July 2, 2009
The Punch Line Goes at the End
The Black Hat conference in Las Vegas always has its share of drama. This year, it's happened a month before the conference opens. The researcher Barnaby Jack had to cancel his talk. Risky.biz gives an account of this; his talk was to make an Automated Teller Machine spit out a "jackpot" of cash, in the style of a slot machine.
According to reports, the manufacturer of the ATM pressured Jack's employer, Juniper, to pressure him to withdraw the talk.
I certainly roll my eyes at this. It doesn't do a lot of good to pressure someone to withdraw their talk.
But even more so, if you're giving a talk, it behooves you to save the showmanship for the stage. I mean, come on.
Last year, the big cancellation was the team of MIT students who broke the Boston MBTA Charlie Card system. There was a legal injunction put against them that spoilt their presentation. The fault, in my opinion went to them for naming their talk, "How To Get Free Subway Rides For Life."
Imagine that you are a judge who is interrupted from an otherwise pleasant Saturday by panicky people who want an injunction against a talk with such a dramatic name, you'll at least listen to them. You decide that sure, no harm to society will come from an injunction from Saturday 'til Monday, and you'd be right. No harm came to society, DefCon was merely a little less interesting.
Now imagine that you are the same judge and you're asked for an injunction against the talk, "A Practical Cryptanalysis of the Mifare Chip as Implemented in the MBTA." That one can wait until Monday, and the talk goes on.
In a similar gedanken experiment, imagine that you are the VP of Corporate Communications for the XYZ ATM Corp. You learn that in a few weeks, someone is going to do "ATM Jackpot" with one of your ATMs in some show in Vegas. Despite the fact that someone else in the company approved it, what do you? You pressure them to cancel. Duh. If you don't, then you're going to spend most of August reassuring people about your products, your boss is going to be really ticked at you (after all, isn't it the job of Corporate Communications to control these things?), and it's just going to be no fun. This is also why you're paid the big bucks, to make embarrassments go away.
This is why if you are a researcher, you do not name your talk, "ATM Jackpot" you name it "Penetration Testing of Standalone Financial Services Systems." It is only on stage that you fire up the flashing lights and clanging bells and make the ATM spit out C-notes for minutes on end. That would get you all the publicity for your talk that you want, and you actually get to give it.
Remember, do as I say, not as I do. If you have a flashy Black Hat talk, put the punch line at the end of the joke.
Bookmark this post:
Rebellion over an ID plan
What they were emphatically not doing, said Jay Platt, the third-generation proprietor of the ranch, was abiding by a federally recommended livestock identification plan, intended to speed the tracing of animal diseases, that has caused an uproar among ranchers. They were not attaching the recommended tags with microchips that would allow the computerized recording of livestock movements from birth to the slaughterhouse.The New York Times reports that not even cattle need Real ID in"Rebellion on the Range Over a Cattle ID Plan." There's a web site, NoNAIS.org which is tracking things like“This plan is expensive, it’s intrusive, and there’s no need for it,” Mr. Platt said.
Oklahoma is now mandating Premises ID for anyone wanting participate in the Swine Shows. One more tricky little way that they make “voluntary” into mandatory.Image: IstockPhoto
Bookmark this post:
July 1, 2009
Unthinkable Foolishness from TSA
"Flying from Los Angeles to New York for a signing at Jim Hanley's Universe Wednesday (May 13th), I was flagged at the gate for 'extra screening'. I was subjected to not one, but two invasive searches of my person and belongings. TSA agents then 'discovered' the script for Unthinkable #3. They sat and read the script while I stood there, without any personal items, identification or ticket, which had all been confiscated.Issues of Unthinkable are only $3.99 each, a bargain! Why not pop over to Boom studios and support the artist?"The minute I saw the faces of the agents, I knew I was in trouble. The first page of the Unthinkable script mentioned 9/11, terror plots, and the fact that the (fictional) world had become a police state. The TSA agents then proceeded to interrogate me, having a hard time understanding that a comic book could be about anything other than superheroes, let alone that anyone actually wrote scripts for comics. (From Boing Boing, "Comics creator stopped by TSA for carrying script about writer under suspicion by TSA"
Bookmark this post:
June 29, 2009
On the Assimilation Process
So I wanted to pipe up and say I'm having a heck of a lot of fun, and have found places and ways to be effective. I'm getting to develop and share things like our SDL Threat Modeling Tool, and I get to be very transparent about the drivers and decisions that shape it. I've got some even cooler stuff in the pipeline, which I'm hoping will be public in the next year or so. My management (which has shifted a little) is supportive of me having two external blogs.
It's been a heck of a ride so far. Dennis Fisher asked a great question to close this Hearsay Podcast, which is what surprised me the most? I was a little surprised by the question, but I'm going to stand by my answer, which is the intensity and openness of internal debate, and how it helps shape the perception that we're all reading from the same script. It's because we've seen the debate play out, with really well-informed participants, and remember which points were effective.
I can't wait to see what happens in the next three years.
Bookmark this post:
June 27, 2009
Emergent Traffic Chaos
Researchers from several Japanese universities managed the feat by putting 22 vehicles on a 230-metre single-lane circuit (see video).They asked drivers to cruise steadily at 30 kilometres per hour, and at first the traffic moved freely. But small fluctuations soon appeared in distances between cars, breaking down the free flow, until finally a cluster of several vehicles was forced to stop completely for a moment.
Bookmark this post:
June 26, 2009
The Cost of Anything is the Foregone Alternative
At least six men suspected or convicted of crimes that threaten national security retained their federal aviation licenses, despite antiterrorism laws written after the attacks of Sept. 11, 2001, that required license revocation. Among them was a Libyan sentenced to 27 years in prison by a Scottish court for the 1988 bombing of Pan Am 103 over Lockerbie.It's long been a truism of economics that the cost of anything is the foregone alternative. In this case, a huge amount of our air travel security spending goes into ensuring that you can't fly if your name and ID don't quite match (looking at you, Jim), rather than preventing convicted terrorists from getting aviation licenses.
Bookmark this post:
