Friday Squid Blogging: Squid–Bacteria Symbiotic Relationships

This is really interesting research.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on July 12, 2013 at 4:49 PM • 25 Comments

Comments

Clive RobinsonJuly 12, 2013 5:21 PM

ON Topic :-)

It brings new meaning to the old expression of "You light up my life"...

Blog Reader ZeroJuly 12, 2013 9:33 PM

In the book "Fast Food Nation", author Eric Scholsser mentions a security issue with fast food restaurants, namely that the restaurants are very attractive to armed robbers given the emphasis on cash transactions (not to mention the impracticality of installing bullet-resistant barriers) and the employment of persons who are young or poorly off (or both.) On the latter, Schlosser mentions that about two-thirds of fast food robberies involve current or former employees of the restaurant, according to industry studies. Fast food employees may be poorly paid and turnover is often high. Security measures such as alarm systems, panic buttons, safes with drop slots, and (of course) closed-circuit TV have been used, but not all robberies have targeted unguarded locations. In particular, a Burger King restaurant on the grounds of Offutt Air Force Base near Omaha, Nebraska was robbed of more than $7,000 in April 2000 by two masked robbers wearing purple Burger King shirts. The book mentioned Joseph A. Kinney, president of the National Safe Workplace Institute, who suggested that improved labor relations (regarding things such as wages) would improve security for fast food restaurants far more effectively than such measures as surveillance cameras. An aspect mentioned by workplace crime expert and professor of management Jerald Greenberg at the University of Ohio was that employees are less likely to steal from an employer when are treated with dignity and respect.

Overall, on the matter of robberies and fast food restaurants, it would seem that there is the issue of security measures which are worthwhile to businesses versus those which are worthwhile to employees and the factors that determine what actually gets implemented.

NobodySpecialJuly 12, 2013 10:17 PM

>who suggested that improved labor relations (regarding things such as wages) would improve security

So if you pay people more they are less likely to act illegally?
Worked for Wall St and Washington (and every other legislature)

Nick PJuly 12, 2013 11:16 PM

@ NobodySpecial

It's not just pay. Like the poster said, they should be treated with some dignity and value. A combination of some security measures and making employees feel valued (rather than exploited) has been proven in many cases to improve operations or reduce risk. On the other hand, treating people like dirt on a regular basis to invites disloyalty, apathy, and other negative attitudes. Bad stuff can happen to the company.

Also, I don't think the kinds of people in Wall St are representative of the public at large. Wall St is also a special case where the whole point of the area is to be totally centered on money. It also attracts a few types of people most likely to know how to scheme effectively. A culture of greed and externalities plus opportunities for misdeeds + confidence they'll get away with it = ridiculous level of risk for bad stuff happening.

ArclightJuly 13, 2013 1:09 AM

Most physical security experts will also tell you that installing a security measure (for instance, a badge-in system and new door locks) has a much higher chance of working if the employees feel that the features will improve their safety or security personally.

If your access system does a good job of keeping the riff-raff out of the employee's private spaces, then the door policy is likely to be adhered to.

If the video-surveillance system is regularly used as part of a program that makes security check in on the guy on ladders changing light bulbs, then it might be supported more.

When all of a company's policies and procedures seem to optimize only value to the company, then people are more likely to resist, ignore policies and may even sabotage things.


Arclight

PaulJuly 13, 2013 1:48 AM

This is one I haven't come across before. Quite clever, although he must be on loads and loads of security camera footage...

From http://www.asiaone.com/News/Latest%2BNews/Relax/...

AFP Tuesday, Jul 09, 2013

HONG KONG - A thief tricked staff into opening a room safe at a five-star Hong Kong hotel by posing as a slipper-clad guest, local media reported on Tuesday, raising questions about security at one of the city's top hotels.

Staff at the harbourside Peninsula Hotel were first duped into giving the man a spare key in the early hours of Sunday morning as the room's occupants, a French couple, were sleeping, the South China Morning Post (SCMP) reported. When the couple left the room later that afternoon, the man let himself in and managed to persuade staff to open the safe from which he stole HK$50,000 (S$8,256) worth of goods and cash.

"Speaking in English, he told hotel staff that he had lost his room key and demanded another one," the newspaper cited a Hong Kong police officer as saying, adding that the man provided details of the 47-year-old male occupant, including name and birth date, without saying how he had obtained such information.

After entering the room, the man "telephoned the front desk from the room saying he had forgotten the password of the safe and asked for assistance to open it", the officer was quoted by the SCMP as saying. When the staff arrived, the man - described as a foreigner - was waiting in the room wearing "a pair of slippers, a blue T-shirt and jeans".

"No one has been arrested so far," a Hong Kong police spokesman told AFP on Tuesday, confirming the case.

The Peninsula Hotel, established in 1928 in the former British colony, is situated in the bustling shopping district of Tsim Sha Tsui and is one of the city's oldest hotels. The hotel refused to give details on the case, but confirmed the theft had occurred.

"The theft happened and has been reported. But we are not at the liberty to elaborate further while the police are investigating the matter," Peninsula Hotel director of public relations Olivia Toth told AFP.

iglooiJuly 13, 2013 4:55 AM

It would appear that the Kremlin has been jumpstarted back to the future! They have ordered in a whole lot of electric typewriters to type out top secret notes on paper rather than entrust them to computers and networks. http://www.bbc.co.uk/news/world-europe-23282308

If they were really serious, they should go back to the old manuals. Electric typewriters emit enough emr to decipher the messages sent to the print head!

I wonder if the Pentagon is rounding up all the old Remingtons it can find!

Scott "SFITCS" FergusonJuly 13, 2013 8:36 AM

@ NobodySpecial

So if you pay people more they are less likely to act illegally?
Worked for Wall St and Washington (and every other legislature)

If the selection criteria is different - then so might the effect of conditions, don't you think?

Not that I'm saying political and stockbroking have different selection criteria to minimum wage fast food jobs , just trying to allow for the possibility.

MikeAJuly 13, 2013 9:59 AM

Two issues with the Russian Typewriter story and comment:

1) Actual "Electric Typewriters" (of the "add a snatch-roll to a manual typewriter" variety) do not tend to emit much EMR that correlates to the message.

2) The article claims (by contrast with typewriters) that printers do not produce identifiable visual quirks in the resulting paper documents. I guess the author never used a daisywheel with a nick, a consumer-grade dot-matrix printer, or a laser printer with a scratched drum. Not to mention the "yellow dots" put in deliberately on some printers.

JimJuly 13, 2013 10:26 AM

NobodySpecial: So if you pay people more they are less likely to act illegally?
Worked for Wall St and Washington (and every other legislature)

Just coming to this from the gaming thread, so will stick to this vein:

The game of fast food does not train people in greed, as some positions in Wall Street can do. So extremely few fast food workers become armed robbers. :/ Whereas, very many Wall Street workers do become thieves.

With hacking, breaking the rules pays. That can lead to lawlessness. With innovation, which in technology, we like to call "hacking", one also has to break the rules to get pay. That is different. That is when not "the rules need not apply", but when the rules are wrong. They need to be changed.

Or ignored.

If your game is just to try and cheat people out as much money as possible in life, that is an extremely short sighted game.

JimJuly 13, 2013 11:17 AM

Using this thread to post on other security issues not remarked on this week:

A very big, key security issue I see as happening this week has happened in some really very small criminal cases.

In one case, in Britain, a man was convicted of crimes for what he said.

In Texas, in another case, a young man is imprisoned and effectively tortured for what he has said, as well.

In both cases, this was "what they said online". They vary in degrees of private places of speech.

All of this is critical in context of the surveillance systems which have been exposed in the "free" world.

These are, as I like to say, systems designed to hunt human beings based on what they say -- even in private.


There is not much said about the British case. The man clearly was not serious, but was also clearly intended to be taken seriously. There is little disagreement that his actions were vile and meant to be intimidating. He intended his threats to be taken seriously. On inspection, it was clear that he was a dog who barks but not bites. Because of the severity of his threats and the way he gave them, however, people can also assume he is a dog which bites in life.

Good riddance.

Conversely, in Texas, it is clear that the teenager locked up really was not serious nor did he have any intention of making his statements be seen as serious.

I say "torture", because the child has been physically hurt in jail.


People are reacting to both cases. Their reactions, judgments are important, especially in light of the recent disclosures.

When you create a product, you want to market it. You want to have a test audience. This can tell you how to invest. Movies are good examples, if the test audience responds poorly to a movie, the movie will be rebranded. It may end up going straight to video, and so essentially dumped. Or it may go global and pushed for that.


So this little case in a little town in Texas is important. It is important how people react to this.


I am not saying this is a conscious, human conspiracy. It is absolutely not. You can look it as an unconscious conspiracy, or an unconscious functioning of society.


Those who respond in an unreasonable fashion to the Texas case are sending in their vote. Their unreasonable judgment is invariably hypocritical, of course, and shows how "hard" or "soft" their heart is. You can apply the medical terminology here to this metaphor: It says how sick or how healthy they are.


I would go further and even point out, if there are enough who are very sick in heart, then what we will have is the surveillance systems and how they are used to be used to cull off that cancer. This is not a good thing. In practice, what happens is the system its' self mirrors the statistical state of the hearts of the people. It hurts good tissue to cull out bad tissue. Put it that way.

BobbyJuly 13, 2013 12:47 PM

Bruce, it should be security stories of interest and not only those you haven't covered. just a thought. there goes your copy and paste routine.

Jonathan WilsonJuly 13, 2013 11:31 PM

Regarding the hotel safe theft, its well known that hotel room safes aren't exactly the safest thing in the world. There are a number of products out there marked as extra security for hotel room safes by adding an extra lock that the staff cant open. Whether they are any good I dont know (as I have never used one) but they do (from what I have seen) seem like they would at least make it harder for staff or fraudsters.

Coyne TibbetsJuly 14, 2013 1:11 AM

You should look into this article on the One-Button Amazon application, which indicates that the application can be used to intercept all http and https communications via Chrome (_any_ communication); and that it can be easily broken to intercept them on behalf of a MITM attacker.

G van GrijnenJuly 14, 2013 3:58 PM

After Snowden's revelations terrorists are harder to track according to officials.

I am not an expert on the deep web at all, but somehow I suspect terrorists think this would be a perfect hiding place.

And in spite of all the massive surveillance, this place seems too hard a nut to crack.

So why the massive surveillance?

Clive RobinsonJuly 15, 2013 3:24 AM

@ G van Grijnen,

    After Snowden's revelations terrorists are harder to track according to officials.

That is a compleat load of hogwash and the officials concerned should be 100% aware they are lying to the public, and as such should be named and shamed and preferably thrown out of office without their pensions.

The reasons are simple,

Firstly few if any serious terrorists use the internet without a lot of precautions that effectivly make it close to impossible to catch them. After all if it were easy they would have had Osama before Obama went into office (unless you believe the "staged managed for popularity for re-election" argument).

Such precautions take a long time to put in place and as such you don't stop them dead either, thus Edward Snowden's revelations are at worst going to have minimal effect on the very few real terrorists out there.

As for the faux / wanabe terrorists I guess it might have had an effect on them thus potential recruits for being an unwitting target for an FBI sting operations has probably declined.

As for "home grown" terrorists then they have probably downloaded their bomb making instructions quite some time ago, so again Snowden's revelations would have arived after that. In fact an argument could be made that Snowden's revelations will actually have stopped "home grown" terrorists.

I suspect the real reason these officials are saying these things is to blacken Snowden's image nothing more.

Speaking of blackening images the UK Guardian had a nice piece on Micro$haft slurping up the FBI/NSA crack, and crying "we had no choice" which is actually compleate rubbish and for public consumption after being caught with their hand in the cookie jar. The real question is what the kick back is for Micro$haft from the US Government is...

http://www.guardian.co.uk/world/2013/jul/11/...

Boss KJuly 15, 2013 9:56 AM

Re: Blog Reader Zero

You're presuming armed robberies are a problem.

So long as the profits continue, who cares?

ScaredJuly 15, 2013 2:38 PM

Janet Napolitano resigns.

And Businessweek suggest we abolish the DHS:
http://www.businessweek.com/articles/2013-07-15/...

"More than a decade later, it’s increasingly clear that the danger to Americans posed by terrorism remains smaller than that of myriad other threats, from infectious disease to gun violence to drunk driving. Even in 2001, considerably more Americans died of drowning than from terror attacks. Since then, the odds of an American being killed in a terrorist attack in the U.S. or abroad have been about one in 20 million. The Boston marathon bombing was evil and tragic, but it’s worth comparing the three deaths in that attack to a list of the number of people in the U.S. killed by guns since the December 2012 massacre in Newtown, Conn., which stood at 6,078 as of June.

This low risk isn’t evidence that homeland security spending has worked: It’s evidence that the terror threat was never as great as we thought. A rather pathetic Heritage Foundation list of 50 terrorist plots against the U.S. foiled since Sept. 11 includes such incidents as a plan to use a blowtorch to blow up the Brooklyn Bridge and “allegedly lying about attending a terrorist training center”—but nothing involving weapons of mass destruction. Further, these are alleged plots. The list of plausible plots, let alone actual crimes, is considerably smaller. From 2005 to 2010, federal attorneys declined (PDF) to bring any charges against 67 percent of alleged terrorism-related cases referred to them from law enforcement agencies."

El JefeJuly 15, 2013 5:45 PM

The least they could do is change the name so it doesn't sound like the Gestapo. Homeland?

name.withheld.for.obvious.reasonsJuly 15, 2013 9:32 PM

Examples of where military authority is exceeding constitutional authority. The following is an extract from the Intelligence Authorization act for Fiscal Year 2012.

AUTHORITY TO TRANSPORT APPREHENDED PERSONS.—Paragraph (5) of section 11(a) of the National Security Agency Act of 1959 (50 U.S.C. 402 note) is amended to read as follows:

(5) Agency personnel authorized by the Director under paragraph (1) may transport an individual apprehended under the authority of this section from the premises at which the individual was apprehended, as described in subparagraph (A) or (B) of paragraph (1), for the purpose of transferring such individual to the custody of law enforcement officials. Such transportation may be provided only to make a transfer of custody at a location within 30 miles of the premises described in subparagraphs (A) and (B) of paragraph (1).’’.

(b) CONFORMING AMENDMENT RELATING TO TORT LIABILITY.— Paragraph (1) of section 11(d) of the National Security Agency Act of 1959 (50 U.S.C. 402 note) is amended—

(1) in subparagraph (B), by striking ‘‘or’’ at the end;
(2) in subparagraph (C), by striking the period at the end and inserting ‘‘; or’’; and
(3) by adding at the end the following new subparagraph: ‘‘(D) transport an individual pursuant to subsection (a)(2).’’.

I keep harping on this as there seems to be no realization that this is going on--either the public, the intelligentsia, and the political class are ignorant or duplicitous. But, I argue that this text--the above mentioned demonstrates--that these are deliberate acts in the "Boiling the Frog" exercise that constitutes a coupe in the United States.

G van GrijnenJuly 16, 2013 3:36 PM

@Clive Robinson

Yes I agree it was hogwash.

For who could check this statement?

No one, actually.

Same with the claim that programs revealed by Edward Snowden have stopped more than 50 terrorist attacks.

In our government we should trust is the implicit message.

Accountability is no longer required in a democracy in this digital age.

People like their convenience.

Blog Reader ZeroJuly 16, 2013 10:59 PM

@El Jefe:

For that matter, though emergency response may have a part for "sheltering in place," there is the issue of prison terminology when subjecting schools to "lockdowns." (In 2011, Mother Jones did an article from Annette Fuentes, the author of "Lockdown High," on biometrics and RFID technology in school environments.)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..