July 4, 2009
Va Pbaterff Nffrzoyrq, Whyl 4 1776
“I shall conclude this paper with a specimen of such writing,” he boasted, “which I may safely defy the united ingenuity of the whole human race to decypher to the end of time….”
I think what I really like about this story is how a mathematician bothered to send his new ciphertext to the author of Virginia's statue on religious liberty (as our third President preferred to be remembered). Having just finished Steven Johnson's very enjoyable "The Invention of Air," I'm struck by how broadly engaged with science and the useful arts the founders were. I think that sending an encrypted letter to President Obama would get you ... well, I don't really want to think about it, having just read the Declaration.
Bookmark this post:
July 3, 2009
Thoughts on Iran
Sorry, next tweet: go impose some law or order or something, and it was done.
Well, as it often turns out, there was more to it than fits in 140 characters, and the real story is far more complicated. There's a good write up from StratFor, "The Real Struggle in Iran and Implications for U.S. Dialogue:"
This is because the real struggle in Iran has not yet been settled, nor was it ever about the liberalization of the regime. Rather, it has been about the role of the clergy — particularly the old-guard clergy — in Iranian life, and the future of particular personalities among this clergy.[...]
The key to understanding the situation in Iran is realizing that the past weeks have seen not an uprising against the regime, but a struggle within the regime. Ahmadinejad is not part of the establishment, but rather has been struggling against it, accusing it of having betrayed the principles of the Islamic Revolution. The post-election unrest in Iran therefore was not a matter of a repressive regime suppressing liberals (as in Prague in 1989), but a struggle between two Islamist factions that are each committed to the regime, but opposed to each other.
Bookmark this post:
July 2, 2009
The Punch Line Goes at the End
The Black Hat conference in Las Vegas always has its share of drama. This year, it's happened a month before the conference opens. The researcher Barnaby Jack had to cancel his talk. Risky.biz gives an account of this; his talk was to make an Automated Teller Machine spit out a "jackpot" of cash, in the style of a slot machine.
According to reports, the manufacturer of the ATM pressured Jack's employer, Juniper, to pressure him to withdraw the talk.
I certainly roll my eyes at this. It doesn't do a lot of good to pressure someone to withdraw their talk.
But even more so, if you're giving a talk, it behooves you to save the showmanship for the stage. I mean, come on.
Last year, the big cancellation was the team of MIT students who broke the Boston MBTA Charlie Card system. There was a legal injunction put against them that spoilt their presentation. The fault, in my opinion went to them for naming their talk, "How To Get Free Subway Rides For Life."
Imagine that you are a judge who is interrupted from an otherwise pleasant Saturday by panicky people who want an injunction against a talk with such a dramatic name, you'll at least listen to them. You decide that sure, no harm to society will come from an injunction from Saturday 'til Monday, and you'd be right. No harm came to society, DefCon was merely a little less interesting.
Now imagine that you are the same judge and you're asked for an injunction against the talk, "A Practical Cryptanalysis of the Mifare Chip as Implemented in the MBTA." That one can wait until Monday, and the talk goes on.
In a similar gedanken experiment, imagine that you are the VP of Corporate Communications for the XYZ ATM Corp. You learn that in a few weeks, someone is going to do "ATM Jackpot" with one of your ATMs in some show in Vegas. Despite the fact that someone else in the company approved it, what do you? You pressure them to cancel. Duh. If you don't, then you're going to spend most of August reassuring people about your products, your boss is going to be really ticked at you (after all, isn't it the job of Corporate Communications to control these things?), and it's just going to be no fun. This is also why you're paid the big bucks, to make embarrassments go away.
This is why if you are a researcher, you do not name your talk, "ATM Jackpot" you name it "Penetration Testing of Standalone Financial Services Systems." It is only on stage that you fire up the flashing lights and clanging bells and make the ATM spit out C-notes for minutes on end. That would get you all the publicity for your talk that you want, and you actually get to give it.
Remember, do as I say, not as I do. If you have a flashy Black Hat talk, put the punch line at the end of the joke.
Bookmark this post:
Rebellion over an ID plan
What they were emphatically not doing, said Jay Platt, the third-generation proprietor of the ranch, was abiding by a federally recommended livestock identification plan, intended to speed the tracing of animal diseases, that has caused an uproar among ranchers. They were not attaching the recommended tags with microchips that would allow the computerized recording of livestock movements from birth to the slaughterhouse.The New York Times reports that not even cattle need Real ID in"Rebellion on the Range Over a Cattle ID Plan." There's a web site, NoNAIS.org which is tracking things like“This plan is expensive, it’s intrusive, and there’s no need for it,” Mr. Platt said.
Oklahoma is now mandating Premises ID for anyone wanting participate in the Swine Shows. One more tricky little way that they make “voluntary” into mandatory.Image: IstockPhoto
Bookmark this post:
July 1, 2009
Unthinkable Foolishness from TSA
"Flying from Los Angeles to New York for a signing at Jim Hanley's Universe Wednesday (May 13th), I was flagged at the gate for 'extra screening'. I was subjected to not one, but two invasive searches of my person and belongings. TSA agents then 'discovered' the script for Unthinkable #3. They sat and read the script while I stood there, without any personal items, identification or ticket, which had all been confiscated.Issues of Unthinkable are only $3.99 each, a bargain! Why not pop over to Boom studios and support the artist?"The minute I saw the faces of the agents, I knew I was in trouble. The first page of the Unthinkable script mentioned 9/11, terror plots, and the fact that the (fictional) world had become a police state. The TSA agents then proceeded to interrogate me, having a hard time understanding that a comic book could be about anything other than superheroes, let alone that anyone actually wrote scripts for comics. (From Boing Boing, "Comics creator stopped by TSA for carrying script about writer under suspicion by TSA"
Bookmark this post:
June 29, 2009
On the Assimilation Process
So I wanted to pipe up and say I'm having a heck of a lot of fun, and have found places and ways to be effective. I'm getting to develop and share things like our SDL Threat Modeling Tool, and I get to be very transparent about the drivers and decisions that shape it. I've got some even cooler stuff in the pipeline, which I'm hoping will be public in the next year or so. My management (which has shifted a little) is supportive of me having two external blogs.
It's been a heck of a ride so far. Dennis Fisher asked a great question to close this Hearsay Podcast, which is what surprised me the most? I was a little surprised by the question, but I'm going to stand by my answer, which is the intensity and openness of internal debate, and how it helps shape the perception that we're all reading from the same script. It's because we've seen the debate play out, with really well-informed participants, and remember which points were effective.
I can't wait to see what happens in the next three years.
Bookmark this post:
June 27, 2009
Emergent Traffic Chaos
Researchers from several Japanese universities managed the feat by putting 22 vehicles on a 230-metre single-lane circuit (see video).They asked drivers to cruise steadily at 30 kilometres per hour, and at first the traffic moved freely. But small fluctuations soon appeared in distances between cars, breaking down the free flow, until finally a cluster of several vehicles was forced to stop completely for a moment.
Bookmark this post:
