I will be presenting at the 2011 BSidesSanFrancisco conference:

“Dr. Stuxlove or: How I Learned to Stop Worrying and Love the Worm”

When: 4pm, Tuesday, February 15, 2011
Where: Zeum, 221 Fourth Street, San Francisco
Cost: Free (as always!)
RSVP: http://bsidessf.eventbrite.com

Has our “Human Reliability Program” improved since Stanley Kubrick’s 1964 dark comedy film? What has 44 years of international security, leadership and incident response plans taught us? This presentation gives a look at trends in information security breaches and what really has been changing in order to offer several predictions of how best to prepare for what may be ahead. It then sorts out and clarifies the technical details from the most common and most damaging security breaches. Convergence from the trend data and the technical analysis are then wrapped (and if there is a DJ perhaps also rapped) into a conclusion that might surprise you. As Dr. Stuxlove would say: “the whole point of the Doomsday Malware is lost if you keep it a secret”. Grab your hat, open the bay doors and enjoy the ride.

Copy of Presentation: DrStuxlove.PDF

The story in ATM Marketplace has a heart-warming tone, related to improving security.

In addition to reducing time spent on the road, ATMs alleviate concerns about safety. With ATMs installed in close proximity to workers’ jobs, they do not have to travel long distances with cash they have recently withdrawn from a bank, [commercial director of ATM Solutions] Rogan said.

Deployment of ATMs in rural areas has improved the social fabric of farm life, [managing director of Spark ATM Systems] Sternberg said. “Before deployment of ATMs near Keimoes and Kakamas, the men would often spend their money in Upington, leaving their wives and children on the farm on weekends. The men now can spend more time with their families,” he said.

Thus, more ATMs in Africa should mean less time on the road, which reduces risk of accident or robbery, and allows more time to work and be at home. That sounds great. The same might be possible if the employers made a single trip and dispensed cash on payday, but apparently they offload the risk by making their employees travel to banks to get paid.

Aside from the humanitarian aspects, as you might have guessed, there is another compelling reason for banks to expand their ATM presence: profit. Each ATM in rural Africa may see upwards of 6,000 withdrawals a month. With a US$2 fee per withdrawal (or whatever is cheaper than a drive to a bank in another area) very high margins for banks are not hard to imagine:

Cardholders in Africa and the Middle East made an average of 3,914 cash withdrawals per ATM per month in 2009 compared with 1,631 in North America, 2,797 in Western Europe and 2,789 in Asia, according to Retail Banking Research.

The remaining question is whether the bank has introduced any risks to itself by placing ATMs in the rural communities. My work with K3DES on “Protection of Sensitive Data from Device to Acquirer” for the ASC X9 Committee — ANSI (American National Standards Institute) accredited standards developing organization — should help address this issue.

The NYT brings to light the warning signs and risk factors surrounding a suicide in the U.S. Army:

The Army declared him fit for duty and ordered him to Afghanistan after he had twice attempted suicide at Fort Campbell, Ky., and after he had been sent to a mental institution near the base, the home of the 101st. After his arrival at Kandahar early in 2010 he was so troubled that the Army took away his weapon and forced him into counseling on the air base, according to the e-mails from the Army investigator. But he was assigned a roommate who was fully armed. C.I.D. investigators have identified the M-4 with which Sergeant Senft was killed as belonging to his roommate.

“I question why, if he was suicidal and they had to take away his gun, why was he allowed to stay in Afghanistan?” asked Sergeant Senft’s father. “Why did they allow him to deploy in the first place, and why did they leave him there?”