The Daily Parker

Politics, Weather, Photography, and the Dog

Because little planes are SCARY

The Aircraft Owners and Pilots Association reports that an enormous block of airspace around Washington is off-limits to general aviation tonight because of the State of the Union Address:

During the president's speech to Congress and the nation, no flights are allowed to or from any of the 21 airports within the Washington, D.C., ADIZ, including pattern work. The special ingress/egress procedures for the "DC-3" airports inside the Flight Restricted Zone are also suspended. Only IFR flights to and from Washington Dulles International (IAD) and Baltimore/Washington International Thurgood Marshall (BWI) airports will be allowed.

This is what security expert Bruce Schneier calls "security theater."

Botnets go mainstream

The New York Times picked up the ongoing story of botnets, networks of computers that spammers and other miscreants have taken over:

According to the annual intelligence report of MessageLabs, a New York-based computer security firm, more than 80 percent of all spam now originates from botnets. Last month, for the first time ever, a single Internet service provider generated more than one billion spam e-mail messages in a 24-hour period, according to a ranking system maintained by Trend Micro, the computer security firm. That indicated that machines of the service providers' customers had been woven into a giant network, with a single control point using them to pump out spam.

Users, ISPs, users, software vendors, and users contribute to the problem:

Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely.

Note that Winkler's computer probably ran slowly because it had already gotten infected, and the ISP's security software had a lot of work to do because of this.

At least with the Times picking up the story, perhaps more people will notice.

Security Theater

The New York Times (reg.req.) has finally picked up a year-old article by security expert Bruce Schneier, taking the TSA to task for concentrating more on theater than actual security:

FOR theater on a grand scale, you can’t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration.
As passengers, we tender our boarding passes and IDs when asked. We stand in lines. We empty pockets. We take off shoes. We do whatever is asked of us in these mass rites of purification. We play our assigned parts, comforted in the belief that only those whose motives are good and true will be permitted to pass through.
Of course, we never see the actual heart of the security system: the government’s computerized no-fly list, to which our names are compared when we check in for departure. The T.S.A. is much more talented, however, in the theater arts than in the design of secure systems. This becomes all too clear when we see that the agency’s security procedures are unable to withstand the playful testing of a bored computer-science student.

Four billion dollars to airport security that doesn't work. Could we expect anything more from this Administration (762 days, 2 hours left)?

This conversation may be monitored for quality purposes

Bruce Schneier writes today about a pernicious loss of privacy and our complacency about that:

Fewer conversations are ephemeral, and we’re losing control over the data. We trust our ISPs, employers and cellphone companies with our privacy, but again and again they’ve proven they can’t be trusted. Identity thieves routinely gain access to these repositories of our information. Paris Hilton and other celebrities have been the victims of hackers breaking into their cellphone providers’ networks. Google reads our Gmail and inserts context-dependent ads.

Taking passwords to the grave

CNet raises an interesting problem: what happens if you die without telling anyone your passwords? It could be a real problem for your heirs:

"He did not keep a hard copy address book. I think everything was online," said [San Francisco poet William] Talcott's daughter, Julie Talcott-Fuller. "There were people he knew that I haven't been able to contact. It's been very hard."
"Yahoo (his e-mail provider) said it wouldn't give out the information due to privacy laws, but my dad is dead so I don't understand that," she said.

One solution is to use a secure password storage facility, like Bruce Schneier's Password Safe, and then put the master password in trusted escrow like a safe-deposit box or your attorney's office. Of course, you'll have to keep up with this, because you'll change your master password at least every three months, right?