MS Messenger 8 is NOT released

Here’s a funny new trend in announcing software to your users. “Microsoft Messenger 8 has not been released”. In fact, you may even want to say “If you see a file called BETA8WEBINSTALL.EXE (or an obvious variation/advertisement) then please ignore.”

Even the old saying “patch early/often” can and will be held against you by the clever worm and virus authors.

Why Christmas is a holiday

Because congress adopted a federal holiday on June 26, 1870. Simple.

Why, you ask?

Well, it had an inauspicious beginning in the country. It was so controversial (decadent) in the 1700s that it was actively banned by Puritains, including those who left England to settle the early American states. Perhaps more importantly it was shunned by the Founding Fathers since it was considerd an English tradition and irrelevant to the observance of religion. Alas, Digital History suggests by the early 1800s Christmas in America had become just another famously drunken, lewd and riotous event, rivaling the decadence of old King Charles’ England:

But despite the Puritans’ best efforts, Christmas in America became an excuse for dangerous hell raising. At Christmastime, men drank rum, fired muskets wildly, and costumed themselves in animal pelts or women’s clothes – crossing species and gender. In New York, Philadelphia, Baltimore, and other cities, they formed Callithumpian parades, which involved beating on the kettles, blowing on penny trumpets and tin horns, and setting off firecrackers.

Sounds like a blast, no? Well, the fun obviously never lasts forever and so things eventually came to a head when, according to the History Channel, the effects of Christmas coupled with a rise in poverty and class conflict of the early 19th Century gave concern to those who were in power:

In 1828, the New York city council instituted the city’s first police force in response to a Christmas riot. This catalyzed certain members of the upper classes to begin to change the way Christmas was celebrated in America.

The new message was that people should stay home, sit by a fire, and drink and eat themselves senseless instead of partying outside with others. And so, out of the political discord of 150 years ago we can today say thank you to the federal government for inventing a national tradition and opening the door for America’s two great factions, corporations and religions, to fight over control of the “real” meaning of this holiday.

Nast's Santa
Thanks should also go to Thomas Nast, arguably the father of modern American political illustration, for creating the modern American image of Santa Claus during the Civil War…it might be worth noting that Santa was always pro-Union and anti-slavery.

Oh, and why December 25th? Apparently Pope Julius I wanted something to compete with the popularity of the festival “Saturnalia”, and probably found it most convenient to just rebrand the pagan holiday with a new name. Merry Saturnalia had a bad ring to it, I guess (especially since the word implied an “inversion of order” instead of something Christ-like).

Personally, I think the holiday should be celebrated on June 26th before someone starts another winter riot over the latest must-have expression of modern faith, like an XBox.

TDI Passats appreciate in value

USA Today reports today that the ’04 and ’05 VW TDIs have appreciated in value, unlike most cars which have depreciated as much as 26%. And when you consider the diesel option actually made the car cost less up-front than the gas engine, bio-diesel powered Passats have turned out to be not only one of the most fun cars to drive but also a good financial and environmental investment.

Carriers liable for end-point security

NetworkWorld quoted the AT&T CISO, Ed Amoroso:

The past decade has been tough – the security industry has lost its way. At one point we had no security; now there’s too much. This has been the era of security getting worse and worse. Today there’s too much software from vendors that needs to be patched. There are viruses and worms and spam and firewalls…carriers need to be doing security for the endpoints.

The theory is that a central entity can do a better job filtering the data to detect anomalies, and that the end users can not all afford to specialize in security.

But how do we know that AT&T has a security baseline that is consistent with ours as end users? I agree with Ed that the most basic threats should be removed by the carriers (like the centrally-controlled conditioning that removes big spikes and sags from the power lines), but do not see how he can get around that fact that end users will always have vastly different risk models that need individual solutions. Some of us still buy small UPS, some big, and some go with multiple UPS plus generators. That doesn’t mean we don’t think that the power company shouldn’t be liable for outages, it just means we don’t all address the same risks let alone agree to a universal fix.

sunbrella

sunbrella

This red-dot winner seems like a good idea at first glance. It’s a sunbrella/solar-panel. Perfect for beachgoers who need to power those portable air conditioning units or giant portable beer coolers. In fact, this seems like the just the right thing for small villages in the desert that suffer little or no wind, which brings me to my second glance; what happens when the breeze picks up the disc and launches it like a monster frisbee into the monster-truck parked next to the guy with all the muscles? And how do you collapse/store the thing when you don’t want every bird in the harbor to use it for target practice? Ew, messy. Oh, well. At least it looks a lot prettier than the CIA’s new solar and wind energy units, shown below, made by SkyBuilt Power.

The CIA plop and drop

The Gospel of the FSM

Bobby Henderson reveals that he is gainfully employed now. Just don’t ask about his last supper.

Interview with Wired News:

WN: How were you inspired to write The Gospel of the Flying Spaghetti Monster?

Henderson: The book is necessary so that people see how much hard evidence supports the existence of the FSM. You can make a pretty strong argument for His existence. Especially if you use the same sort of reasoning the ID people do: specious reasoning and circular logic. I suspect the mainstream religions will concede after reading it.

I know this might be a stretch for information security related topics, but the FSM brings to mind a need for clear standards to either accomodate a wide-base for interoperability or a narrow set of similarly defined values. If the core value is revealed to be nothing more than “specious reasoning”…well, that just opens the spec up for all sorts of crazy ideas. The Intelligent Design movement clearly had a supreme marketing department, but their engineering and IP controls leave a lot to be desired.

Or as Bobby put it:

I think it’s pretty amazing that these people without scientific backgrounds — or really any education at all — think they have the right to decide the science curriculum. And it blows my mind that they are getting away with it.

You have to admit the guy has balls, meat balls that is.

Ford Motor Breach

Another big “small” breach is announced:

“Ford Motor Co. informed about 70,000 active and former white-collar employees that a computer with company data, including social security numbers, was stolen from a Ford facility.”

These “smaller” breaches (compared to the hundreds of thousands or even millions of records lost by financial institutions, etc.) are especially worrying because of ID Analytics’ statement that the lesser numbers indicate a higher percentage will be used for fraud.

Guidance Software Announces Breach

This is big news about a small breach. The self proclaimed “leader in computer forensics and incident response solutions” discovered a security breach on December 7th, 2005. SecurityFocus reported today that financial information including CVV was lost:

The breach, which took place in November, resulted in the loss of customer names, credit-card numbers and the three-digit card verification values (CVVs), which merchants are not supposed to retain, according to reports.

This is also reported on news.com.com (strange domain name, eh?):

The attack occurred in November, but wasn’t discovered until Dec. 7, John Colbert, chief executive officer of Guidance, said in an interview Monday. The attack exposed data on thousands of the company’s customers, including 3,800 whose names, addresses and credit card details were exposed, he said.

However, the official Guidance letter clearly states in the first paragraph “Fortunately, the database that was compromised did not contain any of your financial information that could put you at risk of identity theft.”

Of course most of the people (computer forensics and incident response professionals) who recieved this letter must have immediately suspected something was fishy. After all, why would Guidance send out the notice if there was no breach of sensitive data? And then there were those who are already reporting that they are victims of the breach…

Victory comes with consent

Interesting book by General Sir Rupert Smith called “The Utility of Force”.

The Times review says this military expert’s book criticizes US leadership to initiating a war in Iraq without a realistic mission definition. It is a critique that begins with semantics and ends with tactical suggestions.

You cannot blame the leaders, of course, if all they have read is Clausewitz. It will be no surprise therefore that General Smith is wholly dismissive of the US-led “War on Terror . . . intended to deliver a decisive victory over terror according to the leadership who declared it”. This is a notion “without useful meaning, at least in terms of describing the conduct of this confrontation,” says General Smith. “The terrorist is demonstrating a better understanding of the utility of force in serving his political purpose than those who are opposed to him — both political leaders and military establishments.”

The conclusion seems to be that warfare is now failing due to antiquated concepts applied to a changing world.

To take a historical example: machineguns, barbed wire and artillery made horsed cavalry obsolescent by 1915, but before the technological possibility of fast-moving, long-endurance tanks (not much before 1925) there was no alternative to keeping horsed cavalry since without a mobile arm there was no means of exploiting battlefield success. Ironically, General Smith now despairs of the huge numbers of tanks that Western forces possess since they are of limited utility when war is fought principally “amongst the people”. He does not say that swords should be beaten into billhooks, or for that matter into high-tech military instruments: he argues for an understanding that the longer and more complex battle is for the people’s will rather than for the destruction of an opponent’s forces.

Makes perfect sense to me. It reminds me of the development of the Apache gunship to outfight the Soviet helicopters in Afghanistan. The US technology was faster, more maneuverable and had more firepower. When the Soviets no longer were any kind of threat the Apache gunship became an expensive and lonely technology. It was thus re-purposed into new threats that were far more able to defeat it…ironically, the same threats that the Soviet helicopters really faced — Afghan guerrillas with US shoulder-fired rockets.

The bottom line is that in today’s political climate people will not agree to be subdued under impressive military might; they realize more than ever that they have the means and probably even justification to form their own power structures.

It comes down to a polite thank you for assistance removing one form of threat but a no thank you for further interference that is perceived as yet another threat.

Conservative thinkers such as Rumsfeld and Cheney apparently operated under an illusion that big armies win, end of story. Yet victory from violence at a shock and awe level alone does not warrant welcome parades. Sadly historians could have set them straight on this very quickly; it is actually a big army presence that is most likely to be rejected by local populations. A more tangible connection or concept has to accompany the utility of troops.

Battles just don’t work any more. War is now waged not in the field but the street, so victory is possible only with the people’s consent.

The event of being overrun by a top-down organization that is too large and foreign to be representative or responsive does not translate directly to the feeling of liberation.

My Masters Thesis on the liberation of Ethiopia by the British in 1940 to 1943 explored this issue. It was a delicate operation to repatriate a sovereign leader, which has had lasting effect on the security and stability in the Horn of Africa. The UK War Office tried to involve Haile Selassie with their troops as a means to bolster support for the British military offensive and acceptance after occupation. Instead they found Ethiopia still quickly moved to relationships with other nations that had no liberating role and they called for direct control or withdrawal of British forces. The inability of the occupation to generate social and economic successes precipitated political fracture. Groups worked together to pull apart the old regime. A vacuum of power allowed a new harsh unity to be formed by extremists, which further disintegrated notions of unity and the region fell into decades of separatist and guerrilla combat.

History is littered with examples of this liberation-to-loss concept, as the Times explains:

What is so appalling about Iraq is that it was predictable — and indeed it was predicted — from even a nodding acquaintance with history. General Smith cites Bonaparte’s invasion of Spain: the Spanish army collapsed, Madrid fell, but guerrilla warfare put the victory to nought, fatally bleeding the occupation forces. In the Anglo-Boer War, after the initial reverses the British quickly defeated the Boer field forces and occupied their two capitals, but a change of Boer tactics to something not unlike the Spanish guerrilleros’ prolonged the conflict by another two years, and at considerable cost to Britain’s military credibility and international moral standing.

Jamaican resistance to the Spanish is another good study. The US experience with the Philippines after liberation during the Spanish-American War also is worth a look.

eManifests in use in AZ

The US Customs and Border Protection site has announced the “First Electronic Truck Manifest Filed on Southern Border”. I guess to be accurate they should clarify that the manifest is electric, not the truck.

Anyway, I haven’t seen this picked up in any news (perhaps since it has been working for some time on the northern border of the US and isn’t newsworthy) but I figured the announcement must be meaningful to those who monitor the progress of tracking systems, plus it had some interesting language:

The automated manifest provides CBP officers with cargo information prior to a shipment arriving at the gate. Comprehensive data such as information on the driver and passengers; a description of the conveyance and any applicable equipment like a trailer; and details regarding the shipment are included.

[…]

There are currently 31 ACE ports in the states of Arizona, Michigan, Minnesota, North Dakota and Washington. The schedule for deployments of ACE to additional ports continues in January, beginning with selected ports in Texas in early 2006.

That is many more than I had been aware of and so I am curious when intra-state borders or even road-side checkpoints will have ACE setup.

the poetry of information security