Security

Fax hack frees prisoner

Leave a comment

This story is so sad it is almost funny.

A prisoner in the US state of Kentucky was mistakenly freed after a phoney fax ordering his release was sent from a nearby grocery store.

One would think that all the money and time being spent on the prison system in America would have anticipated this sort of attack vector.

The fax ordering his release claimed to be from the state supreme court, but was riddled with spelling errors and had no letterhead.

Hard to argue that spelling should be the litmus unless someone can confirm that the court is religious about spelling, let alone grammar. Likewise, checking the source of the fax is useful if it is consistent enough to check and verify. Yet it is not terribly hard for someone to spoof the ID. What kind of grocery store has a fax available anyway?

The prison’s director said their policies do not require them to check the source of faxes.

“It’s not part of a routine check,” said Greg Taylor, “but certainly, in hindsight, that would perhaps have caused somebody to ask a question.”

Mr Taylor said spelling mistakes are common on court documents.

Well, exactly. If the normal routine is just noise, hard to tell someone to look for an attack signal. You generally want things to operate the other way around.

I think the real kicker of the whole story is the fact that the prisoner was just sitting at home, practically waiting for someone to find him:

Police found Rouse two weeks later at his mother’s house after prison authorities realised their mistake.

It took them two weeks to realize it was a mistake or to find the 19 year old sitting at home?

Security

It sees through walls

Leave a comment

Remember in the movie Johnny Dangerously when the evil gangster Danny Vermin describes his “eighty-eight” handgun as “It shoots through schools”?

That’s what came to mind as I read about the latest development in Wim Van Eck attacks.

A radio antenna and radio receiver – equipment totalling less than £1000 – is all you need. Kuhn managed to grab the image to the left through two intermediate offices and three plasterboard walls.

[…]

CRTs are now well on the way to being history. But Kuhn has shown that eavesdropping is possible on flat panel displays too. It works slightly differently. With a flat panel display the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor. The on-screen image is fed through the cable one pixel at a time. Because they come through in order you just have to stack them up. And Kuhn has worked out how to decode the colour of each pixel from its particular wave form.

I am also reminded of a Swedish military intelligence soldier I once met who spent his years of service trying to find screw holes in secured rooms that he could detect a signal through.

In the early days of my career I was caught up in the challenge of securing the space to stop errant signals from escaping a defined perimeter. That’s always the first phase in security — how to stop things. However, the more modern view of security is that this type of work has important implications for improving access to a wider audience…securely. I mean cables are a giant nuisance. Kuhn’s research promises interesting new ways to get a signal to display far from the source, such that everyone in a certain space could see the same video without wires (saving deployment costs, weight, etc.) Once this medium becomes more mainstream, then security can come into play and figure out ways to reliably encode/decode and so forth.

As for defending against this kind of attack, Kuhn says using well-shielded cables, certain combinations of colours and making everything a little fuzzy all work.

None of those sound like much of a defense to me. Shielded cables might still leak at the ends, or other parts of the equipment and color combinations are easy to decipher. Not sure exactly what he means by making things fuzzy (pun not intended) but it seems that if a fuzzy image can be recognized at the source, an intercepted signal might still have enough info to interpret.

Poetry, Sailing

The Set of the Sails

Leave a comment

by Ella Wheeler Wilcox (1850 – 1919)

One ship drives east, and another west
With the self-same winds that blow;
‘Tis the set of the sails
And not the gales
That decides the way to go.

Like the winds of the sea are the ways of fate,
As they voyage along through life;
‘Tis the will of the soul
That decides its goal,
And not the calm or the strife.

I won a recent regatta on the A-Cat. It was an odd feeling because I felt that I was just trying to improve upon my previous mistakes, a typical theme for me in competition against others. It was also odd because the other sailors are so amazing I feel really lucky to get to sail against them and hardly expected to come out ahead.

Over time I have found that I become less interested in finding ways to beat others at a game and instead focus on verifying positive changes relative to my own last performance. Not sure if that makes sense without more context, but it seems to me there are those who want to win at any cost in a most relativistic sense (the win/lose mindset), and then there are those who strive to become a better sailor through generous cooperation of others on the course (in front or behind).

One day in Long Beach after a long day of racing I remember arriving at the beach with a big smile I couldn’t shake. I said to Jay Glaser, who happened to be standing nearby me after we landed our boats, “I made so many mistakes today and learned so much, it was great!” He laughed. Then he and Pease told me about a famously successful sailor in Europe who created a detailed log of every mistake made on the water in order to ensure constant improvement. Too much trouble to be fun, I would guess, but it did emphasize a philosophy about quiet and patient success I found heartening. I have little desire to go back to crewing on big boats where raunchy conversation ofter turns into rah-rah “there is no second place — you either win or lose” shouting matches. And so after five races, where I made numerous mistakes but still somehow managed to finish second in every race, I ended as the overall winner by a fair margin.

Here I am on the final leg of the last race, pleased to be in second, again…

07springopen_acat

Notable mistakes made:

  1. did not adjust mental record of marks after big windspeed change — was having so much fun going super fast down-wind i over-sailed lay-line by miles. the angles were exciting until i realized i had to sail upwind to leeward mark
  2. tried to show-off by blasting through a fleet of 505s going down-wind. a (smarter) a-cat and two 505s with kites to windward really does cut-off the juice
  3. started a tacking duel but forgot to clear the lines. reverse-rotated mast is really slow, and ugly
  4. impatient at the start line, i wasted a beautifully clear lane and was over-early by seconds
  5. pinched instead of powered-up in light air with lumpy seas. power first, then pinch, or maybe just power if it’s too lumpy
  6. put two drink bottles in the same diamond wire and left the tension off for light air. don’t know where the top one went but i was really looking forward to the blueberry flavor. hopefully someone finds it and enjoys it.

Notable successes:

  1. since i was over-early, i had a laugh, hurried myself to an immediate restart and sailed on to finish second
  2. kept the foot loose and paid attention to markings to avoid overtrimming
  3. giant organic apple pie slice with whipped cream for breakfast. Mmmm, Pergolesi!
  4. slept on hardwood floor. i don’t know why, but i always sail better after sleeping on a hard surface
  5. avoided kelp monsters. i think this might just be luck, but maybe past kelp experiences helped
  6. tried some risky but calculated moves that paid-off amazingly well. lost all the tacks in a duel but still kept my wits and ended up closer to the line
  7. relaxed and recovered from bone-head mistakes by just trying to enjoy myself