Schneier on Security

I think you wanted this story:

http://www.theregister.co.uk/2008/12/12/...

@Article: "Federal authorities are due to release more details of the prosecution of 107 logging and charcoal firms later on Friday, Greenpeace reports. A total of 202 people are facing prosecution in the case, it adds."

I could believe the scam, but I'm boggled that 107 firms and 202 individuals were allegedly involved. Trying to involve 1 other party is dangerous best, let alone over 100.

Wow. That brings the importance of log management to a whole new level.

@Davi Ottenheimer: "Wow. That brings the importance of log management to a whole new level."

I bet they had poor security at multiple tiers. There are so many layers where this could have/should have been prevented and detected.

That's weird. I've never even *heard* of an Olympic sized swimming pool made of Brazilian hardwood. Seems fairly impractical on the face of it. But I bet it'd be pretty expensive...

(note: This *is* sarcasm. I know what they meant.)

@ Anonymous

*log* management. get it? logs. ha ha

"Wow. That brings the importance of log management to a whole new level."

Once the loggers logs have been chopped apart by the hackers, there's really no way to tell whether the loggers have logged all the logs.

@ Davi:

LOL. My mistake. "Log" Duh, I need more coffee.

It does beg the question: How much log could a logger log if a logger could log logs?

# chflags sappnd /usr/rainforest/*

Then there's substantial illegal logging: http://www.newyorker.com/reporting/2008/10/06/...

You realize this is a modern version of something entirely traditional, right? If you read the accounts of the timber industry that deforested the Great lakes area of the USA in the 19th century, the historians note that 90% of the timber was illegally logged. The timber companies would acquire logging rights for one small plot, and use it as a staging area to cut everything within range.

Brazil also has the giant fires; you can see them on the satellite pictures. It's like the firestorm at Peshtigo down there.

I am a little suspicious about the numbers. While I definitely believe it is possible the logging companies are involved in such an act, I also tend to disbelieve specific numbers attributed by a politically opposed organization. It works in Greenpeace's favor to overestimate the initial values that are likely to swarm through media reports before dying down and the actual numbers come out (which most likely will never get reported).

@Jeremy
> I am a little suspicious about the numbers

I generally would be too, but how can you distrust anybody who measures timber in units of olympic-sized swimming pools?

You might want to offer your services in improving the security of these systems and teaching their programmers some security principles.

Apparently, hacking the system was cheaper than bribing government officials. The interesting question is whether the price of the former went down, or the price of the latter went up.

@Jeremy: I'd tend to agree that numbers should be treated with suspicion. However, on the other hand, having had some experience with Brazilian methods of commerce, I'm pretty sure it will have come as a huge surprise to all involved that their little scam was found out. When business people cite "official corruption" as a competitive advantage, you know something's not right.

Also, I doubt very much that any hacking was involved, unless it was of the open wireless and network share kind. More likely someone with access to the spreadsheet was bribed.

@Calum: RTFA

Errm, I did. What I am saying is that I don't believe the fine article. Hackers are a much more interesting bogeyman for Greenpeace than some dude who accepted baksheesh in exchange for altering a few figures.