// February 16th, 2010 // No Comments » // Security & Privacy
Apparently All Subversive Organizations Now Must Register in South Carolina. I’m guessing this will save the authorities countless hours of investigation time in finding criminals accused of crimes where these organizations are suspected of involvement. Brilliant!
// April 12th, 2007 // No Comments » // Security & Privacy
You know you’re a real security geek when you can’t flip through these because you’re wiping away tears of laughter.
My favorite… “Bruce Schneier once proved the infinitude of twin primes — by enumeration.”
For those of you who aren’t familiar with Bruce Schneier, read on.
Also, be sure to get the t-shirt.
// March 29th, 2007 // No Comments » // Security & Privacy
With identify theft on the rise, I’ve often wondered where I’d start if it ever happened to me.
YourCreditAdvisor.com has a 24-point checklist for recovering your identity that seems pretty comprehensive.
Needless to say, if it ever happens to you, you’ll be one busy individual trying to recover it.
Establishing a pattern of always paying with cash as much as possible can be one step in minimizing your exposure. Spending money you already have – instead of charging it – is always a good idea as well, and apparently when you pay with cash, you’re more inclined to spend less than when using a credit card.
Identity theft happens to real people. I found out last weekend a house behind ours was purchased using a stolen identity.
// March 2nd, 2007 // No Comments » // Security & Privacy
If you haven’t been following the various terrorism false alarm stories in the last few months, you’ve been missing what has to be both one of the funniest and saddest security stories of the year.
That said, it has given us some quality satire and art to reflect the humor we find in collective paranoia and overreaction.
But sadly, these stories represent more about what we lost after 9/11 than what we gained. Stories of Homeland Security pork begging to be spent are available for almost daily digestion.
Our perceived threat matrix has become far too broad and our methods for dealing with diverse threat vectors too narrow (e.g., “blow it up!”). While blowing things up is unquestionably fun and makes for great TV, it’s not cheap and worse, when not outright embarrassing, does little to quell public fear about the authorities’ ability to prevent whatever real threat there may be.
This even reached me personally last year at our neighborhood elementary school. One of the children had left their backpack outside after school was dismissed for the day. Eventually someone noticed it and (of course) phoned 911. The bomb squad from a neighboring community was called in to show off their toys. The media also came, complete with a helicopter overhead to observe what would inevitably be a dramatic detonation of the suspicious backpack. The police robot gently tugged at the backpack and dragged it away from the building, then, however they do these things, the backpack was blown up on live TV.
Scattered across the schoolyard were the guts of what used to be some poor kids backpack — books, multi-colored folders, etc., and what remained of the backpack. It was all very exciting, and all very ridiculous to most any casual observer….
// February 23rd, 2007 // No Comments » // Security & Privacy, Technology
Brad Greenlee has a good article in his blog about the data security architecture he designed and that’s used by Wesabe to protect the company’s sensitive data.
In essence, they abstract the connection between a user and their sensitive data by using a cryptographic hash rather than a foreign key. The result is that should the data fall into the wrong hands, the data is readable but not traceable back to its owner. So in a bank for example, the bad guys would know that somebody has $500k in their account and somebody else has $500, but they wouldn’t know which one is me (well, anyone who knows me would, but…).
The design does have a few drawbacks, which he addresses, and additional measures would be required for very-high security applications (like a bank maybe). But it’s good to see smart people putting some good thought into designing simple, effective security into application and database architectures (which I’ve always felt was the most-overlooked and easiest-to-exploit of the generally accepted data security threats), and protecting users data from what is arguably it’s biggest threat – internal compromise.
