RSS Feed

‘security’ Category

  1. England

    March 26, 2006 by Saar Drimer

    Banksy England CCTV

    Art by Banksy.

  2. Ha’ephrati’s confessed to all charges under plea bargain

    March 14, 2006 by Saar Drimer

    HaephratiThe couple who wrote the Trojan horse that was the tool of choice by numerous top Israeli companies to spy on each other confessed to all charges as part of a plea bargain. Ruth, the wife and distributor, took most of the blame basically saying “what? Was this wrong? That’s news to me!” and Michael, the author of the software said “What? I was just playing around! Did my wife sell this crap? That’s news to me!” Before being extradited to Israel from the UK, they agreed to their prospective sentence; basically, this trial is a charade, a joke. Everything was preordained.
    The prosecution asks for 4 years in prison for Ruth and 2 for Michael; both will pay $1M damages.

    My prediction promised by Richard… I had to re-visit it, in light of the potential attention… so here is rev.2:
    The issue here is that these crimes are not considered serious enough by the local population to constitute a long term prison sentence… 4 years is a long time. While it was obvious from the beginning that most of the work was done by Michael and he should carry the load, they (as in Michael and Ruth) chose to make Ruth take most of the heat. This was, I believe, a strategy to get reduced sentences for both (the couple share a two year old daughter.) So in practice, they might get a couple of years in prison but I don’t think they will sit in prison, each, for more than a year. We’ll see if the Judge accepts the plea on March 27th.

  3. El-Al security on non-Israel-bound flights is a bit too much

    January 5, 2006 by Saar Drimer

    … if this story by Vincent Cheung is mostly true (I should add that I disapprove his own extra racial profiling.)

    Then I see that in fact they opened up the router (which was in its box) and by doing so they voided the warranty on my brand new router!!!! (the warning sticker was broken)… Who cracks open routers!!!! The only reason I noticed was because they didn’t put it back together properly – one of the reset buttons was constantly being pressed.

    That’s absurd. What he describes might be excusable or adequate for an Israel-bound flights, but not a leg in a code sharing one. I usually don’t go through these checks because I carry an Israeli passport, but then again, I avoid El-Al when possible. This is due to two main reasons: 1) they monopolize Israeli traffic by limiting competition using questionable/unfair means so I don’t want to give them my business and 2) they are always more expensive than the alternatives (at-least in my experience.) This story may add a third reason because I hate it when my luggage is opened.

    That said, what is El-Al’s alternative? A lax (or lax LAX in this case :) check on the first leg and a more rigorous one on the second? After all, El-Al is a target on all its flights regardless of where it is bound. Maybe El-Al should only fly Israel-bound flights. No clear answer here.

    In any case, it’s always a good idea to check who is the operator on a code-sharing flight — they all are these days. As an Israeli, I wouldn’t feel terribly comfortable in a Syriaair flight, you see.

  4. oh yeah… happy new year!

    December 31, 2005 by Saar Drimer

    I’ve heard that most people say 2005 was a bad year and they can’t wait for it to be over. We had all bunch of disasters and stuff that fill the plethora of “23 best” and “42 worst” lists that seem to be more abundant than previous years.

    CNN says 2005 was a “record bad year for tech security.” Their motives for hyping this issue are obvious: sensationalism and a back-up topic for a disaster-free “lull time.” Schneier pointed out what logically makes sense: Identity theft is over-reported and most stolen identities are never used. If Adam, Chris and Arthur* ever produce statistics for his “breaches” category, that would be more believable and useful than anything from the mainstream media. On the other hand, that media-hype makes “security people” more employable so I’m not sure where is the balance, considering my situation.

    Oh yeah, don’t forget to impress your friends with your geekiness superiority by pointing out the critical leap second delay before the countdown. You’ll be highly popular and the star of the party and would surly get a kiss this year.

    Have a good one.

    * Updated 5/1/2006 to reflect correct distribution of credit.

  5. Schneier quote

    November 29, 2005 by Saar Drimer

    The following quote is from Bruce Schneier’s weblog:

    The police and the military have fundamentally different missions. The police protect citizens. The military attacks the enemy. When you start giving police powers to the military, citizens start looking like the enemy.It’s

    It’s a powerful statement that is worth noting. I’m still thinking about it.


  6. “Don’t copy that floppy!”

    November 27, 2005 by Saar Drimer

    In 1992, the “software publisher’s association” released this video to educate youth on the “hazards” of software piracy. It’s so early 90’s it cracked me up. It tried to be hip with a rap theme… just watch it (the lyrics of the outrageous song are here.)

    It contains all the basic arguments that we hear today about file-sharing:

    1. Responsibility: Piracy will kill the industry because there will be no incentive for creativity (from the video: “welcome to the end of the computer age! booooha ha ha.”)

    2. Sympathy: You are stealing from the nice artists/programmers who are working hard to produce a fine product for you (in the video there are 3 programmers and one lawyer interview.)

    3. Threat: Piracy is illegal (video: “You can make one backup and install the software only on one PC.”)

    4. Benefit: If you buy the product you get all the goodies (video: “you’ll get the manual and all…”)

    Well guess what? The software industry is alive and is doing quite well. Music will also prevail.

    don't copy that floppy










  7. hazards of on-line voting

    November 16, 2005 by Saar Drimer

    The lecturer from the last post had this cartoon in one of his slides. Although it’s a bit old, I have not seen it before.
    hazards of online voting

  8. anonymous voting in practice

    November 16, 2005 by Saar Drimer

    Yesterday we had a lecture about voter verification. In short, you go vote, you get a receipt, there’s some anonymizing action going on the background and something that matches your receipt shows up on a public bulletin board. You compare and what you get is the knowledge that your vote was counted.

    Now, I contend that this whole thing is purely academic since it simply isn’t practical.

    First, people don’t care if their vote was counted if they don’t know who it was counted for! This is at-least what I believe, correct me if I’m wrong. I don’t think any significant portion of the population would even check their receipts without having confirmation that their vote got to where they intended. Researchers should come up with a mechanism to achieve that by still voting anonymously. Sure, it’s tough, but anything less wouldn’t cut it. (I’m sure there are suggestions for this out there… one that I thought of is displaying a secret to the voters in the booth for them to remember. When they get home they see a 100 outcomes and can see their vote and still point to another outcome for Jimmy that payed them $20 to vote for Johnny.)

    Second, any system wouldn’t prevent coercion in the way of bribery. There will always be simple ways to circumvent the technological mechanism by exploiting human nature. Some people cheat; one can only hope that in elections the signal overcomes the noise.

  9. casino cheating – technology makes it better

    November 6, 2005 by Saar Drimer

    A “retired” profesional casino cheater is giving his 2 cents on the use of technology to mitigate the casino losses due to him and his likes (like putting RFID tags in all chips.) It’s insightful. In line with my fascination with unintended consequences, this rings very true:

    rfid in casino chip

    Marcus argued that technology is still only as good as the casino’s workers, who he fooled for years. If cheaters don’t draw too much attention to themselves, quickly getting onto and then away from the table, it’s unlikely their records will be checked. “And even if they do check, I’d be long gone,” Marcus said. In fact, having technology to fall back on is actually making pit bosses and dealers less attuned to what might be happening right under their noses, he argued. “These people rely upon their technology too much,” he said. “There is no room for maneuver in their thinking. I don’t have to fool the camera or the technology, I only have to fool the dealer or his pit boss. If I fool them, the technology doesn’t come into play.”

    (emphasis mine)

    As with other examples such as this one, the eventual outcome will be more loss due to cheating not less. Casinos will stop training their pit bosses to spot cheating until they’ll notice the reverse trend. Meanwhile, creative cheaters will enjoy more earnings.

  10. my memory is fading

    October 27, 2005 by Saar Drimer

    I’m getting older, I guess. Well, I know I am since a monumental birthday is approaching. Argg, I wish I could skip it.

    I’ve always been able to store all the events in the coming weeks in my head and never needed a calendar or a PDA. I hate carrying things around… especially things I need to depend upon. They always end up elsewhere when I need them… so I remembered pretty much everything I needed to know (dates, phone numbers, etc…)
    Lately, I feel like I might not be able to efficiently handle it anymore and I’d like to think that it’s because more is happening in my life (ahem!)

    I figured the best thing to do is to have an online calendar. This way I will not haul anything around and be able to access it from anywhere. But, of course, I am a “bit” concerned about privacy; potentially everyone and their grandmother would be able to know where I’m at. On the other hand, who gives a crap where I am, right? But, that second argument still doesn’t let me sleep well at night.

    Sooooo, anyone know of a good and simple online calendar that can also cater to my developed sense of paranoia?