Sailing, Security

Questions about Gulf sailboat race death

Leave a comment

The Star Tribune brings to light some interesting facts surrounding the death of a sailboat racer:

Development tycoon George Mitchell donated the Cynthia Woods and an identical boat to Texas A&M University in 2006, the Galveston County Daily News and Houston Chronicle reported Thursday.

The university has taken the other boat, the George Phydias, out of commission until officials can determine whether a design defect caused the keel failure.

The company that built the boats, North Carolina-based Cape Fear Yacht Works, said in a statement Wednesday it stands by its products. The company is owned by George Mitchell’s son, Keith.

“We believe in the design, construction and safety of our vessels,” the company said.

It also said it was not responsible for maintenance or repair work after the vessel left the factory. ha

The “ha” at the end is in the original article. Strange, no? But more to the point, the fact that the father was buying boats from his son’s boat manufacturing company and donating them to a University raises some interesting questions. Those questions are compounded by suspected safety defects in construction.

All boat owners realize sooner or later that boats, like any vehicle, require regular maintenance and care to maintain safety. It is the father-son relationship of the donation and “tycoon” status of the donor, as well as the time-line, that make this story seem like more than just a simple tragedy.

A recent edition of Sailing Magazine mentions that the tycoon’s son was entirely new to the boat-building business:

The Cape Fear 38 is built in Wilmington, North Carolina, not far from its infamous namesake. Kent Mitchell, owner of Cape Fear Yacht Works, spent years racing and cruising the Carolina sounds and coasts before deciding to build his own version of the perfect racer-cruiser. While many of us fantasize about building boats, Mitchell jumped into the business with both feet. And he is enthusiastic about his product. “If racing is in your blood but you also want some creature comforts, then this is a boat you need to consider,” he said as we test-sailed hull No. 1 on a crisp Chesapeake Bay afternoon.

Hull number one? Jumped into the business? The father of the builder purchased and then donated not one but two $300K 38 foot boats when they were only two years old? I also noted that the base price went from $199K to $295K in just two years. Maybe the cost rise suggests that early versions were under-built? Prone to failure?

Security

AT&T offers loss prevention, then loses data

Leave a comment

SC Magazine reported an AT&T loss of personal data:

An undisclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop.

The head of the OASIS EKMI TC (that’s enterprise key management infrastructure technical committee) just pointed out to me that a press release on data protection and loss prevention was posted the day prior to the loss disclosure:

AT&T Launches Encryption Services to Help Businesses Secure E-Mail and Data
[…]
“Data protection and loss prevention is becoming increasingly critical for businesses of all sizes with data breaches costing organizations more and more each year,” said S. Dale McHenry, vice president, Enterprise Network Services, AT&T. “AT&T’s managed security services provide businesses with the tools and resources that they need to securely handle their data, helping to enforce data privacy and save money with the electronic transfer of documents.”

How ironic. Sounds like AT&T is ready for some AT&T.

Poetry, Security

Phishing for poems

1 Comment

The New Yorker often has good poetry. This one reminds me of how far we have come from the old meaning of fishing:

And now he feels he’s in his element,

Baiting a hook and casting forth the line,

And through clear water sees a heaven-sent

Swift flash of silver rise into air and shine.

Ah, let it go-go, dart back to the deep.

A lovely thing, but much too small to keep.

Does a phisher ever say “nah, this one is much too small”? Not enough data, or maybe too poor to steal from?

Probably not. The modern phisher is about as unlikely to follow catch-and-release rules as a greedy seagull. Or, as Henry Wadsworth Longfellow put it in Hiawatha’s Fishing:

Three whole days and nights alternate
Old Nokomis and the seagulls
Stripped the oily flesh of Nahma,
Till the waves washed through the rib-bones,
Till the sea-gulls came no longer,
And upon the sands lay nothing
But the skeleton of Nahma.

And upon the silicon lay nothing but the skeleton of users..

Security

Utah offers $1,000 reward for 2.2 million missing billing records

Leave a comment

My math skills must be waning. If I read this article correctly, the University of Utah Hospitals & Clinics is offering $1 for every 2200 billing records that were lost by Perpetual Storage Inc.:

A metal box containing the backup tapes, which contained billing records for approximately 2.2 million patients and guarantors, was stolen on Monday, June 2, from a car belonging to a driver who worked for an independent storage company contracted by the health-care system. The driver violated the protocols his company had established to ensure secure data transportation.

[…]

The University of Utah Hospitals & Clinics is offering a $1,000 reward for the return of the tapes, no questions asked.

The numbers just do not make sense to me. Another report explains that 1.3 million Social Security numbers were on those tapes.

Here is the recap of how the driver violated his protocol:

The courier picked up the records on June 1. Instead of taking them to a storage center, he worked a second job and then went home, said Shane Manwaring, Salt Lake County deputy sheriff.

The next day, he discovered that someone had broken into his vehicle outside his Kearns home and taken the box, Manwaring said.

The key question, no pun intended, is why the trip was able to include this insecure detour. The obvious answer seems to be that the employee was in need of a second job, in need of a stop at home, and that the storage company had no way of detecting that the box was overdue for “direct route” delivery to a safe spot. The three things could be easily fixed, and I consider them a failure of security management, rather than solely the fault of an operator who made a predictable error. With only only $1,000 offered as a reward I have to wonder how serious anyone would be about security when they transport tapes.

Finally, assuming the tapes are returned, they were still stolen and potentially copied.

Incidentally, no pun intended again, Kearns Utah seems to be a dangerous neighborhood. The Salt Lake Tribune reported a man was shot with his own gun while trying to fight off a “high-dollar merchandise” burglar in his home on May 10th, 2008.

Updated to add (June 12, 2008): Vincent Arnold has been kind enough to post Symantec’s chart of the value of compromised information.

It does not take a rocket scientist to read this and see that a person with tape data from Utah University could be looking at a minimum of $1 per identity, and upwards of $1000 per identity for bank accounts. Compare that to the $1000 total offer for the return of the tape to its owners…