Category Archives: Security

Security

PCI Rules Changing

1 Comment

Well, they’ve always been changing, but a complete new set are due to be released this summer, according to CNET:

Today, the requirement is to make all information unreadable wherever it is stored,” Maxwell [director of e-Business and Emerging Technologies at MasterCard International] said. But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures, he said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said. “There will be more-acceptable compensating and mitigating controls,” he said.

I’ll trade you encryption for a couple new firewalls. Wait, the whole monitoring thing is pretty hard to do as well. Can we trade logs and monitoring for a couple more firewalls?

Beware the silver bullet fallacy.

Poetry, Security

Splogs

Leave a comment

The sad thing about the spam bloggers is that after a while you have to start to wonder if random text inserted into hundreds of fake blog sites might not really be all that different from actual humans posting what they care about.

Reminds me of that infamous question, posed many years ago:

If you have enough monkeys
banging randomly on typewriters,
will they eventually type the works
of William Shakespeare?

The Splog Reporter is an interesting idea to help detect the splogs, but unlikely to make a dent in the problem.

History, Security

Sao Paulo riots run by cell phone

1 Comment

Interesting first-person account on the BBC site:

The first step the authorities need to take is to block the prisoners from using mobile phones to direct the violence on the streets.

That prompted me to do a little research, which led to a report from Prison Review in 2002 that suggests cell-phones were used by inmates to coordinate attacks back then as well:

Officials in California’s facilities regularly report problems with their inmate population using cell phones to conduct “gang business” from behind bars. January’s prison riots in Brazil – which began simultaneously across five facilities in and around Sao Paulo and left several hundred dead and wounded – were coordinated using cell phones. The inmate’s strategy of synchronised riots – only possible with real-time communications – was deliberately designed to cripple the state’s single incident response team.

And while these reports seem to indicate prison cells (pun intended) run amok, Amnesty International provides the following background to police treatment of prisoners and riots in Sao Paulo:

In June Colonel Ubiratan Guimarães, a former high-ranking military police officer, was convicted on charges in connection with the massacre of 111 detainees in the Carandiru detention centre following a riot in 1992. In a historic decision, the jury found him to be responsible for São Paulo’s military police ”shock troops” and that the troops entered the prison with the prior intention of committing as much harm as possible. He was sentenced to 632 years’ imprisonment, but was released pending hearing of his appeal. A further 105 military policemen were awaiting trial for their part in the massacre at the end of 2001. The São Paulo authorities later announced their intention to close Carandiru prison by early 2002.

Further reading on the subject revealed that

A Sao Paulo state appeals overturned his conviction on Wednesday [February 15, 2006] after Mr Guimaraes’ lawyers argued that he was acting on his superiors’ orders.

Could the riots be related to the court decision on Guimaraes? Many articles, such as this one, suggest that prisoners became highly organized in response to attacks by police in 1992. And yet no one seems to be making the connection between the prisoner organization and the recent court procedings about those attacks. The BBC quote “officials” who suggest that prisoners are reacting to “the decision of the state government’s move to isolate its leaders in different prisons.” Something tells me these isolation plans aren’t worthy of a riot on their own, especially when prisoners clearly are able to maintain cell-phone communication and relationships with outside elements. Maybe I’m missing something, but a recent ruling on the police leader charged with the massacre of prisoners seems very related…

Food, Security

Soul Source Chocolate

Leave a comment

It’s been a while since I wrote about food. Shame, really, since so many fine cheeses have come and gone in my kitchen. This might be a good time to talk about how the local has become global and global local, but instead I think I’ll just pop open a couple sole source bars of chocolate (yes, soul is meant to be a pun) and imagine myself transported to a place far, far, away…

The Pacauare River is one of Costa Rica’s wildest rivers, cutting through virgin rainforest gorges that shelter jaguars, ocelots, monkeys and a multitude of bird species.

Mmmm, I can taste the ocelots in every bite. Next, I’m off again to…

The Los Rios region of Ecuador produces exceptional cacao, often referred to as Arriba (up river). The one mighty national strain, Arriba Nacional, is now on the very of extinction.

–insert joke about paddles here–

Close your eyes, taste the chocolate, and dream of lush greenery.

Well, and there you have it. This somewhat reminds me of the heady days in the early 1990s of small batch and single barrel bourbon marketing; when you could get 750ml of Knob Creek for $15 and Bush Pilot Rye was not yet extinct.

Here’s to the little guys to whom you can trust your taste-buds. And just to bring it back to security, if you ever wonder how to explain “input validation” just ask yourself how you avoid putting undesired objects into your mouth at dinner time.

Anyone else think that SQL injection attacks are to databases what global-franchise goods are to your stomach? Ah yes, back to global as local versus local as global…

EDITED to ADD: Dagoba has issued a recall on some of the their chocolate products due to traces of lead. So, while chocolate might taste good, you still have to be careful that the people who make and sell the stuff have preventive and detective controls in place to protect your health. Bourbon, on the other hand, well you’re on your own with that stuff.