Not Surprising? Boeing 787 flight controls vulnerable to hacking (FAA)

You don't have to be a computer security expert to see the problem presented in this revelation, reported by Wired. Heck, your average Internet-using consumer can see the flaw in this:
"The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals."

Shot of Boeing 787 via WikipediaLet us all take a moment to digest the staggering clue-less-ness of such a design.

But while this design flaw may come as a shock to consumers who know--from their own home networking and web surfing--that putting actual flight controls for a real airplane on, or anywhere near, the Internet is a really BAD idea, Boeing's decision to do so will not surprise seasoned security professionals. Why? Because we have learned that large organizations have a peculiar way of keeping their collective intelligence from being collective.

Consider the two very nice Boeing people I met in Paris in 2004...

Read more »
- No comments:

Recommended Reading for Mark Zuckerberg: A free privacy primer

In yesterday's post about 2007 I made a somewhat light-hearted reference to the need for a 'back-to-basics' education in privacy. I also suggested that the Facebook Beacon privacy snafu might not be something other than a privacy ignorance indicator, namely, a calculated attempt to push the limits of user-acceptance of commercial of private data.

Well, the more I read about Facebook Ads, like the use of personal images by commercial advertisers, the more I wonder whether some people really did skip Privacy for Business Owners 101.  On the face of it, pun intended, Facebook Ads comes close to violating several of these fundamental data privacy principles:

  1. There must be no personal data record keeping systems whose existence is secret.

  2. There must be a way for an individual to find out what information about him is in a record and how it is used.

  3. There must be a way for an individual to prevent information about him that was obtained for one purpose being used or made available for other purposes without his consent.

  4. There must be a way for an individual to correct or amend a record of identifiable information about him.

  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.


And where did these principles come from? Some avant-garde, privacy-obsessed Scandanavian country? No, these are the basic privacy principles that were laid out by the U.S. government ten years before Mr. Zuckerman was born.


And if Mr. Zuckerman had taken Privacy 101 he would already know that the first U.S. legislation to consider privacy in the context of computers appeared after Elliot Richardson, who was Richard Nixon’s Secretary for Health, Education and Welfare, commissioned a study of record-keeping practices in the computer age. The resulting report, commonly known as the “HEW Report,” recommended the enactment of a federal “Code of Fair Information Practice” for all automated personal data systems. The code envisioned by HEW contained the above five principles that would be given legal effect as “safeguard requirements” for automated personal data systems. The Privacy Act of 1974 is embodied HEW principles in law, establishing protections for personal data held by the federal government.


Fortunately, both Mr. Zuckerman, and you, dear reader, can learn these and other fascinating facts about privacy for free. Just download the free electronic version of Privacy for Business available at www.privacyforbusiness.com. Who knows, they might just keep the FTC off your back and the feds out of your IT department.
- No comments:

So Long 2007! Reflections on computer security and data privacy

Well, it’s January 2008 and I’m a little late with my end-of-the-year reflections on information security and data privacy in 2007. Nevertheless, here’s my take on what I think were the three top trends/stories/developments. I think 2007 was the year:

  • of the criminal hack

  • of a new shift in privacy concern

  • of important new tools for data security


Read more »
- 2 comments:

Happy New Year!

I'm phoning this in from the snow covered hills of mid-state New York, where the joys [and necessity] of snow-plowing with an ATV are being discovered. I hope everyone out there has a great oh eight!

(With a special thanks to Dana and Clem at the Rose & Kettle for crafting another great New Year's Eve event.)
- 1 comment:

Huckabee Versus Budweiser: Where's the media when you need them?

How many journalists are covering the Republican presidential candidates right now? Probably thousands. But how many have read what front-runner Mike Huckabee hath written? Apparently very few. For example I can't find anyone looking into his attack on Budweiser.

No, I'm not talking about dredging the distant past for lost sermons but a text he published last year: Character Makes a Difference: Where I'm From, Where I've Been, and What I Believe (Paperback, June, 2007).

The problem that Huckabee has with Budweiser is the way the company's advertisements play to the selfish nature of man, for according to Huckabee, "We are not basically good; rather, we are basically self-centered, look to ourselves first, and preserve ourselves first at all costs."
Read more »
- 1 comment:

Amazing Audio Assistant: Free content in convenient format, no fees required

A lot of the Christmas shopping buzz this year has been about digital this and i-that. Unfortunately, a lot of these digital gizmos cost at least $100. Consider iphone and PSP and Wii and digital cameras, pdas, smart phones, and various mp3 players. Not much in this category for the under $50 crowd. But wait, what is that cool silhouette in the corner?

This is a very cool palm-size, hand-held gizmo that I found for under$30. It delivers a non-stop music stream or current news, for weeks on just 2 AA batteries, with no subscription fees. It has a built-in clock and an alarm and operates in multiple languages. It comes with cool ear buds plus a speaker that is actually built into the device, no external pieces or cables required. And the whole thing is totally wireless.

Read more »
- No comments:

Our XO Arrives: ahead of [revised] schedule!

We got our order in on 11/24/07 and our unit arrived yesterday, 12/22/07. A bit of surprise because I got email from OLPC on 12/21/07 saying it would not arrive by 12/24/07. But hey, I'm not complaining. For more on shipping check out this blog.

The timing is a bit unfortunate because we are away for a few days and not there to enjoy it, but we have house sitters who promise to take good care of it until we return. Meanwhile, we can enjoy that warm glow of righteous giving all over the holidays, knowing that OLPC will be delivering our 'given' machine to children in either Afghanistan, Cambodia, Haiti, Mongolia or Rwanda. Yeah!

In the meantime, I am finding all sorts of XO resources popping up. There is One Laptop Per Child News. There is olpc dot com. And there is the OLPC Wiki. Puget Sound has perhaps the first XO User Group. I'm not rating these sites, yet, just listing them for you to check out.
- No comments:
Subscribe to: Posts (Atom)