Category Archives: Security

RFDUMP

RFDUMP is a handy utility that claims to work with any RFID tags. I hope to get a chance to test early next year. A CTO from a security company just mentioned that he has perfected his T-Mobile scanner and now gets free wi-fi access at any of their hotspots. One can only imagine the incentives of gathering RFID passport information, compared to credentials for free bandwidth.

Correspondence Patterns

I like the conclusions in this study:

“Darwin and Einstein correspondence patterns: These scientists prioritized their replies to letters in the same way that people rate their e-mails today.”

Not only does it vindicate my habit of attending to some communication instantly, while letting other things wait for eons, but it also raises interesting implications for confidentiality and data retention.

Preacher killed by baptism

I know this is more about safety than security, but I just found the story somewhat shocking:

“Rev Kyle Lake, 33, was standing in a small pool used for baptisms at the University Baptist Church when he was electrocuted on Sunday morning. Rev Lake reached out to adjust a nearby microphone, which produced an electric shock, said church pastor Ben Dudley.”

Sad but true.

SCADA systems come into focus

SecurityFocus reports today that US SCADA systems are finally getting the attention they deserve:

“Wary of the increasing number of online attacks against industrial control systems, the U.S. government has begun a major push to secure the systems used to control and monitor critical infrastructure, such as power, utility and transportation networks.”

I did some consultative/audit work with a utility company in the late 1990s and was surprised that networked systems had become so commonplace with so few controls. Fail-safes were everywhere for the critical infrastructure (most of which was heavily engineered and influenced by ideas that probably went back to the beginning of utilities themselves) so disasters seemed unlikely without some knowledge or access, but simple network devices (routers) and Microsoft software were spreading like crazy to “increase efficiency” for remote management and control systems.

To be fair, that all was before the Critical Infrastructure Project (CIP) was even started. I just checked their online files and it seems that progress is slow but steady.

Bio-Diesel and the Military

I just ran across a report by Wired, published on September 28th, called “Green Berets Prefer Biodiesel“. I am thus happy to correct myself and say my earlier post on this subject, as well as the follow-up, were a bit hasty. Wired says that the military has been steadily increasing bio-diesel use for several years now.

This is great news for several reasons. The military move towards diesel motorcycles may quickly prove the viability of a robust yet small consumer engine. In addition, the fact that the Army, Navy, US Postal Service, Department of Agriculture, and NASA are all looking at bio-diesel means a more acceptable alternative to petroleum-based fuels could be on the precipice of mass adoption in a country that has been virtually blind to the importance of alternative fuels.

“That’s important to the military’s role as a public citizen, says [fleet manager for Marine Corps vehicles in Camp Pendleton] Funk. ‘We operate our vehicles on the public highways,’ he says. ‘Biodiesel sends a signal to the American public that we’re working to keep the air clean, and to reduce our dependence on foreign oil.'”

Admittedly, while it is nice to hear fleet managers give a kinder-gentler environmental message, the realist/security practitioner in me says bio-diesel is a more secure and sustainable fuel for domestic as well as foreign troop deployments. The article even mentions that waste oil from the mess halls is now used to fuel the transport vehicles. No matter how you slice it, bio-diesel is the fuel that just keeps giving — engines run longer (better lubricity) as well as cleaner (less smoke) and can take just about any fat/oil you can scrounge up, which leads to far less vulnerability in storage and transit. It stands to reason, therefore, that special forces would go this route given the obvious reduction in vulnerabilities compared to traditional petroleum supply-chain and storage.

Just imagine if consumer-grade Diesel engines today had half as much development and innovation effort put into them as other engines (like the new Corvette Z06 powerplant). I look forward to a diesel-hybrid in the (near?) future for the ultimate in efficiency and performance without the inherent security risks of petroleum.

Diesel Motorcycles

HDT USA announced that they are producing Diesel Motorcycles for the US military and they will be on sale to the general public in March 2006.

I’ve written before about the odd fact that the US military relies heavily on diesel but doesn’t seem to have domestic-diesel production strategy. The reliance on foreign oil is a conversation piece for most of us, but one would think the US military would see something like biodiesel production as a hugely influential factor in supply-chain dependence and security.

Imagine remote units converting local fats and oils into fuel rather than requiring vulnerable fueling convoys to follow them around.

I am putting a proposal together to present a domestic-fuel strategy to a VP of a logistics / distribution division for a major American company. A year ago bio-diesel production was hovering around US$3/gallon, which was a bit high for most execs to swallow and so we used to also talk about the environmental benefits for the air, landfills, etc., but those don’t incite change on their own, yet. However, today the import-oil companies charge as much if not more for their fuel, making the transition to a more secure (and cleaner and more efficient) domestic source somewhat obvious, no?

Death by Disney

I have issues with Disney for a whole number of reasons. Perhaps someday I will create a page to explain. I think it all started with a book I read as a kid about the CIA’s use of Scrooge McDuck and Huey, Louie, etc. in Latin America propaganda. Not that I disagreed with the use of comic-books, but if you read the actual comics they distributed you would know what I mean.

Bruce Schneier writes about the DMCA review by the US Congress today.

Posts on his blog seem more and more factual and less opinionated, perhaps due to time or just the general issue of dealing with the firestorm that can follow from giving any perspective. On the other hand, his links to “good information” all point to groups who oppose some aspect of the DMCA. Anyway, I read through the links that Bruce provided and this section stood out to me:

    (3) As used in this subsection-

    (A) to “circumvent a technological measure”? means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

    (B) a technological measure “effectively controls access to a work”? if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

    17 U.S.C. 1201(a)(3).

I’ll try the trackback system again instead of posting directly.

FCC sued over IP wiretap rules

The Associated Press reports that “Privacy and technology groups asked the federal appeals court in Washington on Tuesday to overturn a Federal Communications Commission rule that expands wiretapping laws to cover Internet calls — or Voice over Internet Protocol (VoIP).

Law enforcement agencies already can obtain a subpoena for the contents of VoIP calls from Internet access providers. But the FBI and others want the ability to capture the technology live and they want systems designed so it would be easy to do that. “

BBC halts Blackberry use

The Guardian reported today that RIM (of Blackberry fame) had to resolve an “obscure bug”, which caused the BBC to suspended use of the mobile devices due to security concerns:

“Siemens, which provides the IT backbone for the BBC’s email system, was asked to close the Blackberry network last week after a Creative Futures senior management awayday at which users compared emails and discovered they were receiving messages not intended for them. The decision left around 300 BBC executives and programme makers frantically checking their ‘sent’ folders to make sure they had not inadvertently betrayed any confidences or criticised colleagues. Insiders said that while some of the rogue emails were potentially embarrassing, there were no serious leaks.”