The TG Daily writes “‘Dean Au, chief executive officer of AirMagnet, believes that Bluetooth devices will become a bigger target for hackers’ as the penetration of the technology grows. The software is able to provide a sense of security to users, he said: ‘BlueSweep gives Bluetooth users a way to know if their devices are vulnerable.'”
Here’s an interesting case of errors in an unchecked data-input process, discovered by the Michigan State Auditor General. The story appeared on The Register, which was kind enough to link to the original news story posted by WLNS.com:
“A flaw in computer programming caused State jails to release 8 prisoners anywhere from 39-161 days early, prisoners who were doing time for everything from embezzlement and drugs to bad check writing…A followup study by the Department of Corrections found 15 more prisoners who were either let out early or late.”
From there I found the actual audit document itself on the Michigan Office of the Auditor General, available as Report Number 47-591-04
As it turns out, Michigan’s Auditors are on a roll. A BNA report published earlier this year noted that Michigan voter and drivers’ license databases were improperly secured for seven years:
“The Michigan Auditor General found, in a report issued March 18, that the state’s security methods were not effective in protecting voting and driver’s license databases from potential hackers between 1997 and June 30, 2004 (Mich. Aud. Gen. Report No. 23-591-04)”
Why would McDonalds bother?
The Chief Exec is quoted by the BBC: “We’ve given them what they asked for and then people take responsibility about whether they add it up or not add it up.”
Did consumers demand this information prior to “Fast Food Nation” and “Supersize Me”, or more importantly prior to the lawsuit that claimed fast food companies are liable for customers with eating disorders? Does the corporation perceive more risk now (from not providing the information) compared to when they first adopted the current recipes/ingredients?
It might seem overly tongue-in-cheek at first glance, but the Register’s ongoing coverage of Google satellite imagery has some interesting implications for privacy and information control. In general I think it good that we have better navigational aids, but clearly there will be some issues for anyone who is trying to fly below radar, so to speak. It actually reminds me of sand dunes in Baja that do a poor job of hiding Mexican military equipment from ground view, yet from the sky…
On a slightly-related note, the flashearth site has a nice view of what future interfaces couold look like. I wonder if anyone at Google is working on (or cares about) flat map distortion characteristics?
Weak algorithms (e.g. your name and and a shared secret) used to “seed” new systems are another area where two-factor authentication (TFA) can really help improve security.
Here’s a story from the San Francisco Chronicle that illustrates how things might happen now if unique and random passwords, let alone TFA, are not planned for the system launch:
“The personal information of tens of thousands of California children — including their names, state achievement test scores, identification numbers and status in gifted or special-needs programs — is open to public view through a security loophole in dozens of school districts statewide that use a popular education software system.
Teacher names and employee identification numbers are also visible to anyone logging onto the system, which is used locally by school districts including San Francisco, San Jose and Hayward.
The problem occurs when the districts issue a generic password to teachers using the system. Until the teacher changes to a unique password, anyone can type in a teacher’s user name and generic password and gain access to information about students that is supposed to be guarded as closely as the gold in Fort Knox.”
Bruce Schneier picked up the ATM story today on his blog, with an interesting perspective. He says “how lucky everyone was”…I posted something in his comments section about the liability issues raised in the article, which is where I felt I would have been headed anyway.
Bruce also has added an excellent link to Ross Anderson’s page regarding phantom withdrawls.
Time to give this trackback thingy a try…
The British Crown Prosecution Service announced on the 19th that they have created a “110 strong network of high tech crime specialists”. I noticed this today, ironically around the same time as the Register article on ATMs and phantom withdrawls.
The Register has a fascinating report on how British Banks failed to deal with the fact that phantom withdrawls from ATMs were a real problem, until a man of integrity discovered it and (arguably) saved the system:
“This is the story of how the UK banking system could have collapsed in the early 1990s, but for the forbearance of a junior barrister who also happened to be an expert in computer law – and who discovered that at that time the computing department of one of the banks issuing ATM cards had “gone rogue”, cracking PINs and taking money from customers’ accounts with abandon.”
I posted it on Bruce’s blog today as well:
Microsoft released a new Windows XP Security Guide today. Here’s their breakdown of the contents:
“The guide provides specific recommendations about how to harden computers that run Windows XP with SP2 in three distinct environments:
- Enterprise Client (EC). Client computers in this environment are located in an Active DirectoryÂ® directory service domain and only need to communicate with systems that run Windows 2000 or later versions of the Windows operating system.
- Stand-Alone (SA). Client computers in this environment are not members of an Active Directory domain and may need to communicate with systems that run Windows NT 4.0.
- Specialized Security â€“ Limited Functionality (SSLF). Concern for security in this environment is so great that a significant loss of functionality and manageability is acceptable. For example, military and intelligence agency computers operate in this type of environment.”
It’s not exactly clear why diesel has jumped higher than other fuel prices, but one thing is for sure: Diesel’s original intention was to create an engine that did not require dependence on foreign petroleum sources, or the corporations that controlled them.
Many people point to several key economic reasons for the rise in prices this season:
1) Diesel prices are impacted by the demand for heating fuels (distillates) so it has a seasonal fluctuation.
2) About 95% of production in the Gulf region is still not back on the market. This is probably related to the fact that over half of the Gulf platforms and a good number of drilling rigs aren’t running yet, not to mention 10 or so refineries are closed in LA and TX. Altogether this is apparently an impact of about 10% of total US production.
3) Speculators aren’t stupid and they find ways to increase demand in order to contribute to the rise in prices and get better returns on their investment.
That’s all fine and dandy on some level, but it reminds me of the letter from Shuster to the Energy Secretary back in 2000 when prices were doing something similar:
“We have received numerous reports regarding the alarming spike in diesel fuel prices, the most dramatic of which has New England customers paying 40 cents more per gallon than they paid just one week ago. By any account, diesel fuel prices appear to be rising out of control.”
No Hurricane to blame back then. Quite the opposite, a Congressman wrote the US Attorney General because “we believe to be price gouging and manipulating of consumers”.
Again, that corresponds to Diesel’s own description and prediction of petroleum-based engery corporation behavior back in the 1800s — the very reason his engines will run on oil or fats from just about any source including fish, meat, vegetables, etc..
Moreover, as we know today, the market was in fact being manipulated in 2000 and consumers were being, please pardon my french, screwed by Enron:
“U.S. Rep. Jay Inslee announced this evening that he will offer an amendment next week to energy legislation in the U.S. House of Representatives that will help provide refunds to consumers and the Snohomish County Public Utility District (PUD) for high rates resulting from energy market manipulation”.
One last thing to consider is that the US military relies heavily on petroleum diesel production and has done a great deal to enhance/modify diesel engines for everything from ships to motorcycles (not to mention advances in trend analysis and condition based maintenance), but for some odd reason they haven’t done much to change the source of the fuel to something domestically and more sustainably produced (like B20 or even B5, which is working quite well in Europe).