Not Surprising? Boeing 787 flight controls vulnerable to hacking (FAA)

You don't have to be a computer security expert to see the problem presented in this revelation, reported by Wired. Heck, your average Internet-using consumer can see the flaw in this:
"The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals."

Shot of Boeing 787 via WikipediaLet us all take a moment to digest the staggering clue-less-ness of such a design.

But while this design flaw may come as a shock to consumers who know--from their own home networking and web surfing--that putting actual flight controls for a real airplane on, or anywhere near, the Internet is a really BAD idea, Boeing's decision to do so will not surprise seasoned security professionals. Why? Because we have learned that large organizations have a peculiar way of keeping their collective intelligence from being collective.

Consider the two very nice Boeing people I met in Paris in 2004...

Read more »
- No comments:

Recommended Reading for Mark Zuckerberg: A free privacy primer

In yesterday's post about 2007 I made a somewhat light-hearted reference to the need for a 'back-to-basics' education in privacy. I also suggested that the Facebook Beacon privacy snafu might not be something other than a privacy ignorance indicator, namely, a calculated attempt to push the limits of user-acceptance of commercial of private data.

Well, the more I read about Facebook Ads, like the use of personal images by commercial advertisers, the more I wonder whether some people really did skip Privacy for Business Owners 101.  On the face of it, pun intended, Facebook Ads comes close to violating several of these fundamental data privacy principles:

  1. There must be no personal data record keeping systems whose existence is secret.

  2. There must be a way for an individual to find out what information about him is in a record and how it is used.

  3. There must be a way for an individual to prevent information about him that was obtained for one purpose being used or made available for other purposes without his consent.

  4. There must be a way for an individual to correct or amend a record of identifiable information about him.

  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.


And where did these principles come from? Some avant-garde, privacy-obsessed Scandanavian country? No, these are the basic privacy principles that were laid out by the U.S. government ten years before Mr. Zuckerman was born.


And if Mr. Zuckerman had taken Privacy 101 he would already know that the first U.S. legislation to consider privacy in the context of computers appeared after Elliot Richardson, who was Richard Nixon’s Secretary for Health, Education and Welfare, commissioned a study of record-keeping practices in the computer age. The resulting report, commonly known as the “HEW Report,” recommended the enactment of a federal “Code of Fair Information Practice” for all automated personal data systems. The code envisioned by HEW contained the above five principles that would be given legal effect as “safeguard requirements” for automated personal data systems. The Privacy Act of 1974 is embodied HEW principles in law, establishing protections for personal data held by the federal government.


Fortunately, both Mr. Zuckerman, and you, dear reader, can learn these and other fascinating facts about privacy for free. Just download the free electronic version of Privacy for Business available at www.privacyforbusiness.com. Who knows, they might just keep the FTC off your back and the feds out of your IT department.
- No comments:

So Long 2007! Reflections on computer security and data privacy

Well, it’s January 2008 and I’m a little late with my end-of-the-year reflections on information security and data privacy in 2007. Nevertheless, here’s my take on what I think were the three top trends/stories/developments. I think 2007 was the year:

  • of the criminal hack

  • of a new shift in privacy concern

  • of important new tools for data security


Read more »
- 2 comments:

Happy New Year!

I'm phoning this in from the snow covered hills of mid-state New York, where the joys [and necessity] of snow-plowing with an ATV are being discovered. I hope everyone out there has a great oh eight!

(With a special thanks to Dana and Clem at the Rose & Kettle for crafting another great New Year's Eve event.)
- 1 comment:

Huckabee Versus Budweiser: Where's the media when you need them?

How many journalists are covering the Republican presidential candidates right now? Probably thousands. But how many have read what front-runner Mike Huckabee hath written? Apparently very few. For example I can't find anyone looking into his attack on Budweiser.

No, I'm not talking about dredging the distant past for lost sermons but a text he published last year: Character Makes a Difference: Where I'm From, Where I've Been, and What I Believe (Paperback, June, 2007).

The problem that Huckabee has with Budweiser is the way the company's advertisements play to the selfish nature of man, for according to Huckabee, "We are not basically good; rather, we are basically self-centered, look to ourselves first, and preserve ourselves first at all costs."
Read more »
- 1 comment:

Amazing Audio Assistant: Free content in convenient format, no fees required

A lot of the Christmas shopping buzz this year has been about digital this and i-that. Unfortunately, a lot of these digital gizmos cost at least $100. Consider iphone and PSP and Wii and digital cameras, pdas, smart phones, and various mp3 players. Not much in this category for the under $50 crowd. But wait, what is that cool silhouette in the corner?

This is a very cool palm-size, hand-held gizmo that I found for under$30. It delivers a non-stop music stream or current news, for weeks on just 2 AA batteries, with no subscription fees. It has a built-in clock and an alarm and operates in multiple languages. It comes with cool ear buds plus a speaker that is actually built into the device, no external pieces or cables required. And the whole thing is totally wireless.

Read more »
- No comments:

Our XO Arrives: ahead of [revised] schedule!

We got our order in on 11/24/07 and our unit arrived yesterday, 12/22/07. A bit of surprise because I got email from OLPC on 12/21/07 saying it would not arrive by 12/24/07. But hey, I'm not complaining. For more on shipping check out this blog.

The timing is a bit unfortunate because we are away for a few days and not there to enjoy it, but we have house sitters who promise to take good care of it until we return. Meanwhile, we can enjoy that warm glow of righteous giving all over the holidays, knowing that OLPC will be delivering our 'given' machine to children in either Afghanistan, Cambodia, Haiti, Mongolia or Rwanda. Yeah!

In the meantime, I am finding all sorts of XO resources popping up. There is One Laptop Per Child News. There is olpc dot com. And there is the OLPC Wiki. Puget Sound has perhaps the first XO User Group. I'm not rating these sites, yet, just listing them for you to check out.
- No comments:

OLPC Getting Closer

Can you do this with your laptop?The excitement is mounting for people who placed an order for the XO under the "Buy-one-get-one" program, previously blogged here. Shipments are now rolling and the wonderful folks at One Laptop Per Child are working round the clock (is it too twee or non-PC to say they are working "like elves"?) to get as many machines as possible shipped to North American customers by the 25th of this month.

If the Fedex truck does not roll up with your XO by then, it will likely arrive shortly thereafter. And if you haven't ordered one yet, and Santa doesn't bring you one, the Give One Get One program is now open through December 31.

I plan to post my review as soon as mine arrives [or the eggnog haze clears, whichever comes later :-)]. In the meantime there is an extensive look at the XO on the blog of veteran LISP programmer Bill Clementson.
- No comments:

Be of Good Cheer: Maria Bamford is here

Okay, so there's nothing particularly Christmassy about Maria Bamford, apart from the [maybe] green background in this pic. But I always feel the need for a good laugh over the holidays and this lady makes me laugh, a lot.

I just got her first audio CD, The Burning Bridges Tour, and it's a gas. Who can resist such gems as "Goddess of Little Lake Pequaym" and "The Pterodactyl Song"? The answer, apparently, is quite a few of my friends, who don't seem to find Maria as hilarious as I do. No mind, I can put on my headphones and guffaw insanely at this true original without scaring the dog too much.

I mean, who else could come up with "My father is really just a series of sound effects." And then proceed to do the sound effects, in a way that is frightening real, at least to this old geezer. However, I am prepared to accept that others might not 'get' this gorgeously amusing comic, so I have two links here that will get you to a bunch of video clips from which you can judge for yourself before you splurge on an album. They are Comedy Central and Maria's official site. Enjoy!
- No comments:

Rough on Romney or Religion? Tim Russert needs a broader perspective

Did you see Meet the Press? Am I the only one who thinks it is unfair to prod Mitt (Republican presidential hopeful) Romney about his religious beliefs? At least there should be some reciprocity. Today we had Tim Russert asking Romney "was it wrong for your faith to exclude [blacks from the priesthood]"? C'mon Tim, are you going to ask Roman Catholic candidates if it is wrong for their faith to continue their ban on women in the priesthood?

And I don't recall Russert, a commentator I normally admire, asking Candidate Lieberman if he was ashamed that his faith did not ordain women rabbis until 1972? For sadly there seems be a lingering institutionalized hypocrisy about religion and politics in America. The advert for America chould read

"We are the land of religious freedom!"
(Some restrictions may apply and your mileage may vary, especially if running for public office. Note that freedom of religion may be interpreted as freedom to chose between a select group of religions. Religion is not optional, non-believers need not apply. Women may be denied equal standing.)

Read more »
- No comments:
Subscribe to: Posts (Atom)