Envelope information on a virtual machine has come up a lot lately, not least of all after my presentation this week on Cloud Forensics Trends at the HTCIA International Conference.

The cool thing about a virtual system powered down or hibernated, dormant, etc. is that it has an envelope of metadata that forms an audit trail separate from the system. Take the OVF standard, for example. If the envelope were to include information about the status of the enclosed virtual system, such as the last time it was booted, the hypervisor it was running on, its device list, the current software/patch level…then it would provide more security information and control than a physical system which is “dark” when powered down.

This insight into off-line systems becomes really important in environments that have zones of online systems, such as multiple time zones. A company that spans America and Australia that must assess its systems at opposite times of day can read the envelope of offline systems to know their overall status. It also means systems can be easily identified and moved to a different zone for maintenance or containment before they are powered on again. Complex asset management systems can become simple queries of a virtual system envelope.

OVF is expected to evolve. It may eventually incorporate things like service levels and external configuration dependencies (e.g. network performance, state and security settings) that cloud providers crave for automation but, based on recent meetings with NIST and DMTF, it also is possible that it will evolve controls for virtual systems to be better than what we have used for physical systems.

OVF Envelope:

A government official who says the TSA was his fault now says he regrets the monster he helped create.

…a decade after the TSA was created following the September 11 attacks, the author of the legislation that established the massive agency grades its performance at “D-“

[…]

“It mushroomed into an army,” Mica said. “It’s gone from a couple-billion-dollar enterprise to close to $9 billion.” As for keeping the American public safe, Mica says, “They’ve failed to actually detect any threat in 10 years.”

[…]

The fledgling agency was quickly engulfed in its first scandal in 2002 as it rushed to hire 30,000 screeners, and the $104 million awarded to the company to contract workers quickly escalated to more than $740 million.

Federal investigators tracked those cost overruns to recruiting sessions held at swank hotels and resorts in St. Croix, the Virgin Islands, Florida and the Wyndham Peaks Resort and Golden Door Spa in Telluride, Colo.

His solution? Reduce government oversight by giving large portions away to be run by private companies.

Asked whether the agency should be privatized, Mica answered with a qualified yes.

“They need to get out of the screening business and back into security. Most of the screening they do should be abandoned,” Mica said. “I just don’t have a lot of faith at this point,” Mica said.

Allowing airports to privatize screening was a key element of Mica’s legislation and a report released by the committee in June determined that privatizing those efforts would result in a 40% savings for taxpayers.

A committee figured that out? Is it anything like the committee that thought the TSA was a good idea? As far as I can tell the magic Mica savings report was based on simply comparing the number of government supervised private screeners working at SFO to the number of government employed LAX screeners. Fewer screeners work at SFO so labor costs are lower, so they must be more efficient, right?

A 2006 report comes to mind that showed the SFO screeners failed to report security breaches to the TSA. There’s also the 2010 knife incident that the TSA tried to hide. And who can forget the missing laptop at SFO? Even though the laptop was found, confidence in the security screeners at SFO was lost.

Extrapolating screening management from SFO to the rest of the country does not seem to make a lot of sense either from a security or a financial standpoint. Sure, it reduces the number of jobs, but is that the real goal? And if all he wants is to reduce jobs, and screening is unnecessary, then why stop at most? Why not dismantle the whole program instead of saying government will be better off to try and take on management of fraud and waste among private contractors?

I just noticed an update on the progress being made in wide-area radio communication encryption that I wrote about some time ago.

Apparently a drug cartel has been building a network of repeaters large enough to cover most of a state so they can communicate without touching wired and wireless networks. Perhaps it is no surprise that the cartel in question was founded by “former army commandos”.

The equipment seized included high-powered transmitters, computers, radio scanners, encryption devices and solar power cells.

The immediate result of the operation was the disruption of the Zetas’ “chain of command and tactical coordination” in Veracruz, navy spokesman Jose Luis Vergara said.

Solar powered radio towers that can relay encrypted communication over an entire country? I see the future of global network security in this story.

The first question that jumps to mind, however, is how secure and well monitored a relay could be in the remote locations?

My second question is whether the government agency that seizes such a system will shut it down and dismantle it, or adopt it as an extension of an emergency command communication system, or use it to extend anti-cartel reporting options to the public…back to my first question.

It looks like it has been dismantled.

Interesting story in The Guardian

A student who was arrested and held for seven days after downloading the al-Qaida training manual as part of his university research into terrorist tactics has received £20,000 in compensation and an apology from the police for being stopped and searched.

Rizwaan Sabir, 26, was studying for a master’s at the University of Nottingham in 2008 when he was detained under the Terrorism Act and accused of downloading the material for illegal use. He was arrested on 14 May after the document was found on an administrator’s computer by a member of staff.

Note the small twist in the case — an administrator’s computer (rather than an academic one) was where the document was found — that fueled suspicion of non-academic use. So he spent seven days in jail plus three years of legal battle to exonerate himself. The police apologized but were not found at fault. It ended with a settlement before trial.

I guess you could say it was an unfortunate waste of the student’s time, except for the ironic detail that he has become a PhD student of counter-terrorism policy. Oh, and the University that turned their student over to the police for downloading the manual? They now keep copies of the manual in their library.