Tuesday, November 23, 2010

The TSA Now Makes Fortune Cookies

This is how you know you're going to get the "blue glover treatment" ...when the cosmos is trying to tell you something.

Oh crap...

Wednesday, November 17, 2010

Worried About Your Children Online? You Should Be...

Fair warning - this will make you sick.

The headline on MonstersAndCritics.com reads:
 "Germany indicts man who hacked webcams to film children"

The reality is that child predators have a much easier time on the Internet than they would in the real world ...and in this virtual world where they can be anyone they want to be the predator can be any age, sex, or personality to convince a child to put stuff onto their computer.  What happens next is an all-too-real sad fact of modern life.

The question then becomes ...what do we do about this?  Besides putting a needle into the arm of this bastard so he never hurts another child again ...what do we do?  Is better control the solution?  Anti-malware protection?

I think that ultimately the ownership of protecting your children is the parent's responsibility...and in the ever-increasingly connected world of the Internet parents need to arm themselves with as much knowledge as their children.  Your 9 year old shouldn't be better at the computer than you are... plain and simple.

While you can't control every minute of every day of your child's life, we can certainly teach them from a young age that security "best practice" like not accepting unknown files from people they don't know or trust, or other things we have been trying to teach our corporate users for years, should be followed or there could be dire consequences.  The notion of "stranger danger" applies to EVERYONE on the Internet... there are no "real people" unless mom or dad says so...unless mom or dad doesn't know better either?

Ultimately, parents, protect your children.  Teach them well, and put in as many safeguards as you can technologically to ensure that these types of predators can't get at them online.  It's just sick that human trash like this is allowed to exist... if I had my way justice for these animals would be swift...preferably with a large caliber to the skull.

Monday, November 15, 2010

Not Another TSA Rant

Hold on to something ...I just had a very intelligent discussion with a manager (I will keep her name anonymous, I'd like her not to lose her job for talking to me) of the TSA shift here at O'Hare airport.

While you catch your breath ... let me reiterate how much I loathe the invasion of privacy and the scales of privacy vs. (actual) security being tipped way askew...

So here's what happened...

I was given the "sir, step over here into this machine" line from a woman who had the demeanor of a rabid coyote, to which I replied "No thanks, I'll opt-out".

After the customary 10 people screamed back and forth "We have an opt-out!" ... they told me to wait in the middle of the screening area, and since I insisted on keeping an eye on my bags (I reminded them of the public announcement playing on infinite loop) they had one of the gentlemen (clearly a very nice guy) take my stuff, put it aside and stand over it while I was frisked.  This was interesting...

The guy giving me the "pat down" told me he was going to use the back of his hand in certain areas but never mentioned the "dirty uncle" treatment (front of hand on your junk) ... so I was left wondering.  He performed what I actually felt was a rather thorough pat-down, checking inside my belt loops, my armpits, and all the other usual places a wacko would try and hide something illegal.

He did not do the "dirty uncle" ... and when he was done, was polite and said "We're done, thanks" and walked away.

I gathered up my stuff and walked off but I did feel compelled to walk over to the shift supervisor and ask her why it was that when I opted out of the strip-search machine I didn't even have to go through the metal detector.  She didn't know, and even told me that "Yes, that is a little weird, but I don't have the authority to question the all-powerful policy."  I sensed sarcasm in her voice... I liked that she was skeptical and a bit of a cynic.

We had a great conversation for a couple of fleeting minutes about the process that they go through here at O'Hare and how they actively avoid doing the dirty uncle pat-down ... and don't actually use the strip-search machine on everyone ...only the equivalent of the "random additional screening" that we used to see - remember that?

Then we talked about National Opt-Out Day (Nov. 24th) and she acknowledged that while it wasn't necessarily something she objected to (whaaaa?) it would muck up air travel and snag long lines and cause delays if enough people did it.  We did come to an agreement that the balance between trying to keep the passengers secure and being totally invasive has gone too far into the invasive zone.  Odd for a TSA Manager - wouldn't you say?  I mean, this woman was intelligent, cynical and even questioned authority!

All in all, a positive experience.  For all the shit we give O'Hare Int'l airport about the countless delays and other crap ... the TSA here isn't too brutally invasive - and we know they could be.

Good luck, share your experiences ...and don't submit to thuggery!

Wednesday, November 3, 2010

The Great Internet Kill Switch

I stunned.  Apparently I live in a country of scared lemmings.  Check this out... this piece on the "Internet Kill Switch" by Fierce Government makes me want to cry.

Apparently 61% of the lemmings they called in this poll support the American President having an "Internet Kill Switch" in case we are attacked by a foreign nation.

"A clear majority of Americans would support giving the president authority to shut down portions of the Internet should there be "clear evidence" of a cyber attack by a foreign government, according to the results of a biannual poll of U.S. attitudes toward security."

I want to know who they called because clearly they didn't call anyone I know.  Can you imagine the misunderstanding and paranoia that must be gripping the average user to have answered like that?

Anyone who has the slightest clue about how the Internet operates knows this isn't possible.  The amount of work that would go into an "Internet Kill Switch" is insane - effectively hooking into every single ingress and egress point to/from the United States.  Because the Internet itself was designed to be resilient to attack, and our internet service providers work hard on this principle - it would be impossible to build in a single kill-switch that would "turn off Internet access" to the rest of the world.  Look at China!  They've tried ...and are currently failing at doing this exact thing.  China tried to build a choke-point through which "all Internet traffic in/out of China must pass" ...that's a big, fat FAIL there, Chief.

It's just insane to imaging how much re-engineering would have to be done to patch the "Big Red Button" (the kill switch) into every single possible path a packet could take in or out of this country.

Lunacy.  What the hell is going on out there?!

Tuesday, November 2, 2010

Cyber War - Why It's Idiotic

Let me first say that I'm overwhelmingly annoyed by all the "Cyber War" topic being Tweeted, blogged, and written about in the media.  Please stop.

I had a very intelligent conversation a little while ago with Marcus Ranum at the ISSA Louisville Metro InfoSec Conference where him and I were both speakers - and much to my surprise we were on the same page regarding this whole "Cyber War" stupidity.  War, by its very nature, is a destruction.  The goal is to cause damage so that one group (presumably a nation-state) can take over another.  This most often requires bloodshed, large amounts of resources, and most importantly - physical invasion.  This is where the whole "Cyber War" silliness breaks down for anyone that understands anything.

The people I've seen and read spouting off about "Cyber War" and "Cyber Terrorism" and all that related cyber-whatever just don't get the main point.  You can't take over another nation-state by "DDoS'ing" it off the face of the Internet.  Cutting off my Internet, shutting down a power grid, or causing a possibly catastrophic event at the other end of an IP connection simply doesn't constitute a war.  Now, if one nation-state were to openly attack the infrastructure of another, and cause, say, a nuclear meltdown killing millions - that could be an act of war ...but you'd have to make a stretch even to get that accepted.

You can't tell me that if tomorrow morning we woke up and there were billions of IP packets shooting off from Chinese Internet-space at our critical infrastructure components (wait, that's happening already isn't it?) we the United States of America would declare "Cyber War" ...and if you tried to tell me that I'd make a case to have you committed.  In the virtual world, where packets buzz around, there are on bullets.  There are no full-scale invasions.  There isn't a displacement of cultural values by a military presence.

On a slightly different view - if Switzerland hired a bunch of hackers and completely took over the entire US Internet-connected presence - and I mean anything connected to an Ethernet cable - what would that mean?  Would that mean that they then could "declare war on" the US and take over?  I'd love to see them show up no our shores with their laptops and try... even if our defenses were crippled there is a sizable military presence here that would blow them to kingdom come once they were within reach of our shores.  See my point?

So once again - "Cyber War" falls on its face as just a piece of hype that someone started and other clueless lemmings jumped on to make themselves look smart.  Let me clarify for you - if you're talking about Cyber War as our biggest threat right now - you're an IDIOT.