Category Archives: Security

Security

23 Quadrillion Mistake

Leave a comment

WMUR, a local station in Manchester, reports that a simple card swipe has gone awry: Debit Card Charged $23 Quadrillion

Muszynski swiped his debit card at a local Mobil gas station to buy a pack of cigarettes for a few bucks, Instead, his Bank of America account indicated he spent $23,148,855,308,184,500 at the gas station — an amount for which he probably could have used to buy the entire company.

The punch line is that the Bank then charged him a $15 overdraft fee. No, wait, the punchline is that nobody wanted to even attempt to explain.

WMUR News 9 contacted Bank of America about the statement mishap, but representatives said the card issuer, Visa, could only answer questions. Visa, in turn, recommended that WMUR News 9 contact the bank.

This goes back to my presentation on the Top 10 Breaches, and podcast on RBS Worldpay, where I explained in detail how bank controls can be defeated such that unlimited funds can be pulled from cards in a very short period of time. Banks need no new technology to prevent this, just better security engineering in the applications they already run.

Food, Security

Potato Salad

1 Comment

Several people have asked for the secret to the No-Mayo Potato Salad of late, so here it is with all its approximations:

A couple pounds of potatoes
About two spoonfuls of chopped dill
Four ounces of wine (red, white, whatever)
A spoonful of wine or rice vinegar
Eight tablespoons of olive oil
A spoonful of Dijon mustard
Pinch of salt
Pinch of pepper
Pinch of thyme
Diced garlic or rings or onion or both
Three hard boiled eggs, sliced thinly

Fill a big pot with warm water and two spoonfuls of salt. Add potatoes and eggs and bring to a boil. Cook eggs another eight minutes, then remove and slice. Keep cooking potatoes until tender enough to cut, then drain the pot and fill with cold water.

Mix the wine, mustard, dill, vinegar, salt, pepper and thyme. Slowly whisk in the olive oil. Slice the potatoes and add them to the mix. Then add the sliced egg and onion/garlic.

The big difference from more common versions with mayonnaise is that these egg yolks are cooked thoroughly before they are mixed with oil. Most interesting, perhaps, is that even with mayonnaise the right amount of vinegar will push the pH high enough to be acidic and prevent harmful bacteria from forming. But I still like to say a picnic without mayo is safer. My recipe also avoids the danger of running afoul with European Federation of the Condiment Sauce Industries rules, which state that a sauce maintain at least 70% oil and 5% liquid egg yolk. As far as I can tell a boiled egg recipe has no such restraint.

Security

Mother hacks school grades

Leave a comment

The AP says a mother tried to help her daughter’s chances for college by hacking the school’s records.

Caroline Maria McNeal of Huntingdon is accused of using the passwords of three co-workers without their knowledge to tamper with dozens of grades and test scores between May 2006 and July 2007 at Huntingdon Area High School in central Pennsylvania, the state attorney general’s office said.

McNeal, 39, is alleged to have improved her daughter Brittany’s grades and reduced those of two classmates to enhance Brittany’s standing in the 2008 graduating class.

First of all, why was she able to get the passwords of her co-workers? Actually, there is no second question. The fact that they shared passwords says a lot all on its own.

McNeal was charged with 29 counts of unlawful use of a computer and 29 counts of tampering with public records. Each count is a third-degree felony punishable by a maximum of seven years in prison and a $15,000 fine, said Nils Frederiksen, a spokesman for Corbett’s office.

Harsh penalties for changing grades, but I do not see anything in this investigation about those who gave the passwords so she could change the grades. No charges against them? It also does not explain how she was caught. Did students notice the changes? Did the IT department see irregular behavior, such as grades changing outside of normal hours/cycles? Did a co-worker turn her in as part of a plea deal?

Food, History, Security

Secrets of Sriracha

Leave a comment

The NYT gives an in-depth look into the Hot Stuff in a Squeeze Bottle

“I knew, after the Vietnamese resettled here, that they would want their hot sauce for their pho,” a beef broth and noodle soup that is a de facto national dish of Vietnam. “But I wanted something that I could sell to more than just the Vietnamese,” he continued.

“After I came to America, after I came to Los Angeles, I remember seeing Heinz 57 ketchup and thinking: ‘The 1984 Olympics are coming. How about I come up with a Tran 84, something I can sell to everyone?’ ”

What Mr. Tran developed in Los Angeles in the early 1980s was his own take on a traditional Asian chili sauce. In Sriracha, a town in Chonburi Province, Thailand, where homemade chili pastes are favored, natives do not recognize Mr. Tran’s purée as their own.

It’s described as a melting-pot of ingredients for America’s diverse tastes. One thing is for certain, Americans love sauce. The most interesting part of the story is how the family migrated from Vietnam.

To limit potential losses, Mr. Tran split the family into four groups: One group went to Indonesia, another to Hong Kong. A third went to Malaysia, and a fourth to the Philippines.

David Tran traveled on a freighter, the Huy Fong. Everyone ended up in United Nations refugee camps, before the family finally began to regroup.

“I was in Boston,” Mr. Tran recalled. “My brother-in-law was in Los Angeles. When we talked on the phone, I asked him, ‘Do they have red peppers in Los Angeles?’ He said yes. And we left.”

That was the start to a US operation that now generates 10 million bottles a year (2 million go into the non-Asian market) and is found across the country in chain restaurants. The plan today to limit potential losses is a completely different story.