Remember when I said that I keep my home wireless network open? Here’s a reason not to listen to me:
When Indian police investigating bomb blasts which killed 42 people traced an email claiming responsibility to a Mumbai apartment, they ordered an immediate raid.
But at the address, rather than seizing militants from the Islamist group which said it carried out the attack, they found a group of puzzled American expats.
In a cautionary tale for those still lax with their wireless internet security, police believe the email about the explosions on Saturday in the west Indian city of Ahmedabad was sent after someone hijacked the network belonging to one of the Americans, 48-year-old Kenneth Haywood.
Of course, the terrorists could have sent the e-mail from anywhere. But life is easier if the police don’t raid your apartment.
EDITED TO ADD (8/1): My wireless network is still open. But, honestly, the terrorists are more likely to use the open network at the coffee shop up the street and around the corner.
Posted on August 1, 2008 at 6:46 AM •
That’s what the rules say:
Sikh passengers are allowed to carry Kirpan with them on board domestic flights. The total length of the ‘Kirpan’ should not exceed 22.86 CMs (9 inches) and the length of the blade should not exceed 15.24 CMs. (6 inches). It is being reiterated that these instructions should be fully implemented by concerned security personnel so that religious sentiments of the Sikh passengers are not hurt.
How airport security is supposed to recognize a Sikh passenger is not explained.
Posted on June 10, 2008 at 6:27 AM •
RIM encrypts e-mail between BlackBerry devices and the server the server with 256-bit AES encryption. The Indian government doesn’t like this at all; they want to snoop on the data. RIM’s response was basically: That’s not possible. The Indian government’s counter was: Then we’ll ban BlackBerries. After months of threats, it looks like RIM is giving in to Indian demands and handing over the encryption keys.
EDITED TO ADD (5/27): News:
BlackBerry vendor Research-In-Motion (RIM) said it cannot hand over the message encrytion key to the government as its security structure does not allow any ‘third party’ or even the company to read the information transferred over its network.
EDITED TO ADD (7/2): Looks like they have resolved the impasse.
Posted on May 21, 2008 at 2:09 PM •
The first two affected India, Pakistan, Egypt, Qatar, Saudi Arabia, the United Arab Emirates, Kuwait, and Bahrain. The third one is between the UAE and Oman. The fourth one connected Qatar and the UAE. This one may not have been cut, but taken offline due to power issues.
The first three have been blamed on ships’ anchors, but there is some dispute about that. And that’s two in the Mediterranean and two in the Persian Gulf.
There have been no official reports of malice to me, but it’s an awfully big coincidence. The fact that Iran has lost Internet connectivity only makes this weirder.
EDITED TO ADD (2/5): The International Herald Tribune has more. And a comment below questions whether Iran being offline has anything to do with this.
EDITED TO ADD (2/5): A fifth cut? What the hell is going on out there?
EDITED TO ADD (2/5): More commentary from Steve Bellovin.
EDITED TO ADD (2/5): Just to be clear: Iran is not offline. That was an untrue rumor; it was never true.
Posted on February 5, 2008 at 8:28 PM •
You can’t make this stuff up.
Authorities say crime syndicates find it easy to tamper with branding or tattooing of the cattle — hence the idea for photo identity cards which should be difficult to falsify.
Valid for two years, each laminated cattle ID card displays the picture of the animal and its owner. It also carries vital information about the animal, such as its colour, height, sex and length of horns.
It carries the owner’s name and address and sometimes other details about the animal — like one “horn missing” or “half tail lost”.
Does anyone really think this will improve security?
Posted on September 6, 2007 at 1:51 PM •
It stops terrorism, you see:
Vijay Mukhi, President of the Foundation for Information Security and Technology says, “The terrorists know that if they use machines at home, they can be caught. Cybercafes therefore give them anonymity.”
“The police needs to install programs that will capture every key stroke at regular interval screen shots, which will be sent back to a server that will log all the data.
The police can then keep track of all communication between terrorists no matter, which part of the world they operate from.This is the only way to patrol the net and this is how the police informer is going to look in the e-age,” added Mukhi.
Is anyone talking about the societal implications of this sort of wholesale surveillance? Not really:
“The question we need to ask ourselves is whether a breach of privacy is more important or the security of the nation. I do not think the above question needs an answer,” said Mukhi.
“As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security,” said National Vice President, People Union for Civil Liberty.
EDITED TO ADD (10/24): This may be a hoax.
Posted on September 5, 2007 at 1:00 PM •
This is interesting. Seems that a group of Sri Lankan credit card thieves collected the data off a bunch of UK chip-protected credit cards.
All new credit cards in the UK come embedded come with RFID chips that contain different pieces of user information, in order to access the account and withdraw cash the ATMs has to verify both the magnetic strip and the RFID tag. Without this double verification the ATM will confiscate the card, and possibly even notify the police.
They’re not RFID chips, they’re normal smart card chips that require physical contact — but that’s not the point.
They couldn’t clone the chips, so they took the information off the magnetic stripe and made non-chip cards. These cards wouldn’t work in the UK, of course, so the criminals flew down to India where the ATMs only verify the magnetic stripe.
Backwards compatibility is often incompatible with security. This is a good example, and demonstrates how criminals can make use of “technological arbitrage” to leverage compatibility.
EDITED TO ADD (8/9): Facts corrected above.
Posted on August 9, 2006 at 6:32 AM •
Authorities had also severely limited the cellular network for fear it could be used to trigger more attacks.
Some of the injured were seen frantically dialing their cell phones. The mobile phone network collapsed adding to the sense of panic.
(Note: The story was changed online, and the second quote was deleted.)
Cell phones are useful to terrorists, but they’re more useful to the rest of us.
Posted on July 13, 2006 at 1:20 PM •
There was yet another incident where call center staffer was selling personal data. The data consisted of banking details of British customers, and was sold by people at an outsourced call center in India.
I predict a spate of essays warning us of the security risks of offshore outsourcing. That’s stupid; this has almost nothing to do with offshoring. It’s no different than the Lembo case, and that happened in the safe and secure United States.
There are security risks to outsourcing, and there are security risks to offshore outsourcing. But the risk illustrated in this story is the risk of malicious insiders, and that is mostly independent of outsourcing. Lousy wages, lack of ownership, a poor work environment, and so on can all increase the risk of malicious insiders, but that’s true regardless of who owns the call center or in what currency the salary is paid in. Yes, it’s harder to prosecute across national boundaries, but the deterrence here is more contractual than criminal.
The problem here is people, not corporate or national boundaries.
Posted on June 24, 2005 at 9:35 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.