Category Archives: Security

sunbrella

sunbrella

This red-dot winner seems like a good idea at first glance. It’s a sunbrella/solar-panel. Perfect for beachgoers who need to power those portable air conditioning units or giant portable beer coolers. In fact, this seems like the just the right thing for small villages in the desert that suffer little or no wind, which brings me to my second glance; what happens when the breeze picks up the disc and launches it like a monster frisbee into the monster-truck parked next to the guy with all the muscles? And how do you collapse/store the thing when you don’t want every bird in the harbor to use it for target practice? Ew, messy. Oh, well. At least it looks a lot prettier than the CIA’s new solar and wind energy units, shown below, made by SkyBuilt Power.

The CIA plop and drop

The Gospel of the FSM

Bobby Henderson reveals that he is gainfully employed now. Just don’t ask about his last supper.

Interview with Wired News:

WN: How were you inspired to write The Gospel of the Flying Spaghetti Monster?

Henderson: The book is necessary so that people see how much hard evidence supports the existence of the FSM. You can make a pretty strong argument for His existence. Especially if you use the same sort of reasoning the ID people do: specious reasoning and circular logic. I suspect the mainstream religions will concede after reading it.

I know this might be a stretch for information security related topics, but the FSM brings to mind a need for clear standards to either accomodate a wide-base for interoperability or a narrow set of similarly defined values. If the core value is revealed to be nothing more than “specious reasoning”…well, that just opens the spec up for all sorts of crazy ideas. The Intelligent Design movement clearly had a supreme marketing department, but their engineering and IP controls leave a lot to be desired.

Or as Bobby put it:

I think it’s pretty amazing that these people without scientific backgrounds — or really any education at all — think they have the right to decide the science curriculum. And it blows my mind that they are getting away with it.

You have to admit the guy has balls, meat balls that is.

Ford Motor Breach

Another big “small” breach is announced:

“Ford Motor Co. informed about 70,000 active and former white-collar employees that a computer with company data, including social security numbers, was stolen from a Ford facility.”

These “smaller” breaches (compared to the hundreds of thousands or even millions of records lost by financial institutions, etc.) are especially worrying because of ID Analytics’ statement that the lesser numbers indicate a higher percentage will be used for fraud.

Guidance Software Announces Breach

This is big news about a small breach. The self proclaimed “leader in computer forensics and incident response solutions” discovered a security breach on December 7th, 2005. SecurityFocus reported today that financial information including CVV was lost:

The breach, which took place in November, resulted in the loss of customer names, credit-card numbers and the three-digit card verification values (CVVs), which merchants are not supposed to retain, according to reports.

This is also reported on news.com.com (strange domain name, eh?):

The attack occurred in November, but wasn’t discovered until Dec. 7, John Colbert, chief executive officer of Guidance, said in an interview Monday. The attack exposed data on thousands of the company’s customers, including 3,800 whose names, addresses and credit card details were exposed, he said.

However, the official Guidance letter clearly states in the first paragraph “Fortunately, the database that was compromised did not contain any of your financial information that could put you at risk of identity theft.”

Of course most of the people (computer forensics and incident response professionals) who recieved this letter must have immediately suspected something was fishy. After all, why would Guidance send out the notice if there was no breach of sensitive data? And then there were those who are already reporting that they are victims of the breach…