I learned a valuable lesson yesterday: when you lock your computer to your hotel room desk, and you put the cable-lock key in your pocket, you have to remove the key from your pocket before sending the slacks down to the laundry.
This realization crept up on me over a very quiet 90-second period that started when I looked in my room safe for the key and didn't find it there.
I won't keep you in suspense: housekeeping found and returned the key this morning. This is good, because I had no idea how I was going to fit the desk in the overhead compartment on my flight home.
Photos and reviews of Ribfest tomorrow morning. Right now, though, I'm all about the novelty of updating TDP from my phone. Also tomorrow, I'll explain why this is a bigger deal than it seems.
Via Bruce Schneier, a demonstrably incompetent police chief in the UK has resigned after mishandling a secret document:
Police were forced to carry out raids on addresses in the north-west of England in broad daylight yesterday, earlier than planned, after [Bob] Quick, the Metropolitan police's assistant commissioner [and senior-most counter-terrorism official], was photographed carrying sensitive documents as he arrived for a meeting in Downing Street.
A white document marked "secret", which carried details of the operation being planned by MI5 and several police forces, was clearly visible to press photographers equipped with telephoto lenses.
Yesterday, realising the existence of the photographs of the document – which included the names of several senior officers, sensitive locations and details about the nature of the overseas threat – the government imposed a "D notice" to restrict the media from revealing the contents of the picture.
The Guardian article has a photo of the document, taken as Quick got out of his car.
Police also revealed that Quick's Windows password was "bob1" and that he routinely leaves his keys in his car "so [he'll know] where to find them."
Two examples of totally ineffective security responses in today's news. First, in suburban Chicago, a commuter-rail ticket agent called police about a man with a gun boarding a train, causing a two-hour delay as heavily-armed cops evacuated and searched the train. They found the man with the gun when the man in question saw the commotion and identified himself as a Secret Service agent, not realizing he was himself the target of the search:
Metra spokeswoman Judy Pardonnet said the incident began when a plainclothes Secret Service agent asked a Naperville ticket agent whether there were metal detectors aboard the BNSF Line train and indicated he was carrying a gun.
Kristina Schmidt of the Secret Service office in Chicago said a preliminary review showed the agent had acted properly and identified himself to the ticketing staff.
Schmidt said the agent noticed the Metra employees eyes go to his waist and look at his service weapon as he was taking out his wallet to buy a ticket.
"He verbally identified himself as law enforcement and said that he was armed," Schmidt said. "That was pretty much the extent of their conversation."
Assuming all was fine, the agent boarded the train, she said.
It was a few minutes later that police boarded the train. The agent again identified himself, Schmidt said, not realizing his interaction with the Metra employee had led to the train being stopped.
The ticket agent had told police a suspicious man was asking "unusual questions that were security-based" at the Naperville Metra station, Naperville Police Cmdr. Dave Hoffman had said. Officers were unsure if the man got on the train so authorities decided to stop it near Lisle to search for him, he said.
Farther afield, in the U.K., a official for a prision lost an encrypted memory stick containing personal health information about prisoners. The problem? The password was taped to the stick (via Bruce Schneier):
Health bosses have apologised after a memory stick containing patient information was lost at Preston Prison.
An urgent investigation was launched after the USB data stick – with the password attached to it on a memo note – went missing on Tuesday, December 30.
The stick may have contained information of up to 6,360 patients.
Kudos to everyone involved for using your heads and keeping us all safe!
Via Bruce Schneier, a woman brought clearly-labeled gunpowder through a TSA checkpoint, in the regulation size baggies:
Mind you, I had packed the stuff safely. It was in three separate jars: one of charcoal, one of sulphur, and one of saltpetre (potassium nitrate). Each jar was labeled: Charcoal, Sulphur, Saltpetre. I had also thoroughly wet down each powder with tap water. No ignition was possible. As a good citizen, I had packed the resulting pastes into a quart-sized "3-1-1" plastic bag, along with my shampoo and hand cream. This bag I took out of my messenger bag and put on top of my bin of belongings, turned so that the labels were easy for the TSA inspector to read.
I expect she'll get noticed the next time she flies...
From my dad, yet another New York Times article to make you all warm and fuzzy inside:
Thieves Winning Online War, Maybe in Your PC
Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.
As more business and social life has moved onto the Web, criminals thriving on an underground economy of credit card thefts, bank fraud and other scams rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A Russian company that sells fake antivirus software that actually takes over a computer pays its illicit distributors as much as $5 million a year.
I spent part of this afternoon rooting around in my email correspondance from 1999 and 2000. Forgetting the wherefores and whatnots of the emails themselves, just getting into the Outlook files proved difficult. How many passwords does anyone remember from nine years ago? I actually remember a few, but not, unfortunately, the ones I needed.
Sure, I found them eventually, but heavens. That's half an hour of my life I'll never get back, and it was my own fault.
I've largely solved Yesterday's frustration (more of a PEBCAK issue than anything else, wouldn't you know?) so now I have a new one: the touchpad on my laptop isn't working. It's probably a driver issue, but still, it makes navigating—doing anything, really—that much more difficult.
Anyway. On to New York for my first-and-only Yankees game.
Forgot to mention: Philadelphia beat Altanta 12-10 yesterday. As soon as I get my technical problems fixed I'll have photos of the massive thunderstorm that caused a two-hour rain delay. And after a nail-biting day when the Cubs and Milwaukee were tied for first place, the Cubs won and Milwaukee lost, putting us a full game up once again.
Windows is designed to be secure (don't laugh). One security measure is to lock users out after a certain number of failed login attempts. Vista, however, tries lots more times to login than you might think. So, even if you mis-type your password once or twice, Vista might think the KGB is trying to break into your laptop and lock you out.
I know this because, 36 hours into a 7-day trip, I appear to be locked out of my laptop.
Now, I can unlock my laptop in seconds by logging in while connected physically my network. Only problem, my network is 1100 km away and I won't reconnect to it for a few days.
So, great, at least my laptop is secure from someone who knows my UID and password. Of course, if someone ripped the hard drive out and connected it to another machine, he could read the unencrypted parts without any problem. Since I would like to keep the laptop intact, and it's the encrypted parts that I kind of need right now, it's inconvenient, to say the least.
When I calm down and I don't want to beat the Windows Vista team lead over the head repeatedly with my laptop, I'll explain why this "security" only matters if you aren't actually a malicious hacker, and why if you are a malicious hacker it's irrelevant. In other words, what I'm going through at this exact moment is much like the people lining up for crosses in Monty Python's Life of Brian: it'll only hurt if you're honest.