GovInfoSecurity reports on a flash drive that breached the US Department of Defense

Deputy Defense Secretary William Lynn III, in an article to be published by the journal Foreign Affairs, writes that a flash drive inserted into a laptop on a military post in the Middle East in 2008 caused the most significant breach of military computers.

The incident is now being declassified. Lynn says this is to increase awareness of threats. However, we know that malware spreads from flash drives. The real news is here:

That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control

Lack of segmentation between classified and other systems? While it is nice that a Deputy Defense Secretary would come forward with details that say the military did not manage security well, just to educate congress, perhaps there is another motive.The story reads less about threats of sophisticated malware and more about poor segmentation controls.

The more I hear and read the military focus the discussion on “threats” the more I wonder if they are trying to stir fear in American politics to establish control or at least major influence over Cyber Command.

This is the new political landscape. I see it as a career-related move on their part (they want to be seen as the new generation of leaders) as much as an organizational fight with civilian leadership.

I asked the esteemed panel at DefCon about this and their response was “No one thinks that…. Howard Schmidt is a civilian.” I guess that makes me no one, because I still think that these military-led presentations are not a token of mere goodwill but rather part of some political process. The breach review should include threat analysis but the vulnerabilities are often more interesting; I hope we will soon find out why military leaders left classified systems so easily exposed.

Update: More on this topic in Civilians giving away too much control of US CyberSecurity?

Interesting development in horse risder safety, reported by NYTimes.com

Inflatable vests have been sold to motorcyclists for about a decade, but few equestrians used them until a British company, Point Two Air Jackets, adapted them for use on horses and began distributing them at top European competitions last year. Hit Air, a Japanese company that says it has been selling motorcycle vests since 1999, also sells an equestrian version.

They each rely on similar technology. The two-pound vest is attached by a cord to a rider’s saddle and is worn over a traditional protective vest made of high-density foam. When a rider is thrown from a horse, the cord is yanked, puncturing a cartridge of carbon dioxide and inflating the vest. The vest can be reused after the cartridge is replaced. Point Two said its vest inflates in one-tenth of a second; Hit Air said its average rate is one-quarter of a second.

I have never seen a motorcyclist wearing one. The article explains that speed and impact are different so the benefits are considered controversial. The equestrians seem to have only qualms about minor improvements.

The vests have become so common on the competition circuit that it has become a common courtesy to warn other riders to unhook their cords before dismounting. “When you arrive, everyone says: ‘Your vest! Your vest!'” Laghouag said.

Inevitably, someone forgets.

“It’s always a source of amusement,” O’Connor said. “You hear a pop, and somebody’s looking like a marshmallow.”

Even before I flew to Rio de Janeiro I was getting warnings about personal safety from friends, colleagues and family. Without rehashing the usual advice (walk briskly and do not pull out a camera to take pictures, do not wear a nice watch, etc.) I thought I could add a little fresh detail.

A 2008 article in the New York Times says you must also pay attention to your clothes, especially on the beach:

..dress for the beach as the Cariocas do, the implication being that I would otherwise look like a gringo and become the target of every panhandler, pineapple salesman and potential kidney-napper

Two caveats to this kind of advice. First, tan lines also matter. If your dark tan starts below your knees, expect to stand out from the Cariocas. A short suit far above a tan line actually makes your impersonation worse. You are better off with a local pair of board shorts. Second, I have been told on very good authority that the color of a Sunga has meaning. The Times talks about a “world of sungas to be explored” but black is actually a safe bet.