The PCI SSC clarified today in the December 08 Assessor Newsletter that OS logging is suitable for file integrity monitoring (FIM):

This month the Council received several questions surrounding the use of file integrity monitoring from assessors evaluating applicability of Requirement 10.5.5 and 11.5.
[…]
There may also be native functionality to the operating system or smaller applications that could be considered, especially when commercial products are not available for the system. Let’s take the example of workstations. A merchant shouldn’t have to install commercial FIM on each and every one of their 10,000 workstations outside the cardholder data environment if the appropriate local logging and network monitoring are enabled.

A comment like “appropriate x and y are enabled” sounds good but really does not clarify much more than the existing text. We come right back to what is appropriate? On the other hand, when they say “merchant shouldn’t have to install commercial FIM on each and every…”, great clarity is achieved.

Here is an official update from Whistler Blackcomb on their Doppelmayr/Garaventa gondolas, from early this morning:

Whistler Mountain will open for regular morning operations as early as 7:30am, as the Whistler Village Gondola and the Creekside Gondola are different types of lift installations and have different tower structures. Remaining Whistler Mountain lifts as well as Blackcomb Mountain lifts are expected to open when the secondary inspection by BCSA is complete. The one exception is the Excalibur Gondola, which will remain closed.

Twenty maintenance staff inspected the lifts last night and concluded that the Excalibur Gondola tower failed due to a leak. Water entered the tower, turned to ice and expanded between two parts that were spliced together, causing the structure to rupture. This is apparently known as “ice-jacking” (cyclic incremental movement by ice leading to failure from microcrack propagation).

“As always, our top priority is for the safety and well-being of our resort guests and employees,” says Doug Forseth, senior vice president of operations. “Whistler Blackcomb will delay opening some of our lifts this morning until the BCSA can confirm our findings and provide a secondary inspection. After the work conducted throughout last night by our own lift maintenance team, and a secondary inspection that will be completed this morning by the BCSA, access to both Whistler and Blackcomb is expected to be available by midday.”

Two cabins actually hit the ground and twelve people out of 53 on the gondolas were taken to the Whistler Medical Clinic. All were released soon after.

No word yet from the BC Safety Authority on whether joints on towers will be subjected to regular X Ray inspections, as that probably would have detected a faulty weld and the ice-jacking.

A story in The Register about Brazilian hackers, pointed out in Bruce’s blog, brings new meaning to log management:

Some Brazilian states used a computerised allocation system to levy how much timber can be logged in each area. However, logging firms attempted to subvert these controls by hiring hackers to break systems and increase the companies’ allocations.

Greenpeace reckons these types of computer swindles were responsible for the excess export of 1.7 million cubic metres of timber (or enough for 780 Olympic-sized swimming pools, as the group helpfully points out) before police broke up the scam last year. Brazilian authorities are suing logging firms for 2 billion reais (US$833m).

And now the Brazilian states will need to install new controls from logging companies to keep track of the logging companies. Ha ha.

An old Excaliber Gondola tower collapsed at Whistler today:

At least a dozen passengers are trapped inside two gondolas after a tower partially collapsed at Canada’s Whistler ski resort on Tuesday.

Police said there were no serious injuries, but the passengers are stranded as emergency officials work out a plan to evacuate them from the gondolas on the Excalibur lift.

I wonder if anyone will get a discount or refund on lift tickets. This is not the new Peak-to-Peak, but it is an important lift and must give people the jitters. It also may shutdown access to key parts of the mountain while other lifts are inspected.

The Leader Post has images of the tower that failed. It looks like it snapped in half, leaving one of the gondolas hanging just six feet off the ground. Another gondola is suspended over a creek.