Guidance Software Announces Breach

This is big news about a small breach. The self proclaimed “leader in computer forensics and incident response solutions” discovered a security breach on December 7th, 2005. SecurityFocus reported today that financial information including CVV was lost:

The breach, which took place in November, resulted in the loss of customer names, credit-card numbers and the three-digit card verification values (CVVs), which merchants are not supposed to retain, according to reports.

This is also reported on (strange domain name, eh?):

The attack occurred in November, but wasn’t discovered until Dec. 7, John Colbert, chief executive officer of Guidance, said in an interview Monday. The attack exposed data on thousands of the company’s customers, including 3,800 whose names, addresses and credit card details were exposed, he said.

However, the official Guidance letter clearly states in the first paragraph “Fortunately, the database that was compromised did not contain any of your financial information that could put you at risk of identity theft.”

Of course most of the people (computer forensics and incident response professionals) who recieved this letter must have immediately suspected something was fishy. After all, why would Guidance send out the notice if there was no breach of sensitive data? And then there were those who are already reporting that they are victims of the breach…

Victory comes with consent

Interesting book by General Sir Rupert Smith called “The Utility of Force”.

The Times review says this military expert’s book criticizes US leadership to initiating a war in Iraq without a realistic mission definition. It is a critique that begins with semantics and ends with tactical suggestions.

You cannot blame the leaders, of course, if all they have read is Clausewitz. It will be no surprise therefore that General Smith is wholly dismissive of the US-led “War on Terror . . . intended to deliver a decisive victory over terror according to the leadership who declared it”. This is a notion “without useful meaning, at least in terms of describing the conduct of this confrontation,” says General Smith. “The terrorist is demonstrating a better understanding of the utility of force in serving his political purpose than those who are opposed to him — both political leaders and military establishments.”

The conclusion seems to be that warfare is now failing due to antiquated concepts applied to a changing world.

To take a historical example: machineguns, barbed wire and artillery made horsed cavalry obsolescent by 1915, but before the technological possibility of fast-moving, long-endurance tanks (not much before 1925) there was no alternative to keeping horsed cavalry since without a mobile arm there was no means of exploiting battlefield success. Ironically, General Smith now despairs of the huge numbers of tanks that Western forces possess since they are of limited utility when war is fought principally “amongst the people”. He does not say that swords should be beaten into billhooks, or for that matter into high-tech military instruments: he argues for an understanding that the longer and more complex battle is for the people’s will rather than for the destruction of an opponent’s forces.

Makes perfect sense to me. It reminds me of the development of the Apache gunship to outfight the Soviet helicopters in Afghanistan. The US technology was faster, more maneuverable and had more firepower. When the Soviets no longer were any kind of threat the Apache gunship became an expensive and lonely technology. It was thus re-purposed into new threats that were far more able to defeat it…ironically, the same threats that the Soviet helicopters really faced — Afghan guerrillas with US shoulder-fired rockets.

The bottom line is that in today’s political climate people will not agree to be subdued under impressive military might; they realize more than ever that they have the means and probably even justification to form their own power structures.

It comes down to a polite thank you for assistance removing one form of threat but a no thank you for further interference that is perceived as yet another threat.

Conservative thinkers such as Rumsfeld and Cheney apparently operated under an illusion that big armies win, end of story. Yet victory from violence at a shock and awe level alone does not warrant welcome parades. Sadly historians could have set them straight on this very quickly; it is actually a big army presence that is most likely to be rejected by local populations. A more tangible connection or concept has to accompany the utility of troops.

Battles just don’t work any more. War is now waged not in the field but the street, so victory is possible only with the people’s consent.

The event of being overrun by a top-down organization that is too large and foreign to be representative or responsive does not translate directly to the feeling of liberation.

My Masters Thesis on the liberation of Ethiopia by the British in 1940 to 1943 explored this issue. It was a delicate operation to repatriate a sovereign leader, which has had lasting effect on the security and stability in the Horn of Africa. The UK War Office tried to involve Haile Selassie with their troops as a means to bolster support for the British military offensive and acceptance after occupation. Instead they found Ethiopia still quickly moved to relationships with other nations that had no liberating role and they called for direct control or withdrawal of British forces. The inability of the occupation to generate social and economic successes precipitated political fracture. Groups worked together to pull apart the old regime. A vacuum of power allowed a new harsh unity to be formed by extremists, which further disintegrated notions of unity and the region fell into decades of separatist and guerrilla combat.

History is littered with examples of this liberation-to-loss concept, as the Times explains:

What is so appalling about Iraq is that it was predictable — and indeed it was predicted — from even a nodding acquaintance with history. General Smith cites Bonaparte’s invasion of Spain: the Spanish army collapsed, Madrid fell, but guerrilla warfare put the victory to nought, fatally bleeding the occupation forces. In the Anglo-Boer War, after the initial reverses the British quickly defeated the Boer field forces and occupied their two capitals, but a change of Boer tactics to something not unlike the Spanish guerrilleros’ prolonged the conflict by another two years, and at considerable cost to Britain’s military credibility and international moral standing.

Jamaican resistance to the Spanish is another good study. The US experience with the Philippines after liberation during the Spanish-American War also is worth a look.

eManifests in use in AZ

The US Customs and Border Protection site has announced the “First Electronic Truck Manifest Filed on Southern Border”. I guess to be accurate they should clarify that the manifest is electric, not the truck.

Anyway, I haven’t seen this picked up in any news (perhaps since it has been working for some time on the northern border of the US and isn’t newsworthy) but I figured the announcement must be meaningful to those who monitor the progress of tracking systems, plus it had some interesting language:

The automated manifest provides CBP officers with cargo information prior to a shipment arriving at the gate. Comprehensive data such as information on the driver and passengers; a description of the conveyance and any applicable equipment like a trailer; and details regarding the shipment are included.


There are currently 31 ACE ports in the states of Arizona, Michigan, Minnesota, North Dakota and Washington. The schedule for deployments of ACE to additional ports continues in January, beginning with selected ports in Texas in early 2006.

That is many more than I had been aware of and so I am curious when intra-state borders or even road-side checkpoints will have ACE setup.

Historians rate the US presidents

I’ve been writing too many comments again on Schneier’s blog lately, so I thought I’d post a few interesting things here instead. This article from the History News Network caught my attention with some interesting insights into the risks from various Presidents and how they stack up from a historian’s point-of-view:

The George W. Bush presidency is the worst since:
In terms of economic damage, Reagan.
In terms of imperialism, T Roosevelt.
In terms of dishonesty in government, Nixon.
In terms of affable incompetence, Harding.
In terms of corruption, Grant.
In terms of general lassitude and cluelessness, Coolidge.
In terms of personal dishonesty, Clinton.
In terms of religious arrogance, Wilson.

And then there are the oft-cited Bush quotes that give another perspective on how some might use his own words to conclude he may be worse than so many of his predecessors:

“You don’t get everything you want. A dictatorship would be a lot easier.”
— From Paul Begala’s “Is Our Children Learning?”, Governing Magazine July, 1998

“If this were a dictatorship, it would be a heck of a lot easier, just so long as I’m the dictator.”
—, December 18, 2000

“A dictatorship would be a heck of a lot easier, there’s no question about it.”
— Business Week, July 30, 2001