At Fort Drum, on the edge of New York’s Adirondacks, soldiers readied for deployment halfway across the world.
Boards of directors of scores of American companies were also busy that day. They handed out millions of bargain-priced stock options to their top executives.
A review of Standard & Poor’s ExecuComp data for 1,800 leading companies indicates that from Sept. 17, 2001, through the end of the month, 511 top executives at 186 of these companies got stock-option grants. The number who received grants was 2.6 times as many as in the same stretch of September in 2000, and more than twice as many as in the like period in any other year between 1999 and 2003.
I find myself surprised at the instinctive greed this story reveals to us. As Mr. Ritholz says:
What makes this so pathetic is that corporate executives could have stepped up AND BOUGHT STOCKS IN THE OPEN MARKET if they believed they were so cheap. It would have been reassuring to a nation to see the leaders of industry voting with their own dollars.
In 1929, when the stock market crashed, JP Morgan (and others) stepped in. They bought stock with their own dollars, they saved Wall Street. Oh, and they were rewarded for it — both monetarily, and in the history books.
As an aside, Ritholz’s two blogs are worth a few minutes.
…but my internet tube was flooded.
If you want to know what the heck that means, the good folks at 27B Stroke 6 (easily the best blog name I’ve seen this year), provide the details. The short and sweet is that U.S. senator Ted Stevens ain’t exactly Vint Cerf:
I just the other day got, an internet was sent by my staff at 10 o’clock in the morning on Friday and I just got it yesterday. Why?
Because it got tangled up with all these things going on the internet commercially.
It gets “better”.
Seriously. Plus, he says it wouldn’t be a civil liberties issue.
I’m not sure what to expect out of this story of a guy who, left behind in a crazed state and presumed to have died, overnighted above 8000 meters on Everest and was found alive the next day, prompting a rescue effort expected to take three days.
(Note that this is a different climber from the one who really did die after being left behind as beyond hope a few days earlier.)
Update 5/27/2006: He made it. Said to be suffering severe frostbite and cerebral edema (HACE).
In one of the soon-to-be countless articles about the VA Incident, Network World’s Ellen Messmer writes:
The sad irony in all this is that there are many at the VA who have worked hard to design and install network-based security. But in the “multiple layers of security” everyone is so fond of discussing, the human being apparently remains one of the hardest to fix.
Yes, while “there’s no technical solution to a social problem”, in this case the problem seems to have been that unencrypted sensitive data were literally left lying around. Even if one accepts the premise that these data need to be stored on laptops (which is far from clear in this case), any number of commercial products could easily have helped here.
A further point. Much is being made of this being a “simple burglary”. Let’s imagine that it was not. With crypto, an insider being paid for information would need to commit two offenses: leaving the info lying around (which might be worth it, depending on how much he’s being paid and by how gullible investigators are), and deliberately disabling the protection provided by crypto (by leaving the machine running, or by leaving the crypto key in plain sight on a Post-It). I’m no lawyer, but it seems that the second scenario makes it easier to separate malice from stupidity. Sounds like something that might be worth doing.
The lawsuit we mentioned the other day is now up to $200 billion, as Bellsouth and AT&T are added as defendants.
Photo via realitynewsonline.com
Massachusetts Congressman Ed Markey asks Dennis Hastert whether legislation protecting mobile phone users’ privacy has been sent to a “legislative ‘Guantanamo Bay'” in order to modify it so that intelligence gathering activities analogous to those affecting land lines would be unimpeded.
In February of last year, I told you about Lester Eugene Siler, a Tennessee man who was literally tortured by five sheriff’s deputies in Campbell County, Tennessee who suspected him of selling drugs. The only reason we know Siler was tortured is because his wife had the good sense to start a recording device about halfway through the ordeal.
The audio is now available online (read the transcript here). Drug war outrages lend themselves to overuse of superlatives. But I gotta say, this may be the most horrifying 40 minutes of audio I’ve ever heard.
So writes Radley Balko in “Torture and The Drug War.” I don’t know, but I suspect the very existence of a “debate” around torture civilizes this sort of repulsive behavior in a way we should not tolerate. I hope those responsible get the book thrown at them.
Sebastian Holsclaw has other comments at “Drug War Atrocity,” where I found the story.
“We try to weed out those who pose a security risk,” Chertoff said in a briefing with reporters. “I don’t know … that background checks with people hired will predict future behavior.”
Well, golly, Mr. Secretary, I don’t know…that either. So will you please cancel CAPPSIII/Secure Flight/Free Wheelchairs for Paraplegic Children, rather than invading the privacy of anyone anywhere who gets on an airplane?
After all, if background checks aren’t going to predict future behavior, we’re spending a lot on the wrong security bits.
(Quote and picture from “Chertoff Doubts DHS Official Hurt Security.”)