Security

Ongoing Ameritrade Breach Issues

Leave a comment

Slashdot has the scoop on the latest Ameritrade customer concerns:

So it’s pretty clear that some attacker has access to the AmeriTrade customer database on an ongoing basis, and the February 2005 tape theft probably had nothing to do with it.

AmeriTrade says that California law required them to notify their California customers of a potential security breach after the tapes were stolen, and that they went further and notified all of their customers anyway. Since there is now proof that their database is more or less perpetually open to some outside attacker, will they send out another notification letter to customers?

Some say a breach has no effect on consumer confidence. Having been invited to work on several investigations that looked at consumer response and complaints, I disagree. I think that many, although perhaps not yet the majority of, consumers are definitely sensitive to breach notification. They might have reacted warmly in the past, but times are quickly changing and the costs are more abruptly apparent now.

The frog doesn’t jump when the temperature changes slowly, but if they perceive water as suddenly hot, they jump.

History, Poetry, Security

More Proof Microsoft is Run by Monkeys

Leave a comment

No, I am not talking about the video of Steve Ballmer doing the monkey dance — showing his dislike of creationism.

And I also am not talking about the theory that Shakespeare’s work could be replicated if you put enough monkeys on keyboards.

I am talking about the simple fact that if you are asked to secure a network environment, you will inevitably end up facing a Microsoft system setup to be a primary source of authentication, yet at great risk from attackers. You want to help, but every security expert knows Microsoft is a mess to work around.

It’s like being asked by a king to secure a castle after his keep was built with open doors at the top of stairs that terminate all over the place, often outside the perimeter walls. Imagine having to say “This design allows the village idiot to walk right into your bedroom and sleep with the queen. You didn’t know you were paying for that?”

Companies have to pay a hefty fee to make it safe after the fact, and in some cases the only way to make it safe it to tear it out and replace it. Can you believe Windows 98 was even allowed to be put on the market?

“Cheep, cheep” comes to mind.

Could monkeys stand in for Shakespeare? Interesting question, but perhaps more interesting is why people think it is fine for monkeys to manage software products.

Maybe Eliza Griswold’s Monkey poem explains this somehow:

Last week, the children ate his mother—

dashed her head against the breadfruit.

A young girl soldier laughs,

tears the baby from my leg

and hurls him toward the tree.

Corporate politics? Primitive product testing?

Security

Men’s gold tub missing

Leave a comment

A hotel in Japan has reported missing one of two 18K gold tubs. The BBC picked up the story:

Staff reported the tub was missing on Wednesday at the Kominato Hotel Mikazuki, a resort overlooking the Pacific Ocean, east of Tokyo.

Police said they had no idea how it was stolen, saying they had found no sign it was dragged on the floor.

The tub weighed 80kg (175lb) and was made of 18-carat gold.

It was normally chained to the door and padlocked when the room was closed, Japanese TV reported.

I think two people could easily carry 200lbs, and they certainly could lift it onto a dolly. The bigger question might be why the only control for a million dollar gold object was a chain and padlock. It wasn’t locked to the floor with secure bolts? Even for earthquake safety? Dual-purpose controls are often easier to justify in terms of expense, especially when there are regulations driving one.

One might think a camera would be in place in a hotel, but since this object involved bathing, perhaps someone thought privacy would be at risk. Fair enough, but the trade-off should have led to compensating controls rather than none at all.

In terms of suspects, the article does mention that only the men’s bathtub disappeared…

Poetry

Cat in the Sink

Leave a comment

by Get Fuzzy

Water,
water,
everywhere…
I didn’t do it.

Many thanks to the readers who forwarded the link to me. Here is another one — the hilarious run-up cell that gives a taste of Fuzzy’s logic:

S: You wrote a poem?
F: “Wrote”? Sir, I am bloated with steamy wonderousness. My poems are not so much written as they are excreted.