Category Archives: Security

RSA badge fees

Here is a pet-peeve of mine with RSA: they seem unable to use a simple revocation system for their conference badges. This has led to increasing fees for lost badges, over the years, and I just received a notice that shows they have really lost it:

Treat your badge like a prized possession- replacing it will cost $1895, the price of Full Conference registration!

How can a security company that specializes in tokens and identity management be forced to resort to huge fees as a disincentive/control? A simple revocation system would make the lost badge invalid and a nominal fee for the cost of replacement seems reasonable. Charging the price of full and late registration just says “hello, we don’t have any security to stop lost/stolen badges”.

And that’s not even to go into the whole mess of what people might do now if they see a badge on the floor, or hanging precariously from someone’s pocket. How many “prized possessions” do you wear that are worth almost $2000K?! It’s no longer a useless piece of identification but a form of currency that you hang boldly around your neck. Imagine a call to the San Jose police where you report a mugging or felony-theft of your *ahem* conference badge.

This is just nuts (even if the badges are not controlled by RSA). I simply can not imagine how RSA sees this as a positive development for their branding. Here’s a hint of a better way: include the cost of an RSA fob for the full conference attendees and charge them a fob cost for replacement. This has the obvious advantage of not only being safer and more secure, but it could lead to test feedback and perhaps even fob innovation.

The state of Los Angeles

Smog Layer Amazing. The New York Times reported that more than a quarter of the smog in Los Angeles is generated in China, and it may soon increase to a third or more. This reminds me of two things, the death of the German forests due to acid rain and the supposed fall-out down-wind (e.g. the jetstream flows from Asia into the US) from nuclear warfare. Looking out the plane window last evening I couldn’t help but notice a thick brown layer hovering over LA. For some reason that reminded me of noisy drunk Bulgarians smoking profusely as we shared cabins on a train out of Denmark. If I hunched over far enough (waist-height) I found I could keep my head just below the dense hovering smoke, but it was uncomfortable and still smelled bad.

Soup of Los Angeles The mish-mash of developments also stood out as vastly different than the old science fiction predictions of gleaming lights and shiny buildings all competing for your attention in a dark pitch. Instead I found myself gazing across a bland grey-brown mish-mash; unremarkable features crammed together to form a meaningless and seemingly infinite series of criss-cross homes, warehouses, and roads. The future may not be so much about confidentiality as simple integrity. An overwhelming amount of data can create a kind of secrecy, but the ability to find meaning in the mess is likely to be seriously threatened.

Unusually open road in LAAnd that brings me to driving in LA. The new GPS navigation tools are far superior to their predecessors. I was able to punch in my destination and then sit back as a soothing european-accented cyber-female voice kept me on track, “left, then right, then left, then right again”. An impossible maze with some of the worst drivers in the world, yet my navigator was able to present meaningful data with only two minor mistakes. The locals fervently try to wash their vehicles into a gleaming and shiny spot of pride, but in reality nothing really stands out other than the ongoing sea of brake-lights and street lamps. A vehicle itself fails to give anything lasting or meaningful (aside from the hidden engineering), especially when compared to a clean park with a fountain, or the ability to actually see clouds and stars. But don’t try to tell that to Jay Leno…

The danger from this awful crisis of data and over-vehicularization seems to have compelled the LA police to consider firing sticky-GPS units at fleeing motorists. The LA Times reports that this is expected to end high-speed car chases. I would expect that countermeasures might be fairly easy to develop, like driving away, jumping out and tossing the locator onto another vehicle, and then continuing to drive.

A small number of patrol cars will be equipped with the compressed air launchers, which fire the miniature GPS receiver in a sticky compound resembling a golf ball, for four to six months as a trial.

Maybe the thing has some fancy hooks or a harpoon-like barb to prevent removal…if not, than I don’t expect a revolution from this technology, especially if a motorcyclist is fleeing. It may help in a few cases initially, but the idea of disabling the electronics on a getaway car seems far more effective to me (particularly since it halts the vehicle and therefore lessens the threat to innocent bystanders down the road). I can see where they are headed, and it begs the question of whether they are trying to fix the symptom rather than address the root causes. Several times last night I was over-taken by squads of squad cars on their way to something urgent and it brought to mind that it is often better to fix the leaky roof than to innovate with mop technology.

The Economics of Security

That’s the title of Schneier’s upcoming RSA presentation, and yet his analysis of the Post Office shooting in California (titled “Security Problems with Controlled Access Systems“) lacks even a basic foundation in economics:

This is a failure of both technology and procedure. The gate was configured to allow multiple vehicles to enter on only one person’s authorization — that’s a technology failure. And people are programmed to be polite — to hold the door for others.

Many of the commentators picked this up right away and pointed out that it would be far too costly to upgrade the physical access controls at all post offices, since they are easy to defeat. Fine, but defeat by what/whom? The risk calculation is unbearably lopsided if all we do is debate how vulnerable we could be, as opposed to including what we need to protect ourselves from.

risk = asset x vulnerability x threat
threat = frequency x severity

Bruce does suggest that frequency should be taken into consideration when he notes “There is a common myth that workplace homicides are prevalent in the United States Postal Service”. But he still concludes rather misleadingly that basic gate and access card controls “failed” to prevent a motivated and armed assailant with insider knowledge from bypassing them. Moreover, he doesn’t address anything related to how the frequency might be determined going forward (or what countermeasures might have mitigated the threat, looking back).

Thus, I posted two comments to try and help balance out the discussion by touching on more of the economic considerations:

In a typical risk calculation, you have to factor in the threat as well as the vulnerabilities. If you don’t want to decrease the vulnerabilities (e.g. due to capital expense and inconvenience) then you should consider countermeasures for the threats. The article mentions the woman had been put on medical leave a couple years prior to the shooting and had tangled with law-enforcement already. Seems like there are some opportunities for improvement, regarding how her condition/situation was handled or at least monitored, that would give a far better return on investment than making a post office into a fortress.

It appears to me not just a failure of physical security (making the workers vulnerable), but of a health-care system (increasing the likelihood and severity of threats).

Posted by: Davi Ottenheimer at February 4, 2006 01:22 AM

It will be interesting to see if anyone makes the connection of the threat to Ronald Reagan’s program to reduce state (and eventually federal) spending on mental health treatment. Here’s how he described it in his Dec 7, 1973 article in the National Review:

“California has pioneered the concept of treating the mentally ill with an expanded system of community mental health programs. When we started, the budget for community treatment was $18 million. This year it is more than $140 million and California’s shift from the ‘warehousing of the mentally ill’ in large state mental institutions has become a model for the nation.”

Unfortunately, it turns out that while this appears to have reduced spending is has also led to a significant decrease in security and safety:

http://www.metroactive.com/papers/metro/07.30.98/cover/mentalprison-9830.html

“When then-governor Ronald Reagan closed state mental institutions in the 1960s, policy-makers anticipated that a network of community-based programs would develop to care for the mentally ill. But only a smattering of those facilities have materialized during the last three decades. In this county only 30 of these privately-run facilities provide 24-hour care to the mently disabled, leaving thousands with mental-health needs to fend for themselves. At the same time, new laws made it tougher to commit someone to the existing and meager state hospital system. California currently runs only five state mental hospitals, one of which is in Vacaville state prison. Of the 3,664 patients in state mental hospitals, the vast majority, 2,723, were placed there for criminal activity. Fewer than 1,000 Californians are held in state mental hospitals for solely medical reasons. For those who need 24-hour care but are not outwardly violent and have no police record, there are few institutions with openings, leaving patients in the care of families and communities often under-equipped to deal with them.”

Had the communities generated the programs, things might have been different. But it was a gamble and the risk of this policy appears to not only have been seriously understated but the savings up front seem to have transferred to far higher costs later on…

Posted by: Davi Ottenheimer at February 4, 2006 01:42 AM

I really enjoy Bruce’s blog, and the comments, but sometimes it feels like the market isn’t working since encryption is being ignored by the real cryptographers at the exact time when most of us need the most help with it. Instead, the market seems to be inciting him (as well as other specialists) to branch out into polisci, philosophy and economics…even a friend of mine who pioneered the use of ATM encryption is spending his time consulting on organizational risk. Strange, especially since I get more and more requests to help design and deploy identity and key management systems.

Deer Robot

Beware what you take aim at when hunting in Indiana. CBS news reports that the authorities there have deployed robo-wildlife to trap the wily poacher.

Indiana State Conservation Officer Gene Davis said: “[The decoy] is gaining popularity because it’s actually being shot more. The people that are hunting that are seeing it they’re just dumfounded by it. They’re thinking a deer is standing along the road, they’ll get out and take a shot at it.”

I wonder if you are also “subject to a fine and criminal charges” if you run over the deer.

It just jumped out into the road, I swear!

Next, the authorities plan to use a combination of robotic stealth animals and spy rocks to covertly enter hi-risk zones, such as the militant-separatist compounds.