Recently in Society Category

Apparently Senators Schumer and Graham are upset enough about Iran's efforts to monitor it's citizens' Internet activities that they want to ban Seimens and Nokia from future contracts with the federal government. According to Graham...

"The Internet has proven to be one of the strongest weapons in the hands of the Iranian people seeking freedom and trying to chart a new destiny for their country. Companies that provide technology to the Iranian regime to control the Internet must be forced to pay a heavy price."

Why aren't the Senators going after NSA's activities in the Pinwale program with the same fervor? Or is it only wrong to meddle with the Internet when you're not the US government?

So, one of the big attack modes in computer security these days is "phishing". Phishing is when someone induces a victim to disclose a username & password (or other important identity information) using something that appears to be a valid website. For example, someone might setup a fake Bank of America website, then email that link to thousands of people asking them to login and confirm their account. Even if only 1% of the recipients falls for the trick, the attacker gets access to hundreds or thousands of bank accounts.

One of the most important countermeasures to this attack is user education. Organizations have spent lots of money trying to educate users that they should never disclose their password to another site. Things as simple as never opening links from an email and verifying the "SSL Lock" icon on your browser are cornerstones to this process. But more importantly, users should never give their password to a site with the wrong URL. In our example above, if the link in the email goes to http://bankofamerica.com@geocities.com/~spammer/fake_login.html, the goal of user education is to get the user to stop and say "Hey, that doesn't look right...." In fact, social media pioneer MySpace spent a lot of time and effort combating these exact types of attacks through user education efforts on their login screens and banners.

That brings us to Twitter. There appears to be a whole universe of Twitter related tools and websites that ask you to use your Twitter username and password to access their services. This is a bad idea! First, in the specific instance, we are building up a huge body of websites with access to our Twitter accounts - a break in at any of them could result in massive compromise of Twitter accounts, regardless of Twitter's policies and security controls.

But more importantly, Twitter's importance to the "youngins" means that we're now raising a whole new generation of Internet users that are 1) vulnerable to exploitation because of their age and now 2) trained by prior experience that sharing their username/password with other sites is a good idea. Now, I'm not one of those people that will do anything "for the children", but this is still a scary prospect.

And before you pooh-pooh me, how many of you out there are using the same username and password for a lot of your social media sites, email accounts, Amazon, Etsy, etc.? I'd be shocked if most kids have strong passwords let alone separate passwords for all the different sites they use on a daily basis. So these phishing vulnerabilities are only going to be more important as time goes on. And the really scary thing - even if you and your kids are smart enough to avoid these pitfalls, the vulnerability has what we call a "network effect". Even if YOU aren't vulnerable, someone you're connected to probably is. And that can be just as bad. Think your 13 year old would never talk to strangers online? What about when his friend's account is compromised and some stranger is using that friend's Facebook or Twitter to talk to your 13 year old? Still feel safe? Think you would know better even if your 13 year old wouldn't? What if your best friend sent you a Facebook message to let you know that the party tomorrow is cancelled? How paranoid are you willing to be....?

What can be done? Well, for starters, Twitter should implement an API Key approach to programmatic sharing like the one used by Flickr (or some other well engineered security mechanism for sharing access). Then they need to lead the charge in educating users not to share their passwords with a site that doesn't end in "twitter.com". And parents, don't forget to spend some time with your kids - and not just explaining this stuff!

The Boston Globe has reached a deal with their labor unions to hopefully keep the paper running. Turns out one of the most contentious parts of the negotiations had nothing to do with compensation - it had to do with guaranteed lifetime employment. This is one of the things that makes my mind spin at the labor unions.

I've never worked in a unionized job, so maybe I just lack some critical angle on the whole deal here. But it seems pretty clear that the unions are no longer a bastion of hope against the unfair practices of evil management. It's one thing to organize against sweatshop wages and unsafe work environments. But it's a joke to organize so you blackmail management into a suicide pact - and that's what lifetime employment guarantees are. When business is growing, there's no real impact to an enterprise from that agreement. But it's no wonder that management at any enterprise needs to get those provisions struck when business is weak.

As the economic downturn picked up over this last year, I've consistently heard stories about how unions have threatened the economic viability of businesses. The obvious examples from the Detroit car companies are just the tip of the iceberg. Unionized labor may have been a good thing in the past, but I have to wonder if there will be a point in time when government labor regulations will reduce unions to nothing but a poison pill that threatens both management AND labor with their demands.

Bet you think this is about Iraq, right?

Wrong. This is about San Bernardino County in California, USA. That's right, US Marines assisted the California Highway Patrol with a DUI checkpoint on a public highway. Now, this isn't like tanks rolling into Tianamen Square, I admit. But if you've heard of Posse Comitatus you know that the military isn't supposed to be used for police actions inside our own borders.

This is definitely a bad trend....

via Clint.

One of my chief peeves with the auto bailout has been the persistent assertion that the "Big 3" are the last hope for American manufacturing. But Newsweek has an article about the other automotive sector in this country - the non-union southern-based "foreign" cars made in America.

MSNBC has posted another article talking about how prisoners were tortured as part of the war on terror. Honestly, it makes me sick to my stomach to read things like this:

Ruhal Ahmed, a Briton who was captured in Afghanistan, describes excruciating sessions at Guantanamo Bay. He said his hands were shackled to his feet, which were shackled to the floor, forcing him into a painful squat for periods of up to two days.

"You're in agony," Ahmed, who was released without charge in 2004, told Reprieve. He said the agony was compounded when music was introduced, because "before you could actually concentrate on something else, try to make yourself focus on some other things in your life that you did before and take that pain away.

"It makes you feel like you are going mad," he said.

and....

[Donald Vance of Chicago, held at a detention center in Iraq: ] "I had no blanket or sheet. If I had, I would probably have tried suicide," he said. "I got to a few points toward the end where I thought, 'How can I do this?' Actively plotting, 'How can I get away with it so they don't stop it?"'

Asked to describe the experience, Vance said: "It sort of removes you from you. You can no longer formulate your own thoughts when you're in an environment like that."

He was released after 97 days.

Those are the stories of the people that the US couldn't earn a conviction against. Welcome to the treatment you can expect at the hands of the "greatest country on earth" as some "patriots" like to claim. Here's a news flash for you - Donald Vance was a US citizen, held by the US, with no recourse to the courts. What does that mean? It means each and every one of us better realize that it could happen to us.

If you believe America should be a beacon of freedom to the world, then it's time to start getting our government to believe in the freedom and dignity of individuals.

It's sad but true that so many people in America have no real experience outside of their culture. For a family in Houston, this manifested itself as policy harassment when their house was broken into. When I was a kid, I pretty much bought the "cops are your friends" line. And even when I was a young adult, I more or less trusted the police, even though I was dimly aware that there were bad apples out there.

But the sad truth is, the vast majority of people in general are plain 'ole afraid of people different than them. And when you put people in a position of power, that fear needs to be confronted and addressed on an institutional level. Unfortunately, with sheriffs' offices having a hard time affording bullet resistant vests, I don't foresee a jump in sensitivity training anytime soon.

Link via Clint.

I've been thinking about starting a little project - a project to document the people in my life. Not the obvious close people though - all the miscellaneous people we all interact with but don't really know at all. People like your waitress at a restaurant, the person who cuts your hair, the attendant at the gas station.

It reminds me of the old "6 degrees of Kevin Bacon" game, so maybe I should call it the "One Degree Project". Here's the draft rules I think I'll start with:

1. You have to talk to the person, no shots of random people in the mall, on the train, etc.
2. Take a photo of the person with their consent. (Preferably in context.)
3. The photo has to be labeled with a first name and a description of the context.

I voted with an absentee ballot this year, since I'm traveling full time for my current job. But it would appear that the election board disclosed the fact that I requested an absentee ballot to at least one of the candidates that I have the option of voting for. I'm more than a little surprised that such a disclosure is allowed! I plan on following up with the State Board of Elections after Election Day to find out what the situation is.

The votes that count in your local election may depend on the equipment used more than on the people voting. A recent study in California found that voting machines from major manufacturers were all severely flawed. In about six weeks the "red team" researchers who were tasked with examining the machines found major vulnerabilities with every system examined.

An interesting article on how truthful candidates are. Enjoy.

While indulging in my Sunday morning laziness, I happened upon a new MTV show called "Exile". Actually, the episode on today was "Road to Exile", the prequel to the series that showed the participants being told about their upcoming trip.

The plot in a nutshell - past stars of the Sweet 16 show on MTV who are now (2 years later) still spoiled rotten will be sent to various harsh environments (rainforest, Peruvian mountains, artic circle, etc.) and "taught a lesson" in how harsh life really is.

At first, I'll admit to the typical feeling of schadenfreude while watching these unrepently spoiled brats facing the realities of survival. But before the show was over, I was convinced that the brats (while deserving of the lesson) were being sold up the creek by the ones deserving the real lesson - their parents.

I think nearly every parent sat in front of the camera and expressed concern that "we didn't equip our dear angel with the skills to succeed in life." But this interview footage was sandwiched into a montage of these same parents spoiling their children beyond measure! One parent microwaves dinner for her 18 year old daughter when she can't figure out how to do it herself. Another comes at her daughters beck and call to flat iron her hair - and takes verbal abuse about not doing it right. A foppish dad gives his daughter free rein over multiple cars and houses.

Oh, vanity is stupid parents! At the end of the show they had whet my appetite, but what I really yearned to see was a show where the father or mother or both were sent with their daughter to suffer the consequences of their parenting. Like to supply everything to your daughter? Go dig yams out of the muck in Peru using your bare hands with her. Feel like caving in when she cries and whines that her manicure is ruined? That's ok, just dig twice as hard, because you're going to have to either feed her or watch her starve.

Alas, parents who duck the responsibility to raise their children are almost certain to duck the consequences too. But if only some slick MTV lawyer could get them to sign the right waivers, that'd be a show I'd watch!