Blog posts tagged "security"

More on Airline Security

February 8th, 2005

In light of my recent experience with the check in, I found this article on a major security loop hole very interesting.

Tagged: Uncategorized ,

Seattle, Flying and Security (plus Alaska Airline Sucks)

February 3rd, 2005

I can’t decide if I saw security procedure work this morning, or was once again brought face to face with TSA’s incompetence. I was yet again flagged for extra security screening, a rather familiar procedure by now, yet I was able to walk through 2 security checkpoints without being being so much as patted down, and was quietly sitting at the gate before anyone noticed. At some point someone seems to have called my gate, who paged me, and I was sent back to the original security check point, which this being SeaTac meant I had to traverse a half dozen escalators, and a train trip back to the main terminal.

Back at security I was able to observe what appeared to by a list of people who had checked in and were flagged for the extra screening, including what time they had checked in. I guess I had been in the terminal long enough that they were wondering why I hadn’t passed through the extra screening. I wonder if I had been running late if I could have made it on to the plane before anyone thought to check? Logically my approaching boarding time should have triggered a search event, however the log was just a piece of paper with a list of names on it, and something tells me I would have slipped through.

Related posts

Seattle

One of the interesting things about flying out of Seattle is there are always Microsoft people on the plane; flying out to MIT to a recruiting fair, or to Chicago for a product demo, or down to their Silicon Valley campus. It’s the only time I actually meet anyone who still works over there. I traipsing back and forth and back again to the checkpoint while people around me chattered about their latest MS Office product meeting I couldn’t help but wondering if there is something about Seattle that makes people inherently bad at security.

Captive Audience

Unrelated to security (except perhaps when I almost breached the pressure seal on the cabin trying to walk out), I was shocked by Alaska Airlines abuse of its power this morning. 3 hours into flight, the captain came over intercom.

“If I could have everyones attention,” the authoritative voice boomed out. “How would you like if next time you flew, you could get a companion ticket for just $50? Well with the Alaska Airline’s VISA, voted number one in the industry 5 years runnning….”. And the sales pitch went on and on, familiar from late night TV I’m sure.

We squirmed unable to get away from this ads, sucked in by our training to assume that the captain coming over the intercom is to impart important information. I scrambled for my head phones. But the voice penetrated my music with the ominous final rejoinder, “We’ll be passing through the cabin handing out applications.” I won’t be flying Alaska again if I can help it, even though they have one of the few direct flights from Seattle to Boston, this was the last straw. (that and the word “digiplayer” is just so lame sounding, you feel sympathetic embarrassment every time they mention them)

Tagged: Uncategorized , , ,

Netflix Friends, Privacy, and the Network

January 10th, 2005

One of the things I’ve always kind of liked about Netflix is the curtain of privacy it tosses around your viewing habits. It isn’t like you can rent porn on Netflix, but still you are alone with your tastes and indiscretions. Netflix is in a position to collect incredibly accurate information about viewing habits, because both renting and rating are done in private. Netflix Friends changes that dynamic.

With Netflix Friends you can see what your friends are watching and share your favorite movies with them.

Renting and in particular rating are once again performative acts. There is a real value there, and in services like Audioscrobbler, or All Consuming, or 43 Things, and even the undirected social network sites like Orkut or Friendster, and yet …

I mean, I already maintain a blog, do I really want to share what I’m listening to, what I’m reading, what I’m watching, what I’m working on, and who I know? I don’t know. I just know that even though I’m flirting with Netflix Friends, I am very aware of the virtual clinking of coins, as I barter a little more privacy for a little more leveraged access to the network.

(I also predict that Netflix will over the next 6 months see an increasing disconnect between what people rate high, and what they watch, the Masterpiece Theater vs. Jerry Springer syndrome, and an associated degradation in the quality of their data.)

When Nielsen used log-books to gather information on the viewing habits of their sample families, the results were heavily skewed to Masterpiece Theater and Sesame Street. Replacing the journals with set-top boxes that reported what the set was actually tuned to showed what the average American family was really watching: naked midget wrestling, America’s Funniest Botched Cosmetic Surgeries and Jerry Springer presents: “My daughter dresses like a slut!”

update: tom is already experiencing the “social” side of it all.

MD5’ing IP Addresses is Security Theater

December 21st, 2004

I felt dumb back in 2001 when I suggested that the solution to IMC’s ip address privacy concerns was to use a one-way hash (e.g. MD5), and a few basic facts where pointed out to me.

  • IPv4 provides a total possible search space for ~4 billion highly predictable records, a dictionary style attack against this is well within reason.
  • the effective address space is actually *much* less then 4 billion due to the way that IP addresses are distributed.
  • it is likely that the search space will actually be *drastically* smaller (a few hundred) based on the amount of information the attacker has already been able to gather.

I’m not a cypherpunk, but the numbers kind of speak for themselves. Hashing of IP addresses is useless. Which is why Indymedia doesn’t log IP addresses.

So its a little odd to see that bastion of geeky wisdom Slashdot, talking about how they’ve “voluntarily taken on the privacy burden of MD5’ing incoming IP addresses”.

I guess that prevents against accidental discovery, and maybe thats their threat model. (that must be nice)

This has been a public service announcement.

Tagged: Uncategorized ,

Special Treatment

July 10th, 2004

I’ve gotten used to the extra screening I get selected for when I fly (they’ve had the good grace to stop calling it “random” selection which was offending my CompSci soul). It’s a mixed bag really. There is nothing quite as much fun as being reminded that you’re living in a police state, especially first thing in the morning. On the flip side it is kind of fun to jump the queue. I play a game of monitoring the progress of the person behind me in line. About half the time I make it through security first.

But this morning was different. This morning I forgot my photo ID. (I don’t drive, so it isn’t like I’m actually required to carry it, and frankly I’ve been flying so much lately I must have left it in the pants I was wearing Monday) Ick. I not only got the four red Ss stamped on my boarding pass, but a special red squiggle. Which meant instead of just being sent to the special queue, I got to go to the special room. Interestingly procedures were exactly the same, there was just a door, which I guess meant they thought we were flight risks (no pun intended). Anyway the real novelty was being the only white person in the room.

Still I got to sit there and have an interseting chat with a man from Sri Lanka (who works in “human resources for the garmet industry”, meaning he oversees one of Sara Lee’s sweatshops manufacturing lingerie for Victoria Secrets). We chatted a while about how the number of people living on the streets in Seattle had really shocked him. Nothing quite like having someone from the Global South whose country that has had 30 years of civil war telling you you’ve got a poverty problem.

update: well I made it home proving that it is still possible to fly in this country without a photo id. but I can’t say I would recommend the experience.

Tagged: Uncategorized , , , ,

Zero Knowledge on a Budget

April 8th, 2004

My security culture is lousy, besides some basic self-censorship about what I talk about here on LM a quick Google search can find almost anything you wanted to know about me.

That said I find two websites have become an important part of my daily toolkit.

  • DodgeIt – free, receive-only email. No set up. Check via the web or RSS
  • BugMeNot – community maintained database of website logins, with a simple bookmarklet interface
And they work great together!

Are there other tools people are using?

Tagged: Uncategorized , , ,

Not Welcome

August 9th, 2003

Danny continues to provide interesting coverage of the real life issues dealing with visas, and passports in our new security state. Including the new, amazingly invasive DS-157 form.

A friend of mine was going to drop by while on a trip to San Francisco in a few months. Not anymore. He’s a french citizen living in the UK…And from October the 1st, the US is refusing visa-waivers to anyone without one. You have to get a normal visa. Male visa applicants aged between 16-45 also have to fill in this new extra form, DS-157.

Questions on the new form include:

  • Mother and father’s full name.
  • All the countries you have entered in the last ten years (with year)
  • Your last two employers (with address, telephone number and supervisor name)
  • All professional, social and charitable organisations to which you belong or have belonged, contribute or have contributed or with which you work (or have worked)
  • All educational institutions you attend or have attended (excluding elementary school)
  • A list of specific locations you will visit in the US
Understandably, he objects to filling in this form.

This a gross invasion of privacy, made more shocking by the fact that I probably never would have known it was out there, being an American citizen who can breezily blow through other peoples’ custom lines. (flying in the U.S. is a bit more tricky, involving unpacking every bag I bring, and nearly stripping after being “randomly extra security screening”)

However my first, selfish thought was, “This is going to make it even worse to travel as an American.” We can only abuse other the citizens of other countries so long, before an American passport stops being the gold currency for travelling, and advantage which I’ve always enjoyed. Currently the one downside of travelling as an American is our total lack of decent health care system in this country, which makes it nearly impossible to get health care from overseas providers who know wisely steer away from getting embroiled in the scam that pass for US health insurance. I think its going to get worse though.

Feels like a concerted effort to roll back the positive gains that globalization has made; people travelling and communicating, and learning about their neighbors is bad, only capital should be allowed to see the world.

Tagged: Uncategorized , , ,

Made it home (Santa Cruz)

May 30th, 2003

Flying, an activity I used to enjoy, is becoming miserable. The interminable lines, the ridiculous security, the half assed cost cutting measures really add up to a degraded expirence. I flew Southwest for the first time in a while, as opposed to making the trek down to New York to fly Jetblue. It cost a bit more (~$80), but the hassle of getting to the airport was significantly reduced.

A Few Thoughts

I am not impressed with the new heightened security. I was wandering around in my stocking feet, demostrating that yes my laptop turned on, and no I didn’t have a bomb in my coffee cup, and well on my way to inflitrating the American skies before anyone noticed that when I checked in Southwest gave me the wrong ticket, a ticket for one “John Kenner”, easy to see how that might be confused with the “Kellan Elliott-McCrea”. (then they tried to convince me I didn’t have a reservation because Sabre can’t deal with hyphens in names)

I hate the open seating policy. Its a smug piece of social engineering to get people to show up early, and board the place quickly, but it brings out the worst in people. Feeding frenzy/mob at the boarding gate is ugly.

After the ongoing cold gray in Providence, and a brief exposure to the blistering 110 degree heat in Phoenix (you couldn’t pay me to live there) it is wonderful to be in Santa Cruz where the weather is perfect.

Being in the house of Mac, I’m going to try to steal away some time to finish a redesign of this site I’ve been playing with, something slightly less generic, don’t expect wonders, but at least it won’t look quite so generic. (though it will probably damage my search ratings, not using MT’s well optimized layout, ah well)

Tagged: Uncategorized , , , , ,

What Homer can tell us about Security

September 15th, 2002
Polyphemus’s one eye is a single point of failure; when Odysseus pokes it out, he is much less able to defend himself. Polyphemus’s alarm is ignored because Odysseus said his name was Nobody, so he winds up shouting that nobody is trying to kill him (you’d think the other Cyclopes would come see what’s going on, but maybe Polyphemus shouts random stupid things all the time, like an IDS). Polyphemus finally has to let the sheep out to graze — it’s a mission-critical function — and Odysseus and his men then escape by masquerading as legitimate traffic (sheep). [via Crypto-Gram]
Tagged: Uncategorized