You are here

Security

Observations on information security.

Napolitano Blows It

Janet Napolitano has flubbed her first major event as Secretary of Homeland Security. First, she incorrectly claims that the bomber thwarted on Christmas Day was not on any of the screening lists. Someone manages to correct her, and then today she claims this is a "failure" of the US security system.

She still gets it wrong. The bomber boarded a plane in Nigeria and changed planes in Amsterdam. How are new - and more extreme - physical screening measures in the US going to reduce the risk of a poorly-screened passenger from overseas?

No matter how carefully we screen Grandma when she gets on the flight in Duluth, it's not going to catch a poorly-screened bomber in Lagos.

Wordpress tag: 
Post category: 

Blaze visits the Titan Missile Museum

Matt Blaze has posted a blog entry following a visit to the Titan Missile Museum that's just south of Tucson, Arizona. It's a well written summary of the place.

Blaze talks a bit about Titan, PALs, and the "butterfly switch;" mechanisms intended to prevent an unauthorized launch. The Titan system didn't have PALs. The butterfly switch, also known as the "Coded Switch System" (CSS), authorizes the launch. PALs were first required on overseas nukes starting in 1962. Titans were never overseas, and the system was already under construction in the continental US by the time the PAL idea arose.

Wordpress tag: 

A crashed off-site RAID drive

Here are some more observations on using RAID on the Mac OS X, particularly in terms of off-site storage, terminology, and upgrading. Here is a photo of my former off-site hard drive:

WD 7500 with the case opened

It's been sitting in an office desk drawer for a couple of months, and the time came to cycle it back into the RAID set. But when I tried to spin it up, I was greeted by a disappointing rattle, and the drive didn't come on-line. The drive, a WD 7500 AAKS, was 14 months old when it died. In the photo above, I've removed the case cover in preparation for an autopsy.

Wordpress tag: 
Post category: 

Computers and Health Care

David Himmelstein of Cambridge Hospital and Harvard Med School (with co-authors) recently published a paper on the effect of computerization of hospitals.

The results, as Computerworld put it: Computers don't save hospitals money.

Excellian Logo

This makes sense, especially when you look at the study. They focused on data collected reported by individual hospitals nationwide between 2003 and 2007. Computerization, especially at the clinical level, is incredibly disruptive. Thus, the efficiencies aren't likely to arise soon.

Pragmatic Security: the history of the Visa card

I've been looking at the evolution of electronic funds transfer (EFT) and payment systems recently. My research uncovered a gem: about two years ago, David Stearns completed a dissertation that looks at the early evolution of the Visa card (originally "Bank Americard") in the context of other evolving electronic payment systems. Stearns' work is both readable and filled with interesting information.

Old BankAmericard logo

What I find most fascinating is that the card systems followed the same security trajectory as cell phones. The first cards, like the early analog cell phones, were  vulnerable to fraud. In fact, the cards were absurdly vulnerable to fraud.

However, the promoters believed that the long term benefits of electronic cash were worth the risks. They also assumed without evidence that they could fix the fraud problems eventually.

Wordpress tag: 

Web Monetization

Here's a recent posting on "how the web makes money," focusing on the on-line gaming community.

The bottom line: successful game sites rely too much on questionable vendors. Game players like to acquire game currency to improve their experience, especially as new players. They can often either buy game money or they can "earn" it by clicking allegedly "free" links. These sometimes give them game currency for free, but too-often involve scams.

While this Cryptosmith site pays for itself through consulting leads, I've always been interested in  more direct methods (described here). I think it's fair to collect a commission if I directly encourage someone to buy something, and I gave them the link to buy it. The jury is still out on whether this is worth the effort of constructing the links. I'm also curious as to whether this opens me up to various forms of fraud.

LinkShare  Referral  Prg

When I do provide links with commissions, I limit myself to links that I might use myself. I hope that that provides adequate quality control for my visitors.

Wordpress tag: 
Post category: 

Vendor Linking

On occasion this web site refers to things available for sale. This includes books I've written, equipment I own, and things I know about.
Taxonomy upgrade extras: 

When is public data non-public?

If it's public information on paper, is the electronic version also a public record?

As a techie, I tend to think so. The electronic version carries more information, is easier to work with, and is sometimes easier to authenticate.

The city of Phoenix, AZ, recently argued the opposite in court, and ultimately lost. Someone was suing the city and demanded some public records. The city provided paper copies, some of which appeared to be backdated. The plaintiff demanded the electronic copies so he could examine the metadata. The city refused, saying that the metadata was not public record. Two courts agreed, but the Arizona Supreme Court disagreed. So a court is on record saying that, if the document is a public record, the electronic form is also a public record.

Post category: 

Thought provoking polemic on copyright

Apparently someone in the UK has proposed a sort of "three strikes" law - if your household is accused by a copyright holder of illegal downloading multiple times, then the holder can demand removal of the househ0ld's Internet connection.

Cory Doctorow, the author, wrote a polemic about how this reflects on the big media firms it tries to help.

He notes how copyright owners now use "takedown notices" as an extrajudicial form of censorship.

AES in Cartoon Form!

I've always been a fan of graphic presentations. More people understand graphs and diagrams than understand equations. While this is a bad thing in some ways, it remains a fact. So it's always great to see a graphical representation of a really difficult set of concepts.

Jeff Moser Fisher has posted A Stick Figure Guide to the Advanced Encryption Standard (AES). He has wisely structured it in layers.

Wordpress tag: 
Post category: 

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer