Security

Correlating AOL search IDs to real people

Leave a comment

The NY Times has picked up the AOL fiasco story and brought it home:

A Face Is Exposed for AOL Searcher No. 4417749

Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield.

No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers� to “60 single men� to “dog that urinates on everything.�

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,� several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.�

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,� she said, after a reporter read part of the list to her.

I can only assume that the woman who is the subject of this story, as well as the reporter, understand the significance of personalizing the issue.

I can honestly say I am glad I have not been using AOL, although I have nothing to hide. I suppose it is the same feeling as being glad I do not drive cars with exploding tires, even though I consider myself a safe driver.

One of the lessons for AOL will probably be to have a legal, privacy and security approval for any and all data transfers with external entities. I have to believe that their lawyers and security team had no idea that someone was going to post search data for public consumption, and this will probably become a good part of the discussion going forward (if not already).

History, Poetry

Visions of Cody and On the Road

Leave a comment

by Jack Kerouac

The mad road, lonely, leading around the bend into the openings of space towards the horizon Wasatch snows promised us in the vision of the West, spine heights at the world’s end, coast of blue Pacific starry night—nobone halfbanana moons sloping in the tangled night sky, the torments of great formations in mist, the huddled invisible insect in the car racing onwards, illuminate.—The raw cut, the drag, the butte, the star, the draw, the sunflower in the grass—orangebutted west lands of Arcadia, forlorn sands of the isolate earth, dewy exposures to infinity in black space, home of the rattlesnake and the gopher the level of the world, low and flat: the charging restless mute unvoiced road keening in a seizure of tarpaulin power into the route. [1]

widelight

My moments in Denver were coming to an end, I could feel it when I walked her home, on the way back I stretched out on the grass of an old church with a bunch of hobos, and their talk made me want to get back on that road. Every now and then one would get up and hit a passer-by for a dime. They talked of harvests moving north. It was warm and soft. I wanted to go and get Rita again and tell her a lot more things, and really make love to her this time, and calm her fears about men. Boys and girls in America have such a sad time together; sophistication demands that they submit to sex immediately without proper preliminary talk. Not courting talk — real straight talk about souls, for life is holy and every moment is precious. I heard the Denver and Rio Grande locomotive howling off to the mountains. I wanted to pursue my star further. [2]

[1] Voice of Cody, page 319
[2] On the Road, part 1:chapter 10

Sailing, Security

Multi-hull safety at sea and risk perception

Leave a comment

I was asked to represent my local A-Cat fleet this evening at a club race planning meeting, to help bring us into the fold with the other approved one-design classes. It was a surprise to find most of the questions about the A-Cat, and multi-hull racing in general, related to safety concerns.

I had to explain the various risk factors and the safety measures I thought were appropriate for a high-performance ultra-light racing platform. This would have been easier if others sailed the same or even similar type boats, but you might say the difference between an A-Cat and a typical club racer is akin to the difference between a Mosler MT900s and a Toyota Camry. We’ve been sailing enough in local events, fortunately, that the issues were discussed with some real-world examples and in the end the fleet was approved.

People on sailing forums sometimes ask about A-Cat security and here are my thoughts in a nutshell:

I say a good radio, whistle, strobe, water and spare set of goggles/glasses (prescription) are most critical…a wetsuit is also typical gear for us where thicker ones give a fair amount of buoyancy. The way I look at it these basic items significantly reduce personal risk and you could still need them even if you manage to stay with the boat after a spill (torn sail, dismast, etc.). It’s bulky but to keep it nice an tidy (and reduce windage) I always wear a giant rashguard over everything.

And that just takes me back to an old Outside article on how to calculate risks during recreation:

NO WONDER, THEN, that the optimal adventure experience for many enthusiasts is one in which the perceived risk is high but the actual risk is acceptably low. Running rapids is a good example. “People look at big whitewater, and their perception is that it’s very dangerous,” says Pamela Dillon, executive director of the American Canoe Association. “But the stats tell a different tale. In sheer numbers—including canoeists, kayakers, and rafters—the most common way someone dies boating is in a canoe, on flatwater, with no PFD [personal flotation device], drinking alcohol.

“Fifty percent of people who die in canoes and kayaks are out fishing,” Dillon continues. “They’re not tuned in to the skills and information they need to participate safely.”

If there’s just one thing you could say about A-Cat sailors, I think “tuned in” might be it. Here’s Glenn doing a nice fly-by for the race committee (note the flat water):

balance

Security

Happy MS patch Tuesday

Leave a comment

Well, twelve patches with nine rated as critical have been officially announced. The list of vulnerabilities is longer than the fixes, so I give MS credit for finding a way to reduce the numbers (ah, the cumulative update). Yet, at least one patch requires a reboot and several deal with exploit code in the wild, so the significance of the vulnerabilities should be reviewed:

Critical

* MS06-040 – Vulnerability in Server Service Could Allow Remote Code Execution
* MS06-041 – Vulnerability in DNS Resolution Could Allow Remote Code Execution
* MS06-042 – Cumulative Security Update for Internet Explorer
* MS06-043 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution
* MS06-044 – Vulnerability in Microsoft Management Console Could Allow Remote Code Execution
* MS06-046 – Vulnerability in HTML Help Could Allow Remote Code Execution
* MS06-047 – Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution
* MS06-048 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
* MS06-051 – Vulnerability in Windows Kernel Coul d Result in Remote Code Execution

Moderate

* MS06-045 – Vulnerability in Windows Explorer Could Allow Remote Code Execution
* MS06-049 – Vulnerability in Windows Kernel Could Result in Elevation of Privilege
* MS06-050 – Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution