Page 3 of 4
Nice:
You might think that a Lego safe would be easy to open. Maybe just remove a few bricks and you’re in. But that’s not the case with this thing, the cutting edge of Lego safe technology. The safe weighs 14 pounds and has a motion detecting alarm so it can’t be moved without creating a huge ruckus.
They’re trying to detect anomalies:
If you have ever wondered how security guards can possibly keep an unfailingly vigilant watch on every single one of dozens of television monitors, each depicting a different scene, the answer seems to be (as you suspected): they can’t.
Instead, they can now rely on computers to constantly analyze the patterns, sizes, speeds, angles and motion picked up by the camera and determine—based on how they have been programmed—whether this constitutes a possible threat. In which case, the computer alerts the security guard whose own eyes may have been momentarily diverted. Or shut.
An alarm can be raised, for instance, if the computer discerns a vehicle that has been standing still for too long (say, a van in the drop-off lane of an airport terminal) or a person who is loitering while everyone else is in motion. By the same token, it will spot the individual who is moving rapidly while everyone else is shuffling along. It can spot a package that has been left behind and identify which figure in the crowd abandoned it. Or pinpoint the individual who is moving the wrong way down a one-way corridor.
Because one person’s “abnormal situation” is another person’s “hot dog vendor attracting a small crowd,” the computers can be programmed to discern between times of the day and days of the week.
Certainly interesting.
Some expensive and impressive stuff was stolen from the University of British Columbia’s Museum of Anthropology:
A dozen pieces of gold jewelry designed by prominent Canadian artist Bill Reid were stolen from the museum sometime on May 23, along with three pieces of gold-plated Mexican jewelry. The pieces that were taken are estimated to be worth close to $2 million.
Of course, it’s not the museum’s fault:
But museum director Anthony Shelton said that elaborate computer program printouts have determined that the museum’s security system did not fail during the heist and that the construction of the building’s layout did not compromise security.
Um, isn’t having stuff get stolen the very definition of security failing? And does anyone have any idea how “elaborate computer program printouts” can determine that security didn’t fail? What in the world is this guy talking about?
A few days later, we learned that security did indeed fail:
Four hours before the break-in on May 23, two or three key surveillance cameras at the Museum of Anthropology mysteriously went off-line.
Around the same time, a caller claiming to be from the alarm company phoned campus security, telling them there was a problem with the system and to ignore any alarms that might go off.
Campus security fell for the ruse and ignored an automated computer alert sent to them, police sources told CBC News.
Meanwhile surveillance cameras that were still operating captured poor pictures of what was going on inside the museum because of a policy to turn the lights off at night.
Then, as the lone guard working overnight in the museum that night left for a smoke break, the thief or thieves broke in, wearing gas masks and spraying bear spray to slow down anyone who might stumble across them.
It’s a particular kind of security failure, but it’s definitely a failure.
This seems very worrisome:
Federal regulators approved a plan on Wednesday to create a nationwide emergency alert system using text messages delivered to cellphones.
The real question is whether the benefits outweigh the risks. I could certainly imagine scenarios where getting short text messages out to everyone in a particular geographic area is a good thing, but I can also imagine the hacking possibilities.
And once this system is developed for emergency use, can a bulk SMS business be far behind?
Israel is implementing an IFF (identification, friend or foe) system for commercial aircraft, designed to differentiate legitimate planes from terrorist-controlled planes.
The news article implies that it’s a basic challenge-and-response system. Ground control issues some kind of alphanumeric challenge to the plane. The pilot types the challenge into some hand-held computer device, and reads back the reply. Authentication is achieved by 1) physical possession of the device, and 2) typing a legitimate PIN into the device to activate it.
The article talks about a distress mode, where the pilot signals that a terrorist is holding a gun to his head. Likely, that’s done by typing a special distress PIN into the device, and reading back whatever the screen displays.
The military has had this sort of system—first paper-based, and eventually computer-based—for decades. The critical issue with using this on commercial aircraft is how to deal with user error. The system has to be easy enough to use, and the parts hard enough to lose, that there won’t be a lot of false alarms.
Story of a sonic blaster:
Here’s how it works: Inferno uses four frequencies spread out over 2 to 5 kHz. The idea behind it is that unlike a regular siren, these particular frequencies have a uniquely disturbing effect on people (and presumably cats, dogs and any other living thing). At 123 dB, it’s loud, but not significantly louder than any other alarm system. The advantage, according to Dr. Goldman, is the combination of frequencies. The human ear just doesn’t like it. I agree, I really didn’t like it.
Note to the TSA: Dr. Goldman has had no problems bringing this thing onto airplanes.
Fire Engineering magazine points out that fire alarms used to be kept locked to prevent false alarms:
Q: Prior to 1870, street corner fire alarm pull boxes were kept locked. Why were they kept locked and how did a person gain access to ‘pull the box?’
A: They were kept locked due to false alarms. Nearby shopkeepers or beat cops carried the keys.
According to Robert Cromie in The Great Chicago Fire (Thomas Nelson: 1994, p. 33), this may have been one reason for the slow response to the fire:
William Lee, the O’Leary’s neighbor, rushed into Goll’s drugstore, and gasped out a request for the key to the alarm box. The new boxes were attached to the walls of stores or other convenient locations. To prevent false alarms and crank calls, the boxes were locked, and the keys given to trustworthy citizens nearby.
What happened when Lee made his request is not clear. Only one fact emerges from the confusion: No alarm was registered from any box in the vicinity of the fire until it was too late to do any good.
Apparently, Lee said that Goll refused to give him the key because he’d already seen a fire engine go past; Goll said he actually did pull the alarm, twice, but if so it must not have worked.
(There’s more about what sounds like a really bad communications failure, but it’s a little too hard for me to read on the Amazon website.)
But did you know that the fire burned for over half an hour before an alarm was ever sounded? Alarm boxes were actually kept locked in those days, to prevent false alarms!
When the first alarm box was finally opened and the lever pulled, the alarm somehow did not get through. The fire dispatcher was playing a guitar for a couple of girls at the time and he kept on serenely strumming, completely unawares. After the fire had been growing and blazing for nearly an hour a watchman screamed at the dispatcher to sound an alarm, which he did, and the first three engines, two hose wagons, and two hook and ladders were sent out—but in the wrong direction!
At first the dispatcher refused to sound another alarm, hoping to avoid further confusion.
Compare this with a proposed law in New York City that will require people to get a license before they can buy chemical, biological, or radiological attack detectors:
The legislation—which was proposed by the Bloomberg administration and would be the first of its kind in the nation—would empower the police commissioner to decide whether to grant a free five-year permit to individuals and companies seeking to “possess or deploy such detectors.” Common smoke alarms and carbon monoxide detectors would not be covered by the law, the Police Department said. Violations of the law would be considered a misdemeanor.
Why does the administration think such a law is necessary? Richard A. Falkenrath, the Police Department’s deputy commissioner for counterterrorism, told the Council’s Public Safety Committee at a hearing today, “Our mutual goal is to prevent false alarms and unnecessary public concern by making sure that we know where these detectors are located and that they conform to standards of quality and reliability.”
The law would also require anyone using such a detector—regardless of whether they have obtained the required permit—to notify the Police Department if the detector alerted them to a biological, chemical or radiological agent. “In this way, emergency response personnel will be able to assess threats and take appropriate action based on the maximum information available,” Dr. Falkenrath said.
False positives are a problem with any detection system, and certainly putting Geiger counters in the hands of everyone will mean a lot of amateurs calling false alarms into the police. But the way to handle that isn’t to ban Geiger counters. (Just as the way to deal with false fire alarms 100 years ago wasn’t to lock the alarm boxes.) The way to deal with it is by 1) putting a system in place to quickly separate the real alarms from the false alarms, and 2) prosecuting those who maliciously sound false alarms.
We don’t want to encourage people to report everything; that’s too many false alarms. Nor do we want to discourage them from reporting things they feel are serious. In the end, it’s the job of the police to figure out what’s what. I said this in an essay last year:
…these incidents only reinforce the need to realistically assess, not automatically escalate, citizen tips. In criminal matters, law enforcement is experienced in separating legitimate tips from unsubstantiated fears, and allocating resources accordingly; we should expect no less from them when it comes to terrorism.
EDITED TO ADD (1/18): Two commenters pointed to a 1938 invention: an alarm box that locks up your arm until the fire department sets you free. Yikes.
Ask anybody who’s made money robbing houses, and they’ll tell you straight up: you can get away with a lot of loot in the 10 minutes before the cops come.
But the crooks won’t find their way out of the foyer if you hit ’em with the FogSHIELD—an add-on to your home security system that releases a blinding blanket of fog to stop thieves in their tracks. When an intruder triggers the alarm, water mixes in the FogSHIELD’s glycol canister to generate enough dry, non-toxic fog to cover 2,000 square feet in less than 15 seconds. It dissipates 45 minutes later, leaving your furniture unsullied and your electronics intact.
The website appears not to be a joke.
EDITED TO ADD (6/23): In the comments, a lot of people have taken me to task for calling this security silly. I stand by my statement: not because it’s not effective, but because it’s not a good trade-off. I can certainly imagine scenarios where filling your house with vision-impairing fog is just the thing to foil a would-be burglar, but it seems awfully specific a countermeasure to me.
Home security—like all security, really—is a combination of protection, detection, and response. Locks and bars are the protection system, and the alarm is the detection/response system. Fogshield is a protection system: after the locks and bars have failed, Fogshield 1) makes it harder for the burglar to navagate around the house, and 2) potentially delays him until the response system (police or whomever) arrives.
But it has problems as a protection system. For one, false alarms are way worse than before. It’s one thing to have a loud bell annoy the neighbors until you turn it off, it’s another to fill your house with fog in less than 15 seconds (plus the cost to replace the canister).
This whole thing feels real “movie-plot threat” to me: great special effect in a movie, but not really a good security trade-off for home use. An alarm system is going to make an average burglar go to the house next door instead, and a dedicated burglar isn’t going to be deterred by this.
Impressively bad. (Yes, it’s an advertisement. But there are still important security lessons in the blog post.)
1. The keypad is actually the control panel. This particular model is called a Lynx and is manufactured by Honeywell. However, most of the major manufacturers have their own version of an “all-in-one” control panel, siren & keypad (Here is a link to GE’s version). These all-in-one models were designed to simplify installation and are typically part of “free” or low-cost alarm systems. They are all equally useless.
The most important problem with systems like this is the fact that you need to have a delay time in order to open your door and get to the keypad each time you enter your home. So, when a crook breaks in, they also have the same amount of time. If the crook follows the sound of the beeping keypad they will be standing in front of not only the keypad, but the brains of the alarm system. So, rather than punching in a valid code, the crook could simply rip the entire unit off of the wall.
Provided that they rip the panel off of the wall before the alarm sends its first signal, it will never be able to send a signal.
2. If point #1 wasn’t bad enough (or maybe because the installer who put the ‘system’ in realized how useless it was going to be) the power supply for the system is located right beside the keypad/control panel. Unplug the transformer (which is just barely able to stay plugged in as it is) and the alarm loses power. This provides a really convenient way for someone to either accidentally or intentionally unplug the system and wait for the back-up battery to die.
3. Even worse, the phone jack has also been located beside the power supply. The phone jack is the alarm systems only connection to the outside world. If it gets unplugged, the system cannot communicate and a crook would not have to go through the hassle of ripping the panel off of the wall.
Sidebar photo of Bruce Schneier by Joe MacInnis.