A story in The Register discusses an infrastructure compromise in Poland orchestrated by a motivated teenager:

Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.

Problems with the signalling system on Lodz’s tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

The youth, described by his teachers as an electronics buff and exemplary student, faces charges at a special juvenile court of endangering public safety.

A “little native wit”? It actually does not sound like there was much ease, since the teen reportedly spent a great deal of time studying the system. I guess what I am saying is lets give this guy some credit. He did not just park his car on the tracks, he actually did some research and development.

ComputerWorld tells of a new “outsider” threat. Their article emphasizes that this is something for executives to take seriously, but the threat is obviously one for anyone who thinks search without a warrant is a concern:

The Association of Corporate Travel Executives (ACTE) is warning its members to limit the amount of proprietary business information they carry on laptops and other electronic devices because of fears that government agents can seize that data at U.S. border crossings.

Seize, search, reveal or even arrest and prosecute.

A news story prompted me to look at the strange site “exboyfriendjewelry.com” where you can click on categories such as “gifts that should have been jewelry”. I guess the point is that purchasing something from a spurned or angry person might mean you get a bigger discount?

Anyway, when I clicked on a link, this is all I saw:

DB function failed with error number 145
Table ‘./joomlaboyfriend/jos_session’ is marked as crashed and should be repaired SQL=SELECT session_id FROM jos_session WHERE session_id = ‘b781cf5fddf30a084148d85edbc68d79’
SQL =

SELECT session_id
FROM jos_session
WHERE session_id = ‘b781cf5fddf30a084148d85edbc68d79’

Ooops. And then the site went down completely. It is always annoying to see detailed errors posted directly to the interface. Bad security practice. Maybe I need a doghouse category?

Maybe an ex-boyfriend wasn’t so happy to see his stuff up for sale…

The BBC tells a story today of a computer that survived a huge number of porn sites before being infected:

A council investigation found that he viewed more than 750,000 pornographic websites in nine months.

His habit reached its peak last July when he surfed for porn more than 177,000 times during office hours.

That works out at almost 10,000 pages a day, or more than 20 each minute he was at his desk.

A council official, trying to explain why no-one had noticed, said that each employee’s desk was set apart from the others.

The man was discovered only when his computer became infected with a virus, prompting officials to look at his web-browser history.

Unauthorized use aside, that seems like a pretty good run. I would have expected the system to be infected with a virus within the first hundred pages, let alone tens of thousands.

On the other hand, maybe it was infected but it took the company that many months to detect it. That would be more likely, but let’s assume his computer was actually “hardened”. Ha, couldn’t resist.

Another part of the story worth noting is the “why didn’t someone see his screen”:

A council official, trying to explain why no-one had noticed, said that each employee’s desk was set apart from the others.

It might seem implausible in many parts of the world, but when I was in Japan pornography did not seem like highly restricted material. So maybe people noticed but did not think it alarming? This reminds me of the old debate in some American states where any kind of violence and many kinds of hate imagery were considered tame but a picture of a naked woman would set off alarm bells. Detection is only as good as your filters.

Edited to add (May 6, 2008): I just attended an exhibit of paintings from 1690-1850 at the Asian Art Museum called “Drama and Desire” that explained erotic and sexual art was a significant although regulated form of expression.