Category Archives: History

Facebook FAIL: ID mixup leads to lawsuit

An established German company named Merck in the 1880s sent one of its chemists to New York to import drugs to the American market and capitalize on the fast-growing economy. Things went so well that just ten years later they began to look for ways to avoid high import tariffs and manufacture drugs in America; by 1900 they expanded operations into the remote and open space of New Jersey.

The company then was caught up in the divisiveness of WWI. German companies on U.S. soil, including Merck, were confiscated and auctioned to American owners. German Merck became a completely separate and distinct entity from Merck operations in America due to the terms of reconciliation and the Treaty of Versailles in 1918. After the forced split the American company eventually grew to be much larger than the German Merck.

Fastforward to today’s news. Facebook staff made the extremely awkward, if not completely ignorant, decision to hand the American Merck control over a page setup by the German Merck.

Facebook Inc said on Monday that it made a mistake in letting Merck & Co take over a page on the social networking website from its German rival Merck KGaA.

The takeover prompted an unusual November 21 filing by Merck KGaA with a New York state court.

In it, Merck KGaA sought to force Facebook to explain how it lost the page, www.facebook.com/merck, and the ability to administer it to Merck & Co, a separate company.

[…]

“The transfer of the vanity URL Facebook.com/Merck from Merck KGaA to Merck & Co was due to an administrative error,” Facebook said in a statement. “We apologize for any inconvenience this may have caused.”

This issue of impersonation is one of the most difficult problems in identity management, to be fair. How many John Smiths are there on Facebook and what can Facebook really depend upon to distinguish them as unique users? I mean which Budweiser brewer is the real one?

More to the point, how can a provider tell husband access from wife, or parent from child? The courts are usually the best answer. If a divorce court rules that a wife gets the shared Facebook account, then Facebook will have some justification to act.

This case is odd because Facebook apparently made a decision without authority to favor the American company over the German one.

Users need assurance that a company like Facebook, entrusted with sensitive data, can handle this kind of situation without making an historic blunder. Merck is lucky to have the legal team and resources to file a formal complaint but it begs the question how many similar mistakes are being made at a lower profile. It also begs whether Facebook staff do even the most basic review or follow a transparent and monitored process before taking action.

This Day in History 1944: the 584th Squadron of the 394th Bomb Group

An American “Martin Marauder” in the 584th Squadron of the 394th Bomb Group — the “Bridge Busters” — was shot down over France on this day in 1944 during mission #148.

Captain Harper and his crew were flying in the lead position of the second box of the formation bombing Neuweid, Germany when their B26 received a direct hit from anti aircraft fire, burst into flames and crashed. No parachutes were observed by other crews, but Sgt Howard Mote was later reported as a POW, the rest of the crew were killed.

    Captain Lawrence P. Harper – Zachary Taylor National Cemetery
    1/Lt William Andrews – Zachary Taylor National Cemetery
    1/Lt Paul Stephens – Arlington National Cemetery
    1/Lt James Harrison – American Cemetery in the Netherlands
    2/Lt Kenneth Wolf – Zachary Taylor National Cemetery
    T/Sgt James Kelly,Jr. – Zachary Taylor National Cemetery
    S/Sgt Stuart Ottenheimer (second from right above – born August 7, 1922) – Zachary Taylor National Cemetery (Section E Plot 169-170)
    Sgt Ralph Pagano – Zachary Taylor National Cemetery

394th Bomb Group Insignia

Some interesting B-26 footage can be seen in this collection of propaganda films called Martin Marauder in Action

The B-26 had a high rate of accidents in takeoff and landing until crews were trained better and the aspect ratio modified on its wings/rudder.

The following United States War Office Official Training Film 1-3301 How to Fly the B-26 Airplane was for pilots who had to fly what unofficially became known as the “Widowmaker”. Note that the lead character says

Life Begins With a Checklist…and it May End if You Don’t Use It

Fuzz and the NeXT Computer

For some reason I have been hearing a lot of reminiscing lately about the NeXT Computer. Perhaps it is the unfortunate passing of Steve Jobs at an early age that has led people to have fond memories of his various projects and companies.

Two things stand out in my mind when I think of NeXT.

First, my college chemistry department had a lab of them but they were rarely used. For those who owned their own Amiga, far more powerful and capable computers, there was no comparison. BeOS (also started by an ex-Apple executive, Jean-Louis Gassee) was a better comparison to the Amiga due to more advanced multi-media that has become the hallmark of Apple. It lost out to NeXT in an acquisition decision by Apple and then seemed to disappear, but I digress.

The donated NeXT Slabs sat in the lab, more aesthetically pleasing than everything else, much like Apple products are today, but that did not make them popular. They were fine as network terminals but the physical looks of a terminal back then did not compensate enough to draw anyone to them.

NeXT Slab

And that’s a good segue to the second thing I remember. The fuzz analysis done by Barton Miller roasted the security of NeXT Computer.

Here’s a slide from his presentation called Fuzz Revisited in 1995, a follow-up to a 1990 fuzzing test, that shows up to 43% of utilities crashed on commercial UNIX.

43% is actually the NeXT. Ouch, now that’s what I call fuzzy memories. The other flavors you see listed in the slide above averaged about half as many security failures.

US Security Experts Bemoan “Colander” Model

Note that some of the most effective armor technology on land and sea uses a porous model.

First, take for example a visionary in World War I realized it’s better to be flexible in order to make breaches quickly disappear (render them ineffective) rather than to try only to prevent them (allow cracks to form in a solid and be exploited). That idea led to self-sealing fuel tanks for aircraft and vehicles.

The US military is still funding research to find ways to use a flexible yet porous membrane to prevent leakage for water tanks as well as fuel. Here is a typical modern breach response study application:

…enable vehicle operation in hostile environments and minimize loss of fuel due to a direct/indirect hit…

Second, another interesting example is a membrane developed on submarines in World War II that can subdue enumeration (e.g. sonar) by an attacker. An anechoic tile is porous enough to allow signals in yet prevent them from a “bounce” back out. Porous sound canceling material also can be found in recording studios.

Anechoic Tile

Third, polytetrafluoroethylene (often known for its use in Gore-Tex) is another great example since it is used to make fabric waterproof yet breathable — porous yet impermeable.

Gore-Tex Schema

I said earlier to take note of the porous model because Wired has offered the following chilling quote in a story called Darpa Begs Hackers: Secure Our Networks, End ‘Season of Darkness’ about the state of American cyber security.

U.S. networks are “as porous as a colander,” Richard Clarke, the former White House counterterrorism chief turned cybersecurity Cassandra, told a packed ballroom.

He says that like being porous is a bad thing. I would rather hear response time is inadequate or that the US needs to develop better tools for the job to distinguish friend from foe (e.g. grapes from water)

Colander in action

Begging hackers to develop a perimeter with no holes, or to imply that a security barrier should never be porous, will trend things worse not better. It would be more effective to spend resources (beg hackers) to help on threat recognition, redirection and response.

A solid perimeter will never be truly solid as history shows time and time againand again.

US Commodore Perry's Ships Breach the Japanese Perimeter in 1853

To retain and protect assets while dispensing/releasing threats, which is exactly what a colander is designed to do (and why a chef uses one), is not an inherently bad model. As the military examples show above there is a long history of developing highly technical colanders that provide an efficient security solution to handle even the highest risk environments.

US Federal CIO calls for Security and Innovation

Steven VanRoekel, the former Microsoft executive and newly appointed Federal Chief Information Officer, has presented his first keynote.

He seems to say the choice between innovation and security is a false dichotomy — you can have both.

Now there are some who say we shouldn’t invest in government information technology in this fiscal environment, or use concerns about cyber security as a blanket excuse to preserve the status quo.

But if anyone doubts that now is the time to invest, consider the fact that more than half of the Fortune 500 companies were founded during an economic downturn. When forced to do more with less – when there is no alternative but to create a better way to get things done – that is when the real breakthroughs occur. In tough times, visionaries and risk-takers can tap into underutilized human capital, technology, information and other resources, picking up the pieces to reassemble them into something completely new.

Excellent point. Innovation is a great by-product of security (e.g. can’t innovate where/how you want if you have to spend your time/money fighting attacks) not to mention security innovation itself is a growth area.

His presentation was at the Palo Alto Research Center (PARC) and he made reference to its important role in American history.

When I was growing up in the 80s, I remember hearing people say that America was “destined” to be a service economy. We didn’t make anything anymore – our best days were behind us. But then ideas like those that came out of PARC helped spark a technology revolution that reestablished America’s leadership and launched the innovation economy.

Nicely said, but I call that a false dichotomy. American companies do not have to innovate in order to make things. Just look at Microsoft.