I know this is more about safety than security, but I just found the story somewhat shocking:
“Rev Kyle Lake, 33, was standing in a small pool used for baptisms at the University Baptist Church when he was electrocuted on Sunday morning. Rev Lake reached out to adjust a nearby microphone, which produced an electric shock, said church pastor Ben Dudley.”
Sad but true.
SecurityFocus reports today that US SCADA systems are finally getting the attention they deserve:
“Wary of the increasing number of online attacks against industrial control systems, the U.S. government has begun a major push to secure the systems used to control and monitor critical infrastructure, such as power, utility and transportation networks.”
I did some consultative/audit work with a utility company in the late 1990s and was surprised that networked systems had become so commonplace with so few controls. Fail-safes were everywhere for the critical infrastructure (most of which was heavily engineered and influenced by ideas that probably went back to the beginning of utilities themselves) so disasters seemed unlikely without some knowledge or access, but simple network devices (routers) and Microsoft software were spreading like crazy to “increase efficiency” for remote management and control systems.
To be fair, that all was before the Critical Infrastructure Project (CIP) was even started. I just checked their online files and it seems that progress is slow but steady.
I just ran across a report by Wired, published on September 28th, called “Green Berets Prefer Biodiesel“. I am thus happy to correct myself and say my earlier post on this subject, as well as the follow-up, were a bit hasty. Wired says that the military has been steadily increasing bio-diesel use for several years now.
This is great news for several reasons. The military move towards diesel motorcycles may quickly prove the viability of a robust yet small consumer engine. In addition, the fact that the Army, Navy, US Postal Service, Department of Agriculture, and NASA are all looking at bio-diesel means a more acceptable alternative to petroleum-based fuels could be on the precipice of mass adoption in a country that has been virtually blind to the importance of alternative fuels.
“That’s important to the military’s role as a public citizen, says [fleet manager for Marine Corps vehicles in Camp Pendleton] Funk. ‘We operate our vehicles on the public highways,’ he says. ‘Biodiesel sends a signal to the American public that we’re working to keep the air clean, and to reduce our dependence on foreign oil.'”
Admittedly, while it is nice to hear fleet managers give a kinder-gentler environmental message, the realist/security practitioner in me says bio-diesel is a more secure and sustainable fuel for domestic as well as foreign troop deployments. The article even mentions that waste oil from the mess halls is now used to fuel the transport vehicles. No matter how you slice it, bio-diesel is the fuel that just keeps giving — engines run longer (better lubricity) as well as cleaner (less smoke) and can take just about any fat/oil you can scrounge up, which leads to far less vulnerability in storage and transit. It stands to reason, therefore, that special forces would go this route given the obvious reduction in vulnerabilities compared to traditional petroleum supply-chain and storage.
Just imagine if consumer-grade Diesel engines today had half as much development and innovation effort put into them as other engines (like the new Corvette Z06 powerplant). I look forward to a diesel-hybrid in the (near?) future for the ultimate in efficiency and performance without the inherent security risks of petroleum.
HDT USA announced that they are producing Diesel Motorcycles for the US military and they will be on sale to the general public in March 2006.
I’ve written before about the odd fact that the US military relies heavily on diesel but doesn’t seem to have domestic-diesel production strategy. The reliance on foreign oil is a conversation piece for most of us, but one would think the US military would see something like biodiesel production as a hugely influential factor in supply-chain dependence and security.
Imagine remote units converting local fats and oils into fuel rather than requiring vulnerable fueling convoys to follow them around.
I am putting a proposal together to present a domestic-fuel strategy to a VP of a logistics / distribution division for a major American company. A year ago bio-diesel production was hovering around US$3/gallon, which was a bit high for most execs to swallow and so we used to also talk about the environmental benefits for the air, landfills, etc., but those don’t incite change on their own, yet. However, today the import-oil companies charge as much if not more for their fuel, making the transition to a more secure (and cleaner and more efficient) domestic source somewhat obvious, no?
I have issues with Disney for a whole number of reasons. Perhaps someday I will create a page to explain. I think it all started with a book I read as a kid about the CIA’s use of Scrooge McDuck and Huey, Louie, etc. in Latin America propaganda. Not that I disagreed with the use of comic-books, but if you read the actual comics they distributed you would know what I mean.
Bruce Schneier writes about the DMCA review by the US Congress today.
Posts on his blog seem more and more factual and less opinionated, perhaps due to time or just the general issue of dealing with the firestorm that can follow from giving any perspective. On the other hand, his links to “good information” all point to groups who oppose some aspect of the DMCA. Anyway, I read through the links that Bruce provided and this section stood out to me:
(3) As used in this subsection-
(A) to “circumvent a technological measure”? means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work”? if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
17 U.S.C. 1201(a)(3).
I’ll try the trackback system again instead of posting directly.
The Associated Press reports that “Privacy and technology groups asked the federal appeals court in Washington on Tuesday to overturn a Federal Communications Commission rule that expands wiretapping laws to cover Internet calls — or Voice over Internet Protocol (VoIP).
Law enforcement agencies already can obtain a subpoena for the contents of VoIP calls from Internet access providers. But the FBI and others want the ability to capture the technology live and they want systems designed so it would be easy to do that. “
The Guardian reported today that RIM (of Blackberry fame) had to resolve an “obscure bug”, which caused the BBC to suspended use of the mobile devices due to security concerns:
“Siemens, which provides the IT backbone for the BBC’s email system, was asked to close the Blackberry network last week after a Creative Futures senior management awayday at which users compared emails and discovered they were receiving messages not intended for them. The decision left around 300 BBC executives and programme makers frantically checking their ‘sent’ folders to make sure they had not inadvertently betrayed any confidences or criticised colleagues. Insiders said that while some of the rogue emails were potentially embarrassing, there were no serious leaks.”
Another interesting article from the TG Daily: “According to EFF attorneys, DOJ lawyers are ‘twisting’ existing laws such as CALEA and the Wiretap Act to obtain these warrants. Kevin Bankston, Staff Attorney with the EFF, says, ‘They are wholly misrepresenting the law. Some judges are calling them Hail Mary arguments.'”
The TG Daily writes “‘Dean Au, chief executive officer of AirMagnet, believes that Bluetooth devices will become a bigger target for hackers’ as the penetration of the technology grows. The software is able to provide a sense of security to users, he said: ‘BlueSweep gives Bluetooth users a way to know if their devices are vulnerable.'”
Here’s an interesting case of errors in an unchecked data-input process, discovered by the Michigan State Auditor General. The story appeared on The Register, which was kind enough to link to the original news story posted by WLNS.com:
“A flaw in computer programming caused State jails to release 8 prisoners anywhere from 39-161 days early, prisoners who were doing time for everything from embezzlement and drugs to bad check writing…A followup study by the Department of Corrections found 15 more prisoners who were either let out early or late.”
From there I found the actual audit document itself on the Michigan Office of the Auditor General, available as Report Number 47-591-04
As it turns out, Michigan’s Auditors are on a roll. A BNA report published earlier this year noted that Michigan voter and drivers’ license databases were improperly secured for seven years:
“The Michigan Auditor General found, in a report issued March 18, that the state’s security methods were not effective in protecting voting and driver’s license databases from potential hackers between 1997 and June 30, 2004 (Mich. Aud. Gen. Report No. 23-591-04)”