Category Archives: Security

Security

Facebook is lying

1 Comment

Michael Arrington, founder of TechCrunch and on Time’s list of the world’s most influential people, rattles his digital saber in a scathing review and call to arms called: Give Us Our Data, Facebook

Facebook’s statement today boiled down to this: The most important principle for Facebook is that every person owns and controls her information. Each person owns her friends list, but not her friends’ information. A person has no more right to mass export all of her friends’ private email addresses than she does to mass export all of her friends’ private photo albums.

That’s the same argument that they used two years ago with Scoble. But since then Facebook has been quite willing to allow “mass exports” of “friends’ private email addresses” if the terms are right. They did it with Microsoft, they’re doing it with Yahoo, and possibly other partners. Facebook violated their own privacy policy with the Microsoft relationship. The policy has since been updated.

Food, History, Security

Breaking the Law With High Fructose Corn Syrup

4 Comments

The Public Health Advocacy Institute has dropped a wet blanket over the high fructose corn syrup lobby. The lobby has claimed sugar is always sugar, no matter what, based on measured levels of fructose. To prove their point using propaganda they have started to pressure the government to allow corn syrup to be hidden with the label corn sugar.

While they play games with the names, actual fructose measurements are in and it does not look good for high fructose corn syrup. It turns out that it has…high fructose.

A report on October 27th from the PHAI is thus titled: Discovery of Elevated Fructose Levels in Popular Soft Drinks Raises Important Legal Questions for Regulators and Consumers

Laboratory testing revealed that bottled full-calorie Pepsi, Coca-Cola and Sprite had fructose estimates of 64-65%, well in excess of the upper-level of 55% fructose generally recognized as safe by the Food and Drug Administration

These levels not only put them in excess of safe levels, defined by others, but also at odds with their own claims to safety.

…the representation that HFCS is “compositionally equivalent” to table sugar could amount to false and misleading advertising requiring action by the Federal Trade Commission and State Attorneys General.

Fructose was isolated and extracted from corn in America during 1970s after President Nixon’s economic advisers demanded that payments for corn surplus should be put to some kind of use. Leaders of the country at that time balked at the idea of paying farmers to grow something and then do nothing with it, so they set about to manufacture demand. The very recent origin of high fructose corn syrup was thus driven by an artificial (US Patent 3,689,362 by Yoshiyuki Takasaki in 1972) urgency related to farm politics, as I have discussed before.

I could also point out the political importance of high fructose corn syrup comes from an even older issue of national concern. The reason corn syrup has been made cheaper to use in processed foods than sugar is due to import quotas that restrict America’s supply of sugar.

Before artificial corn sweeteners were made in America the US Marines were called into action to invade the state of Hawaii in 1894 and overthrow the Queen. This was to ensure access to sugar. American plantation owners feared they would lose their land to the Queen if she maintained power. They formed a “Committee of Safety to overthrow the Kingdom” and found a sympathetic ear in the US Secretary of State, James Blaine. He had suggested in 1881 that the US would be better off invading Cuba, another rich source of sugar, than to let it sit in the hands of a European power.

The sugar of Hawaii is not enough to meet demand today. This makes me wonder if Blaine had realized the safety risk present today from high fructose corn syrup in America, would he have pressed even more to annex Cuba? Alas, Cuba became independent and America continues to try and find ways to dispose of its corn surplus.

Security

PCI Forensic Investigator (PFI)

Leave a comment

The Payment Card Industry has announced an approved Forensic Investigator provider program.

The card brands will no longer list their own approved Forensic Investigators (FI) after February 2011 and instead let the PCI site manage a single centralized list.

Here is a brief overview of requirements:

FIs who wish to be considered for the PFI list (pronounced FI, silent P) will need a certification. None is offered by the Council, unlike the QSA and PA-QSA. SANS certificates are mentioned but the Council does not say SANS is recommended or required.

Also two investigations within the financial industry in the past twelve months are required for references but payment card incidents are not specified.

Finally, only QSA’s can be listed as a PFI and they must have law enforcement contacts (the good kind).


“Watson, as I perceive that these logins, although used, are by no means compromised, I can not doubt that you are at present busy enough to justify a token…for databases, the great cesspool into which all the Track Data of the Payment Card Industry are irresistibly drained.”