“Dumpster diving” is more relevant to security than ever. People seem to print confidential files on a daily basis. I don’t know what happened to the digital transition, but this continues to be a source of major concern. The story today involves the building plans for the future WTC.

Two sets of confidential blueprints for the planned Freedom Tower, which is set to rise at Ground Zero, were carelessly dumped in a city garbage can on the corner of West Houston and Sullivan streets, The Post has learned.

Experts said the detailed, floor-by-floor schematics contain enough detail for terrorists to plot a devastating attack.

“Secure Document – Confidential,” warns the title page on each of the two copies of the 150-page schematic that a homeless, recovering drug addict discovered in the public trash can.

Don’t let this happen to you. Just don’t print anything anymore. And if you do, treat hard copy like you would a stack of $100 bills. Really, give it a try. It cuts down on paper use. Similarly, if you work at a company with printer addiction issues try using a clear-tray policy — each printer gets a person assigned the duty of clearing the tray every so many hours (e.g. at lunch and end of day). They will not only keep confidential material from floating around, but also give good validation of printer use logs.

Imagine if the man in the story had made a shelter out of the papers. Hmm, that makes me wonder if future fashion statements will include clothes decorated with random company data mixed in with “secret” and “confidential” stamps.

I just heard about a story that should be filed in the “too strange to be fiction” category of security:

Mr Lyalin, an electrician, had spent the evening drinking with a watchman at his workplace when they got into an argument, Interfax news agency reports.

The morning found him waking up in the watchman’s office but instead of going back to work, he decided to take the bus home.

At home, Mr Lyalin had some sausage from the fridge and lay down to sleep, the Komsomolskaya Pravda newspaper says.

After a couple of hours, his wife noticed the handle sticking out of his back and called an ambulance.

Viktor Belov, a surgeon who treated him, found a kitchen knife in Mr Lyalin’s back but “by good fortune, it had gone through soft tissue without touching vital organs”.

I don’t know why they have to report on the sausage. Pork or beef? Anyway, here’s the real punchline:

His alleged attacker reported the crime to the police himself, Interfax adds. Mr Lyalin apparently feels fine and bears no ill-will.

“We were drinking and what doesn’t happen when you’re drunk?” he was quoted by Komsomolskaya Pravda as saying.

Just the sort of logic you might want in your watchman and their friends, no? I suppose he’s right; if you are drinking often then everything does in fact happen when you are drunk. At least they both were honest about it. Wonder if the watchman’s log reads something like: “Started drinking heavily in the office, argued with visiting friend, stabbed friend in the back, reported incident to police, went home.”

Several sources are reporting massive issues from the recent email scam. US-CERT even has a warning called “spear phishing attack“. My favorite write up so far has been in The Register. They used the phrase “whaling expedition” to describe events:

About 2,000 executives took the bait on Monday, and an additional 70 have fallen for the latest scam, Richard said. Operating under the assumption that as many as 10 percent of recipients fell for the ruse, he estimated that 21,000 executives may have received the email. Only eight of the top 35 anti-virus products detected the malware on Monday, and on Wednesday, only 11 programs were flagging the new payload, which has been modified to further evade being caught.

Those are staggeringly poor numbers that nicely illustrate the problem with malware detection strategies. User education is the bedrock of security, while technology is usually just a tool. Like using a hammer, if someone suddenly puts screws in front of you and you do not know what defines a nail, and/or you rely on the vendor to figure it out for you…oops, I guess I need a fishing analogy.

The BBC notes that rules of engagement for digital photography still are being ironed out in the UK:

Guidelines agreed between senior police and the media were adopted by all forces in England and Wales last year. They state that police have no power to prevent the media taking photos.

They state that “once images are recorded, [the police] have no power to delete or confiscate them without a court order, even if [the police] think they contain damaging or useful evidence.”

And in the case of Phil Smith, an official complaint about the Christmas lights incident helped sort matters out. Not only did he receive a written apology from Suffolk Police, but also a visit from an inspector, who explained that the officer, a special constable, had acted wrongly.

I myself have been stopped and threatened by law enforcement officers (LEO) after taking scenery photos. Most interesting to me in the story above is the revelation that a court order is required to destroy the photos and also that follow-up action was taken by the local police. Did Phil file a formal complaint or are the Suffolk officers working to win public confidence?