Security

PCI Rules Changing

1 Comment

Well, they’ve always been changing, but a complete new set are due to be released this summer, according to CNET:

Today, the requirement is to make all information unreadable wherever it is stored,” Maxwell [director of e-Business and Emerging Technologies at MasterCard International] said. But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures, he said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said. “There will be more-acceptable compensating and mitigating controls,” he said.

I’ll trade you encryption for a couple new firewalls. Wait, the whole monitoring thing is pretty hard to do as well. Can we trade logs and monitoring for a couple more firewalls?

Beware the silver bullet fallacy.

Poetry, Security

Splogs

Leave a comment

The sad thing about the spam bloggers is that after a while you have to start to wonder if random text inserted into hundreds of fake blog sites might not really be all that different from actual humans posting what they care about.

Reminds me of that infamous question, posed many years ago:

If you have enough monkeys
banging randomly on typewriters,
will they eventually type the works
of William Shakespeare?

The Splog Reporter is an interesting idea to help detect the splogs, but unlikely to make a dent in the problem.

Energy

Solstice

Leave a comment

Go bikeBob Lutz is an interesting guy. He takes the reigns of Pontiac and the first thing he does is kill off all the plastic cladding on cars like the Grand Am. I hated that stuff too. Then he puts down the gauntlet and says Pontiac is going to make cool cars again, the kind of vehicles that are no-nonsense affordable and fun; the sort of thing people get excited about actually driving and it is supposed to cost less than $20K. Can you believe it?

Ah, the Solstice. Along with a whole line of interesting models being released under Lutz’s guidance, this car really stands out and says “let’s hit the road!” My only complaint is that it gets a middling 28mpg.

Pacific Coast Highway here we come…

Vroom vroom

And just in case you are the sort of person that likes to put serious cash into your tank, check out the high-performance GXP drifter model. There’s already a tuner forum. Personally, I hope Lutz will put some more emphasis on power-consumption ratio versus power-performance (not likely, given his Viper and Merkur roots), but this is at least a clear indication of how strong leadership can make a brand.

Another good example of this was when Carlos Ghosn of Renault stepped in and revitalized Nissan in 1999. The Z, four-door pickup, and Titan all came out of his amazing rebirth of the company image and product line.

History, Security

Sao Paulo riots run by cell phone

1 Comment

Interesting first-person account on the BBC site:

The first step the authorities need to take is to block the prisoners from using mobile phones to direct the violence on the streets.

That prompted me to do a little research, which led to a report from Prison Review in 2002 that suggests cell-phones were used by inmates to coordinate attacks back then as well:

Officials in California’s facilities regularly report problems with their inmate population using cell phones to conduct “gang business” from behind bars. January’s prison riots in Brazil – which began simultaneously across five facilities in and around Sao Paulo and left several hundred dead and wounded – were coordinated using cell phones. The inmate’s strategy of synchronised riots – only possible with real-time communications – was deliberately designed to cripple the state’s single incident response team.

And while these reports seem to indicate prison cells (pun intended) run amok, Amnesty International provides the following background to police treatment of prisoners and riots in Sao Paulo:

In June Colonel Ubiratan Guimarães, a former high-ranking military police officer, was convicted on charges in connection with the massacre of 111 detainees in the Carandiru detention centre following a riot in 1992. In a historic decision, the jury found him to be responsible for São Paulo’s military police ”shock troops” and that the troops entered the prison with the prior intention of committing as much harm as possible. He was sentenced to 632 years’ imprisonment, but was released pending hearing of his appeal. A further 105 military policemen were awaiting trial for their part in the massacre at the end of 2001. The São Paulo authorities later announced their intention to close Carandiru prison by early 2002.

Further reading on the subject revealed that

A Sao Paulo state appeals overturned his conviction on Wednesday [February 15, 2006] after Mr Guimaraes’ lawyers argued that he was acting on his superiors’ orders.

Could the riots be related to the court decision on Guimaraes? Many articles, such as this one, suggest that prisoners became highly organized in response to attacks by police in 1992. And yet no one seems to be making the connection between the prisoner organization and the recent court procedings about those attacks. The BBC quote “officials” who suggest that prisoners are reacting to “the decision of the state government’s move to isolate its leaders in different prisons.” Something tells me these isolation plans aren’t worthy of a riot on their own, especially when prisoners clearly are able to maintain cell-phone communication and relationships with outside elements. Maybe I’m missing something, but a recent ruling on the police leader charged with the massacre of prisoners seems very related…