Category Archives: Security

The security of Rock (and Roll in Russia)

I was reading Bruce’s funny but sad commentary on the TSA decision to confiscate a geologist’s pet rock. That reminded me of the old days when Russian youth idolized American freedom and Rock and Roll (I know, loose connection). But a few minutes later I found out from NBC News that a famous American business-man and musician is in the midst of a fight in Russia over vacuum tube manufacturing:

Sensing business opportunity and a way to save classic rock and roll sounds from extinction, he bought ExpoPUL in 1999.

“All the companies that made vacuum tubes in the West had closed,� Matthews said. “It’s an archaic business. It’s a niche business.�

In seven years, Matthews quadrupled production and more than doubled the workforce at ExpoPUL. Today the factory supplies more than two-thirds of the world’s tubes used for music, sold to music giants like Fender, Peavey and Korg.

But it gets even stranger as ExpoPUL is now suffering from hostile takeover and business disruption attempts by local developers:

“They’ve used jackhammers to stir up dust in the facility,� Matthews said. “They shut down the elevator where we remove toxic waste. And they illegally turned off the electricity.�

[…]

ExpoPUL’s director, Vladimir Chinchikov, says the tactics are typical of some Russian businesses, which pay off government officials and judges to help them “steal� companies by employing heavy-handed methods.

“It’s corruption, plain and simple,� Chinchikov said. “They want us to vacate the building. We hear they want to build some kind of entertainment complex. They are not interested in the production line.�

[…]

Matthews is preparing for battle. He has ordered a $100,000 transformer and an independent natural gas supply to prevent further interference from Russian raiders. And he has rallied his music industry friends and clients to turn up the volume of protests. Fender, Peavey and Korg have written to the Russian government while U.S. Ambassador to Russia William Burns and Saratov’s governor have pledged their help.

I would expect a few rock stars to join the fight, and perhaps even hold a concert fundraiser. Yet I’m surprised to hear the US Ambassador is getting involved. Add that to your list of things to consider in global business continuity needs…

Claire McCaskill

It is notable that a former auditor is running for office, particularly at yet another period of questionable ethics in US government. A brief review of Claire McCaskill’s background brings up some impressive accomplishments:

In March 2000, State Auditor McCaskill conducted an audit of the Division of Aging which found more than a thousand employees caring for Missouri nursing home residents who were forbidden to work with children and the mentally handicapped. State lawmakers passed legislation prohibiting the dangerous double standard, and McCaskill was called to testify on her audit’s findings before the United States Senate Special Committee on Aging.

In addition, McCaskill authorized audits of domestic violence shelters and the state’s child abuse hotline. The domestic violence report cited more than 5,000 victims turned away from shelters throughout Missouri even though more than a million dollars was available to help. Conversely, the child abuse audit found it sometimes difficult for the state to remove children from dangerous settings and financial support lacking.

McCaskill was the first Auditor to aggressively enforce provisions of the Hancock Amendment that afford protection to Missourians from being overcharged on their property taxes. After taking office she came down hard on local governments that set tax rates above legal limits, a practice many had engaged in for more than a decade. Her efforts helped convince lawmakers to allow the state to take legal action on behalf of taxpayers.

And that’s just within a few years. Apparently she also established a special Domestic Violence Unit to combat domestic violence and child abuse, and the violent crime rate in the city dropped 45% under her watch. This is the kind of candidate that a security professional can endorse! She clearly has a very strong and honorable record of doing good policy work. Any skeletons in the closet? We may never know, but for now she seem like just the right kind of candidate to bring fresh change away from the Rove and Abramoff gang currently in office.

Clear evidence of global worming

Could not resist the title. This post is really just a quick note about the impressive sustainability model of a fancy South African hotel, according to Reuters:

Cape Town’s oldest and most famous hotel — a pink temple to pampering where visiting celebrities are welcomed by doormen in traditional colonial-era pith helmets — has its own worm farm to help slash waste and, ultimately, tackle climate change.

“This may seem simplistic but it was simply the right thing to do. We’re taking responsibility and actually producing something of value out of the waste,” Sharon Baharavi, of the five-star Mount Nelson, told Reuters.

[…]

The hotel is processing about 20 percent of its organic waste through the worm farm but hopes to extend that to 100 percent within the next nine months, as the earthworms reproduce and the farm expands.

Under the right conditions, two worms can become a million in just one year.

The project may also help South Africa work toward a goal of stopping waste going to landfill sites by 2022 by encouraging people to find other ways to deal with refuse.

“Without a doubt, organic waste on landfill sites is what’s producing a huge bulk of our methane gas that’s contributing significantly to climate change,” [environmental activist Mary] Murphy said.

As externalities become more interesting to people, or come within the sights of regulators, I wonder what else they will try to tackle (pun not intended):

Some worms can digest pollution. Scientists are figuring out if the worms could be used as toxic-soil detectors, the way canaries were used as poisonous-air detectors in mines.

Diebold v. Felton (again)

Ed Felton wrote a very clear and convincing presentation on the unacceptable security weaknesses in electronic voting systems. Naturally Diebold responded, but unfortunately their response was sadly amateurish and attacked Felton’s credentials rather than refute any of his arguments. In fact, they played some classic marketing ploys to prop up their position after the facts clearly were not on their side. Felton then responded point-by-point and made even more compelling arguments against Diebold voting boxes. For example:

Diebold: The current generation of AccuVote-TS software — software that is used today on AccuVote-TS units in the United States — features the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more.

Felton: As above, Diebold does not assert that any of these measures would prevent the attacks described in our paper. Nor do we see any reason why they would.

“The most advanced security features.” Sounds great, no? And the “most advanced” status is validated by whom? On what scale? More advanced than absentee ballot security?

Diebold: Every voter in every local jurisdiction that uses the AccuVote-Ts should feel secure knowing that their vote will count on Election Day.

Felton: Secure voting equipment and adequate testing would assure accurate voting — if we had them. To our knowledge, every independent third party analysis of the AccuVote-TS has found serious problems, including the Hopkins/Rice report, the SAIC report, the RABA report, the Compuware report, and now our report. Diebold ignores all of these results, and still tries to prevent third-party studies of its system.

The fiasco in Los Angeles proves that even influential officials think that secrecy about software and bold marketing language is an acceptably low bar for American elections. We laugh about people voting after death in Chicago, but the vote manipulation was real. Why make those mistakes again? The Online Journal has a report on a sad state of current affairs in the windy city:

The $50 million touch-screen and optical-scan voting system provided by Sequoia Voting Systems failed across Chicago and suburban Cook County during the March 21 Illinois primary. However, the leading corporate-controlled newspapers merely lamented the failures of the system without addressing its fundamental flaws or even reporting that the company running the election is foreign-owned.

The “high-tech” computerized voting system was “cumbersome” and “slow,” one mainstream Chicago newspaper reported. The machines failed across the county causing “plenty of frustration and confusion for voters,” the paper reported. The ballots and votes from more than 400 precincts were still uncounted two days after the election due to machine malfunctions and lost memory cartridges which contain the results.

Reports from other dailies noted that as of noon Wednesday, Chicago was missing memory cartridges from 252 polling stations while Cook County officials “couldn’t find” the results from 162 suburban precincts.

Election officials tried to assure the public that although nobody knew where all the ballots and computerized memory cartridges were, they were “most assuredly not lost.”

“I don’t trust that,” U.S. Rep. Bobby Rush (D-Ill.) said. “This is Chicago. This is Cook County. We created vote fraud, vote scandal and stealing votes. We created that mechanism. It became an art form.”

“Ballot chaos” is how another large Chicago newspaper described the situation in which the votes from hundreds of precincts could not be found or counted on Election Night.

“We have accounted for the votes,” Langdon Neal, city election chairman told the publication. “What we haven’t been able to do is count them.”

In one precinct on the Near South Side, for example, the Sequoia optical scanner failed to register anything but Republican ballots. Although “election officials” tried to repair the machine four times, by the end of the day it had failed to register a single Democratic ballot in a precinct in which some 86 percent of the voters are Democrats.

We should all be wise to the verifiable paper-trail, like a receipt system proposed by Rivest, since that is the only real type solution that can be trusted. I would no sooner want electronic voting systems to be adopted in my neighborhood than a bottle of snake-oil in my medicine cabinet.