It really makes you wonder when E&Y, as an audit firm, continues to experience large identity breaches. I’m not just talking about their apparent lack of controls to prevent the breach (e.g. don’t leave laptops unattended in the open), or need to disclose (e.g. encryption), I’m talking about the fact that they probably used to lose data all the time but never reported it before the breach disclosure laws came into effect. The Register provides the gory details:
Ernst & Young’s laptop loss unit continues to be one of the company’s more productive divisions. We learn this week that the accounting firm lost a system containing data on 243,000 Hotels.com customers. Hotels.com joins the likes of Sun Microsystems, IBM, Cisco, BP and Nokia, which have all had their employees’ data exposed by Ernst & Young, as revealed here in a series of exclusive stories.
Apparently someone thinks it is a good idea to require you to have your cellphone with you in order to start your car. When that is found to be easily broken (i.e. with a replay or DoS attack) I can only guess what else will be used as a key. Perhaps a special stuffed animal that will rest on the dashboard? Or maybe one of those cap tassles from graduation ceremonies? Might as well put the stuff to use.
Anyhow, I just thought I should mention that multiples of the same form of authentication do not necessarily reduce vulnerabilities. For example, “something you have” plus “something else you have” plus “something else you have” still just adds up to one-factor authentication — something you have.
Telematics Journal describes the system in question:
A new car security system that identifies car owners through the Bluetooth element of their mobile phones is set to revolutionize the fight against car thieves. Auto-txt immediately identifies a car as stolen if the car is started with the keys but the mobile phone is not present. This unique feature allows a Bluetooth enabled device, such as a phone or PDA, to authenticate the vehicle owner, providing an enhanced level of security.
I can barely get my bluetooth headset to reliably connect to my phone, so I can’t imagine what happens when I need to start my car and bluetooth connections are spotty, or the battery dies. And when will manufacturers stop hard-coding four-digit PIN authentication as 0000? Bluetooth security has been so poorly implemented, I have a hard time understanding why anyone would want to lower their auto security to the dismal level of cell-phones.
The other part of the system seems to be some sort of sales spiel by Ford’s luxury division to provide assurance to prospective owners:
Auto-txt is the first stolen vehicle protection and tracking system to be awarded Thatcham’s Category 5 accreditation, the new insurance industry standard that is supported by the police. […] Auto-txt has been selected by Jaguar Cars and Land Rover to supply car tracking and security systems for all their vehicles from 2006. The systems, called Jaguar Watch and Land Rover Watch, will be available in the UK and across Europe. It is the first time the prestige car manufacturers will be offering a stolen vehicle tracking system in their own name.
Might be interesting to look into the formula for the Thatcham accreditation claim. In other words, is the plan for sales to go up x% due to an Auto-txt marketing blurb, or do they really believe that auto recovery (in a useable state) will be more effective?
I know, it’s a loaded title, but at some point you just have to admit that Cheney is the kind of guy who doesn’t understand that if he keeps saying “it was the other guy’s fault” that eventually the proverbial finger comes around and is pointing right at him.
I’ve written about this on Schneier’s blog numerous times, and I hope everyone remembers that Cheney was the primary reason that the Bush Administration ignored the intelligence warnings about al Qaeda before 9/11. There was no shortage of information, as Cheney would like to suggest. Quite the opposite, Bush said during his campaign that he would deal with those responsible for the USS Cole bombing if he were elected…and yet when the information clearly pointed to al Qaeda in February 2001, who decided that the CIA had better things to do than worry about terrorists? And when Clarke recommended a roll-back strategy and a very targeted attack on al Qaeda training camps in February 2001, who wasn’t willing to take decisive action?
Vice President Dick Cheney on Wednesday strongly defended a secret domestic eavesdropping operation and said that had it been in place before the September 11 attacks the Pentagon might have been spared
Does he really expect us to believe that if the President could have used domestic wire-taps that they would have been better prepared for 9/11? Please.
Not only did they have the information necessary, but the 9/11 report itself said that the mistake was clearly NOT from a lack of intelligence, it was from a lack of coordination and leadership. Remember how Bush and Cheney ignored the Hart-Rudman recommendations, how Lynne Cheney resigned from the Hart-Rudman commission, how the FBI admitted that they had sufficient information but were procedurally constrained and under-trained? History will show that Cheney was no better than Mugabe, wrapping himself in the flag and claiming that he is protecting us from ourselves. Bush and Cheney fail to realize that it is their antiquated cold-war approach to a new era of geopolitical challenges that is damaging their country. The sooner he steps down from office, the sooner America can regain its strength.
Happy Duan Wu Festival day! Also known as the Dragon Boat Festival this Chinese holiday commemorates the death of Qu Yuan (340-278 BC), a poet from the kingdom of Chu (楚) during the Warring States Period.
May Dragon Boat Festival Print, Taipei National Palace Museum
It is celebrated each year on the fifth day of the fifth month (in the Chinese lunar calendar).
Perhaps the most interesting moral of the Duan Wu story is that the lack of accountability and integrity in leadership can lead a great state into total disaster.
Some might say the moral of the story has to do with loyalty, but that just begs the question of loyalty to what or who?
Once upon a time there was a minister named Qu Yuan from Chu who was known and respected for his family nobility and his great political loyalty to the kingdom through truth. Some might even say he was something of a whistleblower.
He was very determined to maintain Chu’s sovereignty and he advocated for an alliance with other kingdoms to ward off the threat from the powerful state of Qin. The king, however, banished the truth-talking Qu Yuan at the behest of other corrupt and jealous ministers (you might say they called themselves the “patriots” to use today’s political parlance).
Qu Yuan then returned to his home town where he traveled the countryside and collected stories. This effort became a source of some of the most well regarded poetry in Chinese literature, known as Chu Chi, as Qu Yuan expressed love and devotion to his state and concern for its future.
Perhaps the best known poem is “Lament for Ying” when Qu Yuan expresses his sadness over the capture of Chu’s capital city, Ying, by General Bai Qi from the state of Qin.
Soon after he wrote his lament, Qu Yuan went to the river Miluo to kill himself in protest of the corruption in government that led to the decline and fall of the state of Chu. People gathered to try and save the poet, but to no avail.
To this day there are celebrations and recognition in China to remember a man who put the “public concern” above his own welfare and who stood for integrity and against the corrupt leaders who sacrificed the future of their country for a false sense of pride and/or to line their own pockets.
Sound familiar?
As a famous US President once said (repeating the phrase of a French dressmaker), there is nothing new to this world, just history we have not yet read:
Il n’y a de nouveau que ce qui est oublié.
山鬼 屈原
The Mountain Spirit
若有人兮山之阿
There seems to be someone deep in the mountain,
被薜荔兮带女萝
Clad in creeping vine and girded with ivy,
既含睇兮又宜笑
With a charming look and a becoming smile.
子慕予兮善窈宨
“Do you admire me for my lovely form?”
乘赤豹兮从文狸
She rides a red leopard — striped lynxes following her
辛夷车兮结桂旗
Her chariot of magnolia arrayed with banners of cassia,
被石兰兮带杜衡
Her cloak made of orchids and her girdle of azalea,
折芳馨兮遗所思
Calling sweet flowers for those dear in her heart.
余处幽篁兮终不见天
I live isolated in a bamboo grove, the sky unseen;
路险难兮独后来
The road hither is steep and dangerous.
表独立兮山之上
Alone I stand on the mountain top
云容容兮而在下
While the clouds gather beneath me.
杳冥冥兮羌昼晦
All gloomy and dark is the day;
东风飘兮神灵雨
The east wind blows and god sends rain down.
留灵修兮憺忘归
Waiting for the divine one, I forget to go home.
岁即晏兮孰华予
“It is late in the year. Who will now reward me?”
采三秀兮于山間
I pluck the larkspur on the mountain side,
石磊磊兮葛蔓蔓
The rocks are craggy; and the vines tangled.
怨公子兮怅忘归
Complaining of the young lord, I forget to go home.
君思我兮不得闲
“You, my lord, are thinking of me; but you have no time.”
山中人兮芳杜若
The woman in the mountain, fragrant with sweet herb,
饮石泉兮阴松柏
Drinks from the rocky spring, shaded by pines and firs.
君思我兮然疑作
“You, my lord, are thinking of me, but then you hesitate.”
雷填填兮雨冥冥
The thunder rumbles and the rain darkens;
猨啾啾兮又夜鸣
The gibbons mourn, howling all the night;
风飒飒兮木萧萧
The wind whistles and the trees are bare.
思公子兮徒离忧
“I am thinking of the young lord; I sorrow in vain.”
