Entries Tagged "shootings"

Page 3 of 3

Security and Class

I don’t think I’ve ever read anyone talking about class issues as they relate to security before:

On July 23, 2003, New York City Council candidate Othniel Boaz Askew was able to shoot and kill council member and rival James Davis with a gun in school headquarters at City Hall, even though entrance to the building required a trip through a magnetometer. How? Askew used his politicians’ privilege—a courtesy wave around from security guards at the magnetometer.

An isolated incident? Hardly. In 2002, undercover investigators from Congress’ auditing arm, the General Accounting Office, used fake law enforcement credentials to get the free pass around the magnetometers at various federal office buildings around the country.

What we see here is class warfare on the security battleground. The reaction to Sept. 11 has led to harassment, busywork, and inconvenience for us all ­ well, almost all. A select few who know the right people, hold the right office or own the right equipment don’t suffer the ordeals. They are waved around security checkpoints or given broad exceptions to security lockdowns.

If you want to know why America’s security is so heavy on busywork and inconvenience and light on practicality, consider this: The people who make the rules don’t have to live with them. Public officials, some law enforcement officers and those who can afford expensive hobbies are often able to pull rank.

Posted on October 19, 2006 at 12:25 PMView Comments

Security Problems with Controlled Access Systems

There was an interesting security tidbit in this article on last week’s post office shooting:

The shooter’s pass to access the facility had been expired, officials said, but she apparently used her knowledge of how security at the facility worked to gain entrance, following another vehicle in through the outer gate and getting other employees to open security doors.

This is a failure of both technology and procedure. The gate was configured to allow multiple vehicles to enter on only one person’s authorization—that’s a technology failure. And people are programmed to be polite—to hold the door for others.

SIDE NOTE: There is a common myth that workplace homicides are prevalent in the United States Postal Service. (Note the phrase “going postal.”) But not counting this event, there has been less than one shooting fatality per year at Postal Service facilities over the last 20 years. As the USPS has more than 700,000 employees, this is a lower rate than the average workplace.

Posted on February 3, 2006 at 6:19 AMView Comments

Shoot-to-Kill

We’ve recently learned that London’s Metropolitan Police has a shoot-to-kill policy when dealing with suspected suicide terrorists. The theory is that only a direct headshot will kill the terrorist immediately, and thus destroy the ability to execute a bombing attack.

Roy Ramm, former Met Police specialist operations commander, said the rules for confronting potential suicide bombers had recently changed to “shoot to kill”….

Mr Ramm said the danger of shooting a suspected suicide bomber in the body was that it could detonate a bomb they were carrying on them.

“The fact is that when you’re dealing with suicide bombers they only way you can stop them effectively—and protect yourself—is to try for a head-shot,” he said.

This policy is based on the extremely short-sighted assumption that a terrorist needs to push buttons to make a bomb explode. In fact, ever since World War I, the most common type of bomb carried by a person has been the hand grenade. It is entirely conceivable, especially when a shoot-to-kill policy is known to be in effect, that suicide bombers will use the same kind of dead-man’s trigger on their bombs: a detonate that is activated when a button is released, rather than when it is pushed.

This is a difficult one. Whatever policy you choose, the terrorists will adapt to make that policy the wrong one.

The police are now sorry they accidentally killed an innocent they suspected of being a suicide bomber, but I can certainly understand the mistake. In the end, the best solution is to train police officers and then leave the decision to them. But honestly, policies that are more likely to result in living incarcerated suspects—and recover well from false alarms—that can be interrogated are better than policies that are more likely to result in corpses.

EDITED TO ADD these comments by Nicholas Weaver:

“One other thing: The suspect was on the ground, and immobilized. Thus the decision was made to shoot the suspect, repeatedly (7 times) in the head, based on the perception that he could have been a suicide attacker (who dispite being a suicide attacker, wasn’t holding a dead-man’s switch. Or heck, wire up the bomb to a $50 heart-rate monitor).

“If this is policy, it is STUPID: There is an easy way for the attackers to counter it, and when you have a subway execution of an innocent man, the damage (in the hearts and minds of british muslims) is immense.

“One thing to remember:

“These were NON uniformed officers, and the suspect was brasilian (and probably didn’t speak very good english).

“Why did he run? What would YOU do if three individuals accosted you, speaking a language which you were unfamiliar with, drawing weapons? You would RUN LIKE HELL!

“I find the blaming the victim (‘but he was running!’) reprehensible.”

ANOTHER EDIT: The consensus seems to be that he spoke English well enough. I don’t think we can blame the officers without a whole lot more details about what happened, and possibly not even then. Clearly they were under a lot of stress, and made a split-second decision.

But I think we can reasonably criticize the shoot-to-kill policy that the officers were following. That policy is a threat to our security, and our society.

Posted on July 25, 2005 at 1:59 PMView Comments

News

Last month I wrote: “Long and interesting review of Windows XP SP2, including a list of missed opportunities for increased security. Worth reading: The Register.” Be sure you read this follow-up as well:
The Register

The author of the Sasser worm has been arrested:
Computerworld
The Register
And been offered a job:
Australian IT

Interesting essay on the psychology of terrorist alerts:
Philip Zimbardo

Encrypted e-mail client for the Treo:
Treo Central

The Honeynet Project is publishing a bi-annual CD-ROM and newsletter. If you’re involved in honeynets, it’s definitely worth getting. And even if you’re not, it’s worth supporting this endeavor.
Honeynet

CIO Magazine has published a survey of corporate information security. I have some issues with the survey, but it’s worth reading.
IT Security

At the Illinois State Capitol, someone shot an unarmed security guard and fled. The security upgrade after the incident is—get ready—to change the building admittance policy from a “check IDs” procedure to a “sign in” procedure. First off, identity checking does not increase security. And secondly, why do they think that an attacker would be willing to forge/steal an identification card, but would be unwilling to sign their name on a clipboard?
The Guardian

Neat research: a quantum-encrypted TCP/IP network:
MetroWest Daily News
Slashdot
And NEC has its own quantum cryptography research results:
InfoWorld

Security story about the U.S. embassy in New Zealand. It’s a good lesson about the pitfalls of not thinking beyond the immediate problem.
The Dominion

The future of worms:
Computerworld

Teacher arrested after a bookmark is called a concealed weapon:
St. Petersburg Times
Remember all those other things you can bring on an aircraft that can knock people unconscious: handbags, laptop computers, hardcover books. And that dental floss can be used as a garrote. And, and, oh…you get the idea.

Seems you can open Kryptonite bicycle locks with the cap from a plastic pen. The attack works on what locksmiths call the “impressioning” principle. Tubular locks are especially vulnerable to this because all the pins are exposed, and tools that require little skill to use can be relatively unsophisticated. There have been commercial locksmithing products to do this to circular locks for a long time. Once you get the feel for how to do it, it’s pretty easy. I find Kryptonite’s proposed solution—swapping for a smaller diameter lock so a particular brand of pen won’t work—to be especially amusing.
Indystar.com
Wired
Bikeforums

I often talk about how most firewalls are ineffective because they’re not configured properly. Here’s some research on firewall configuration:
IEEE Computer

Reading RFID tags from three feet away:
Computerworld

AOL is offering two-factor authentication services. It’s not free: $10 plus $2 per month. It’s an RSA Security token, with a number that changes every 60 seconds.
PC World

Counter-terrorism has its own snake oil:
Quantum Sleeper

Posted on October 1, 2004 at 9:40 PMView Comments

News

Last month I wrote: “Long and interesting review of Windows XP SP2, including a list of missed opportunities for increased security. Worth reading: The Register.” Be sure you read this follow-up as well:
The Register

The author of the Sasser worm has been arrested:
Computerworld
The Register
And been offered a job:
Australian IT

Interesting essay on the psychology of terrorist alerts:
Philip Zimbardo

Encrypted e-mail client for the Treo:
Treo Central

The Honeynet Project is publishing a bi-annual CD-ROM and newsletter. If you’re involved in honeynets, it’s definitely worth getting. And even if you’re not, it’s worth supporting this endeavor.
Honeynet

CIO Magazine has published a survey of corporate information security. I have some issues with the survey, but it’s worth reading.
IT Security

At the Illinois State Capitol, someone shot an unarmed security guard and fled. The security upgrade after the incident is—get ready—to change the building admittance policy from a “check IDs” procedure to a “sign in” procedure. First off, identity checking does not increase security. And secondly, why do they think that an attacker would be willing to forge/steal an identification card, but would be unwilling to sign their name on a clipboard?
The Guardian

Neat research: a quantum-encrypted TCP/IP network:
MetroWest Daily News
Slashdot
And NEC has its own quantum cryptography research results:
InfoWorld

Security story about the U.S. embassy in New Zealand. It’s a good lesson about the pitfalls of not thinking beyond the immediate problem.
The Dominion

The future of worms:
Computerworld

Teacher arrested after a bookmark is called a concealed weapon:
St. Petersburg Times
Remember all those other things you can bring on an aircraft that can knock people unconscious: handbags, laptop computers, hardcover books. And that dental floss can be used as a garrote. And, and, oh…you get the idea.

Seems you can open Kryptonite bicycle locks with the cap from a plastic pen. The attack works on what locksmiths call the “impressioning” principle. Tubular locks are especially vulnerable to this because all the pins are exposed, and tools that require little skill to use can be relatively unsophisticated. There have been commercial locksmithing products to do this to circular locks for a long time. Once you get the feel for how to do it, it’s pretty easy. I find Kryptonite’s proposed solution—swapping for a smaller diameter lock so a particular brand of pen won’t work—to be especially amusing.
Indystar.com
Wired
Bikeforums

I often talk about how most firewalls are ineffective because they’re not configured properly. Here’s some research on firewall configuration:
IEEE Computer

Reading RFID tags from three feet away:
Computerworld

AOL is offering two-factor authentication services. It’s not free: $10 plus $2 per month. It’s an RSA Security token, with a number that changes every 60 seconds.
PC World

Counter-terrorism has its own snake oil:
Quantum Sleeper

Posted on October 1, 2004 at 9:40 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.