Jane Norton on Security

Jonny Karpuk, a veteran of the US Army 173d Airborne Brigade and a graduate of West Point, says the Colorado Republican is guilty of using a fear-mongering campaign that is Wrong on National Security

After watching the video [campaign advertisement], I can’t help but think that Norton’s national security policy boils down to a simple mantra: Give Failure Another Chance. It seems that not only does she not understand what the war on terror is but that she also wants to take us back to the foreign policy of George W. Bush’s administration, the same policies that got us in the mess we’re in today.

I have not watched the video but apparently the screen goes black and the sound of planes flying can be heard just after a reference to 9/11; the message is that we are at war with all Muslims and rights against self-incrimination have been suspended. That qualifies as fear mongering, no?

A campaign by veterans has started to gather signatures against the advertisement:

“We have zero tolerance for her attempt to raise money and to scare voters into supporting her candidacy,” the letter [from thirty-two veterans and elected officials] said. “The words in this video are insulting to our armed forces who are fighting and sacrificing.”

This should not be unexpected. Even without tasteless and insulting marketing the Republicans often have a tough time wooing veterans. The Disabled American Veterans website suggests Democrats in office have a record of supporting veteran support legislation, while Republicans typically do not.

Norton’s office has responded to the criticism by renaming it and pretending it is in a far away place. It is not a group of Colorado veterans in her mind, apparently, who are saying she is wrong. She labels them Washington liberals. The campaign spokeswoman provides some deeply ironic material in The Denver Post:

The liberals in Washington want to sweep the threat under the rug, rename it, pretend it’s in a far away place. Jane Norton won’t let that happen. The advertisement is not coming down

Veterans in Colorado critique her security skills and demand more respect. She deflects the request and tries to paint federal government as the problem. Whether or not the veterans who dislike her actually have ties to Washington, her response to them has generated a “Puppet Jane Norton” site that now documents her extensive ties to Washington.

state Republicans have voiced resentment over what they see as Washington insiders picking their candidate for them. They’re probably right — the Republican Senatorial Campaign Committee purchased two Internet domain names for [Jane Norton] weeks before she decided to run.

That would explain why she wants to return to security policies of the last Republican administration.

Expiration Dates and Water

Bottled water in America is big business. Two years ago a quarter of the world’s bottled water was sold in the US for over $12 billion. Some might say that two years is all water can last, judging by the expiration date printed on the bottle.

Sadly, the expiration date was printed on water bottles for reasons unknown. Several sites say the date was to comply with a poorly written law in New Jersey that has since changed. That seems hard to believe and I have found no evidence that it existed. In any case (pun not intended) an expiration date certainly does not relate to safety or health of the water.

Here is the FDA statement on the subject:

Bottled water is considered to have an indefinite safety shelf life if it is produced in accordance with CGMP and quality standard regulations and is stored in an unopened, properly sealed container. Therefore, FDA does not require an expiration date for bottled water.

Those paying 1000 times the price of water from the tap perhaps would be first in line to want an indefinite life. The DHS and American Red Cross have a different recommendation:

The U.S. Department of Homeland Security and the American Red Cross both encourage the public to change their bottled water every six months.

I suspect the DHS and Red Cross really want to ensure people actually have water, or to help them remember where their water is stored. They say the six months is targeted at people who bottle their own water, to ensure that bacterium does not form. This makes bottled water seem like the less-risky option again because of the process, but the bottles themselves are another matter.

The PET (#1 or polyethylene terephthalate) used for hand-held containers and HDPE (#2 or high-density polyethylene) for big containers is said to break down from chemicals, heat and UV as well as absorb materials around it. Coca-Cola has found their Dasani bottles introduce flavor to the water over time:

Susan McDermott, says the company has done research on its own Dasani brand showing that the taste of its bottled water changes after its one-year expiration date. But, she adds: “It is probably not something the average person will notice.”

Perhaps Coca-Cola could start to market Dasani water as better with age? Instead of an expiration date, they should print the date it is bottled like a fine wine. Imagine a Dasani bottle of water from 2006 that has been stored in an oak barrel…

ATM Skimming and Pencils

Krebs on Security starts off with an interesting article on how an ATM Skimmer Transmits Stolen Data Via Text Message. The focus of the article then derails into a tangent about a pencil in one of the photos:

The markings on the pencil show it to be a “Koh-I-Noor” drafting pencil, a brand of writing utensil first introduced in 1890, according to leadholder.com, which bills itself as the online “pencil museum.” Leadholder.com says this writing stick established a number of trends in pencil design that we now take for granted, most notably the yellow finish, a trait that other pencil manufacturers would later imitate. More importantly, the maker of the Koh-I-Noor, a company called L&C Hardmuth, is based in the Czech Republic.

The same photo shows the #1 button has only QZ. This indicates that the photos are being taken by someone in Australia. The pencil appears in an earlier photo as well but it is not clear why.

I can see the point (pun not intended) in getting excited about tracing the pencil, but it is less relevant than a keypad. You are unlikely to see a #1 button with QZ outside of Australia. That matters more than the pencil because it has to be used in the criminal operation. The pencil’s origin could illustrate (pun not intended) the personality or preference of the person taking photos, or be a clue to the environment the photos were taken. That being said we also could analyze the wood grain of the table. Instead, I think this is what Krebs really should have noticed.

Pencils tend to drift around. Speaking of tangents, the pencil name means “Mountain of Light” in Persian. An American operation could still have a Koh-i-Noor, but it is more likely that the photo would feature a mechanical/technical pencil at least, or a pen. Something like this:

That photo is actually taken in America. Look carefully at the clip and you will see “made in Japan”. The F is another way of saying HB, which in America would be a #2. Uh oh, who wants to guess where these pencils are actually from?

Anyway, the Krebs tangent reminds me of a joke about the cost and innovation of the American space program. The US agencies spent nearly a decade and millions of dollars to develop ink and a pen that could be used in zero gravity. The Russian response was to continue to use a pencil.

iPhone iOS4 upgrade on Ubuntu 10.04

I upgraded an Apple iPhone 3GS today to iOS4. It took about 3 hours with a bit of time spent messing with USB.

The platform was Ubuntu 10.04 (Lucid Lynx) with VirtualBox 3.2.4 running Windows 7.

It actually might be a stretch to call the process an upgrade.

The first thing that happened after iTunes did a sync and started the process was the phone restarted and went into “recovery mode”. This is when a logo of iTunes and a USB cable appear.

Advertising iTunes, even when you are down? This made me nostalgic for the sad mac.

Which is more helpful? You be the judge.

So, it turns out that an iPhone in recovery mode must reconnect to the same iTunes that started the “upgrade”. That is because a new OS is not just an upgrade — the phone is wiped (although I have not yet done forensics to look for residue) and then restarted before the new OS is installed.

The problem with VirtualBox on Ubuntu at this critical point is that an iPhone in recovery mode may not appear to a guest. It appeared in the list of USB devices but was greyed out and Ubuntu was not able to mount it either.

Privileges necessary to mount a “recovery mode phone” are higher than a normally operating phone. This could be related to the /dev/bus/usb directories. The character special file (e.g. /dev/bus/usb/008/001) has 664 (crw-rw-r–) permissions and is owned by root:vboxusers. The fact that it works fine before the phone goes to recovery mode must have to do with how usbmuxd and libgpod operate.

To avoid this snafu you must verify correct permissions are set for VirtualBox. In a terminal edit /etc/group so your username is in vboxusers:


Here’s the graphical version to do the same thing:

Click on System –> Administration –> Users and Groups

Then click on the Manage Groups button

Scroll down to the vboxusers group. Select it and then click the Properties button.

Click the box next to the username to add to the group.

It also is recommended to add a USB filter in the settings for the guest OS. Set the Vendor ID to 05ac

With those settings in place the iPhone will be detected and iTunes will push the new iOS4 to it. Once it restarts it will ask you if you would like to recover your data.

My experience so far is that calls still drop often and battery life is poor. The upside is that email can be threaded and supposedly it is encrypted for real this time. More on that later.

Blue Balls in Italy

I can not wait to hear comedians comment on the news from Italy about suspicious cheese.

A batch of about 70,000 mozzarella balls which turned blue upon opening has been confiscated by food authorities in Italy, officials say.

Blue cheese? Apparently the Police are called in Italy when cheese goes blue. I would wager the cheese would get a completely difference reaction in England or France. Maybe the cheese was just shipped to the wrong market.

Some interesting facts in this incident:

  • 60% of Italians regularly eat mozzarella
  • The cheese in question was produced in Germany for “discount supermarkets”
  • The blue was by bacterium, not toxicity

Bacterium is essential to making cheese flavorful. The blue thus could be a good thing, or it could be bad. Control of bacterium is an interesting and ancient security issue, as an article from 1897 explains.

The food value of cheese is dependent upon the casein which is present. The market price, however, is controlled entirely by the flavour, and this flavour is a product of bacterial growth. Upon the action of bacteria, then, the cheese maker is absolutely dependent; and when our bacteriologists are able in the future to investigate this matter further, it seems to be at least possible that they may obtain some means of enabling the cheese maker to control the ripening accurately.

Italians outsource mozzarella to Germany? Engines and suspension, I can believe, but food? What were they thinking? Also notable that the police responded without any illness reported, just suspicion based on color.

the poetry of information security