Cheetah Delays Luggage

A cheetah traveling from Oregon to Memphis Tennessee escaped from its cage on a Delta flight from Portland to Atlanta. Luggage was delayed, a baggage worked got a good fright (oh, yeah, imagine finding a cheetah on Halloween), but no baggage was destroyed.

I would like to be able to link to the full story, but given as how it is an AP story and they sue people who do that, you’re just going to have to google it.

I’d also love to give a good TSA joke here, but I can’t think of one.

Studs Terkel, 1912-2008

No Chicagoan stood up for the common man like Studs Terkel, although Nelson Algren was probably in the running.
A security-related anecdote, courtesy of the Chicago Tribune:

In 1997 he went to the White House to receive the National Humanities Medal and the National Medal of Arts with a group including Jason Robards, Angela Lansbury, conductor James Levine, Chicago religion scholar Martin Marty and Chicago arts patron Richard Franke. He was stopped at the White House gate and asked for identification. Studs, who had never driven a car, did not have a driver’s license. The only thing he could come up with to appease the White House guards was his CTA seniors pass. They let him in.

Experience and Decision Making

Following on our satirical endorsement of McCain-Palin yesterday, I’d like to talk a little about the experience argument, that is, that Obama lacks the experience to be President.

This may well be true. I’d prefer someone with extensive executive experience, ideally running a state, experience matters in one very specific way: it may help you make better decisions. Having a wealth of experience may lead to the wisdom of age, or being a grouchy old person.

I see two key decisions that each candidate has had to make since the convention. One with time for reflection and consideration, and one snap decision. The first, of course, is their Vice President, and the second, how to react to the emergent financial crisis.

Let’s look at McCain’s decisions: Palin, and suspend the campaign. In each case, a honed political calculus was the experience McCain applied.

Palin is a great candidate: appealing to both the radical right and disaffected Hillary voters. A great speaker. The leader of America’s most socialist state, where each citizen gets $3,200 from the state, just for breathing. And she is so not qualified to be President, she’s a drag on the ticket. It was a great political gamble, and an awful one for a 72 year old cancer survivor to apply to the Presidency of the United States. Contrast with Obama, who chose an experienced foreign policy expert who had already run for President.

The choice to suspend the campaign was also brilliant politics. McCain, suffering from a self-imposed inability to raise funds, needed a dramatic response to the crisis. But he has no background in finance. No long experience regulating it. No seats on the relevant committees. And rather than letting the professionals do their jobs, McCain decided to grandstand. Contrast with Obama, who said “My strong feeling was that this situation was of such seriousness that it was important not to chase the cameras.”

So experience matters because it helps you make decisions in the framework of what’s important to you.

It seems that winning, not governing, is what’s important to John McCain.

On the other hand, Obama does lack experience. But it seems to me that he makes decisions well, and will continue to do so.

Emergent Chaos: For McCain Palin

images.jpegAs we come to the close of the longest campaign in American history, it is time to make a call on who to vote for. In these turbulent and chaotic times, America needs a candidate who will cause more chaos to emerge. Now is not the time for calm and reasoned leadership. Now is not the time for thoughtfulness. Now is the time for chaos that makes us gasp. Chaos that makes us cry. Chaos that makes us question the ability of government to solve problems.

There is only one ticket which has the experience and proven ability to generate chaos on that sort of scale, and that is McCain/Palin.

There are many reasons to be optimistic about an Obama administration. But Obama is young, and has never had cancer. We have little reason to believe that in the course of a major crisis, Obama would need to be hospitalized. If he is, we can expect Joe Biden to move in relatively smoothly, with perhaps a few minor verbal gaffes. Similarly,
there’s no hope of Obama being distracted by a “bimbo eruption” or
made-for-tabloids divorce capable of taking his administration (and the
country) in an thrilling, unpredictable direction.

Obama has a proven ability to step through the sorts of crises which would sink other candidates, like associations with Ayers and Wright. His steadfast refusal to sling mud at ‘first dude’ and secessionist Mr. Palin shows a worrisome focus on issues and agendas, as does his decision not to highlight Governor Palin’s gleeful commingling of personal and political agendas – as evidenced in the “Troopergate” and rape kit controversies.

On issues of liberty which matter deeply to us, neither candidate has a strong record. McCain was once proud of a bill which bears his name and restricts his spending, and we applaud his willingness to now find every loophole he can.

If America wants chaos to emerge on an unprecedented scale, there is a clear and obvious choice.

Responses to Terror: Boston and Ashdod, Israel

An Israeli teenager has been arrested after he donned a mask and prowled the streets of his town with a big rucksack and toy gun for a school project. The boy, 15, was seized by police in the southern town of Ashdod suspecting he was a Palestinian militant. The student was quoted as saying he was researching police reactions in the town and “just wanted to get an A+”. The stunt was considered highly risky in Israel, where attackers are often shot by police or civilians.

The youth was later released on bail and was not charged.

“It’s fine – he tested the police reaction,” [Ashdod police commander] Elgaret said. (From the BBC, “Israel teen ‘gunman’ wanted an A+

Contrast that response to that in Boston, where the police said Star Simpson was “extremely lucky she followed the instructions or deadly force would have been used,” and where she was then charged with wearing a fake bomb.

In both cases there was a failure of judgement on the part of the kid. In the Israeli case, the failure was substantially larger: he tried to look like a terrorist, rather than doing so accidentally.

But in Israel, the police didn’t over-react, and didn’t charge the student.

The Israelis have regular incidents of terrorism, they know that being tested is an important part of maintaining their readiness. Much more importantly, their leadership that knows that panic and terror are exactly what the terrorists want. What societies facing terror should want is exactly what the Ashdod police displayed at all levels: a professional and restrained response.

CTOs, Product Management and Program Management

In “The product manager’s lament,” Eric Ries writes about his view of product managers:

Let’s start with what the product manager does. He’s supposed to be the person who specifies what the product will do. He writes detailed specs which lay out exactly what features the team should build in its next iteration. These specs are handed to a designer, who builds layouts and mockups of all the salient points. Then the designs are handed to a team of programmers with various specialties.

When I met this team, some acrimony had built up. The last few features came out pretty different from what was origianlly spec’d, and took far too long, to boot. The programmers keep asking for more say in the designs and direction that they work on.

I think Eric is almost right about what a product manager should do. I want to provide two disparate perspectives on what that almost entails, and why it’s important. First, I’d like to talk about the role of the program manager at Microsoft (my current day job) and then about the role of the startup CTO (my previous day job).

The program manager’s job is to understand the market and customer pain, shape consensus around what a solution looks like, spec that solution, then drive implementation and the inevitable tradeoffs and ship a solution which makes customers happy.* I do all of that in creating the SDL threat modeling tool.

Some people think the market approach is strange because inside Microsoft, the SDL requires threat modeling. But most markets are distorted in some way by legal requirements. I treat threat modeling as a market with pain that I need to address, and do my best to win in that market. I’m fairly pedantic about talking about our customers, rather than our users, because we give them better tools, and make them more successful when we treat them as valued customers.

Note that that is a super-set of Eric’s description of what a product manager does. He has some interesting suggestions, but the real fix is to get the guy who owns the spec deeply involved in the software process, from start to finish. Which brings me to the role of the CTO.

The role of a good CTO is to understand the market and customer pain, shape consensus around what a solution looks like, spec that solution, then drive implementation and the inevitable tradeoffs and ship a solution which makes customers happy. There’s also a responsibility to be a company leader, hiring, shaping the culture, and participating in the executive decisions the company makes. Sometimes, there’s a need to step in and build. But a large part of the CTO role is that of the program manager. I think this is why I’m able to succeed as a program manager—I’ve been at it for a while.

In Eric’s post last month, “What does a startup CTO actually do?,” he provided a different list: platform selection and technical design; seeing the big picture; providing options; finding the 80/20 and growing technical leaders. I think that’s a good list, but it’s missing a key piece, which is the vision to bits to customer experience scope that is at the core of the program management mindset.

[Update: The * was going to be a footnote citing an internal doc which I’m paraphrasing, but I decided to cut it, and forgot to remove the *. Oops!]

New ID Theft Research And Blog For Debix

Adam and I have discussed Debix several times in the past, so it will come as no surprise, that I am again posting about them.
Debix now has a blog, which will be covering issues around identity theft, breaches and privacy.
Debix also released a new research study examining child identity theft. The most recent blog post, contains some highlights from the study, including that one in twenty people (or one in every classroom) suffers from some sort of compromise to their identity before they reach their maturity with an average of over $12K in fraudulent debt assigned to their names.
As the post says:

Kids are a great target for identity theft, because the younger you target them, the longer you have before it is likely that the act will be discovered and as a result the corresponding amount of fraud that is committed prior to discover is significantly higher with minors than with adults.

Check out the post and the full research study for much more detailed information.
[Image is identity-theft-2 from j_lovefool on flickr]

100 Mile Constitution Free Zone

ACLU constitution free zone map.jpg

Government agents should not have the right to stop and question Americans anywhere without suspicion within 100 miles of the border, the American Civil Liberties Union said Wednesday, pointing attention to the little known power of the federal government to set up immigration checkpoints far from the nation’s border lines.

The government has long been able to search people entering and exiting the country without need to say why, which is known as the border search exception of the Fourth Amendment.

After 9/11, Congress gave the Department of Homeland Security the right to use some of its powers deeper within the country, and now DHS has set up at least 33 internal checkpoints where they stop people, question them and ask them to prove citizenship, according to the ACLU.

See Wired, “ACLU Assails 100-Mile Border Zone as ‘Constitution-Free’.” In closely related news, a Washington Municipal Court in Tacoma (pictured) has ruled that “showing ID to cops not required.”

I found this map to be pretty shocking on two levels: first, and most importantly, I hadn’t realized that it was 100 miles from any border. (And if it really is any border, do the international airports count?) Which brings me to my second point: it was pretty surprising to see not only that two thirds of Americans live within 100 miles of a border, but that there are only a few major cities (Denver, Atlanta) which are not in that zone.

I also feel personally invaded to know that every time I use a ferry in Seattle, they scan my license plate and record that travel.

The map is a link to the ACLU’s page on the issue.

Ridiculing the Ridiculous: Terrorist Tweets

A group of soldiers with the US Army’s 304th Military Intelligence Battalion have managed to top previous military research on terrorist use of World of Warcraft.

Realizing that mentioning the word “terrorist” can allow researchers to acquire funding to play the popular MMOG, they turned attention to the popular, if architecturally unscalable micro-blogging system, Twitter.

Surpassing the threat-analysis skill of super-spy Chad Feldheimer from the recent documentary “Burn After Reading,” they mention not only the threat of “socialists,” “communists,” and “anarchists,” in using Twitter to “communicate with each other and to send messages to broader audiences,” but the wider and more up-to-date threats from “religious communities,” “atheists,” “political enthusiasts,” “human rights groups,” “vegetarians,” and last but not least, “hacktivists.” They notably left out delinquent teenagers, so one presumes they don’t use systems like Twitter.

The Military Intelligence group also discovered that people can use GPS in phones like the Nokia 6210 and Nokia Maps to know where they are. This could let terrorists who want to illegally cross a border know where that border is, or to know that a certain large triangular stone thing is the Pyramid of Cheops (category: Attraction).

The report’s cutting edge thinking also discusses how terrorists could use voice-changing software such as AV Voice Changer Diamond to make prank phone calls and effectively hide under an abaya.

The full report, marked “For Official Use Only,” can be found here. It also redacts with a dark gray splash of ink the email address of, from whom you can get a copy of the report if you do not have access to INTELINK, Cryptome, or the Federation of American Scientists.

I think the report speaks for itself. I just can’t make this stuff up, apart from the bit about hiding under an abaya.

Insecurity Theatre

viva viagra rocket.jpg

“It’s been in the back of my mind since you first came in: How do you get the missile on the trailer into Manhattan?” federal Judge William Pauley III asked.

Sachs, from West Babylon, said cops just laughed as he passed through the Queens Midtown Tunnel on his way into the city Sept. 8.

Sachs also claimed he drove his “missile” through the Lincoln Tunnel five times, and was only stopped twice.

“They checked license and registration, but not the missile,” he said.

“You’re telling me that when you drove up to the Lincoln Tunnel -” Pauley said.

“They saluted,” said Sachs, who is representing himself in court.

So reports the New York Post, “Security Lapse Let in Naughty Fake Rocket.”

I was going to comment, but I think I’ll just salute.

Fake Fish and Security

fish on a dish.jpg
There was a very interesting article in the New York Times, “Fish Tale has DNA Hook,” in which two high school students used DNA testing to discover that nearly 1/4 of the sushi they tested and identified was mis-labeled. The article only identifies one of the vendors:

Dr. Stoeckle was willing to divulge the name of one fish market whose products were accurately labeled in the test: Leonards’ Seafood and Prime Meats on Third Avenue. John Leonard, the owner, said he was not surprised to find that his products passed the bar code test. “We go down and pick the fish out ourselves,” he said. “We know what we’re doing.” As for the technology, Mr. Leonard said, “it’s good for the public,” since “it would probably keep restaurateurs and owners of markets more on their toes.”

I was amused by this, but Robin Hanson had an interesting comment:

This is a huge fraud rate. Will diners continue to tolerate it? Probably, yes – I suspect diners care more about affiliating with impressive cooks and fellow diners than they do that fish is correctly labeled.

I think that there’s a related phenomenon in software security. It’s hard to accurately identify secure or insecure software. It’s usually easier to look at other elements of what makes a program useful. Which makes for a very fishy market.

Photo: “Dinner at Masa: O! Fishy fishy fishy fish” by mobil’homme.

“Secure Flight” now part of the Bush Administrations Legacy

We welcome the Bush administration’s continuing dedication to excellence and security in developing clear and appropriate rules to prevent terrorists from flying:

In this respect, there are major discrepancies between the (nonbinding) description at the start of the regulatory notice issued today, and the actual regulations that follow it (the last 20 pages of the notice).

The essence of the Secure Flight final rule would be to (1) impose a new, two-stage, requirement for all would-be air travelers to obtain government permisison to fly, first in the form of a discretionary government decision to issue an acceptable form of identification credential and second in the form of a discretionary decision to send the airline a “cleared” message authorizing a specific person to board a specific flight, and (2) require all would-be air travelers to provide identifying information to the airline and the government prior to each flight.

We applaud the government’s long-lasting impact on Americans. The Bush presidency, from the price of gasoline to the permission to fly system announced today, to license plate scanners on the Seattle ferries, has left a mark on the Republic like few presidencies in history.

Canadian Privacy and Private Action

In reading Arthur’s post on “Canadian PM FAIL,” I was thinking of the odds that this would be investigated and dealt with under Canadian privacy law. Now, I’m not an expert on that, but my recollection is that the main private sector law, PIPED complements a Federal Privacy Act which would likely be the relevant law for the office of the Prime Minister. I also recall that neither law contains any sort of right of private action.

So, will the Privacy Commissioner investigate? She has limited resources, and perhaps she doesn’t see this the way that Arthur does, “there are few groups who care less for this sort of tracking than Jews.” Perhaps she has other priorities. (Does anyone know if a formal complaint has been filed?)

Regardless of if the Commissioner investigates, I think there’s value to society in allowing citizens to balance government, rather than having to act as supplicants, asking one department to investigate another. The ability to act as a party in a case can be a powerful balancing factor.

Buffer Overflows and History: a request


One of my long-term interests in security is the ongoing cost of secrecy. My current favorite example is the stack smashing buffer overflow. These were known and understood no later than 1972, and clearly documented in the Computer Security Technology Planning Study:

The code performing this function does not check the source and destination addresses properly, permitting portions of the monitor to be overlaid by the user. This can be used to inject code into the monitor that will permit the user to seize control of the machine. (Page 61)

I believe that more open discussion of the technique by Aleph One led to a variety of defensive techniques getting baked into compilers and operating systems. Those defenses are now widespread, and it’s getting hard to find a stack smashing attack 10 or so years later. Had we not let the problem fester in secret, we’d be better off.

I’ve been told that the Bendix G-20 and the Burroughs B5500 had hardware level protection against buffer overflows as an intentional security mechanism. That is, there was an understanding that user supplied data could alter the flow of control.

I’m wondering if this is documented as clearly as the statement in the Security Technology Planning Study. It is very clear what the attack is and what the impact is. I’ve spent some time looking for a similarly clear published statement about one or the other of those machines. (Or heck, even a clear statement of the stack smashing attacks, rather than fuzzy statements about problems.)

Can you help me find such a thing?

Photo: Overflowing Glass 3, by nosheep on Stock.xchng.
[Update: We’ve got very interesting debate flowing in the comments.]

Discipline and Art

Stephan Bugaj has a fascinating article up, “Steve Kurtz: Tactical Art.” I wanted to tie this to my post “The Discipline of ‘think like an attacker’

Kurtz only briefly mentioned his four year ordeal with the Department of Justice (this is also a good article about it), and only as a single exemplar of his overall thesis that the role of art is to push back against the social mechanisms of what he’s termed “expression management.”

In staging this mock bioweapon release in front of the U.S. Embassy, what Kurtz found was that his own internal microfascisms were causing him to attempt to derail his own project by listing things he was sure they wouldn’t be allowed to do: march and then assemble in front of the embassy, then use a city tower to release the smoke with the (harmless) biological sample in it, and then bring skin samples from the participants to a lab for testing.

What he found instead was that the Leipzigers, despite Germany’s decades longer ordeal with terrorism (from not just Islamists, but also neo-Nazis and Communists), were quite willing to support the project. When the sponsoring Leipzig arts institution asked, the city gave them use of the tower, and permission to march to and in-front of the embassy, with no fuss. The biological laboratory in the city was equally obliging.

It’s a very interesting post about the intersection of art with ‘the policeman within.’ The lecturer in question has certainly had enough encounters with the policemen to have developed an interesting orientation towards their relationship with society.

In security engineering work, we often have to overcome internal filters, such as “why would anyone do that?” I think that powerful art, like that of Banksy or Wendy Richmond has an ability to transform the way we see the world for the better. It’s a shame when our artists need to contend with arrest for doing things which are not illegal, but merely confusing to our armed public servants.

Previously on Emergent Chaos: Banksy on anonymity, England, and Disneyland.