Category Archives: Security

Security

Chinese uncover fake chips

Leave a comment

A researcher was found to have fabricated chips, and not in the good sense of the word. The BBC has the story:

China’s Xinhua state news agency said that the Hanxin digital signal processing chips were not based on research carried out by Mr Chen. Nor could the chips carry out the functions, such as reading fingerprints or playing MP3 files, that they were supposed to, it reported.

Ironic, I guess, that a chip for fingerprint en/decoding was faked. Did the researcher think he would never be caught? Often it is the high-profile nature of crime, backed by growing greed, that leads to its undoing. The story also has the potential effect of showing that the Chinese authorities are trying to crack down on copyright infringement, although it seems more likely that they were upset about a poor return on investment.

Security

PCI Rules Changing

1 Comment

Well, they’ve always been changing, but a complete new set are due to be released this summer, according to CNET:

Today, the requirement is to make all information unreadable wherever it is stored,” Maxwell [director of e-Business and Emerging Technologies at MasterCard International] said. But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures, he said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said. “There will be more-acceptable compensating and mitigating controls,” he said.

I’ll trade you encryption for a couple new firewalls. Wait, the whole monitoring thing is pretty hard to do as well. Can we trade logs and monitoring for a couple more firewalls?

Beware the silver bullet fallacy.

Poetry, Security

Splogs

Leave a comment

The sad thing about the spam bloggers is that after a while you have to start to wonder if random text inserted into hundreds of fake blog sites might not really be all that different from actual humans posting what they care about.

Reminds me of that infamous question, posed many years ago:

If you have enough monkeys
banging randomly on typewriters,
will they eventually type the works
of William Shakespeare?

The Splog Reporter is an interesting idea to help detect the splogs, but unlikely to make a dent in the problem.

History, Security

Sao Paulo riots run by cell phone

1 Comment

Interesting first-person account on the BBC site:

The first step the authorities need to take is to block the prisoners from using mobile phones to direct the violence on the streets.

That prompted me to do a little research, which led to a report from Prison Review in 2002 that suggests cell-phones were used by inmates to coordinate attacks back then as well:

Officials in California’s facilities regularly report problems with their inmate population using cell phones to conduct “gang business” from behind bars. January’s prison riots in Brazil – which began simultaneously across five facilities in and around Sao Paulo and left several hundred dead and wounded – were coordinated using cell phones. The inmate’s strategy of synchronised riots – only possible with real-time communications – was deliberately designed to cripple the state’s single incident response team.

And while these reports seem to indicate prison cells (pun intended) run amok, Amnesty International provides the following background to police treatment of prisoners and riots in Sao Paulo:

In June Colonel Ubiratan Guimarães, a former high-ranking military police officer, was convicted on charges in connection with the massacre of 111 detainees in the Carandiru detention centre following a riot in 1992. In a historic decision, the jury found him to be responsible for São Paulo’s military police ”shock troops” and that the troops entered the prison with the prior intention of committing as much harm as possible. He was sentenced to 632 years’ imprisonment, but was released pending hearing of his appeal. A further 105 military policemen were awaiting trial for their part in the massacre at the end of 2001. The São Paulo authorities later announced their intention to close Carandiru prison by early 2002.

Further reading on the subject revealed that

A Sao Paulo state appeals overturned his conviction on Wednesday [February 15, 2006] after Mr Guimaraes’ lawyers argued that he was acting on his superiors’ orders.

Could the riots be related to the court decision on Guimaraes? Many articles, such as this one, suggest that prisoners became highly organized in response to attacks by police in 1992. And yet no one seems to be making the connection between the prisoner organization and the recent court procedings about those attacks. The BBC quote “officials” who suggest that prisoners are reacting to “the decision of the state government’s move to isolate its leaders in different prisons.” Something tells me these isolation plans aren’t worthy of a riot on their own, especially when prisoners clearly are able to maintain cell-phone communication and relationships with outside elements. Maybe I’m missing something, but a recent ruling on the police leader charged with the massacre of prisoners seems very related…