The California State Supreme Court turned down an appeal for a San Francisco dog-mauling defendant. The court pointed out that the dog’s owner was negligent by failing to take simple measures to reduce risk of attack and by failing to assist the attack victim.

The court said a fatal dog mauling is murder if the owner knew the animal posed a risk to human life and exposed others to the danger.

Judge Charlotte Woolard reinstated the murder conviction in 2008, saying Knoller had known [the 140 lb dog] Bane was dangerous from past incidents, did not muzzle him before taking him into the hallway, and did not call 911 or take any other meaningful action to save Whipple during the 10-minute mauling.

This brings to mind the controversy surrounding the Idaho prison where guards failed to take simple measures to reduce risk of attack and failed to assist the attack victim.

The surveillance video from the overhead cameras shows Hanni Elabed being beaten by a fellow inmate in prison, managing to bang on a prison guard station window, pleading for help. Behind the glass, correctional officers look on, but no one intervenes when Elabed is knocked unconscious.

No one steps into the cellblock when the attacker sits down to rest, and no one stops him when he resumes the beating.

The victim, a Muslim man of Palestinian decent incarcerated for robbery, can be seen in a graphic surveillance video trying to get away from his attacker. The attacker, who was incarcerated for assault, described himself on MySpace as 5’5″, 150 lbs and half Mexican, half white. The victim tries to reach the guards and signals for help instead of fighting back. The attacker eventually knocks the victim unconscious and then kicks him in the head repeatedly in front of at least three guards on duty.

He then takes a break to sit in a chair, catch his breath and take a drink before returning to kick his unconscious victim in the head. Two minutes pass after the attack stops again before guards enter. The attacker lays down calmly to have cuffs put on. The victim had been attacked and asked for help before, described in the Idaho Statesman.

Before the Idaho attack, [the victim] tried to get help from prison staffers, telling them that he had been threatened and giving them details about drug trafficking between inmates and staffers that he had witnessed, according to his lawsuit. He was put in solitary confinement for his protection but was later returned to the same unit with the inmates he snitched on, his lawsuit said. He was on the cellblock only six minutes before he was attacked.

Steven Pevar, an attorney for the American Civil Liberties Union, said in 34 years of suing more than 100 prisons and jails, the Idaho lockup is the most violent he has seen.

“This isn’t even what we know of as a prison – this is a gulag,” Pevar said.

Pevar blames the violence on CCA and the former warden, Phillip Valdez, who was head of the prison when Elabed was attacked. Valdez was later transferred to another CCA prison in Kansas. The company refused to disclose its reason for moving him.

The victim suffered internal head bleeding and was in a coma for the next three days before he was returned to prison, where his condition worsened. He then had to be discharged from prison due to permanent brain damage. The attacker’s sentence was increased after a guilty plea for “aggravated battery and to committing battery with the intent to promote gang activity”, but he will be eligible for parole in 8 years. Attempted murder?

The FBI is now investigating the Corrections Corporation of America (CCA) for prisoner treatment in this privately run Correctional Center in Idaho. Apparently the CCA was already being sued for guards forcing prisoners to “snitch” on other prisoners. This would mean that not only did they know “the [attacker] posed a risk to human life and exposed others to the danger” but they also may have increased the risk by baiting the attacker.

This situation is said to be different than other CCA asymmetric prisoner fights such as the 2008 death in Oklahoma due to head trauma, because the exact time line and other details were recorded by surveillance cameras.

The Maemo wiki has a page on SMSCON, a python script with some nice ideas for remote control.

SMSCON provides complete control of your N900 by sending SMS commands to it. This is particularly handy in case you cannot find your phone, for example if it has been lost or even stolen.

SMSCON is a two part Python script running in command-line; smscon and smscon_daemon. smscon is the command-line control part and smscon_daemon is the daemon (running in the background) part. The configuration file for all the user settings is in the smscon_config file.

SMSCON will also auto-load silently at boot, waiting for a special SMS command message in case you phone is lost (or even stolen).

SMSCON can’t guarantee that you will find your phone again, but it will provide the maximum chance to recover it. If this application ever helps you to recover your phone please tell the story on Maemo.org! The best way is of course to never lose your phone or let it get stolen…

Recovery of the phone is a start, but obviously remote monitoring and remote control of a linux system using SMS has many other applications in security. One might say this is the future of surveillance systems. Likewise, detecting communication with these devices in your organization has just become even more imperative.

The US Government Accountability Office (GAO) has issued a report that says Federal Agencies need to take further actions to reduce risk from wireless. They have boiled it down to just eight things that need to be done properly:

1. Policies
2. Risk-based approach
3. Centralized network management (both wireless and wired)
4. Configuration requirements
5. Training
6. VPN
7. Continuous monitoring
8. Regular security assessments

That’s a comprehensive list and not different from the kind of list you might have found ten years ago for wired and wireless networks. This begs the question of what this has to do with risk; where and how should an agency apply a “risk-based” framework to today’s biggest risks?

The first example they give is dual-connected systems — devices that bridge two security levels on a network. A laptop could access a wireless network and at the same time be plugged into a wired network, theoretically allowing attackers access from the wireless into the wired. Controls should be in place that can prevent this configuration altogether or detect it and initiate enhanced monitoring, response, etc.. Not a new threat, but a vulnerability that has become far more likely as almost all new devices have at least two network options built-in.

Another example they give is “insufficient practices for monitoring or conducting security assessments of their wireless networks.” I find this hard to believe. It is trivial and inexpensive to do a wireless assessment, as well as to build monitoring; what has led to the insufficient practices?

Although there are a number (six, to be exact) recommendations made at the summary of the report on page 38, assessment and monitoring seem to have been omitted. The closest reference I could find is this:

…develop the scope and specific time frames for additional activities that address wireless security as part of their reviews of agency cybersecurity programs.

The report therefore appears to be strong on making recommendations for technical configuration but not on how and when internal tests should be performed.