Jonathan's Liverstone

Telecom NZ: Now available in California?

Posted by the denizen @ 3/14/2005 12:59:00 pm {0 comments }

Don't do it Rodney!

John Banks has surfaced again like a bad nightmare. He is still entertaining delusions of adequacy and wants to be placed high on the Act list, or be handed a high profile seat. For the sake of all our sanity, please don't let him do it!
Southland has got a taste for recycling Auckland Mayors, send him down there, or better still, how about Campbell Island?

Posted by the denizen @ 3/14/2005 09:11:00 am {0 comments }

THe Lesson the USA won't learn.

In a statement to a U.S. House of Representatives Subcommittee on National Security, Emerging Threats, and International Relations on March 2, 2005; Thomas S. Blanton, National Security Archive, George Washington University spoke on "The Rising Tide of Secrecy"

The entire 9/11 Commission report includes only one finding that the attacks might have been prevented. This occurs on page 247 and is repeated on page 276 with the footnote on page 541, quoting the interrogation of the hijackers' paymaster, Ramzi Binalshibh. Binalshibh commented that if the organizers, particularly Khalid Sheikh Mohammed, had known that the so-called 20th hijacker, Zacarias Moussaoui, had been arrested at his Minnesota flight school (he only wanted to fly, not to take off or land) on immigration charges, then Bin Ladin and KSM would have called off the 9/11 attacks. And wisely so, because news of that arrest would have alerted the FBI agent in Phoenix who warned of Islamic militants in flight schools in a July 2001 memo that vanished into the FBI's vaults in Washington. The Commission's wording is important here: only "publicity" could have derailed the attacks.

This is why Ms. Carol Haave, the deputy undersecretary of defense, framed the problem wrongly at your August 24 hearing. She testified, "In the end, this is a discussion about risk. How much risk is the nation willing to endure in the quest to balance protection against the public's desire to know? It's a complex question that requires thought and ultimately action." She and the Pentagon have missed the point. We are not balancing protection against the public's desire to know. The tension is actually between bureaucratic imperatives of information control versus empowering the public and thus making us more safe. Yes, there are real secrets that must be protected, but the lesson of 9/11 is that we are losing protection by too much secrecy. The risk is that by keeping information secret, we make ourselves vulnerable. The risk is that when we keep our vulnerabilities secret, we avoid fixing them. In an open society, it is only by exposure that problems get fixed. In a distributed information networked world, secrecy creates risk - risk of inefficiency, ignorance, inaction, as in 9/11. As the saying goes in the computer security world, when the bug is secret, then only the vendor and the hacker know - and the larger community can neither protect itself nor offer fixes. Publicity is not a SHARE network limited to relevant players. Publicity is TV, the newspapers, the Internet, and the highly efficient information distribution system that is our open society. That is our strength, not our weakness.

With the increased use of secret watch-lists (which will stop you being a passenger in a plane, but won't stop you buying a gun!) and the all-out Home security push, this is like a candle of sanity in a blizzard of paranoia.
via Schneier

Posted by the denizen @ 3/10/2005 02:00:00 pm {0 comments }

Internet Banking Security

The recent flurry of publicity about the low level of security used by banks for their internet banking seems to have been triggered by the police apparently discovering keyloggers and making a fuss about them.
Goodo! I say. The push for increasing the security is a good thing, but the banks are the ones that have to take responsibility for ensuring it happens. Calls for the government to legislate or somehow force it to happen are misguided. (I find it amusing that it seems to be the market-economy accolites who are making these calls for regulation: surely the market should drive the need.)
Two-factor authentication is a splendid move, but the focus seems to be on the use of cellphone texting for transmitting a transaction pin. I hope the banks are not so *stupid* as to use only this as a means for implimenting stronger systems. The European banks have been using TANs (Transaction Authentication Numbers) for some time with considerable acceptance.
A simple system of allowing the client to *choose* the second authentication vector (cellphone, or the list of one-time numbers in their wallet) for each transaction would be sufficient.
I find internet banking sites can be slow enough, without adding in the need to wait (what?) up to 3 minutes for a text message to come through so you an complete a transaction.

Posted by the denizen @ 3/08/2005 10:01:00 pm {3 comments }

Airport Security and Pocket knives.

In the discussion on Sneaking stuff onto Airplanes was a wee gem of inspiration:
"... by the time you've got to the security checkpoint you've already checked your bags in.
How can you put your pen-knife in the hold if your bagage has already been checked in?That forces people to subvert the system knowingly.
This shows yet another failure in their system. When the security check does fail, it doesn't fail gracefully enough. It compounds the failure by not allowing the average user to put himself in an acceptable state easily."

Yupe. I recall recently boarding a domestic in Chch, and finding they were x-ray screening, & I had left my (rather big) pocket-knife in my pocket.
My luggage was checked in, so I became the "bad-guy", and slipped the knife through the system (technique confidential). I sure-as-shit wasn't going to surrender it!

Why doesn't *someone* do this:

At San Jose, CA (SJC) airport, there's now a smallish metal drop box outside the security check area which has a supply of plastic bags and labels. You fill in the details like your address (including a credit card number), put your contraband item - pen knife or whatever - in the bag along with the labels, put the bag in the drop box, go through the security checkpoint undetained and cross your fingers.

Posted by the denizen @ 3/01/2005 01:25:00 pm {0 comments }

Haiku

As I meditate on "the sanctity of all living creatures"
The welt on my arm is a memorial to a mosquito's sudden death.

Posted by the denizen @ 3/01/2005 12:52:00 pm {0 comments }

Disclaimer: (I stole this from Internal Affairs.)
All links and references to other websites, organisations or people not within my control are provided for the user's convenience only, and should not be taken as endorsement of those websites, or of the information contained in those websites, nor of organisations or people referred to. I also do not implicitly or impliedly endorse any website, organisation or people who have off-site links to this website.
... But then again; I only link to sites 'cos I see something there that's worth linking to.