Category Archives: Security

Happy Birthday Rumi

On the occaison of the famous poet’s birthday, I found some nice reflections online. This one, for example, points out the connection to peaceful themes within Islam:

Whenever people say that Islam is hostile to opposing views and violent in its nature, I always wonder whether those people actually ever took the time to read the Koran, to talk about it, to read other Islamic literature, to take a long and hard look at the history of this second largest religion of the world, and whether they’ve ever heard of someone we in the West have come to know as Rumi.

The BBC adds some classic British dry humor for perspective:

For many years now, the most popular poet in America has been a 13th-century mystical Muslim scholar.

I guess they were really trying to say Madonna is the most popular, and since she cites Rumi…but the effect is the same. Poetry today is more alive, more integrated, and more important than ever before. The BBC continues:

“When a religious scholar reads the Mathnawi, he interprets it religiously. And when sociologists study it, they say how powerful a sociologist Rumi was. When people in the West study it, they see that it’s full of emotions of humanity.”

Ironically, the biggest threat to poetry is from those who argue that it is in such a weak state that it needs to be popularized through force — they want to see their idea of poetry become more dominant and that usually means the stuff most like themselves rather than from a global perspective. But let’s face it, there’s plenty of Rumi in this world for everyone, and so we do not have to measure poetry’s success solely by what makes old rich white men in America happy.

Blackwater found negligent

This goes in the fingernails-on-the-chalkboard category, or maybe the you’ve got to be SH#$%@NG me category.

Today’s news on Blackwater is that they failed to prepare four of their militants before sending them into hostile territory. Preparation is hard, prediction even harder, and so you might think they would say something of that sort about how they did their best but they made a mistake and have regrets, right?

No.

In a statement, Blackwater spokeswoman Anne Tyrrell called the report a “one-sided version” of a tragic incident. She said the committee has documents that show the Blackwater team was “betrayed” and steered into “a well-planned ambush.”

The report does not acknowledge “that the terrorists determined what happened that fateful day in 2004,” Tyrrell said. “The terrorists were intent on killing Americans and desecrating their bodies.”

Oh, really? Blackwater thought terrorists were not intent on killing Americans and that was the reason their trained anti-terrorist troops were caught off-guard? Did I read that right? Who are they kidding? It was the terrorists fault for Blackwater botching a mission? Wow.

Phone Gadgets for Security

Someone just pointed me to a couple cute new security-related toys for mobile phones.

One converts text to speech, using the camera, and the other provides an image-based second-factor authentication mechanism.

Iansyst CEO Tim Sutton told silicon.com: “It takes a standard HTC TyTN smart phone and turns the inbuilt camera into a scanner but a scanner which can be taken anywhere and used anytime”.”

Exciting stuff. Seems extreme, but if someone is blocked from downloading data, they might be able to do a screen record and send the data to a remote audio output. In fact, imagine if someone could redirect the audio of this gadget. Could a “transcribing” attack vector become more relevant? Also wonder what would happen if you just left the scanner on as you walked around town — could the resolution handle billboards, or even street signs? Transcription via highly-mobile scanners presents a new frontier.

The other gadget is less of a tangent:

Users create a pattern by choosing four squares on a grid (pictured) and it is this pattern which is then used to authenticate purchases or passwords, instead of a fixed PIN or password.

The grid is filled with random numbers every time a password or PIN is required. Therefore, a unique number is entered and not the same four-digit code.

The amusing thing to me about this is that the grid is made up of numbers instead of images. Why? Are people expected to be more comfortable with numbers? Maybe it’s just easier to implement and less offensive. Seems backwards and upside down to me. Might be a good idea to reconsider the possibilities of allowing people to enter “something they know” on “something they have”, when that thing they have is a high resolution color screen.

Don’t get me wrong. I think it’s clever that the phone assigns random numbers to a keypad that has nothing to do with numbers (just color and position are meant to be remembered), but why use numbers?

Giant Ofcom fine for GMTV over consumer trust

The BBC reports:

For four years, finalists were chosen before lines closed – meaning those who rang later wasted up to £1.80 a call.

Money for nothing, apparently. That did not go over so well with the regulators, who protect consumer interests.

Ofcom said the breaches “constituted a substantial breakdown in the fundamental relationship of trust between a public service broadcaster and its viewers”.

[…]

The problems began in January 2003 and lasted until March 2007, when they were uncovered by the BBC’s Panorama programme.

During this period, GMTV’s revenues amounted to more than £63 million.

It claimed viewers lost £10m a year, as up to half of all callers never had a chance of winning.

The “never had a chance of winning” is a very strange-sounding phrase. I suppose it is this measure of certainty that made it such an open and shut case. In contrast, things like environmental harm might have greater consequences but industry leaders and government cronies (e.g. the Bush administration) are almost always able to find someone who will try and challenge the notion of certainty.

This process of intentional obfuscation and uncertainty can then lead to trust (i.e. snakeoil) ironically and unfortunately. It seems as though GMTV was unable to obfuscate the fact that they had closed the system and thus took in subsequent money on false pretense.