Category Archives: Security

Security

NIST announces Koala project

2 Comments

The NIST Information Technology Laboratory complex information systems group has started to discuss a new cloud computing model simulation meant to discover and characterize infrastructure “resource allocation algorithms”.

They call it the “Koala project” in a recent presentation and will publish “initial project findings” early next year. They also soon will provide draft use cases as part of their Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC).

Updated to add: I found the use cases online here

5. Cloud Security Use Cases
5.1 Identity Management – User Account Provisioning
5.2 Identity Management – User Authentication in the Cloud
5.3 Identity Management – Data Access Authorization Policy Management in the Cloud
5.4 Identity Management – User Credential Synchronizaton Between Enterprises and the Cloud
5.5 eDiscovery
5.6 Security Monitoring
5.7 Sharing of Access to Data in a Cloud

Energy, Security

Police Hand Out Cannabis Scratch-n-Sniff

Leave a comment

The Dutch authorities have started a campaign with sniff cards to help find cannabis plantations

When scratched the card reveals its scent as well as a police number people can call if they suspect that a neighbour grows marijuana on a large scale.

The card also lists other indicators of urban cannabis cultivation, such as the buzzing sound of ventilators, suspicious connections to electricity supply points and curtains that are kept closed.

Citizens are told to fear the physical risks of cannabis farming and turn them in for purposes of public safety.

Dutch authorities say that the plantations are a hazard, claiming they can cause fires or accidents because of the cables and lamps needed to maintain a cultivation temperature of 27C [80F].

Authorities believe that there are 40,000 illegal cannabis plantations in the Netherlands hidden away in attics, apartments and warehouses.

Wow. 40,000 plantations? If they are going to call this a risky business, prone to fires or accidents, shouldn’t they also release the percentage of failures from bad plantations? I do not see any examples. Given 40,000 plantations running a risk level of X the police could also compare it to other agriculture with a risk level of Y…but something tells me they just want stated harm to be taken for granted and not debated.

The temperature of 80F, for example, is a point of data that can be verified easily.

A quick search finds that growers recommend 68F to 78F during the day and 53F to 63F at night. Still warm but far from any risk of fire. Those temperatures are close to residential norms.

It occurs to me that police are perhaps admitting they are not able to detect plantations. Drawn curtains are foiling their best high-tech helicopters and elite troops. Maybe a neighbor reporting a risk gives special legal authority to enter a home? They just have to convince the public of a problem worth solving.

Perhaps instead the police could lead a campaign on proper electrical wiring and lighting to prevent fire or accidents. That would not only reduce the risk for cannabis plantations (wrong problem solved?) but help out every other industry and home as well. They even could subsidize low-risk heating solutions like solar and radiant flooring. It might not be as amusing and creative as the sniff-tests, but probably would result in better overall results in terms of public safety.

Security

Ant Slavemakers Target the Strong

Leave a comment

A study in ScienceDirect argues that slave-making ants prefer larger, better defended host colonies

Slavemaker colonies showed increased raiding activities when the slave to slavemaker ratio inside the slavemaker colony was low. Slavemakers did not favour host colonies with more pupae, but preferentially attacked colonies with more workers. These represent riskier raiding targets, but as larger colonies usually contain more brood in the field, the increased benefit may necessitate fewer raids, decreasing the total risk during a raiding season. However, confronted with two host colonies that showed more distinct benefit to risk ratios, their decision shifted. Thus raiding behaviour and decision making in P. americanus are affected by a combination of external and internal stimuli.

The simple formula looks like: fewer attacks on other colonies results in less risk.

The attack events chosen then are ones estimated to have the highest potential reward per attack — enslave the strong. Makes sense to me if I accept that enslaving the weak brings more risk/cost than reward.

Food, Security

SunnyD Attacks in Schools

Leave a comment

The Campaign for a Commercial-Free Childhood is not happy with Scholastic. They are asking everyone concerned to send a message: Stop the in-school SunnyD sugar spree. The problem stems from how SunnyD is said to raise funds by using social engineering tactics.

Sweetened by high-fructose corn syrup (HFCS), an 8-ounce serving of SunnyD contains a whopping 20 grams of sugar. Its orange hue comes from Yellow #5 and Yellow #6, two artificial colors that contain known carcinogens and can cause allergies and hyperactivity in children. But that’s not stopping Scholastic from partnering with SunnyD to market beverages laden with HFCS to a captive audience of schoolchildren in preschool and elementary classrooms around the country. As part of the “SunnyD Book Spree,” students are asked to collect SunnyD labels and teachers are encouraged to throw SunnyD parties in their classrooms — in exchange for 20 free Scholastic books.

SunnyD could instead sell their product directly to consumers with a note that they will donate a portion of profit for books. This makes sense as a direct manufacturer-to-consumer relationship. However, a product relationship proxied through a captive audience of school children “ambassadors” is suspicious. A company can donate funds and materials directly if they choose this as their mission; children in a classroom should not be made to promote products as a kind of indenture.

It sounds to me as though SunnyD does not believe their product is able to sell on its own merits so they are trying to use pull sympathy for kids into the equation, or they just hope to get children hooked on their product. Either way they are using an attack path to exploit consumer vulnerabilities through social engineering tactics. It is not only bad for the health of the market but also the health of children.