Jesse Ventura vs the TSA

Former-governor Jesse Ventura is no stranger to controversy. As a former pro-wrestler, you might say he thrives on it. And he has been a tireless campaigner for Libertarian values. So, it should come as no shock that he has decided to take the TSA to court over the new pat-down or scan policies of the Transportation Safety Administration. He has an interesting different take on the situation as he has both a Libertarian angle and an Americans-with-Disabilities Act angle, as he has a titanium hip.

According to the lawsuit, Ventura received a hip replacement in 2008, and since then, his titanium implant has set off metal detectors at airport security checkpoints. The lawsuit said that prior to last November officials had used a non-invasive hand-held wand to scan his body as a secondary security measure.

But when Ventura set off the metal detector in November, he was instead subjected to a body pat-down and was not given the option of a scan with a hand-held wand or an exemption for being a frequent traveler, the lawsuit said.

The lawsuit said the pat-down "exposed him to humiliation and degradation through unwanted touching, gripping and rubbing of the intimate areas of his body."

It claims that under TSA's policy, Ventura will be required to either go through a full-body scanner or submit to a pat-down every time he travels because he will always set off the metal detector.

Outrage has become somewhat muted (or numbed) since the original flare-up around Christmas. It'll be interesting to see if this is a catalyst for more activism, or if the American people are too tired of the issue to care at this point.

AT&T leaks personal information for iPad 3G owners

Every day, the choice of AT&T as exclusive partner for Apple seems like a worse and worse decision. Not only have they dropped the unlimited data plans for iPhone and iPad, but now they have leaded personal information for iPad 3G owners. This is a very serious security breach, and affects many, many powerful people. It is time for Apple to take AT&T to the woodshed, or else open up the deal to other providers.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.

It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed.

Google is phasing out Windows in favor of MacOSX

The reason given is security. Apparently, after the Chinese Hack, the company is looking for any operating system with a better security record than Windows. Then again, maybe it is simply an attempt to make nice with Steve Jobs, after the anti-iPhone screeds at Google I/O. (Linux is also an approved alternative to Windows at Google.)

New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”

In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy.

Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems. The greater number of attacks on Windows has much to do with its prevalence, which has made it a bigger target for attackers.

You can expect an exasperated quote from Steve Balmer shortly.

Why It's Still Good To Live In The USA

Delia Lloyd, an American writer living in London, wrote an interesting article on why it's still good to be the USA. It's an interesting read and a pick me up to all of the gloom out there.

What have we come to?

From Townhall.com.

Iraqi Hackers crack Military Dones

For now, insurgents have only gained access to the video feeds from drones, but it appears that using off-the-shelf hacking tools they have gained valuable intelligence about American military operations in Iraq. This highlights the fact the age of dual-use technology is not just about making better toys available to the rest of us, but also about putting sub-standard security into some of our military hardware. This needs to be rethought before any war with a "real" enemy.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to intercept video feeds from Predator unmanned aircraft.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas.

GSM (i.e. Your Cell Phone) has been cracked!

There are days when it pays to be telephobic. I am one of those people who will tend to reply to a phone call with an e-mail, a text message, a tweet, a face-to-face drop-by - anything to avoid having to actually use a telephone. But at the same time, I rely heavily on my iPhone to stay connected, and use it for both casual web browsing AND for doing eCommerce transactions.

It turns out that a group of hackers has hacked the most common cell phone system in the world - GSM and has released the results of the hack into the wild. This means anyone with a radio card, a laptop, and a little know-how can listen in on the cell phone calls of anyone on T-Mobile, AT&T Wireless, and many other providers (Sprint and Verizon use a competing standard called CDMA and are unaffected).

This is potentially a business-killer for GSM cellular companies, especially those who sell to businesses and government users. It is likely well be seeing firmware updates shortly to address the security hole. Or else the cell companies will try to use it as an excuse to make you pay for a new phone and re-up your contract.

Lockdown your Mac

Laptop theft is rarely an issue for me. When traveling, it is rarely far away from me, unless it is back in the hotel room and safely hidden away. But there are times when I need to leave it unattended for a time in a public place now and then. For those times, it is nice to have an app like Lockdown (formerly iAlertU) which provides a simple car-alarm-like interface for your Mac. You can set it to trigger when the laptop is moved, when power is unplugged, or when other operations occur. You unlock it with a simple password - chosen by you. It can even e-mail you a photo of whoever tried to take the device.

A Good Reminder

Comcast to watch your living room

Most of the time when I see a post on Slashdot about some privacy issue I chalk it up to paranoia. So, this morning when I was parusing the site and saw a post about how Comcast plans to monitor who's watching TV, I was about to have my same reaction - the über-geeks are flipping out again. But then I read the article in question, and I have to say - I agree with the über-geeks on this one. Basically, Comcast plans on putting cameras in their equipment that they install in your house (DVR, cable box, etc...), so that they can watch who's watching TV and better program towards the watcher. Sounds like a great idea... until you realize that this kind of technology has about 18,000,000 ways of being misused. To quote the Slashdot post:

While this sounds 'handy,' it also sounds a bit like the TV sets in 1984.

Retraction: Chinese Sub Surprises U.S.S. Kitty Hawk

We here at Mod-Blog are all human and unfortunately, that means we make mistakes. I was discussing the story about the Chinese Sub and the U.S.S. Kitty Hawk today and found out that the article I referenced was misleading. Although the U.S.S. Kitty Hawk was out to sea at the time of the posting, this incident happened during its 2006 winter cruise. I apologize for the erroneous post. The refusal of the Chinese government to dock at Hong Kong did happen this cruise and is considered a big deal.

Chinese Sub Surprises U.S.S. Kitty Hawk

The other day while the U.S. Navy was doing exercises in the Pacific, a Chinese sub surprised them surfacing within range of firing a torpedo or missile at the U.S.S. Kitty Hawk. Now, I happen to know that the U.S.S. Kitty Hawk is one of our older aircraft carriers so perhaps a newer aircraft carrier would have detected the sub, but the Chinese sub had to also slip past at least a dozen surface ships and at least two submarines to get that close. This is a wakeup call that China's friendship is merely one of convenience. We must be on our guard and continuously researcher how to keep our military superior and safe.

iPhone's Old Security Model

An article on Wired has compared the iPhone's security model to Windows 95. The reason is that all applications run at the "root" level which has permission to do anything and everything to the phone. With the announcement that an SDK is coming for the phone so that others can write applications for the iPhone, iPhone users are at risk for their data getting misused or even calls and text messages being sent from their phone without them knowing. Shame on Apple for not having a tighter security model.

Terrorists and Wile E. Coyote

Although this article was posted some time ago, I wanted to pass it on. In some ways, the fear of terrorism is even worse than terrorism itself. Our enemies want us to have our freedoms restricted and to live in fear. When we let our fear of terrorism overwhelm us, we "gladly" give up our liberties in exchange for "protection". Security is something we need to work on, but we need to have the security measures be things that actually protect us and not just give the government more power.

Typically, people who write articles about this come at it from an angle of how the "security measures" really do nothing, but Bruce Schneier over at Wired takes a different angle. Our security response needs to be proportional to the threat and many "terrorists" plans are so riddled with impossibilities that we needn't worry about them especially when traditional means are working fine.

Online Health Records

Microsoft has announced that they want to host your medical records. So does Google and other companies. Kaiser Permanente has had ads on the radio around here that you can e-mail your doctor and get test results online. My wife and I shop online as well as use online banking, but this worries me. I wasn't worried about the Kaiser Permanente system when I heard about it, but that may have been that it's just for their hospitals, doctors, etc. The thought of having multiple health care professionals putting all of my information into one central database just makes me worried. Perhaps it's because it's Microsoft. Maybe I'm just paranoid. On the other hand, it'd be nice to have up to date records at any time. Would you trust a company to store you medical history?

iPhone Security Exploit

Wired has news of a security exploit where an attacker can gain complete access to your iPhone's SMS messages, recent Google Maps locations, etc. The exploit requires that you connect to a compromised WiFi access point.

Update: Title said it was an iTunes exploit, but it's actually an iPhone exploit

AT&T/Cingular Voicemail Insecure

This post does NOT only apply to iPhones, but rather to all AT&T/Cingular customers. It turns out that anyone's voice mail can be easily hacked even if you have set up a basic password.

The AT&T/Cingular voicemail system is configured by default not to ask for a password when you check your voicemail from the handset (it asks for your voicemail password if you call your number from another cell phone and press * when your voicemail answers). Unfortunately, the AT&T/Cingular voicemail system trusts Caller ID to determine if the handset is calling it. Because Caller ID can be spoofed easily.., anyone can gain access into your voicemail by calling you and spoofing your phone number (it will appear as if you are calling yourself when your phone rings) - should you not answer the call, your voicemail will answer and allow the intruder full access to your messages.

Of course, for most of us this is not an issue. I get few voicemails, and all of them can pretty much be broadcast in Prime Time without fear of embarrassment. But still, it could be used for malicious purposes. The linked article does have a method to prevent unauthorized access, as well.

Sir, Put the Spaghetti Sauce Down

As I was going through the security screening at JFK on my recent trip home I noticed a box that of items that were apparently confiscated by TSA. In the box were TWO JARS OF SPAGHETTI SAUCE! Horrors. The person might have taken over the plane by dumping the sauce over peoples' heads. I'm guessing this was confiscated because it was over the three ounces of "gels or liquids" and not in a plastic bag. I've recently wondered if the terrorists might not be better off just coming up with ridiculous plans aimed at making our security measures even more invasive. That way they don't have to worry about losing any of their own people and can sit back and laugh at us when we have restrictive security that doesn't protect us one bit.

The Problem With Security Companies

Wired has an interesting piece on the problem with security companies. The author compares buying security software and hardware to buying a used car, referencing American economist George Akerlof's paper, "The Market for 'Lemons'". Basically, when the seller knows a lot more about the industry / product than the seller, the seller has to look at varying factors, many of which are inaccurate, to make the "best" choice. Because of this, it is the cheapest products or the best marketed products and not the best products that stay available on the market. I know that I have found this when trying to find anti-spyware software for Windows. The best I can do is Google "Top 10" and "anti-spyware" and see what comes up.