Monthly Archives: November 2005

Security

Toyota dealers ignore serious software bug

Leave a comment

While many people regularly debate regulations and liabilities for software security bugs and vulnerabilities (e.g. on Schneier’s blog here and here), I thought I’d reference a November 3rd, 2005 bulletin from Consumer Affairs that Toyota dealers are selling cars that may “suddenly stall or shut down” due to a software bug:

While the Toyota Motor Corp. is notifying 75,000 Prius owners of a software glitch that can cause the hybrid cars to suddenly stall or shut down, the company is apparently continuing to sell the hybrid vehicles that carry the software problem. […] The National Highway Traffic Safety Administration (NHTSA) has opened an investigation into the stalling problems.

As a side note, I have written previously on Schneier’s blog about the very important role security experts can play in all this (February 25, 2005 12:20 PM):

…the next time you run into public figures like Howard Schmidt, please remind him that he is actually “pro-regulation” when he says that we need fair and balanced laws.

I also debated this with Howard at length at a conference in Scotsdale, AZ in 2004 and again with him via email for a while in 2005 but I apparently did not make a big impact on him. Fundamentally I think his heart’s in the right place, but his extreme view that individual developers are solely responsible for bad code is an incredibly naive view of the economics of software development. Schneier appears to have more balanced perspective.

Energy, History, Security

End of the line for London’s Buses

Leave a comment

I find it quite sad that the historic “Routemaster” red double-deckers are being put out to pasture, instead of updated and maintained as part of London’s heritage and gift to the world of transportation.

Something about the trust model of an open back entry space always intrigued me, as well as the fact that the driver was in a completely different role than the ticket-taker (similar to a train). I have known several people who spent their early years serving in either or both roles (rural routes often only employed a driver) and they shared many funny anecdotes about the security system used to keep passengers honest. In some sense the group of passengers themselves provided a baseline of behavior and could intervene if someone was out of line. I suspect it is the opposite today, with a driver relying on a surveillance system and virtual law enforcement techniques to protect the passengers from themselves.

There are some legitimate issue with the 50-year old design, which probably could have been improved. Similar to historic buildings that are updated and retrofitted to modern standards, at least some of these buses deserve to continue their services rather than be deprecated and wholly replaced by a series of economically driven short-term visions of the future. Fortunately, it appears a group is working on just that kind of mission, which they call the Heritage route.

Incidentally, London is scheduled to host an international transport security conference in central London, November 13-15, 2005. I wonder if anyone will cover the issue of domestic and secure fuel sources? With all the greasy fish-and-chip shops, one would think England’s public fuel supply-chain could be dramatically improved.

Poetry, Security

Album is to Single as Book is to Chapter

Leave a comment

First we hear that Einstein and Darwin used rapid and succinct messaging as a foundation of their correspondence, and now Amazon has announced that you can buy chapters of books. Given Apple’s success in selling songs rather than albums…altogether it seems to me that Attention Defecit Disorder should be regarded as something of a normality for human consumption and communication rather than the exception. After all, why force yourself through 200 or more pages of nonsense when an important thought only needs twenty-five pages (or a brief blog entry)? Or, as some album-bands of the 80s pointed out, there is nothing particularly necessary about trying to tie a single brillant riff or expression into two or three hours of messy pyrotechnics and big hair costumes. In food terms, a lot of noise is being made about the “supersize” phenomenon, which shows that people are susceptible to wanting quantities of superficial chemically-enhanced filler instead of a simple and effective bite of nutrition. Or…dare I say it…poetry as a more succinct form of communication?

And the implication for security is that it could be easier to defend smaller packages with fewer attack vectors, but it may also be more difficult if it becomes necessary to extend beyond each instance and defend a dynamic relationship/network of connected material. In other words, it’s easy to secure a single workstation compared with securing a workstation’s network (perimeter-shift).

Security

Cruise Ship fends off Pirates

Leave a comment

The BBC reports that a Cruise Ship of the Caribbean was attacked by pirates about 100 miles off the coast of Somalia:

“At least two boats closed in on the Seabourn Spirit, firing automatic weapons and rocket-propelled grenades at the cruise liner. But crew took evasive action, repelling the attackers without returning fire.”

The ship defended itself by making a “loud acoustic bang” that apparently scared away the attackers. Wonder if the crew was trained in making noise, or something was just thrown together. No mention was made of Disney’s upcoming pro-Pirate advertising campaign.