Category Archives: Security

Security

Hong Kong Police DB leaked

Leave a comment

This report suggests some serious issues are afoot with security in Hong Kong:

The database contained complaints made from 1996 to 2004. As you would expect in such a database, it wasn’t just information on the complainant that was compromised, but also the name, age, gender, rank and station of the police officers against whom the complaints were made, and specifics of the complaint and the outcome, including any action taken against the officer, up to dismissal. Other index tables seemed to record the occupation of the complainant, their educational attainment, and whether they had a criminal record. Also, if the complainant had been charged with an offence, then the type of offence was recorded, and the outcome of the prosecution, including the type of sentence.

One table seemed to classify nationality into either Chinese, Mainlander, Vietnamese, Filipino, Pakistani or Others. Complaints were also categorised into causes (presumably the cause was concluded after investigation), including “tactical complaints” and “political complaints” – imagine who gets that category.

[…]

In our view, the Government will not escape blame in this episode. The IPCC secretariat apparently allowed its data to be taken off-site by a consultant, reportedly for the purpose of conversion of the database from one format used by COPA to another used by the IPCC. The person who worked for the consultant then reportedly left the consultancy, and took the data with him, storing it on the commercial server. An alternative explanation might be that the consultancy outsourced the work to him.

Ouch. Do you suppose people might just be afraid to complain about exposure of complaints?

Security

Default Page Mishap

Leave a comment

The Register reported a funny story about a man who confused a simple mistake that led to a default page with malicious intent:

The heartland turned vicious this week when an Oklahoma town threatened to call in the FBI because its web site was hacked by Linux maker Cent OS. Problem is CentOS didn’t hack Tuttle’s web site at all. The city’s hosting provider had simply botched a web server.

This tale kicked off yesterday when Tuttle’s city manager Jerry Taylor fired off an angry message to the CentOS staff. Taylor had popped onto the city’s web site and found the standard Apache server configuration boilerplate that appears with a new web server installation. Taylor seemed to confuse this with a potential hack attack on the bustling town’s IT infrastructure.

“Who gave you permission to invade my website and block me and anyone else from accessing it???,” Taylor wrote to CentOS. “Please remove your software immediately before I report it to government officials!! I am the City Manager of Tuttle, Oklahoma.

It just gets better from there. Definitely worth a read. And then there is a complaint from Tuttle to The Register for reporting on the story, and slew of related reader comments.

Energy, Security

Farming, Water, and Security

Leave a comment

Compare and contrast:

1) Israelis bring high-tech food to Angola

An Israeli company is using the latest water-saving technology to grow fruit and vegetables in Angola, which imports much of its food after 27 years of civil war. […] The farm was set up at the end of the war in 2002 and has been harvesting tomatoes, peppers, cucumber, mangoes, melons and grapes for three years. In fact, the farm produces 35 tonnes of vegetables every week of the year, selling most of this food to supermarkets and restaurants in Luanda.

2) Farms ‘big threat’ to fresh water

Farming poses the biggest threat to fresh water supplies, according to a major United Nations report. Agriculture is consuming more water as the world population increases and as people turn to a Western diet, one of the scientists on the report said. Farms use two-thirds of fresh water taken from aquifers and other sources. The UN concludes that ending subsidies on pesticides and fertilisers, and realistic pricing on water, would reduce demand and pollution.

So, artificially low prices on water are creating demand that far outstrips supply, leading the earth towards a security disaster. Only when water becomes a highly valuable commodity does innovation occur, leading to more appropriate controls designed to for long-term availability and scalability.

History, Security

Yes, madam, I am drunk. But in the morning I will be sober…

Leave a comment

…and you will still be ugly.

That’s one of my favorite quotes by Churchill, apparently in response to Lady Astor’s comment ‘Sir, you’re drunk!’. Churchill is famous for his sharp wit, in spite of his love of drink. W Bush on the other hand, seems to be famous for brashness (and lack of wit) perhaps due to his love of lying (about his drink among other things).

In both cases it’s tempting to find fault in vice, but it seems more useful to me if you can get close to the actual personality of a person and assess their aptitude to think rationally under stress. I’m obviously no psychiatrist, but I found this entry in Wikipedia insightful:

In Addiction, Brain Damage and the President: “Dry Drunk” Syndrome and George W. Bush (Katherine van Wormer, CounterPunch, October 11, 2002), van Wormer goes on to speculate over whether Bush is an example of a “dry drunk”, a slang term used by Alcoholics Anonymous and substance abuse counselors to describe a recovering alcoholic who is no longer drinking, but who has not confronted the dysfunctional basic cognitive patterns that led to addiction; they use the term because they feel that such an individual is someone “who is no longer drinking . . . but whose thinking is clouded,” not truly “sober”. In her opinion, Bush displays the telltale characteristics of grandiose behavior, rigid, judgmental outlook, impatience, childish and irresponsible behavior, irrational rationalization, projection, and overreaction. She concluded that Bush displays “all the classic patterns of addictive thinking”. More specifically, she argued that Bush exhibits “the tendency to go to extremes,” a “kill or be killed mentality,” incoherence while speaking away from script, impatience, irritability in the face of disagreement, and a rigid, judgmental outlook. She added that the 2003 invasion of Iraq was primarily a result of his relationship with his father: “the targeting of Iraq had become one man’s personal crusade.”

To be frank, I didn’t really follow the “relationship with his father” theory until I read a recap of the younger Bush’s history of reckless behavior and inability to handle confrontation over his mistakes:

The most notorious episode, reported in numerous diverse sources including U.S. News & World Report, November 1, 1999, Secrecy & Privilege: Rise of the Bush Dynasty from Watergate to Iraq by Robert Parry, First Son: George W. Bush and the Bush Family Dynasty by Bill Minutaglio, and W: Revenge of the Bush Dynasty by Elizabeth Mitchell, has 26 year old George W. Bush, visiting his parents in Washington, D. C. over the Christmas vacation in 1972 shortly after the death of his grandfather, taking his 16 year old brother Marvin out drinking. On the way home, George lost control of the car and ran over a garbage can, but continued home with the can wedged noisily under the car. When his father, George H. W. Bush, called him on the carpet for not only his own behavior but for exposing his younger brother to risk, George W., still under the influence, retorted angrily, “I hear you’re looking for me. You wanna go mano a mano right here?” Before the elder Bush could reply, the situation was defused by brother Jeb, who took the opportunity to surprise his father with the happy news that George W. had been accepted to Harvard Business School.

Makes you think twice when you read today’s news by the BBC titled Bush denies Iraq is in civil war, eh? I’m starting to wonder if Air Force One has a garbage can stuck under the landing gear…

To paraphrase an old Chinese saying, if the top rafters are not level, the lower ones are probably crooked too:

Tuesday’s news conference came as US military investigators flew to Iraq to study reports that marines shot dead at least 15 civilians, including seven women and three children [including a 3-yr old], in Haditha in November 2005. The military’s initial claim that the civilians died in a roadside blast was disproved by an earlier investigation.

Corruption is one of the hardest things to work with in security since the enforcement mechanisms end up undermining their own credibility, which leads to a response that causes an escalation of overly harsh tactics, which undermines credibility, and so forth.