26 Miles

Childhood Risks Perceived and Real

// June 11th, 2007 // No Comments » // Security & Privacy

I ran across a timely article that may help assuage the collective parental panic that inevitably follows news of the loss of a child in an apparently random act of violence.

BBC News has an article reflecting on the shrinking boundaries within which parents limit their children. Parents today can easily be overwhelmed by compelling and tragic stories of losing a child — to illness, accidental death, kidnapping or worse. There are people whose careers are built around keeping attention focused on these tragedies (some I prefer to others).

The result of this deluge of despair is a cadre of parents who feel feel that — to keep from having to bear the weight of a similar tragedy firsthand — they must take all possible steps to protect and sanitize their kids experiences from not only real threats, but from all possible threats they (with the help of 24-hour-global-news) can imagine. The result is an ever-shrinking bubble of pseudo-reality parents attempt to craft for their kids that may ultimately do more harm than good.

The BBC article discusses this trend, and it’s possible impact on childhood development.

From the article:
[...]
“There is increasing concern that today’s ‘cotton-wool kids’ are having their development hampered. They are likely to be risk-averse, stifled by fears which are more phobic than real. Their lack of unsupervised play may also reduce the opportunity to form deep friendships in early years.”
[...]

There remain cultural differences as well. Many American’s (including me I’ll admit) were shocked to hear that Madeleine McCann was taken from her bed in a Portugal resort while her parents were having dinner 50 meters away.

I’ve written about kids and security before. I rarely watch “mainstream” news simply because — as my wife says — it doesn’t improve my life or make me happier. But stories like this have a way of bringing themselves into focus, despite my intentional ignorance.

It’s something to think about — most all of us do it to some degree. Always keeping our kids uber-clean, on a short leash, loaded-up with vitamins, and in the air conditioning may help us sleep better at night. But many of our concerns are really just pop-phobias, and our preoccupation with them may be keeping our kids from living open, imaginative lives unencumbered by our own fears, both real and imagined.

Bruce Schneier Facts

// April 12th, 2007 // No Comments » // Security & Privacy

You know you’re a real security geek when you can’t flip through these because you’re wiping away tears of laughter.

My favorite… “Bruce Schneier once proved the infinitude of twin primes — by enumeration.”

For those of you who aren’t familiar with Bruce Schneier, read on.

Also, be sure to get the t-shirt.

Recovering From Identity Theft

// March 29th, 2007 // No Comments » // Security & Privacy

With identify theft on the rise, I’ve often wondered where I’d start if it ever happened to me.

YourCreditAdvisor.com has a 24-point checklist for recovering your identity that seems pretty comprehensive.

Needless to say, if it ever happens to you, you’ll be one busy individual trying to recover it.

Establishing a pattern of always paying with cash as much as possible can be one step in minimizing your exposure. Spending money you already have – instead of charging it – is always a good idea as well, and apparently when you pay with cash, you’re more inclined to spend less than when using a credit card.

Identity theft happens to real people. I found out last weekend a house behind ours was purchased using a stolen identity.

Welcome To Boston! Let’s Blow-Up Something!

// March 2nd, 2007 // No Comments » // Security & Privacy

If you haven’t been following the various terrorism false alarm stories in the last few months, you’ve been missing what has to be both one of the funniest and saddest security stories of the year.

That said, it has given us some quality satire and art to reflect the humor we find in collective paranoia and overreaction.

But sadly, these stories represent more about what we lost after 9/11 than what we gained. Stories of Homeland Security pork begging to be spent are available for almost daily digestion.

Our perceived threat matrix has become far too broad and our methods for dealing with diverse threat vectors too narrow (e.g., “blow it up!”). While blowing things up is unquestionably fun and makes for great TV, it’s not cheap and worse, when not outright embarrassing, does little to quell public fear about the authorities’ ability to prevent whatever real threat there may be.

This even reached me personally last year at our neighborhood elementary school. One of the children had left their backpack outside after school was dismissed for the day. Eventually someone noticed it and (of course) phoned 911. The bomb squad from a neighboring community was called in to show off their toys. The media also came, complete with a helicopter overhead to observe what would inevitably be a dramatic detonation of the suspicious backpack. The police robot gently tugged at the backpack and dragged it away from the building, then, however they do these things, the backpack was blown up on live TV.

Scattered across the schoolyard were the guts of what used to be some poor kids backpack — books, multi-colored folders, etc., and what remained of the backpack. It was all very exciting, and all very ridiculous to most any casual observer….

Protecting Your Users Data With a Privacy Wall

// February 23rd, 2007 // No Comments » // Security & Privacy, Technology

Brad Greenlee has a good article in his blog about the data security architecture he designed and that’s used by Wesabe to protect the company’s sensitive data.

In essence, they abstract the connection between a user and their sensitive data by using a cryptographic hash rather than a foreign key. The result is that should the data fall into the wrong hands, the data is readable but not traceable back to its owner. So in a bank for example, the bad guys would know that somebody has $500k in their account and somebody else has $500, but they wouldn’t know which one is me (well, anyone who knows me would, but…).

The design does have a few drawbacks, which he addresses, and additional measures would be required for very-high security applications (like a bank maybe). But it’s good to see smart people putting some good thought into designing simple, effective security into application and database architectures (which I’ve always felt was the most-overlooked and easiest-to-exploit of the generally accepted data security threats), and protecting users data from what is arguably it’s biggest threat – internal compromise.