Category: Security

Wednesday, 25 July 2007

Thursday, 1 February 2007

The Power of 1 Slice of Bread

by Garrick van Buren Comments Off on The Power of 1 Slice of Bread

Every wonder why there aren’t as many open-face sandwiches for sale in your local supermarket. No?…..well, it’s political:

“USDA inspects manufacturers of packaged open-face meat or poultry sandwiches (e.g., those with one slice of bread), but FDA inspects manufacturers of packaged closed-face meat or poultry sandwiches (e.g., those with two slices of bread).” – U.S. Government Accountability
Office, High Risk Series: An Update

The upshot is – by adding one more piece of bread, sandwich manufacturers can sell their product without explicit approval from a government acronym and get inspected every 5 years – rather than daily.

Friday, 12 January 2007

Feeling Temporarily Secure

by Garrick van Buren Comments Off on Feeling Temporarily Secure

I’ve been to handful of airports – the underlying architecture of them all is: open, flowing, permanent.

The ironic exception is the airport checkpoints – like pop-up stores in malls. Foldable tables, movable queue markers, equipment on wheels – makes it feel so temporary. Like it just might packed up and gone tomorrow.

“The tables aren’t quite at the right height to smoothly enter the X-ray machines, bins slide off the edges of tables, there’s never enough space or seating for putting shoes back on as you leave the screening area, basic instructions have to be yelled across crowded hallways.” – Matt Blaze

Wednesday, 20 December 2006

A Cry for Help

by Garrick van Buren Comments Off on A Cry for Help

If a month-old baby going through an x-ray machine can’t bring a heavy dose of common sense to the TSA, what will?

“Nico Melendez, a spokesman for the Transportation Security Administration, which manages LAX screeners, said the agency doesn’t have enough workers to constantly stand at tables in front of the screeners to coach passengers on what should or should not be sent through X-ray machines.” – Jennifer Oldham, Los Angeles Times

[via Bruce Schneier]

Friday, 1 December 2006

Thursday, 2 November 2006

We’ll Get Better Security When it Makes Business Sense

by Garrick van Buren Comments Off on We’ll Get Better Security When it Makes Business Sense

“Before the photo ID requirement, these tickets were regularly advertised in classified pages: “Round trip, New York to Los Angeles, 11/21-30, male, $100.” Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.” – Bruce Schneier

Thursday, 28 September 2006

Security is Really Customer Service in Disguise

by Garrick van Buren Comments Off on Security is Really Customer Service in Disguise

A confused, elderly woman with a full, knotted, plastic shopping bag was in front of the scanner. The security checkpoint line out of Minneapolis stalled as I put all my stuff in multiple bins.

When a uniformed TSA person asked her if she had a boarding pass, she mumbled the need for help getting a ticket for Transworld Airlines.

“I can’t help you ma’am, I’m the supervisor and I could lose my job if I left my post.”

After a couple exchanges identical to this, the supervisor thankfully handed the woman off to another TSA person.

Reminded me how customer service is smarter, cheaper, more effective, and generally happier than level-orange security.

Reminds me, why are airports so dreary and generally unhappy. Thankfully, Ze Frank gave me the airport smile I was looking for.

Wednesday, 16 August 2006

Thursday, 10 August 2006

No Passengers Equals No Threats?

by Garrick van Buren Comments Off on No Passengers Equals No Threats?

A terrorist threat is thwarted in London.

The reaction here and there – making flying more uncomfortable for everyone else, heighten the ‘threat alert’ to ‘red’ (because something might happen we’re not aware of? – hmmm. I felt more secure).

Seems that with the plot foiled, we should be _safer_ in the immediate short term – not less so.

Bruce Schneier on the new no carry-on rules (as always, read the comments).

Doc Searls from the front of the line…er front lines. Good luck Doc.

As always, insightfulness and thoughtfulness on risk comes from our comedians – Ze Frank on Red810.

Thomas P.M. Barnett on the terrorists’ success being the disruption they caused.

Great stuff from Rex Hammock:

“I’ve discovered I have less tolerance for someone else — especially a producer at a cable new channel — determining the priorities and sources of my information on such a story.” and “The stock market stood rock solid and even airline stocks were up.”

Monday, 5 June 2006

Advice to Web Developers: Forget the Password

by Garrick van Buren Comments Off on Advice to Web Developers: Forget the Password

This weekend while wandering down the aisles of our local Super Target, we found a dinner table and a side board we though would go great in our living/dining room. After checking out, a couple of teenage boys wheeled the still flat-packed pieces to our awaiting PT Cruiser.

Now, after flattening the inside of the car, both pieces fit. Though either Jen or myself wouldn’t. We kindly asked the boys if they could hold the pieces until I returned.

Sure.

After dropping Jen and the little man home, I returned to pick up the furniture – now in the Customer Service area.

“I’m here for those pieces.”

“Do you have the receipt?”

“No.”

We chatted for a bit, trying confirm that the pieces were in-fact mine and paid for sans receipt.

I told her we couldn’t take them before, because we couldn’t get them both in the car.

She called over the same teenage boy and off we went.

One of my bigger irritations these days is with the number of passwords I need to remember to try out the latest browser-based Web2dotOhGodNo beta.

Frequently, there’s no real need for a specific web service to require registration of a unique identity, let alone I’ve already generated a pile of them elsewhere (can’t I use one of those?).

Sometimes, my browser will pre-populate the login/pass – that’s great while at the same time completely defeating the purpose of security. Security and identity are separate concepts, though security may confirm identity, there are other ways.

Point is the two concepts are mixed up so much there’s an inherent security problem.
The more passwords I create, use, manage, and remember on a regular basis, the greater the chance I’ll use something like “1234” and the whole ecosystem becomes insecure.

I’m using Apple’s Keychain Access to store passwords both me and my browser have since forgotten. Passwords for trials that have expired and services that no longer exist. Thing is, I’m far less likely to click ‘forgot password’ than I am to never return (Who knew Friendster was still around?).

Forget the password, it’s a security risk for customers and a barriers-to-entry for providers.

ELSEWHERE:

“Some teens chew through IM handles like candy; their nicks are things like “o-so-funny” rather than the first name, last name standard that seems to pervade professional worlds. It’s not seen as something to build an extensive identity around, but something to use to talk to friends in the moment.” – Dana Boyd