Category Archives: Security

Energy, Security

Why the NYPD hates bicyclists

4 Comments

There is ample evidence that the NYPD harshly and regularly discriminates against bicyclists. In a city that would benefit immensely from alternative transportation one might conclude that the police would be spearheading a campaign to promote and protect cycling. They do the opposite instead.

A recent case adds a new twist to what is really happening on the streets; the police spent more resources on surveillance of those who suffered a loss than on the attacker who caused it.

Incredibly, there are no photos of the scene of the incident in the NYPD’s file because “the investigators’ camera was broken.” However, the file does contain “numerous” photos of the Lefevre family and their attorney, prompting Erika Lefevre to write, “Apparently, NYPD cares more about investigating our family’s efforts to get information from it, than about properly investigating Mathieu’s death.”

[…]

A description of surveillance video of the crash, as provided to Streetsblog, describes Mathieu being struck by the passenger side of the truck before being hit again by the driver’s side wheel. The footage makes the NYPD’s decision to not file criminal charges against Degianni all the more puzzling.

Camera broken? The police in New York City could not find a functioning camera?

The necessary change, if you agree with the risk thermostat theory I’ve written about before, is to get the police out of their tax-guzzling gasoline cars (you thought I would say doughnut shops, didn’t you) and onto bicycles. It would help if city officials also would ride, like Mayor Villaraigosa in Los Angeles.

The mayor was riding in the bicycle lane on Venice Boulevard in Mid-City at about 6:50 p.m. when a taxi abruptly pulled in front of him. The mayor hit his brakes and fell off the bike.

[…]

The mayor’s accident comes as bicyclists in the city have increasingly been complaining about safety issues and pressing city officials to do more to make cycling safe.

It is a sad fact that one incident in Los Angeles has a very different outcome than all the combined accidents in New York, yet that is just further evidence of how empathy plays a major factor in our risk thermostat.

Just one month after he was injured in a bicycle accident, Los Angeles Mayor Antonio Villaraigosa spearheaded a special bike summit on Monday morning, aimed at improving bicycle safety across the city.

Even if there are brush-ups between cyclists and the police, and a lack of training about why cyclists are safer and easier to deal with, the economical and logical fix is more police and officials riding cycles. That would generate empathy and dramatically shift their view of how incidents should be investigated.

Security

VMware Cloud Prediction Talk

Leave a comment

Chris Colotti and Massimo Re Ferre’ are hosting a #cloudtalk next week on cloud predictions for 2012. Please join to help flood them with questions about compliance and security:

In a recent Fortune article, Mathew Lodge predicted the hybrid cloud will continue to grow and that Platform-as-a-Service will win the hearts of developers. Do you agree or disagree? We want to hear your thoughts during our first #cloudtalk of 2012 on January 31st at 11am PT.

Security

Judge rules decryption can be forced

Leave a comment

The U.S. Constitution’s Fifth Amendment states no one can be “compelled in any criminal case to be a witness against himself”. Yet Judge Robert Blackburn has ruled in Colorado that courts can force Americans to disclose information that will incriminate them.

The EFF filed a brief last year with a nice explanation of the two sides to this key issue (pun not intended).

Forcing an individual to supply a password necessary to decrypt data is more like revealing the combination to a wall safe than to surrender a key: the witness is being compelled to disclose information that exists in her mind, not to hand over a physical item.

Those who believe that a defendant who knows a password is withholding the equivalent of a physical key argue that they are not protected by the Constitution.

Those who believe a password is information argue that it is protected.

It might be helpful to the debate if the judge would reference how their decision affects the three factors of authentication — something you know, something you have, something you are.

Something you have has not been protected under the 5th Amendement. Blackburn is stating that something you know should also lose protection. CNet quotes the reason offered by prosecutors for the change.

Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals…that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

That has a strange tone for many reasons. Here are just a few that jump to mind:

First, it would only be impossible to prosecute if a number of particular and narrow conditions exist. That is hardly a concession to criminals in a broad sense; they already know that if they perform a perfect crime they won’t be caught. There are a number of ways encryption will fail and/or fail protection under the Fifth Amendment.

Second, “make their prosecution impossible” does not seem like a valid argument on its own since the Fifth Amendment clearly carves out situations that are protected. A prosecution already has to work within a limited framework even if it makes prosecution impossible.

Third, refusing to produce something physical seems very different than refusing to reveal something you are believed to know. Forgetting, in my mind, (pun not intended) is very different than the reasons that could lead to the inability to give physical access. This case begs the question of how and why information security differs from physical security; why is logical integrity of a password so different from physical integrity of a metal key?

Perhaps it helps to consider the case like this: Contempt of court for refusal to hand over something that you have should be distinct from refusal to hand over something that you know. Blackburn does not seem to see the difference but I suspect he might change his view if he had to defend it in all cases of authentication.

Security

vCenter Events and Alarms

Leave a comment

Veeam Software, a business continuity product company for virtualization, has a complete list of vCenter Events sorted by ID. Here’s the first event in the list:

ID Severity Group Message Catalog Text
AccountCreatedEvent info Host An account was created on host {host.name}
Since 2.0 Reference

 
Clicking on the ID starts a javascript popup with event details:

Event: AccountCreatedEvent

Cid: ‘200’
ManagedObject: ‘VC’
MessageGroup: ‘MsgGroupHost’
OptionVar: ‘EventId=”${eventid}” Timestamp=”${timestamp}” ComputeResource=”${computeresource}” Datacenter=”${datacenter}” HostName=”${hostname}” Server=”${server}” Username=”${username}” DisplayName=”${vm.name}” UUID=”${vm.uuid}”‘

This event records that an account was created on a host.

Here’s the event when the new ESXi 5.0 syslogd service is unable to communicate with syslog (KB 2003127):

ID Severity Group Message Catalog Text
esx.problem.vmsyslogd.
remote.failure		 error VC esx.problem.vmsyslogd.remote.failure|The host “{1}” has become unreachable. Remote logging to this host has stopped.
Since 5.0 Reference

 
This is an important change from prior versions of ESXi, which would not stop logs on an error (note the “Since 5.0” in the Message Catalog Text field). An alarm for this event can easily be created by using “esx.problem.vmsyslogd.remote.failure” as the trigger.