Category Archives: Security

Security

Bait Car – Surveillance Setup Tricks

Leave a comment

Super Circuits has an amusing story of how they simplified the setup of a “bait car”

Can you visualize this? The space we were working in was 2”X5” wide, with Jake trying to squeeze his hand into this small space and attempting to attach a camera on the side of the opening with two different glues going. Although we did manage to get it to work, it took a couple of hours, two people and several attempts.

There had to be a better way.

I walked away from this situation thinking “it shouldn’t be this hard”. Obviously, there isn’t an option, nor does it make sense, to redesign vehicles around camera installations. So with that off the table, I was left trying to figure out what I could do to make it easier for people whose primary job is not installing electronic components, but is to capture the bad guy with the assistance of electronic components. Here’s what we came up with.

The answer is foam.

Sailing, Security

Low Speed Chase Memorial

Leave a comment

Earlier, I wrote about the tragedy of Low Speed Chase. A touching and beautiful memorial was held on Saturday on the water near the San Francisco Yacht Club.

Below is a brief capture I made at the memorial, as we passed by the bagpiper on Farallon.

Low Speed Chase Memorial Pipes (6MB mp4)

I’ve compressed the video significantly (from 80MB) but left the audio alone. The buzzing in the background is from a helicopter flying overhead.

Update: A Sikorsky S-64 Skycrane helicopter left Half Moon Bay Airport and reached the Farallon Islands in 15 minutes, picked up the boat and returned. This was the last week to retrieve the boat before the Islands would be closed and protected as a bird sanctuary until October.

Security

Wood Helmets

Leave a comment

A company in Oregon is out to prove that wood helmets make more sense than the foam and plastic ones everyone loves to hate.

Wood Helmet

Wood…can, with sufficient energy, be crushed and absorb significant energy, just as the EPS in most bicyle helmets is designed to do. Different species of wood have somewhat different properties of course and even within the same species different samples of wood behave somewhat differently. But almost any sample of wood is capable of absorbing more energy than the types of plastics typically used in mass produced bicycle helmets.

[…]

What this means for helmets is that, when used in the shell, wood can help absorb the energy of dangerous impacts to a degree that is not currently available through helmets with plastic or composite shells. Wood typically absorbs energy best at energies somewhat higher than the high density EPS that most bicycle, skate, motorcycle and ski helmets use. This means that the wood shell provides significant protection over a greater spectrum of impact energies.

One small problem remains. Very small production numbers means they cost two to three times a plastic helmet. Increasing production would beg the question of sustainable source material. Ok, that’s two problems. But the latter seems easy to solve. Price (setting aside issues of fashion/coolness) is a big barrier to helmet adoption, not a lack of energy absorption.

History, Security

Sleep and the 25% breached

Leave a comment

CDW has published a Data Loss Straw Poll with the headline “One in four organizations has experienced a data loss in the last two years.”

CDW’s Data Loss Straw Poll surveyed 654 IT professionals from business, financial services, healthcare and higher education about data loss and what’s still keeping them up at night.

That is a typically low sample. As I have explained in my RSA presentations since 2009, sample size really does matter. There are nearly 6 million companies in America. Are we confident to extrapolate from these 654 people?

They also make a strange assumption that IT managers actually sleep at night. I thought the whole idea of alerts and mobile devices was to prevent anyone in IT from ever sleeping again. CDW’s report centers around the obvious connection between a device that is always with you, delivering bad news, and a resulting anxiety that makes it difficult to relax or rest.

DATA LOSS = SLEEP LOSS […] MOBILITY TRIGGERS SLEEPLESS NIGHTS

I think it’s more accurate to say change triggers sleepless nights. Mobility is not new, but the changes in mobility that has been driven by consumers keeps IT from settling down. CDW also tries to make a statement of who is less tired, but I don’t buy this analysis at all:

Financial services organizations can sleep more soundly than their colleagues in other markets

I could make the argument, for example, that those sleeping more soundly have their phones turned off, or have their alerts disabled, or are simply unable to detect issues in real-time — they wake up rested and only then discover data loss. So there’s a false dichotomy of sleep versus security. You might actually be more secure when you are losing sleep…SLEEP LOSS = SAFETY?

In my 2010 presentation at RSA I used the Siege of Yodfat in 67 CE as an example of this exact issue.

The sentries slept at a particular time. An insider leaked that information to the Roman armies and enabled them to finally breach an impenetrable perimeter. In other words, they slept soundly because they thought they were safe enough to rest, which actually in itself created a weakness. The flip side of this argument is sustainability. Sleep loss is a resource management issue and begs the question of reserves, offsets (e.g. Basel II), etc. but rather than get into the deeper economics and history of managing loss here (I do that in my presentations) I just wanted to point out that the CDW report needs further analysis.