Food, Security

Bee Death Clues Obscured by EPA

Leave a comment

A friend pointed me to an article in Southern Studies that suggests there are new clues in the race to find the cause of massive bee death:

Five years ago, EPA registered a new pesticide known as clothianidin under the condition that the manufacturer — North Carolina-based Bayer CropScience — submit studies about the product’s effect on bees. The NRDC requested those studies from the EPA under the Freedom of Information Act, but the agency has declined to disclose them.

The significance of this has been handled very differently elsewhere. Most of the article seems to be a reprint of information found in The Guardian:

Tests on dead bees showed that 99% of those examined had a build-up of clothianidin. The chemical, produced by Bayer CropScience, a subsidiary of the German chemical giant Bayer, is sold in Europe under the trade name Poncho.

[…]

The company says an application error by the seed company which failed to use the glue-like substance that sticks the pesticide to the seed, led to the chemical getting into the air.

That sounds very conclusive. Why is the US so slow to act? The harm to bees surely outweighs the harm to pesticide companies. The Southern Studies article suggests one of every three mouthfuls of food in America is owed to bee pollination. It does not say how many are owed to pesticides. The Guardian presents two sides of the story:

Bayer has always maintained that imidacloprid is safe for bees if correctly applied.

[…]

Philipp Mimkes, spokesman for the German-based Coalition Against Bayer Dangers, said: “We have been pointing out the risks of neonicotinoids for almost 10 years now. This proves without a doubt that the chemicals can come into contact with bees and kill them. These pesticides shouldn’t be on the market.”

I guess it just depends on whether those regulating the market care more about long term safety and security of the environment, or more about Bayer’s bottom line. France and Germany have banned the pesticides, while the US seems unsure how to manage risk of colony collapse when profits are on the line.

History, Poetry, Security

Francis Picabia

Leave a comment

I have a growing fascination with Francis Picabia, not least of all because of some of the quotes I have found attributed to him:

“Who is with me is against me.”

“What I like least about others is myself.”

“The world is divided into two categories: failures and unknowns.”

“My ass contemplates those who talk behind my back.”

His poetry is strangely inspirational:

IN ORDER TO LOVE
SOMETHING YOU HAVE TO
HAVE SEEN IT OR HEARD IT

FOR A LONG TIME YOU BUNCH OF IDIOTS

I find it fitting that he challenged order and reason in a way commonly associated with the term “hacker” today. So sad he has already passed. He would have been an amazing keynote to Blackhat, unlike the inanely boring LSE professor who was chosen for this year.

My early thoughts were to resist Dada-ism, but I wonder if with age I might be sliding into it nonetheless.

Sailing, Security

Cruise Ship security comes under scrutiny

Leave a comment

The US Senate is hot on the trail of security aboard cruise ships. Security Management reports:

Because cruise ships operate in international waters or the jurisdictions of foreign countries, they are required to report crimes to the FBI or the U.S. Coast Guard. However, because the ship might be miles from the closest federal officials, it often takes days for the FBI to arrive to investigate a scene. In that time, the investigation can be undermined. Witnesses noted that evidence can disappear, victims can be intimidated, and suspects can be coached. Also, the cruise industry is not required to disclose crime statistics, making it difficult to assess the rate of shipboard incidents

That sounds like what most IT environments used to be like before laws like California’s SB1386 were passed.

Just last year I had to argue with company executives about an investigation after a telecommunications breach where they wanted to destroy evidence. They had “back-to-business” fever and wanted to move on in life as quickly as possible. Without outside governance, it can be almost impossible to get a person driven by sales numbers and pride to stop and dwell on a fault or flaw, especially when harm is externalized.

Sen. John Kerry (D-MA), the subcommittee chairman, noted that the cruise industry lacks mandatory, standardized procedures to prevent and respond to criminal acts on board ships. Terry Dale, president and CEO of Cruise Lines International Association, stated that mandatory procedures were unnecessary because cruise lines implemented voluntary processes to protect passengers.

Where have I heard that before? This is the “trust us” line of reasoning, which is based on an toothless promise. What penalty exists if voluntary measures, even when documented clearly, are not followed? None, of course, because there is no penalty mechanism in volunteerism without governance. A more logical response from Dale (well, from a security professional perspective) would be that governance is welcome because he understands the safety and security needs of customers and is ready to address their concerns directly and with accountability.

The problem with hiding behind toothless volunteerism and not taking a more proactive approach to regulation is that a law could be passed anyway, but without collaborative input. This just wastes everyone’s time.

Bill S.3204 is now under consideration with numerous security measures:

…peep holes, security latches on cabin doors, and CCTV. The bill would require that all ships have crew members aboard who are trained in crime scene investigation. Cruise lines would be required to report all incidents of criminal activity to the Coast Guard, who would then make that information available to the public via the Internet. Under the bill, members of the Coast Guard would be dispatched to cruise ships to ensure that they comply with the law.

Sounds reasonable to me, although it raises the issue of who will be responsible for the privacy of passengers under the surveillance system. Can you trust the same crew already under suspicion of unethical and criminal behavior. Lets hope screening is used and privacy controls are in place to prevent new information security violations from adding fuel to the fire.

Security

Card Social Engineering Still a Problem

Leave a comment

Stories like this one just reinforce how hard it is to educate the consumer. Credit card companies started using the security code on the back of the card to fight fraud, and so criminals created a scheme to update their database with the security code information:

Recently, a representative of Senior Health Insurance Counseling for Kansas (SHICK) called our office to report that a number of their clients were being called and asked for their credit card information. The scam they described is particularly insidious because of the professionalism of the caller on the other end of the line.

Of course these are professionals. There is money at stake, and a growing underground economy, so the criminals will not only pay to increase their chance of success but they also might be in competition with each other — the bar has been raised for criminals.

The caller will ask you to read the three numbers to him to verify you are in possession of the card.
[…]
What makes this such a successful scam is that they never ask for your account number or other personal information. They have most of the information, and so they sound legitimate.

Agreed. People tend to trust someone who can authenticate themselves to them. “I know these three things about you…”

The problem is the victims do not realize that there never should be a reason to read the security code to the card companies. This is a business logic flaw. Why prove possession of the card to a credit card company? The opposite is supposed to be true. If you call the card companies and say you do not have the card, they will send you a new one. If you say you are in possession of the card, they will say “ok, have a nice day”. They need you to prove your identity, but they need no proof of card possession from you. They only need retailers to prove that a purchase was made by you.