Tag Archives: security

Thoughts

The National Geospatial-Intelligence Agency

Wired News picked up an interesting article from the Associated Press about the NGA (National Geospatial-Intelligence Agency), which describes the purpose and capabilities of this youngest of government intelligence agencies. Its director, Lt. Gen. James Clapper (Ret.) is stepping down next month, and he is proud of the work NGA is doing.

Their capabilities are rumored to far exceed those of commercial satellite imagery, and they’ve become very useful in the aftermath of last year’s hurricanes. That’s when they set up mobile stations in the backs of Humvees and provided displaced and worried people with satellite images showing the condition of their homes.

They also work together with security staff in public places, like hotels, to tap into lobby cameras and combine that footage with mapping and graphical data to help secure events or take action in case of a hostage situation or other catastrophe.

My reaction to this is mixed. On the one hand, it’s nice to see a government agency actually helping out when a natural disaster occurs, and on the other hand, I have to wonder about people’s privacy given their serious capabilities.

Standard
Thoughts

The NSA wire-tapping scandal

I wrote about the wire tapping issue back on the 8th of April, and it looks like the it’s resurfaced big time. Just today, I read this USA Today article. Senators Leahy and Specter picked up the stoy, then CNN picked it up as well. Now the Washington Post published the results of a telephone survey that says most americans (60% or so) support the NSA’s collection of information on telephone calls.

It seems like all that’s happening is that massive amounts of data are getting crunched at the NSA, for statistical purposes, in an effort to try and determine patterns in terrorist communications, but the NSA (including Gen. Hayden) and the Bush administration have been going about it all wrong. As the USA Today article details, they used strong-arm tactics on the phone companies in order to get them to cooperate. When Qwest wouldn’t, they accused them of compromising national security and told them they wouldn’t get any more classified contracts… Is that the way to treat someone who has legal and understandable doubts about its customers’ privacy? I think it’s shameful.

So let me see if I get it straight. The government gives you classified contracts if you jump through their hoops, and once you get used to the taste of steady government money, threatens to yank them from your plate if you won’t compromise on your ethics. It looks to be a pretty good tactic, which works great on most executives. After all, every one of the phone companies but Qwest capitulated and handed over their data.

It’s all very sad. The NSA’s methods are classified, but I for one have a hard time seeing how one can gather real data about terrorists (people who are, for the most part, already flagged and monitored) by crunching through the phone calls of the average law-abiding citizen, unless you’re trying to make sure this same average citizen isn’t a terrorist.

Maybe it’s about establishing a “noise floor”, and that’s why they need a statistically-relevant mass of data? Once they’ve compiled a database of the common conversations of regular folks, anything out of the ordinary will spike above the “noise floor”, raising a flag for further examination. Just my uneducated guess. The method sounds good, but the manner in which they’re going about securing the data is, as I’ve said above, wrong.

Standard
Thoughts

Too many passwords equals less security

Found an article on CNET News which details a survey done in Britain. It showed that there is a directly proportional relationship between the number of passwords one has to remember for work, and the number of unauthorized accesses on the company’s networks. Here’s the link to the CNET article.

Having been a director of IT twice in my career, this is a no-brainer to me. And here’s another thing I’ve found: the more inane the password rules are, the easier you’ll make it for your users to write their passwords down on a sticky note, which they’ll store either right on the screen, under their keyboard, or in the top desk drawer. If you’re going to use passwords, you need to strike the RIGHT balance between password security and real-world usability. Sadly, many companies fail in this area.

Seems the way to go is single sign-on, with added proximity devices if needed.

Standard
Reviews

Mozes: secure your keyword

From TechCrunch:

“Mozes is a Palo Alto based startup founded by Dorrian Porter that is tapping into the U.S. SMS (phone text) market.

It allows you to do all sorts of things via sms. Hear a song on the radio that you like and want to bookmark? Text the radio station (ie, KROQ) to 66937 (which translates to “Mozes”). Mozes will note the time and station name and bookmark the song title in your Mozes page (and sms you the song information). Meet someone who has a Mozes keyword? SMS their Mozes keyword to 66937 and store whatever personal information they’ve elected to share. And online advertisers can use a Mozes keyword to give you more information on the product…”

This promises to be pretty cool! Here is the link.

Standard
Thoughts

Photos as passwords foil hackers

I can’t believe how simple, yet incredibly useful this is! Instead of using silly passwords, with even sillier password rules that give you headaches, just use this! Choose a familiar picture as the password, have the system pixelate the heck out of it, then pick it out from among a group of pixelated photos every time you want to log on. How cool is that? Also, kudos to Tracy Staedter from Discovery News – just about every time I stumble on a cool article at Discovery News, it’s written by her. 🙂

Standard