Just like you and me...

... only better.


Gary Varvel

September is National Preparedness Month

September is National Preparedness Month and I am committing to doing something to make myself better prepared for the arrival of the Big Bad.

Maybe a chain saw or wind-up radio.

Or work on my go-bag.

Or get some LED lanterns.

Or just a new flashlight.

If only there was a small, inexpensive radio I could buy to supplement my existing ham equipment.

What is your name? Top Ten Replies to the TSA

As I mentioned earlier, I got selected by the TSA for additional screening and one of their super sophisticated terrorist detection mechanisms is to ask "What is your name?" Despite my disposition for being a smart ass, I answered with my name. Here are the Top Ten answers, I should have given:

10. Eric Stratton. Damn glad to meet you.
9. أنا لا أتحدث الإنجليزية. (Arabic for "I don't speak English")
8. Barack Hussein Obama
7. Bob Smith
6. John Galt
5. Death to the Infidels!
4. What do you want it to be? (With a wink.)
3. Osama bin Laden
2. Saddam Hussein
1. Is this a trick question?

And another thing...

After examining my boarding pass and drivers license, the TSA agent asked me what my name was. I'm thinking she should know after looking at those two documents, but I tell her anyway. What kinda of stupid terrorist won't know the name on their ID? Yet another effective security measure if I ever saw one.

Lottery Winner

I just won the TSA lottery and got selected for additional screening. An alarm went off after a swab of my hand was tested. (Really appreciated the giggles and chorus of "ooooo" from the dozen agents/officers/other uniformed people when the machine buzzed. At least I was quickly moved to the area, so they could go back to chitchatting.) During my fondling session, they told me some lotions will trigger the alarm. Sounds like a good system to me. I feel safer already. I didn't pitch a fit as I want to get home today, but I expressed my displeasure to several of them and used the words "ridiculous" and "security theater." The only funny part was the raised eyebrow from one of the agents when he saw them pull a couple copies of American Rifleman (trips are when I catch up on my dead tree reading) from my bag. There are pretty pictures of some Kimbers on the back.

Legal?

So a thunderstorm is within 10 miles of Neyland Stadium. They have shut the gates and told us that we cannot leave. I'm not sure if this is legal. I don't want to leave, but I am curious what rules apply.

From the Everything Has a Cost and Unintended Consequences Files

3D is the next big thing™. I don't actually believe that. For me, it was fun to see the first time at Disney World in some of their shows, but I don't need something to jump out at me every few minutes just because the show is in 3D. I got a lot bigger thrill in going from a 2D to a 3D advanced graphics card (the FPS went through the roof!) when I was playing Quake 2 oh so many years ago. And HD TV has been a great move up.

There are people who are betting a lot of money on 3D in movies and on TV, but here is where it gets fun.

So "the advent of 3D projectors is severely cutting the amount of light that reaches the screen because projectionists are not changing out the 3D lenses for 2D screenings as they should." Using the wrong lenses creates sub-optimal 2D pictures. If you read the article, it goes on to say that they have put so many controls in place that it makes it difficult to make the swap between movies. They are afraid that the bad guys are going to rip them off, so they spend lots of effort to make things difficult - on the evil-doer and the guy who has to support the projector.

The article sums it up this way:

"So in this case, Hollywood's threat model of losing revenues through unauthorized copying and redistribution overpowered its *other* threat model of losing business to home entertainment systems and Blu-Ray. At the projector level, I'd have thought the latter was the worse threat."

I think our default position for so many things in our lives is to make them more secure, but given our inability to evaluate risk, we often create more problems than we solve. I preach it at work and home - keep things simple. Some complexities are required, but others we impose upon ourselves.

Anything More and You Would Sacrifice Mobility

Via ENDO

Sounds like an Episode of Weeds

Check your trunk for drugs before driving back across the border from Mexico. Clever crooks are using folks to act as unwitting mules.

A Case for Pseudonyms

The Electronic Frontier Foundation (EFF) makes the case for Pseudonyms. I do not fear for my life, but I still think there ought to be some separation between personal and public - on-line pseudonyms seem to be a reasonable method for maintaining that separation. If I started doing evil things with this blog, then there is a legal process for finding out who am. Not that it would be that hard given the various tidbits of personal information I've provided in my posts to track me down IRL.

Speaking of Macs

I was told by a co-worker at a sister company that Macs are impervious to viruses. Well, lah de dah!

His statement makes this all the more fun... Hacking Apple Laptop Batteries. Forget borking the software, let's get the hardware.

(After seeing this post, I hope to incorporate the phrase "lah de dah" into all of my posts.)

Dropbox - Even Worse

I posted that I shouldn't put sensitive information in my Dropbox, since there are tools being released to compromise your "secure" storage.

Apparently, you don't need a tool or even a correct password. Dropbox allowed any password to work with any account for 4 hours.

Via Slashdot.org

Dropbox

I love Dropbox - especially now that I have an iPad. But remind me to never put anything of a sensitive nature there.

Bruce Schneier @ TEDX

I post stuff from Bruce occasionally as many of you might have noticed. For those of you who aren't familiar with him and his philosophy, this TED Talk is a good overview. He covers a lot of his basic views - security theater, security the feeling, security the reality, what a disconnect means between the two, trade-offs, how bad we are at evaluating security, our biases, etc.

HTTPS Here and There

Facebook announced that they are implementing the option for using an encrypted connection. Twitter announced that they are implementing the option for using an encrypted connection.

And for some unexplained reason, Slashdot.org posted a question asking why everyone doesn't run https? Seriously? It is the same reason that other security measures aren't implemented. It adds complexity. It adds costs. While the specifics may change, the evaluations usually goes something like this - the likelihood of an attack multiplied by the damage done equals the risk. (There are many versions of this formula and I'm sure I've oversimplified, but you get the idea.) The risk calculation can then be used to compare risks, make organizational decisions about risk tolerance, etc. Some companies just don't care about security or they don't care as much as the next company. My company does not spend lots on IT security. I'm sure we spend less (on a percentage basis) than many others in Knoxville.

I'm not saying that implementing https is a bad idea. I am saying that it is more than just a technical decision.

Twitter notice via Slashdot.org
Previously HTTPS Everywhere and Encrypted Google Search.

Sex Sells

Got lazy users that won't come up with complex passwords? Try using the code from Naked Password to encourage them to think a little harder. Check out the demo at www.nakedpassword.com.

I love my smart phone, but I don't "love" my smart phone. What's wrong with kids these days?

11% of Gen Y check their iPhone during "heavy petting."

Unreal.

Baby Monitors aren't secure.

Baby Monitors aren't secure.

Really? Is anyone surprised by this? I just don't see it being a huge risk. Without intercepting the monitor transmissions, you can pretty well assume that my kid is bed at night.

Encrypted Google Search

I just noticed that my Google search defaulted to an encrypted page. Strange. I've never see that before tonight. It shows the "Beta" and a "SSL" tag.

https://encrypted.google.com/

From Brick O'Lore

Old Mobile Phone for 911

Not a bad idea... keep an old mobile phone charged to use as a back-up for 911 calls. He recommends using a timer to keep the phone from sucking juice all the time. I would suggest looking at the phone to see if shows that it is getting an SOS signal of some sort.

Security Theater

We'll never get past this lock!

Image from Roger's Security Blog.

Via Bruce - he should start every presentation about security theater with that picture.