Monthly Archives: June 2010

Security

Opscode Platform Released

Leave a comment

Opscode has announced their Commercial Platform is now available to the public

Opscode, Inc., a cloud infrastructure automation company, today announced the limited beta release of the Opscode Platform, the world’s first hosted configuration management service. The Opscode Platform makes the popular open-source configuration management tool Chef even more powerful and easy to use.

Chef is an open source project that allows administrators to write “recipes” and automate builds in a cloud environment. It can provision web servers all configured the same way, for example.

I was just watching an example of how efficient this can be when I noticed a typo in permissions that would create a weakness. This reminded me of the double-edged swords of administration. Although it’s fantastic to be able to deploy hundreds or thousands of servers with the click of a button, deploying hundred or thousands of insecure servers can create a real nightmare. Yet another example of how security in the cloud might look different to some.

History, Security

Terror and the Great Fire of London

1 Comment

I have searched the city of San Francisco for a museum and historical record of the great fire of Aptil 18, 1906. The best, so far, seems to be the Virtual Museum of the City of San Francisco and a collection of images and letters on a few walls in the Bay Model Visitor Center in Sausalito. Another collection is in the Fairmont Hotel. None tells a complete story but they do reveal much controversy at the time that is probably far from anyone’s mind today.

The resident federal militia started a campaign to dynamite large sections of the city to back-burn as well as establish a fire break. This apparently is why Van Ness avenue is so wide. Some said the fires created by the Army were far worse than the quake causing far more destruction to the city. The San Francisco Museum has letters that suggest residents actually were in favor of burning down their own homes to collect insurance.

The death toll is another example. It is said to have been severely underestimated for three reasons. First, politicians wanted to paint a positive picture and keep property values high. The reality was that the city had such severe displacement that Los Angeles quickly gained prominence as a new port for commerce in the West. Second, racism prevented many thousands of people living in China Town from being counted. Third, the Army had been authorized to shoot and kill anyone suspected of looting. With more than 400,000 residents approximately 4,000 troops killed around 500 people; the quake was said to have killed 3,000.

This post, however, is not really about San Francisco. The BBC reports that the Great Fire of London in 1666 is being recast. Today we can look back at this disaster and learn a great deal about investigations and security.

Everyone learns at school that the fire raging for four days in that hot, dry summer began in a bakery in Pudding Lane.

But a new Channel 4 documentary focuses on the lesser known story of the fire – it sparked a violent backlash against London’s immigrant population, prompted by the widely-held belief at the time that it was an act of arson committed by a foreign power.

The countries already least in favor with the English, the Netherlands and France, were quickly suspected of some involvement. The BBC tells of how the British Navy attacked the Dutch weeks before the fire. That created a sense of victory that turned to guilt and led people to believe the Dutch were counter-attacking. The desire to find a cause of terror also led many to blame Catholics, whom they already disliked. Interrogation practices during an investigation ended with officials placing blame on immigrants from France, and one man in particular:

At the end of September, the parliamentary committee was appointed to investigate the fire, and a French Protestant watchmaker, Robert Hubert, confessed to having deliberately started the fire at the bakery with 23 conspirators.

Although his confession seemed to change and flounder under scrutiny, he was tried and hanged. Afterwards, colleagues told the inquiry Hubert had been at sea with them at the time, and the inquiry concluded the fire had indeed been an accident. No-one knows why he confessed.

I suspect the toll from this fire is wildly underestimated and there was likely to be conspiracy that made the fires spread, similar to San Francisco. Wanton destruction could have been a natural reaction to the plague of 1665. While the San Francisco fire is a study of human behavior relative to technology and liability a clear lesson in the London fire is how prejudice dictates a sense of security. We must fight the urge to satisfy ourselves with false resolutions and declarations, such as this one:

Until the 19th Century, the plaque at London’s Monument stated that followers of the Pope were to blame, says Ms Horth, and named Hubert as the fire-starter. It was only after Catholic emancipation in the 19th Century that the government decided the plaque was inflammatory and had those inscriptions removed.

Speaking of plagues, we know today that the disease was spread by rats and fleas. Those who washed regularly as part of their customs were unlikely to be infected. Some deduced in the 1300s that this meant a group of people were to blame. Those who practiced clean living and did not get the plague were thus attacked for being its cause.

Monty Python’s “She’s a Witch” skit does a fair job of reenacting how fear can have a powerful yet absurd influence on the concepts of security and justice.

Security

US Supreme Court Shoots Down Gun Control

Leave a comment

When I read about gun control in America I am reminded of a presenter at the RSA Conference who said he specialized in security certifications. He told me he recommended that people spend time at a firing range to meet their Continuing Professional Education (CPE) requirements. I suggested this was not a reasonable test of information security knowledge, but I knew right away that he was not hearing me…especially in his right ear, the one closest to his pistol.

With that in mind the big story today is that the US Supreme Court extends gun rights by shooting down local and state authority on guns. The court was asked to review a gun ban in Chicago, which has some sobering statistics:

The Supreme Court’s decision follows a weekend in which 29 people in Chicago were shot, three of them fatally, according to local media.

The Chicago Sun-Times reported that 54 people were shot, 10 of whom died, the previous weekend as well.

I am tempted to ask whether those for and against the ban predict what the numbers will look like. The New York Times has a caustic editorial that seems to suggest deaths must go up when the bans are removed:

About 10,000 Americans died by handgun violence, according to federal statistics, in the four months that the Supreme Court debated which clause of the Constitution it would use to subvert Chicago’s entirely sensible ban on handgun ownership.

The 5-4 decision centered on whether an individual’s possession of a gun should be protected under the phrase “A well regulated Militia”. It did not address whether the ban was effective as a means of preventing death. It also did not address whether militias, in present day terms, are a threat or benefit. Regulation instead was said to mean that guns should be kept only from the hands of felons and mentally ill. The irony of this definition for me seems to be that both may be best defined by how someone acquires and uses a gun, as in the cases of University of Iowa, Virginia Tech and Columbine. The US certainly does not have a great record of identifying, let alone treating, the mentally ill. With weakened bans, will there be any pressure to regulate better and prevent this kind of story?

Neighbor Monte W. Mays said Speight was cordial and friendly. He had long been a gun enthusiast and enjoyed target shooting at a range on his property, Mays said. But the shooting recently became a daily occurrence, with Speight firing what Mays said were high-powered rifles.

“Then we noticed he was doing it at nighttime,” and the gunfire started going deeper into the woods, Mays said.

Then they noticed a homicide.

Imagine if the courts instead said that whereas the mentally ill are not readily and reliably identified, and whereas the mentally ill who are identified are not readily and reliably treated, therefore mental illness is not a wise litmus for “well regulated” militias.

This news has another point that seems somewhat ironic. Groups that are opposed to federal control are the ones now in favor of this particular federal ruling, which explicitly states state and local governments must follow federal law.

Food, Security

Lion Meat Burgers

Leave a comment

An Arizona restaurant that tried to promote business by serving Lion meat (mixed with beef) burgers has fired up controversy instead. The restaurant believed it was sourcing meat from a respectable source, but did no investigation on its own. You probably can guess what happened next.

A reporter for CNN traced the meat to a company owner convicted for illegal sources as well as product misrepresention:

Czimer’s exotic-meat dealings have landed him in hot water before. Back in 2003, Chicago newspapers covered his conviction and six-month prison sentence for selling meat from federally protected tigers and leopards. Czimer admitted to purchasing the carcasses of 16 tigers, four lions, two mountain lions and one liger — a tiger-lion hybrid — which were skinned, butchered and sold as “lion meat,” for a profit of more than $38,000.

Czimer’s defense is the best part of the story. He tells the reporter to turn a blind eye, just like he normally would for other food.

He’s willing to take a hands-off approach: “Do you question where chickens come from when you go to Brown’s Chicken or Boston Market?” he asked.

Exactly. There is a long tail (pun not intended) of trust implied with food prepared and supplied by restaurants. Trust also is involved when sourcing meat from ranchers.

With this in mind, note that Czimer’s website claims they sell game meat to avoid “harmful residue” and as an alternative to “domestic meats”.

Since the late l950’s the Czimer family pursued in expanding the choices of game meats, game birds and sea foods to the environmentally sensitive patients.

Oh, how things have changed! Czimer is now the one telling you to turn a blind eye. They will sell you meat, just don’t asked where it is from or how it was produced.

I hope that someone ordering lion would care about authenticity and value, per Czimer’s original sales pitch. Likewise customers should be able to verify that they are not purchasing illegally obtained meat from federally protected animals.

Just the other day I was in an airport and noticed a Pete’s store with a sign for natural fruit smoothies. I asked to see the ingredients. After a brief moment of digging through the cabinets and drawers the staff presented me with a greasy-looking bottle that listed artificial colors and chemical sweeteners. That definitely was not what I was expecting and I valued it far below the price they were asking. The staff seemed genuinely interested to find out the ingredients themselves for the first time and they smiled when I said “no thank you”.