The AP writes that plans to blanket urban areas with pesticides have been canceled due to advances in technology. A.G. Kawamura, state secretary of food and agriculture, claimed the shift to other plans was a natural progression, but the abruptness of the change seems linked to public protest:

Two counties and a Carmel-based environmental group sued the state, saying Kawamura broke state law by authorizing the aerial campaign without the benefit of environmental review.

Judges in Santa Cruz and Monterey counties this year halted the program until the state studied the spray’s effect on people and the environment.

In April, state environmental health experts said the illnesses reported after the first round of spraying couldn’t conclusively be linked to efforts to eradicate the dime-size Australian pest.

The race is on to control the moths without damaging the humans. Reminds me of all the usual debates about implementing security in ways that will not impact or impose restrictions on business. Strange that it took public protests and lawsuits to make this a meaningful issue for Kawamura.

Wired tells a sad tale of bank security in America:

A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.

The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank’s systems, experts say.

“We’ve never heard of PINs coming out of the bank environment,” says Dan Clements, CEO of the fraud watchdog company CardCops, who monitors crime forums for stolen information.

They say this is a new page in security risks. However, when you read the Citibank brief there was a breach of a server that was most likely exposed to a partner’s security (7-Eleven). Accessing systems peripheral and partnered to the bank’s network is definitely a classic move. The rising number of interconnected systems (Wired points to this as real cyber-crime instead of traditional social engineering and physical attacks) means this risk is ever more present. Perhaps what is new is that the same guys who in the past might have just been satisfied to attack individual users now know how to target larger assets.

A security log entry by Schneier on eavesdropping compelled me to write a haiku:

Compress your bitrate
And expose the key to sound;
VoIP flows insecure.

I really like the attack vector he points us to. In short, when you compress voice on phone systems it creates a predictable key of sounds that can be used to unlock the encryption. In other words, sounds have patterns that the encryption does not hide. Even though the sounds themselves might be encrypted, they still have the appearance of known words and can therefore be guessed. For example “cow” will appear different, due to the length of the word when spoken, compared with “cat”. It might look something like ASDFADSFADSF versus ASDF.

Ok, second attempt:

Compress your bitrate
Hear the keys to sound exposed;
VoIP flows insecure.