|
|
Technology Industry News & Career Management information, brought to you by BrainWave Consulting Company.
April 2008 - Posts
-
Really: The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday. The device contains 150 commands that can dramatically cut the time it takes to... Share Read More...
|
-
Dear Bob ...I have been in IT a very long time and I am a woman.I agree with you [see "Does gender matter?" Advice Line, 4/12/2008 - Bob] that there are competent, supportive managers of both sexes and evil, incompetent managers of both sexes. However, I do not agree with you that the woman who wrote Read More...
|
-
-
This picture is almost certainly Photoshopped, and a joke, but it's certainly a clever idea. As automatic license plate scanners become more common, why not get a SQL injection attack as a plate? Reminds me of this xkcd cartoon.... Share Post: Read More...
|
-
A real crime in Mexico: "We've got your child," he says in rapid-fire Spanish, usually adding an expletive for effect and then rattling off a list of demands that might include cash or jewels dropped off at a certain street corner or a sizable deposit made to a local bank. The twist is that little Pablo or Teresa is safe... Share Post: Read More...
|
-
Dear Bob ...[Regarding "The reason corporations exist," Advice Line, 4/20/2008)] the gambler analogy is particularly intriguing [the best businesses think of money as gamblers do -- as a way to keep score -- Bob] and, I would bet, the very philosophy that most entrepreneurs start out with. (It was that Read More...
|
-
Will we ever win the war on photographers?... Share Post: Read More...
|
-
Interesting investigative article from Business Week on Chinese cyber espionage against the U.S. government, and the government's reaction. When the deluge began in 2006, officials scurried to come up with software "patches," "wraps," and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest... Read More...
|
-
We already knew this, but it's good to reinforce the lesson: In the study, Dr Eichele and his colleagues asked participants to repeatedly perform a "flanker task" -- an experiment in which individuals must quickly respond to visual clues. As they did so, brain scans were performed using functional magnetic resonance imaging (fMRI). They found the participants' mistakes were "foreshadowed"... Share Read More...
|
-
From Jean-Michel Cousteau, a video of market squid spawning off the Channel Islands.... Share Post: Read More...
|
-
-
List of deaths, intended to prevent identity theft, is used for identity theft: Ironically, the government produces the monthly Death Index so that banks and other lenders can prevent people from applying for credit using a dead person's information -- the index is made public by the Department of Commerce under the Freedom of Information Act. The caper Kirkland's accused... Share Post: Read More...
|
-
This won best-paper award at the First USENIX Workshop on Large-Scale Exploits and Emergent Threats: "Designing and implementing malicious hardware," by Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou. Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can Read More...
|
-
This is a big deal: At issue is a growing trend in which ISPs subvert the Domain Name System, or DNS, which translates website names into numeric addresses. When users visit a website like Wired.com, the DNS system maps the domain name into an IP address such as 72.246.49.48. But if a particular site does not exist, the DNS server... Share Post: Read More...
|
-
This is interesting research: given a security patch, can you automatically reverse-engineer the security vulnerability that is being patched and create exploit code to exploit it? Turns out you can. What does this mean? Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a... Share Post: Read More...
|
-
The TSA wants a tool that will assess risks against transportation networks: "The tool will assist in prioritization of security measures based on their risk reduction potential," said the statement of work accompanying TSA's formal solicitation, which was posted April 18. The software tool would help TSA gather and organize information about specific transport modes and assist agency officials to... Read More...
|
-
-
Dear Bob ...On your explanation of why corporations exist, Bob, ("The reason corporations exist," Advice Line, 4/20/2008) I don't think you're full of beans ... on this one, at least :-)Just read an interview today with Jeremy Jaech that I thought punctuated one of your points. "MJ: Startups are both Read More...
|
-
InfoWorld will be awarding its Green 15 awards today.My old friend Fitz should be on the list, but won't because his innovation took place too many years ago -- back in the 1980s.What Fitz figured out, back when we both worked at the StarTribune in Minneapolis, is that for much of the year there was Read More...
|
-
Last week was the RSA Conference, easily the largest information security conference in the world. Over 17,000 people descended on San Francisco's Moscone Center to hear some of the over 250 talks, attend I-didn't-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff. Talk to the exhibitors, though, and the most common complaint is that the... Share Post: Read More...
|
-
I am just sick of this story: people are willing to reveal their passwords for a bar of chocolate. I haven't seen any indication they actually verified that the passwords are real. I would certainly give up a fake password for a bar of chocolate.... Share Post: Read More...
|
-
Homeland Security Secretary Michael Chertoff says: QUESTION: Some are raising that the privacy aspects of this thing, you know, sharing of that kind of data, very personal data, among four countries is quite a scary thing. SECRETARY CHERTOFF: Well, first of all, a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over... Share Post: Read More...
|
-
Dear Bob ...There is some value in your description of the purpose of running a business ("Of businesses and marketplaces," Keep the Joint Running, 4/14/2008). But really there is only one purpose, to make a profit.Everything else is secondary. No profit, no business.All of this talk about mission and Read More...
|
-
The Book of Biff, A Softer World, and Basket Case.... Share Post: Read More...
|
-
-
On 10 June 2006, I gave a talk on security theater and terrorism to the New Jersey ACLU. Here's the video.... Share Post: Read More...
|
-
Funny. Even funnier. There's more.... Share Post: Read More...
|
-
Usually I don't bother blogging about these, but this one is particularly bad. Anyone with with basic SQL knowledge could have registered anyone he wanted as a sex offender. One of the cardinal rules of computer programming is to never trust your input. This holds especially true when your input comes from users, and even more so when it comes... Share Post: Read More...
|
-
I've already written about prospect theory, which explains how people approach risk. People tend to be risk averse when it comes to gains, and risk seeking when it comes to losses: Evolutionarily, presumably it is a better survival strategy to -- all other things being equal, of course -- accept small gains rather than risking them for larger ones, and... Share Post: Read More...
|
-
This article in CSO compares modern cybersecurity to open seas piracy in the early 1800s. After a bit of history, the article talks about current events: In modern times, the nearly ubiquitous availability of powerful computing systems, along with the proliferation of high-speed networks, have converged to create a new version of the high seas--the cyber seas. The Internet has... Share Post: Read More...
|
-
Dear Bob ...You've written before about Help Desks and how hard it is to establish useful metrics [for example "Another helpless desk," Keep the Joint Running 12/17/2007 -- Bob].My question: What would be so wrong in having a simple metric of the percentage of very satisfied, satisfied, no opinion and Read More...
|
-
This is interesting: What took place on a peaceful Californian university campus nearly four decades ago still has the power to disturb. Eager to explore the way that "situation" can impact on behaviour, the young psychologist enrolled students to spend two weeks in a simulated jail environment, where they would randomly be assigned roles as either prisoners or guards. Zimbardo's... Share Post: Read More...
|
-
I previously blogged about the UK's Regulation of Investigatory Powers Act (RIPA), which was sold as a means to tackle terrorism, and other serious crimes, being used against animal rights protestors. The latest news from the UK is that a local council has used provisions of the act to put a couple and their children under surveillance, for "suspected fraudulent... Share Post: Read More...
|
-
Good article on the difficulty of keeping drugs out of prisons. Lots of ways to evade security, including making use of corrupt guards.... Share Post: Read More...
|
-
This is just ridiculous. Lie detectors are pseudo-science at best, and even the Pentagon knows it: The Pentagon, in a PowerPoint presentation released to msnbc.com through a Freedom of Information Act request, says the PCASS is 82 to 90 percent accurate. Those are the only accuracy numbers that were sent up the chain of command at the Pentagon before the... Share Post: Read More...
|
-
Dear Bob ...Your recent column regarding the Canadian woman who got pregnant while unexpectedly starting a new job search got me to wondering -- what are you supposed to do if an employer asks you an illegal question when they're interviewing you?This happened to me once -- the employer asked for my Read More...
|
-
In this article analyzing a security failure resulting in live nuclear warheads being flown over the U.S., there's an interesting commentary on people and security rules: Indeed, the gaff [sic] that allowed six nukes out over three major American cities (Omaha, Neb., Kansas City, Mo., and Little Rock, Ark.) could have been avoided if the Air Force personnel had followed... Share Post: Read More...
|
-
Dear Bob ...I'm a female manager. I think I'm pretty good at what I do, and throughout my career I have produced tangible results that back this up.My problem is, I'm not "one of the boys," and don't want to be one of the boys. Throughout my career, though, being one of the boys has been at least as Read More...
|
-
-
Amazing story from QUEST, a science show produced by San Francisco's PBS affiliate: video, photos, blog posts.... Share Post: Read More...
|
-
There is a theory that people have an inherent risk thermostat that seeks out an optimal level of risk. When something becomes inherently safer -- a law is passed requiring motorcycle riders to wear helmets, for example -- people compensate by riding more recklessly. I first read this theory in a 1999 paper by John Adams at the University of... Share Post: Read More...
|
-
This seems very worrisome: Federal regulators approved a plan on Wednesday to create a nationwide emergency alert system using text messages delivered to cellphones. The real question is whether the benefits outweigh the risks. I could certainly imagine scenarios where getting short text messages out to everyone in a particular geographic area is a good thing, but I can also... Share Post: Read More...
|
-
This is a great essay by a mom who let her 9-year-old son ride the New York City subway alone: No, I did not give him a cell phone. Didn't want to lose it. And no, I didn't trail him, like a mommy private eye. I trusted him to figure out that he should take the Lexington Avenue subway down,... Share Post: Read More...
|
-
Just another example of our surveillance future: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna. Remember the paper that discussed how Bluetooth radios in cell phones can be used to track their owners?... Share Post: Read More...
|
-
Excellent and well-written article.... Share Post: Read More...
|
-
Dear Bob ..."Also as with business deregulation, once a good thing starts to be too much of a good thing, it can become a bad thing. Balance matters," - Bob Lewis ("KJR themes in the news," Keep the Joint Running, 4/7/2008)Malice matters, too. So do chiselers, sneaks, grifters, grafters, free-riders, Read More...
|
-
It's a growing field: More than 200 colleges have created homeland-security degree and certificate programs since 9/11, and another 144 have added emergency management with a terrorism bent.... Share Post: Read More...
|
-
-
Security is both a feeling and a reality, and they're different. You can feel secure even though you're not, and you can be secure even though you don't feel it. There are two different concepts mapped onto the same word -- the English language isn't working very well for us here -- and it can be hard to know which... Share Post: Read More...
|
-
I can't believe I let April 1 come and go without posting the rules to the Third Annual Movie-Plot Threat Contest. Well, better late than never. For this contest, the goal is to create fear. Not just any fear, but a fear that you can alleviate through the sale of your new product idea. There are lots of risks out... Share Post: Read More...
|
-
Data from San Francisco: Researchers examined data from the San Francisco Police Department detailing the 59,706 crimes committed within 1,000 feet of the camera locations between Jan. 1, 2005, and Jan. 28, 2008. These were the total number of crimes for which police had reports -- regardless of whether the crimes were caught on video. The idea was to look... Share Post: Read More...
|
-
A review of Access Denied, edited by Ronald Deibert, John Palfrey, Rafal Rohozinski and Jonathan Zittrain, MIT Press: 2008. In 1993, Internet pioneer John Gilmore said "the net interprets censorship as damage and routes around it", and we believed him. In 1996, cyberlibertarian John Perry Barlow issued his 'Declaration of the Independence of Cyberspace' at the World Economic Forum at... Share Post Read More...
|
-
Dear Bob ...I have a real ethical dilemma and would appreciate any advise. Two weeks ago I was notified that the company I worked for for the last eight years is closing down. It was an "effective immediately" kind of a notice. A week later I found out I am expecting.I held a management position with Read More...
|
-
Scientists are considering it: The beak, made of hard chitin and other materials, changes density gradually from the hard tip to a softer, more flexible base where it attaches to the muscle around the squid's mouth, the researchers found. That means the tough beak can chomp away at fish for dinner, but the hard material doesn't press or rub directly... Share Post: Read More...
|
-
Dear Bob ...[In response to "Running an effective meeting," Advice Line, 3/24/2008)] An old military tradition when soliciting consensus or opinion on a specific topic is to ask the meeting participants in reverse seniority order. The thinking there was that you'd get the person's real opinion, rather Read More...
|
-
What in the world is "terroristic threatening"? The woman was also charged with one count of terroristic threatening for pointing a handgun at an officer, said university police Maj. Kenny Brown. The woman gave her handgun to a counselor at the health services building, he said. We are all hurt by the application of the word "terrorist" to everything we... Share Post: Read More...
|
-
That's the key entry system used by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Lexus, Volvo, Volkswagen, Jaguar, and probably others. It's broken: The KeeLoq encryption algorithm is widely used for security relevant applications, e.g., in the form of passive Radio Frequency Identification (RFID) transponders for car immobilizers and in various access control and Remote Keyless Entry (RKE) Read More...
|
-
We finally have some actual information about the "liquid bomb" that was planned by that London group arrested in 2006: The court heard the bombers intended to use hydrogen peroxide and mix it with a product called Tang, used in soft drinks, to turn it into an explosive. They intended to carry it on board disguised as 500ml bottles of... Share Post: Read More...
|
-
Fascinating. Note that it doesn't make it harder to open the door; it just takes longer. EDITED T OADD (1:00 PM): Seems like this is a hox. O an art project. Or something. I'm really disappointed; I want one.... Share Post: Read More...
|
-
Oddly enough, I flew into Orlando Airport on Tuesday night, hours after TSA and police caught Kevin Brown -- not the football player -- with bomb-making equipment in his checked luggage. (Yes, checked luggage. He was bringing it to Jamacia, not planning on blowing up the plane he was on.) Seems like someone trained in behavioral profiling singled him out,... Share Post: Read More...
|
-
An eerily prescient article from The Atlantic in 1967 about the future of data privacy. It presents all of the basic arguments for strict controls on data collection of personal information, and it's remarkably accurate in it's predictions of the future development and importance of computers as well all of all of the ways the government would abuse them. Well... Share Post: Read More...
|
-
They were used against planes last week. I'm sure criminals also used cars in Australia last week. Will the country ban them next? On the other hand, I'm sick and tired of laser pointers myself. On the third hand, the cats of Australia will be terribly disappointed.... Share Post: Read More...
|
-
Dear Bob ...I agree with your proposition (maybe I state it a little differently) that the majority of business users are professional people, reasonably intelligent, and intent on doing a good job [see "The portal," (2/25/2008) and subsequent columns in Keep the Joint Running, and recent discussions Read More...
|
-
The U.S. is outsourcing the manufacture of its RFID passports to some questionable companies. This is a great illustration of the maxim "security trade-offs are often made for non-security reasons." I can imagine the manager in charge: "Yes, it's insecure. But think of the savings!" The Government Printing Office's decision to export the work has proved lucrative, allowing the agency... Share Post Read More...
|
-
This is 1) a good demonstration that a fingerprint is not a secret, and 2) a great political hack. Wolfgang Schauble, Germany's interior minister, is a strong supporter of collecting biometric data on everyone as an antiterrorist measure. Because, um, because it sounds like a good idea. Here's the story directly from the Chaos Computer Club (in German), and its... Share Post: Read More...
|
-
This is just insane: The Quantum Sleeper Unit is a high-level security system designed for maximum protection in various hostile environments Quantum Sleepers can also be fitted to provide protection from destructive forces of nature such as tornados, hurricanes, earthquakes and floods. The Quantum Sleeper is the ultimate in protection, entertainment and communications, " ALL ROLLED UP IN ONE."... Read More...
|
|
|