Category Archives: Security

History, Security

Lessons from Guy Fawkes

Leave a comment

Many years ago I rode through the English country-side with an Archaeologist (her house was filled with bones from the Mary Rose excavation) who pointed out the economic reasons for the hedge-rows, the meaning of every stained-glass window…and, as we passed the Holbeche House in Staffordshire, she told me the end of the Gunpowder Plot.

Even though I had spent some time in rural Devonshire (with people who said getting “pissed” on home-made hard cider and dancing half-naked with a burning barrel of hot tar on their back is one of the highlights of the year) I was not prepared for the reality of the Guy Fawkes story.

It was one thing to think about the Gunpowder Plot as just another excuse for lighting bonfires and having a party, but bearing witness to the house where the men who gave themselves up were shot, well, that was a different story entirely. The fact was a handful of men who wanted to end the opressive treatment of non-Protestants very nearly killed the King and all his successors. Not long after I couldn’t help but think it odd that the English celebrate a failed coup attempt essentially the same way that the US celebrates independence. Actually, maybe it would be more fitting to compare the Fawkes ritual to Burning Man, since Bonfire Night (supoosedly to celebrate a King’s survival) usually involves burning an effigy along with the fireworks.

Guy Fawkes

Anyway, the BBC has posted some interesting reports this year that make the obvious comparison to today’s fear of terrorism:

    “A plot to blow up the houses of parliament, with the monarch and politicians inside, has just failed. What can the government do to restore calm? Four hundred years ago the authorities in England faced exactly this question when they foiled a plot by disillusioned Catholics to blow up the Houses of Parliament.”

Many have suggested that Fawkes was tortured extensively and some say his shaky signature (Guido Fawkes) is sufficient proof. But the BBC quotes a historian from Cambridge who says “Victims often tell you what you want to hear, whereas the torturer – especially in this particular case – wants the facts. Torture isn’t the only or indeed the best way of getting at those facts. The authorities in 1605 knew that, and used other techniques to win secrets.”

Security

Toyota dealers ignore serious software bug

Leave a comment

While many people regularly debate regulations and liabilities for software security bugs and vulnerabilities (e.g. on Schneier’s blog here and here), I thought I’d reference a November 3rd, 2005 bulletin from Consumer Affairs that Toyota dealers are selling cars that may “suddenly stall or shut down” due to a software bug:

While the Toyota Motor Corp. is notifying 75,000 Prius owners of a software glitch that can cause the hybrid cars to suddenly stall or shut down, the company is apparently continuing to sell the hybrid vehicles that carry the software problem. […] The National Highway Traffic Safety Administration (NHTSA) has opened an investigation into the stalling problems.

As a side note, I have written previously on Schneier’s blog about the very important role security experts can play in all this (February 25, 2005 12:20 PM):

…the next time you run into public figures like Howard Schmidt, please remind him that he is actually “pro-regulation” when he says that we need fair and balanced laws.

I also debated this with Howard at length at a conference in Scotsdale, AZ in 2004 and again with him via email for a while in 2005 but I apparently did not make a big impact on him. Fundamentally I think his heart’s in the right place, but his extreme view that individual developers are solely responsible for bad code is an incredibly naive view of the economics of software development. Schneier appears to have more balanced perspective.

Energy, History, Security

End of the line for London’s Buses

Leave a comment

I find it quite sad that the historic “Routemaster” red double-deckers are being put out to pasture, instead of updated and maintained as part of London’s heritage and gift to the world of transportation.

Something about the trust model of an open back entry space always intrigued me, as well as the fact that the driver was in a completely different role than the ticket-taker (similar to a train). I have known several people who spent their early years serving in either or both roles (rural routes often only employed a driver) and they shared many funny anecdotes about the security system used to keep passengers honest. In some sense the group of passengers themselves provided a baseline of behavior and could intervene if someone was out of line. I suspect it is the opposite today, with a driver relying on a surveillance system and virtual law enforcement techniques to protect the passengers from themselves.

There are some legitimate issue with the 50-year old design, which probably could have been improved. Similar to historic buildings that are updated and retrofitted to modern standards, at least some of these buses deserve to continue their services rather than be deprecated and wholly replaced by a series of economically driven short-term visions of the future. Fortunately, it appears a group is working on just that kind of mission, which they call the Heritage route.

Incidentally, London is scheduled to host an international transport security conference in central London, November 13-15, 2005. I wonder if anyone will cover the issue of domestic and secure fuel sources? With all the greasy fish-and-chip shops, one would think England’s public fuel supply-chain could be dramatically improved.

Poetry, Security

Album is to Single as Book is to Chapter

Leave a comment

First we hear that Einstein and Darwin used rapid and succinct messaging as a foundation of their correspondence, and now Amazon has announced that you can buy chapters of books. Given Apple’s success in selling songs rather than albums…altogether it seems to me that Attention Defecit Disorder should be regarded as something of a normality for human consumption and communication rather than the exception. After all, why force yourself through 200 or more pages of nonsense when an important thought only needs twenty-five pages (or a brief blog entry)? Or, as some album-bands of the 80s pointed out, there is nothing particularly necessary about trying to tie a single brillant riff or expression into two or three hours of messy pyrotechnics and big hair costumes. In food terms, a lot of noise is being made about the “supersize” phenomenon, which shows that people are susceptible to wanting quantities of superficial chemically-enhanced filler instead of a simple and effective bite of nutrition. Or…dare I say it…poetry as a more succinct form of communication?

And the implication for security is that it could be easier to defend smaller packages with fewer attack vectors, but it may also be more difficult if it becomes necessary to extend beyond each instance and defend a dynamic relationship/network of connected material. In other words, it’s easy to secure a single workstation compared with securing a workstation’s network (perimeter-shift).