Friday Squid Blogging: Woman's Mouth Inseminated by Cooked Squid

This story is so freaky I'm not even sure I want to post it. But if I don't, you'll all send me the links.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on June 15, 2012 at 4:02 PM • 31 Comments

Comments

BF SkinnerJune 15, 2012 6:24 PM

Keep meaning to collect a list of people doings to combat the "people wouldn't ABUSE the system. Not PEOPLE."


http://content.usatoday.com/communities/ondeadline/post/2012/06/tsa-proposes-firing-seven-airport-employees-in-philadelphia-/1

The Transportation Security Administration has recommended firing seven employees at Philadelphia International Airport, the agency said Friday.

The announcement came after an eight-month investigation that revealed that the employees were involved in bribery.

According to TSA:

A training instructor responsible for administering annual proficiency exams was found to have accepted payment from TSA security officers to ensure passing grades. The training instructor pleaded guilty in Federal District Court on Feb. 28, 2012, to a charge of bribery.

Nick PJune 15, 2012 8:10 PM

@ Someone in particular 6:29pm

Yeah i oddly saw the Cloudfare attack report around when i was evaluating their claims to resist DDOS attacks. Good news for them is they seem honest on that one: LulzSec successfully used them to defend their site while attacking people. Cloudfare's spokesman said it was the best pentesting they could get & came largely free of charge haha.

Nick PJune 15, 2012 8:34 PM

Short summary of post in other squid thread

It seems high assurance security certification is truly dead in market for anything more complicated than a kernel or data diode. Products certified high assurance under old rules (B3/A1) were ordered to undergo costly reevaluations to modern eauivalents EAL 6/7.

Products surviving old market collapse were GEMSOS (A1), Boeing SNS (A1), and XTS-400 (B3). GEMSOS couldnt afford re-evaluation, BAE dropped XTS-400 to EAL5+, and SNS's EAL7 evaluation recently resulted in a very augmented EAL5 rating.

Boeing is a major defense contractor with a big budget and guaranteed contracts. The product is just a guard. They have much experience in assuring guards. They apparently see no reason to invest in an EAL6/7 rating. If big Boeing cant justify it, then is there reason anymore for American companies to produce truly secure systems? At the moment, it seems not.

DanielJune 15, 2012 11:15 PM

@no one

What has bothers me about that attack is how elaborate it is. This wasn't done by your typical Lolsec script kiddie. It was carefully and meticulously planned by someone who is competent at analyzing various systems in multiple companies and exploiting their weaknesses. I am also impressed by the agility of his mind when he got caught in the act (something that I think caught him off guard). That was some quick thinking on his feet.

At the end of the day this hack should probably be considered a failure but if only one person was behind it I have no qualms about saying I'm impressed.

nickJune 17, 2012 7:40 AM

Ottawa airport wired with microphones as Border Services prepares to record travellers’ conversations

www - ottawacitizen - com/news/Ottawa+airport+wired+with+microphones+Border+Services/6788759/story.html

GStarrJune 17, 2012 8:26 PM

Have you heard of any link between the recent "state sponsored" Gmail hacks and malware running on Android phones? Gmail at least on some Android devices is "always on", i.e.; cannot be logged out. If Gmail is hacked/infected, then phones (could be) too. Do you agree? Has anyone heard of this happening, or have any proof that it does happen?

Tamara BensonJune 17, 2012 10:12 PM

I quit eating Squid in 2003 when I saw a PBS show about how the cellular structure of their eyes is so very similar to human eyes. :)
Cannibalism isn't for me.

Since then I've learned a lot of reasons not to kill our ocean, and seen how interdependent we and sea life are.
No Polly Anna here, just hoping to survive without eating something that might save me. :)

By the way, I've been learning to pay attention to how my body reacts to different foods--and if something makes you feel lousy later, (pork does that to me) or gives you gas, etc, maybe our bodies are trying to tell us what we can handle and what we shouldn't.
Knowing could improve quality of life, even if no guarantees for quantity.
bon appetit guys!

WaelJune 18, 2012 12:10 AM

@ GStarr,

The only way I know of to delete your gmail account from your android phone is to do a factory reset on the phone. I don't like that and wondered why it behaves that way. Same applies to Google voice, once you sign up, you cannot delete your account. You can remove the numbers of the phones that are forwarded, but you can not delete your account. That was a year ago. Not sure if they changed that.

FigureitoutJune 18, 2012 8:56 AM

@Gstarr

I never used the email address I had to make to use the phone, but like Wael said, I know Google voice would remain activated. Very frustrating. Instantaneously after turning it off, it would turn itself right back on. Plus, apps that I didn't download would turn up on my phone. Was glad to get rid of the p.o.s., it serves as a second alarm clock now :)

Petréa MitchellJune 18, 2012 11:35 AM

Erich Schmidt:

The post asks whether an approach based on game theory is can be helpful in designing airport security strategies. It raises some good questions about whether the type of game under discussion even properly models the problem, and then answers them with an unsupported assertion that yes, it works and everything is cool.

Erich SchmidtJune 18, 2012 12:07 PM

Thanks Petréa -- for the information, and for the laugh you gave me!

DanielJune 18, 2012 9:00 PM

I know it's Monday but did anyone see this:

https://www.nytimes.com/2012/06/17/opinion/sunday/how-depressed-people-use-the-internet.html

"What are the practical applications of this research? We hope to use our findings to develop a software application that could be installed on home computers and mobile devices. It would monitor your Internet usage and alert you when your usage patterns might signal symptoms of depression."

Well, if having an internet program that watches my every activity in the name of my "health" doesn't depress me, I don't know what will.

jacobJune 19, 2012 9:19 AM

@daniel.
Interesting. It might explain my ISP.
"Let's piss him off a little bit more and then we better stop".... ;)

RichardJune 19, 2012 10:17 AM

I recently ordered "Liars and Outliers" from the local library. Ironically, while it was being held for me to pick it up, somebody stole it.

Clive RobinsonJune 19, 2012 5:19 PM

OFF Topic:

It would appear that the cat&mouse story of Julian Assange has taken another weird step...

http://www.bbc.co.uk/news/uk-18514726

He walked into the London embassy of Ecuador and asked for asylum. Apparently he believes he was about to be shipped off to Sweden prior to his latest attempt to get the extradition order quashed.

It appears this may not be unrelated to an offer made back in 2010 by Ecuador to offer Mr Assange residency, which in of it's self has a few twists and turns.

ON another matter the EFF are supporting the "Internet Archive" in a legal case against Washington State,

https://www.eff.org/press/releases/internet-archive-sues-stop-new-washington-state-law

Put simply Washington State has enacted a badly written law (SB-6251) that flies in the face of US Federal law.

In essence it's purpose is to make online service providers criminally liable for providing access to third parties' offensive materials, and on the face of it, it would appear to have laudable goals. But in practice it is to broadly written in very vague terms thus making it dangerous in many respects. Further it brings it squarly into conflict with Section 230 of the Communications Decency Act, which is current Federal law which adequately covers what SB-6251 attempts to cover so badly.

Oh and "one for the parents"... How is you kids maths? are they any good at division, fractions or surds?

If not they may not be able to hack it in our modern world according to some reasurch,

http://www.sciencedaily.com/releases/2012/06/120615114057.htm

Of course underpining all of this as normal is a good knowledge of primes ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..