Category Archives: Security

Security

Automation failures

Leave a comment

A funny story about a Welsh road sign is based on an email “auto-reply” or out of office message:

When officials asked for the Welsh translation of a road sign, they thought the reply was what they needed.

Unfortunately, the e-mail response to Swansea council said in Welsh: “I am not in the office at the moment. Please send any work to be translated”.

So that was what went up under the English version which barred lorries from a road near a supermarket.

Had the recipients been able to verify the welsh was correct themselves, they probably would not have needed to send the sign out for translation. A better solution would be to look for some indication that the work had been completed and that someone would stand behind the work — accountability.

History, Security

Looting America

Leave a comment

The Guardian says Bush is frantically looting the country before he leaves office:

When European colonialists realised that they had no choice but to hand over power to the indigenous citizens, they would often turn their attention to stripping the local treasury of its gold and grabbing valuable livestock. If they were really nasty, like the Portuguese in Mozambique in the mid-1970s, they poured concrete down the elevator shafts.

Nothing so barbaric for the Bush gang. Rather than open plunder, it prefers bureaucratic instruments, such as “distressed asset” auctions and the “equity purchase program”. But make no mistake: the goal is the same as it was for the defeated Portuguese – a final, frantic looting of the public wealth before they hand over the keys to the safe.

How else to make sense of the bizarre decisions that have governed the allocation of the bail-out money? When the Bush administration announced it would be injecting $250bn into US banks in exchange for equity, the plan was widely referred to as “partial nationalisation” – a radical measure required to get banks lending again. Henry Paulson, the treasury secretary, had seen the light, we were told, and was following the lead of Gordon Brown.

In fact, there has been no nationalisation, partial or otherwise. American taxpayers have gained no meaningful control over the banks, which is why the banks are free to spend the new money as they wish. At Morgan Stanley, it looks as if much of the windfall will cover this year’s bonuses.

Sigh. Bonuses. This amounts to a ploy based on an upside-down risk model:

It was, as many have pointed out, the worst of all worlds. Not only were profits privatised while risks were socialised, but the implicit government backing created powerful incentives for reckless business practices.

[…]

Meanwhile, every day it becomes clearer that the bail-out was sold to the public on false pretences. Clearly, it was never really about getting loans flowing. It was always about doing what it is doing: turning the state into a giant insurance agency for Wall Street, a safety net for the people who need it least, subsidised by the people who will most need state protections in the economic storms ahead.

All this from a group that claimed they would reduce government oversight and spending. It is hard to imagine they have suddenly converted their views, even if Greenspan confessed he was wrong about deregulation, because they still have the opportuntity to loot and then leave carrying enough to only save their own family and their friends.

The comparison to Angola is harsh. A more tame example is the fall of the Soviet Union. As I traveled on trains around Europe, I would sometimes run into relatives and friends of former politicians who were desperately trying to spend as much money as they could, state money, on jewelry and expensive luxury items before they relocated to South Africa. They looted budgets and laundered money for themselves in order to ensure they could retire comfortably, leaving the fledgling democracy behind broke and struggling to survive. Amazing that there are not better controls for this kind of exit.

Security

EstDomains Fights to Survive

Leave a comment

The latest news from ICANN is that the Estonian company EstDomains has had their Notice of Termination stayed

Based on an Estonian Court record, ICANN has reason to believe that the president of EstDomains, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery on 6 February 2008.

[…]

ICANN received a response from EstDomains regarding the notice of termination. To assess the merits of the claims made in EstDomains’ response, ICANN has stayed the termination process as ICANN analyzes these claims.

ICANN’s records indicate that EstDomains has approximately 281,000 domain names under its management.

EstDomains is widely known for its ties to cybercrime. Will a change of President be sufficient for ICANN to let them survive?

Hillar Aarelaid, team director of the Estonian Computer Emergency Response Team (CERT Estonia)…maintains that Tsastsin long ago ceded control of EstDomains to organized cyber criminals in Russia.

“To understand EstDomains, one needs to understand the role of organized crime and the investments coming from that, their relations to hosting providers in Western nations and the criminals who ply their trade through these services,” Aarelaid said.