Category Archives: Security

Stingray Firewall

This looks interesting. It claims to be a firewall for the masses. A single-button black box with nothing more than input/output to worry about (and pressing the button at the right time, I suppose). I have not seen any reliable test/verification data yet…

http://www.stingrayinc.com/products.htm

Stingray Features:

  • Hides IP address from intruders
  • Intelligent packet filtration
  • Full VPN pass-through
  • No computer resource usage
  • No configuration
  • No maintenance
  • No patches and upgrades required
  • Works on any computer or OS

EU ‘Patriot Act’ Passes

This was just posted on Yahoo! News. Apparently the UK was able to push an “anti-terror” agenda through the EU:

European Union lawmakers approved measures to allow police greater access to telephone and Internet data to help fight terrorism and serious crime in the 25-state bloc.

The measures would oblige businesses to keep details about callers, such as whom they spoke to, where and when, for between six months and two years. EU states with longer retention periods in place would be allowed to keep them.

The laws would apply to land telephone lines and mobile phones, text messages and Internet protocols. No record of the conversation or message itself would be kept.

EU countries would have the option of keeping information about unanswered calls, details of which proved decisive in the probe into the Madrid train bombings last year.

The conclusion raises a number of interesting questions:

Despite initial disagreement over the scope of the measures, the costs and who should pay them — companies or member states — and the duration of data retention, the deputies passed the measures by a clear majority.

Before the assembly convened in Strasbourg, the leaders of the main political groups had agreed to accept a series of late amendments compiled by EU justice ministers at the beginning of the month.

The author of the report on which the measures were based, liberal deputy Alexander Nuno Alvaro, was angered by the move and denounced what he said was “pressure” on the lawmakers.

He also demanded that his name be withdrawn from the final text.

What was the original text and what were the amendments? Why the rush?

Bittersweet Security

All the way north on the Island of Madagascar is a city named Ambanja. The E. Guittard company claims to produce a 65% cacao bittersweet with flavors from the region. If you believe their website, the bars are a product of Criollo beans from the fertile Sambirano Valley.

Personally, all I can say is that I found the Ambanja Bittersweet very dry and light in taste, and a stark contrast to Guittard’s Chucuri Bittersweet. The latter is apparently a Columbian bean, which I think has a far more smooth and spicy flavor with a rich and familiar aftertaste.

This all makes me wonder if the “unknown” method of distributing food will come under pressure from newer and better distribution methods for old-world and boutique-type brands.

Take for example the unpleasant situation when a restaurant tells you that ground beef can not be prepared “rare” because of a law meant to protect you from disease — bad beef. Someone should alert the big beef that automation can be counter-productive when it becomes overly efficient at promoting one value in spite of all the others. In fact I usually say I would pay more if I could get a hamburger that came right from the “trusted” local butcher because I know my body is happier when I eat better food. I guess I should find out if you can even have a local butcher, baker…

So although I truly appreciate the security control model provided by the US government to reign in the mass-automation meal industry I would much rather know that the origins of my meal could be traced and therefore controlled right at the root-causes. Come to think of it, how do I find out whether the beef industry has the same or better tolerance for risk that I do? Is their idea of “safe” one in 1,000,000 deaths or is it the big fat 0?

Consider for a second the BSE website, which was prominently advertised on the front page of the National Cattlemen’s Beef Association. It provides the following assurance:

U.S. beef producers have worked with federal authorities for more than 15 years to set up the system of science- based firewalls that is working today to keep the food supply safe.

Hmmm, last time I checked firewalls are a single control and thus widely considered insufficient on their own to provide adequate security. Not such a great marketing campaign, if you ask me. Alas, nothing else is mentioned although I found it interesting that the Cattlemen’s website also links to some anti-vegetarian propaganda.

I suspect that if a proper set of consumer-based controls were in place, they might be able to preserve “single-origin” (e.g. quality) values on a large scale, such that we would still have excellent flavor and texture along with desireable price. But until that happens, wise consumers seek out the small-batch and single-origin brands that are a healthier choice and more in tune with their real needs (better cost-benefit ratio).

Back to chocolate, I have to wonder, are you safer trying to stay on top of the additives in the giant brand chocolate bars, or are controls more likely to be present and effective with small-batch real cacao, cane sugar, lecithin and vanilla? And does fair-trade mean less chance of sabotage? Mmmm, chocolate.

When was the last time you looked at your Padlock?

The little gold SSL padlock, that is.

VeriSign is reported to be saying some interesting things about changes they would like to see to increase user trust in SSL certificates. Most would agree that the level of protection from SSL encryption has made a huge improvement to online commerce for a very minimal investment (even “official” intermediary-signed SSL certs can be purchased for as little as $30/each). However the ubiquity of SSL, and lack of a unified standard root authority, has included a trade-off in terms of validity of the certificates. In other words, as the old adage goes, the lower the barrier to adoption the higher the rate of fraud.

So, if you are a certificate-selling company, you are probably debating how to introduce new controls to (re)establish the trustworthiness of the padlock (and raise prices). The browser companies are thusly also considering how to upgrade the padlock to represent the upcoming upgrade in “assurance”. Well, actually, to be fair they are considering how to represent the assurance that was supposed happen in the first place, now that the current icon has been watered-down to represent “RC4128” and not much more:

When the padlock was first invented by Netscape in the early days of the Web, it stood for a secured connection with an identified Web site. That changed when some certification authorities started lowering their verification standards and discounting certificates, said Judy Shapiro, vice president of marketing at Comodo. “Browsers did an end-run around this. Nobody expected anyone to delete what was a key part of the certificate issuance process, which was the business verification,” she said. “Browsers were unprepared to display high assurance and low assurance certificates in a different way.”

Kudos to Comodo for saying so…I guess if you have lost control of a currency’s value, you have to print new currency to restablish control.