Robertson Lies In Apology

The dominant headline around Robertson’s attempt to retract his comments is that he “apologized.” That is false. He claimed to have not called for an assassination: “I said our special forces could take him out. Take him out could be a number of things including kidnapping.” Mark, at Cutting Edge of Ecstasy takes out goes through Roberston’s statements like a hot knife through butter in “Is This A Spokesman For The Real Religion Of Peace?” Read it.

Small Bits: Alex Haislip, Chinese Censorship, TSA Xrays

  • Alex Haislip is blogging up a storm at VC Action. I love journalist bloggers; there’s so much interesting backstory that they talk about. And working at Red Herring, Alex has more dirt than he could dish and stay in business. 😉

  • Curt Hopkins points to a fascinating story about the folks who run the great firewall of China, translated from Chinese. I was going to comment on it, but Rebecca MacKinnon comes along and says not only what I was thinking, but a whole lot more, and more insightfully:

    But as with many Chinese news stories, the conclusion is less interesting than the debate raging within the body of the article. And what the article reveals is that there is a lot of pushing back and forth amongst the various players when it comes to the future of Chinese cyberspace. Internet entrepreneurs like the CEO of Fang Xingdong come out against proposals that Chinese internet users must register their real idenities at all times. The internet portal sites conducted surveys showing that their customers (not surprisingly) favor online anonymity…

  • Bruce Schneier points to new research that may obviate any justification for the TSA to look through your clothes:

    Here’s a piece of interesting research out of Ohio State: it’s a passive sensor that could be cheaper, better, and less intrusive than technologies like backscatter X-rays:

    “Unlike X-ray machines or radar instruments, the sensor doesn’t have to generate a signal to detect objects ¬ it spots them based on how brightly they reflect the natural radiation that is all around us every day.”

    “It’s basically just a really bad tunnel diode,” he explained. “I thought, heck, we can make a bad diode! We made lots of them back when we were figuring out how to make good ones.”

No Child Left Untagged

CSO’s Security Feed has a story “RFID Technology Prevents Infant Abduction.” The story reads like a press release:

VeriChip Corporation, a subsidiary of Applied Digital (ADSX), a provider of security and identification technology, stated that its “Hugs” RFID infant protection system prevented the abduction of a baby at Presbyterian Hospital in Charlotte, North Carolina. A BioTechWeek article on reported that the Hugs system alarm went off when the infant was removed from the nursery and the staff and security personnel responded quickly to recover the baby, returning him to safety in the maternity ward. The Hugs Infant Protection System has a tiny radio transmitter that is worn on the baby’s wrist or ankle. Exit points throughout the hospital are electronically monitored to detect unauthorized removal of an infant. In the last 22 years, there have been 233 infant abductions in the United States, half of which occurred from healthcare facilities.

So, doing a little digging, it seems the ‘abductors’ were Walter Mitchell and Juanita Slade, the baby’s parents. Mitchell and Slade’s other children are wards of the state because of drug issues. However, they cared enough about their child to bring him to a hospital for a checkup after he was born. Now the press is touting this as an “abduction.”

I have very mixed feelings about all of this. Most child abductions in the US are custody battles. I know a fair number of smart, well-adjusted, successful people with “alternative” lifestyles who are terrified of DSS and their ilk. (See Fight CPS, Child “Protection?”, or AFRA Horror Stories for more.) The story above could have been written “Modern technology used to keep families apart.”

From the “Who Will Rid Me Of This Meddlesome Priest” Department…

Television evangelist Pat Robertson told viewers the U.S. should kill Venezuelan President Hugo Chavez to prevent the Latin American country from becoming a “launching pad” for extremism, the Associated Press said.

From Bloomberg. Ezra Klein has comments in It Was The Christian Thing To Do. Apparently, Venezuela is upset.

Thanks to Nick for distracting me from useful work. [Formerly titled “Today’s Blog Is All About Being Speechless.” Link to Ezra corrected, thanks Allan!]

Caption Contest

I took this picture of a sign, lying on its side, near gate A12 of the Atlanta airport on August 16th, 2005. The photo is what I saw; it has not been retouched. It needs a caption, and I am simply flabbergasted.










Captchas are those annoying, spamatuer “type this so we can stop spam” things that you see on some blogs.

PWNtcha stands for “Pretend We’re Not a Turing Computer but a Human Antagonist”, as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.

For an overview on why visual captchas are a bad idea, see Matt May’s excellent presentation, Escape from CAPTCHA, as well as the W3C’s Inaccessibility of Visually-Oriented Anti-Robot Tests working draft.

See PWNtcha – captcha decoder. I look forward to the day when someone builds this into my broswer. (Via Justin Mason’s feed.)

“FBI: Businesses (Still) Reluctant To Report Cyber Attacks”

Volubis picks up stories in Information Week and Computer World:

Roughly 20% of businesses report computer intrusions annually, a figure the agency believes is low. Director Robert Mueller urged businesses to step forward, promising greater sensitivity from the FBI in return.

This reluctance has become especially important at a time when identity theft is growing rapidly and terrorists are increasingly using the Internet, Mueller said in a speech to the InfraGard national conference, where private companies share security tips and expertise with the FBI.

We really need to get past this. Defending computers is much harder than defending attacking them. Most of the organizations compelled by California’s SB 1386 to reveal their breaches have not suffered long-term damage because of it. (The ones that have fall into a few categories: Tertiary parties who consumers were not aware had their data, those who lied to the public about what happened, and those where the breach seemed to have more to do with negligence than an accident. Getting defensive about the breach, and focusing PR on how the company was the real victim also doesn’t help.)

What’s more, we need anecdotes from which we can compile data to understand how systems are really compromised. With that data, we could start spending our money on better security systems that actually addressed the threats that matter.

The first step is to admit you have a problem.

US Air Force Hack and TSA

I just blogged about a breach of data which could be used for ID theft in “US Air Force, 33,000 SSNs, Hacker.” I’d like to tie that to a story I mentioned earlier this week, “TSA May Loosen Ban on Razorblades, Knives:”

The Aug. 5 memo recommends reducing patdowns by giving screeners the discretion not to search those wearing tight-fitting clothes. It also suggests exempting several categories of passengers from screening, including federal judges, members of Congress, Cabinet members, state governors, high-ranking military officers and those with high-level security clearances.

I’d be very curious to know how many of those 33,000 officers would be exempted from secondary screening. I’d be even more curious to know how many terrorists impersonating one of those officers would be exempt. I’ll say it again: identity data, unless backed by biometric databases which are immune to hackers, does not and can not make us secure. We do not know how to build a database which is immune to hackers, bribery of its operators, or even operator error.

US Air Force, 33,000 SSNs, Hacker

In : Half of USAF’s officers’ PII stolen, Chris points to stories about “AFPC notifies Airmen of criminal activity exposing personal info,” and “Air Force investigates data breach.”

AMS, an online program used for assignment preferences and career management, contains career information on officers and enlisted members as well as some personal information like birth dates and social security numbers, according to Col. Lee Hall, director of assignments at AFPC. It does not contain personal addresses, phone numbers or specific dependent information.

A malicious user accessed approximately half of the officer force’s individual information while only a handful of noncommissioned officers were affected, according to Lt. Col. John Clarke, AFPC’s deputy director of Personnel Data Systems. The individual used a legitimate user’s login information to access and/or download individuals’ personal information.

Air Force persnonnel can login into Military Personal Flight to see if they’re affected.

[Added: Annoying as it may be to those airmen to use a Navy site, the Navy Times has useful information in “ Thousands of Air Force officers’ ID files hacked:

“There’s a lightly publicized amendment under the Fair Credit Reporting Act that allows military members deployed away from home to put an active-duty alert on for one year,” Clarke said. The alert tells credit issuers to take extra steps to confirm your identity before issuing new credit.

(Navy Times article via Cotse’s Privacy Watch.)]

“Its Precious Patents Disclosed”

In Lee Kuan Yew is usually worth reading, Tyler Cowen discusses a Lee Kuan Yew interview, where Lee mentions ‘intellectual property’ law as a place Singapore can stay ahead of its competitors.

Mr Lee says:

Such as where the rule of law, intellectual property and security of production systems are required, because for them to establish that, it will take 20 to 30 years. We are concentrating on bio medicine, pharmaceuticals and all products requiring protection of intellectual property rights. No pharmaceutical company is going to go have its precious patents disclosed. So that is why they are here in Singapore and not in China.

The trouble is, patents must be disclosed. It’s part of the deal. You explain how you do something, in a way that allows someone else to do it, and in exchange, the government forbids anyone else from doing that for a while. Then anyone can do it, and the state of the art is advanced.

I believe that Mr. Lee understands this, but the language he uses is far less precise and forthright than he has been using of late. Has he been hanging out with too many intellectual property extremists, and lost his way?

No Child Left Alone

The EFF is directing attention to the Leave My Child Alone! colalition.

Did you know that President Bush’s No Child Left Behind Act mandates that public high schools turn over private student contact information to local military recruiters or risk losing federal education funding? Not only that, but the Pentagon has compiled a database of more than 30 million young people, including 16- and 17-year-olds, for the purpose of military recruitment?

I think this is wrong. The public schools must exist for the greater glory and convenience of the heroic modern state, or the schools shall wither away, abandon science and modernity, and I can’t go on.

More seriously, when the state is responsible for your child’s education, you should expect that the state will abuse that position for its own purposes.

TSA to Look Through Your Clothes

[Update: Welcome Buzzflash readers! If you enjoy this post, please have a look around, you might enjoy the air travel or privacy category archives.]

USA Today reports “TSA hopes modifications make X-ray not so X-rated.”

The TSA now hopes to test modified “backscatter” machines in a few airports this fall that will solve the privacy issue. That’s a “significant software challenge” because wiping out body parts also makes weapons less visible, says Peter Kant, a vice president at backscatter maker Rapiscan Systems.

Barry Steinhardt, director of the American Civil Liberties Union’s technology program, says he’s “skeptical that you can both identify dangerous items and eliminate embarrassing imagery.”

TSA spokesman Mark Hatfield said, “Determining whether or not that balance exists is precisely the aim of these tests.” The agency is paying Rapiscan and American Science & Engineering $722,000 to deliver prototypes.

The reporter, Thomas Frank, fails to ask why these are being tested on innocent civilians, rather than TSA and DHS officials. And his paper innocently reveals the truth with this photo, carefully cut off to preserve the model’s privacy.

These child-porn producing machines have been featured before on Emergent Chaos, in posts like
Small Bits: Xrays..

I’m a Spamateur

In private email to Justin “SpamAssassin” Mason, I commented about blog spam and “how to fix it,” then realized that my comments were really dumb. In realizing my stupidity, I termed the word “spamateur,” which is henceforth defined as someone inexperienced enough to think that any simple solution has a hope of fixing the problem.