Security

Problems with San Francisco Surveillance

Leave a comment

The paper copy of the San Francisco Chronicle had a very different headline from the online version, but in either case the message seems to be the same. Surveillance cameras are useless if they are not supported properly by an enforcement system.

Larsen said the Housing Authority wants to pay staff to monitor the cameras at all times, but that the agency’s dwindling budget makes coming up with the money a challenge. Other immediate needs, including repairing decrepit public housing developments, are competing for the same pot of money, he said.

“It’s a balancing act,” he said. “What’s more important? Obviously, security is important, but so are the roofs and the sewer lines.”

Actually, more sophisticated camera control systems would avoid the need for constant monitoring. The latest systems can email video extracts to guards, only when a trigger is tripped, so they can review on an as-need basis only and on a mobile/cell. On the other hand, the story makes me wonder if things are so tight that money saved from not having any cameras at all would put more officers on the ground. That would be better, unless money is so tight it would still just go to sewer lines and roofs. But that’s a management decision not a failure of surveillance controls.

The article certainly points out some interesting problems with security if it is not budgeted in a manner consistent with expectations (e.g. management can not afford to operate the controls). Back to my point about control levels, this is a good example of a level 1 (documented) that is missing proper implementation and would never pass a test.

History, Security

The Most Dangerous Computers on Screen

Leave a comment

The Onion’s A.V. Club has an amusing review of seventeen dangerous computers seen on the big screen:

From 2001: A Space Odyssey to your parents’ attempts to check their e-mail, there’s been an ongoing war between humans and computers that have gotten too big for their binary britches. Save for maybe Windows ’95, no computer-based foe has ever been as diabolical as Master Control Program, the code-munching behemoth in Disney’s Tron.

Funny stuff. Seems like they’re missing some really good ones, like Red Dwarf’s Holly who develops Computer Senility, but I like the concept. Reminds me of an old cartoon…

psychotic computer

Or maybe this one:

Boot

Someone should put together a list of the most dangerous computers in comics and books, since they seem to be the ones that are eventually launched to the screen.

History, Security

Honoring Steven P. Daugherty

Leave a comment

A Cryptologist named Steven P. Daugherty has been eulogized on the National Security Agency site:

One of the most important functions of any “special operations” team is to gather critical intelligence with the aim of discerning future enemy intentions. Daugherty’s role in this important process was to provide timely and effective cryptologic support to his team. By providing and protecting his unit’s most precious communications he not only contributed to coalition success on the battlefield but also saved countless lives.

Two Days after the 231st anniversary of the nation he had sworn to defend Petty Officer Daugherty was returning from a important mission with his team when their vehicle struck an improvised explosive device killing him and two other members of his unit. Daugherty would leave behind a loving family and young son but his efforts would not be in vain. Later it was confirmed that the work he and his team performed earlier that day had played a decisive role in thwarting a dangerous group of insurgents in their efforts to kill coalition forces.

Tragic news. I wonder what his real views on the war were. Some friends in the Air Force told me the other day that although they all disagreed with the war, and thought it obvious as to why, it was not their job to question authority.

The interesting thing about the Daugherty eulogy, however, is the absolutist emphasis on seeking the truth:

The famous philosopher Thomas Hobbes once noted “Hell is truth seen too late.”” Throughout his time in the United States Navy both on the sea and on land Petty Officer Steven Phillip Daugherty devoted his life to determining truth with the aim of defeating the enemies of freedom throughout the world. His work and accomplishments as a Sailor, cryptologist, father and friend will forever stand as testament to his own personal character and his devotion to his country.

John Stewart put forward a question to the biographer of Cheney that was right on target. If Cheney knew in 1994 that a quagmire would result from invasion, and there was risk of great loss of American lives in the chaos, why did he not openly discuss this, plan for it, or even allow others to raise the issue? Was Daugherty truly allowed to assess the truth to defeat enemies of freedom, or penned into a predictable disaster and a casualty of dishonesty.

Security

Telecoms Sans Frontieres MySQL errors

Leave a comment

I was going to say how impressed I am that the Telecoms Sans Frontieres (TSF) was already rushing to restore connectivity in Peru, but then I noticed some troubling issues on the default page of their website:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user: ‘tsfi@10.0.70.8’ (Using password: YES) in /home.10.4/tsfi/www/html_e/index_gb.php on line 1

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home.10.4/tsfi/www/html_e/index_gb.php on line 2

Warning: mysql_query() [function.mysql-query]: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2) in /home.10.4/tsfi/www/html_e/index_gb.php on line 9

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home.10.4/tsfi/www/html_e/index_gb.php on line 9

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home.10.4/tsfi/www/html_e/index_gb.php on line 10

First, the errors should not go to the browser, especially with IP addresses, directory paths and usernames. There’s no need for the general user to see those details.

Second, it must be embarassing for an IT crisis group trying to restore services to have a website crisis of their own, no?

Perhaps it is time someone created an Information Security Sans Frontieres group to help ensure the availability of systems and perhaps even privacy of data for disaster areas and the teams working there…