Blog


I haven’t heard this one yet, but I look forward to it.

Posted via email from danielmiessler.com | posterous

JERUSALEM – Israel has long held the reputation as home to the world’s most stringent airport security procedures. But most passengers aren’t frisked, there are no intimately revealing body-imaging scanners, and security experts dismiss as misguided the new, more intrusive American approach that requires pat-downs or highly detailed scans of every passenger.

“Taking the bottle of water from the 87-year-old woman at JFK, you will never find an explosive material that is coming from bin Laden,” said Shlomo Harnoy, head of the Sdema Group, an Israeli security consultancy that advises airports abroad. “You are concentrating on the wrong thing.”

Um, yeah.

Posted via email from danielmiessler.com | posterous

A short history of airport security: We screen for guns and bombs, so the terrorists use box cutters. We confiscate box cutters and corkscrews, so they put explosives in their sneakers. We screen footwear, so they try to use liquids. We confiscate liquids, so they put PETN bombs in their underwear. We roll out full-body scanners, even though they wouldn’t have caught the Underwear Bomber, so they put a bomb in a printer cartridge. We ban printer cartridges over 16 ounces — the level of magical thinking here is amazing — and they’re going to do something else.

This is a stupid game, and we should stop playing it.

Yeah, that about captures it.

Posted via email from danielmiessler.com | posterous

In the wake of Saturday’s failed Times Square car bombing, it’s natural to ask how we can prevent this sort of thing from happening again. The answer is stop focusing on the specifics of what actually happened, and instead think about the threat in general.

Posted via web from danielmiessler.com | posterous

“There are more than a 100 million people flying out of UK airports every year and you might be trying to foil one or two terrorist plots,” he says.

“Even if you had a profiling system that was 99.99% accurate, there would be 1 in 10,000 errors.

“If you consider that around 100 million people go through UK airports each year, that would mean 10,000 innocent people would trigger the system.”

“I would hope that in any training of staff, this is really rammed home.

“If you’re not going to cause enormous resentment about this, it’s got to be very delicately handled – maths tells you that.”

A great article on why profiling is nowhere near as easy as it seems.

Posted via web from danielmiessler.com | posterous

The Chinese military has developed a ballistic missile, Dong Feng 21, specifically designed to kill US aircraft carriers: “Because the missile employs a complex guidance system, low radar signature and a maneuverability that makes its flight path unpredictable, the odds that it can evade tracking systems to reach its target are increased. It is estimated that the missile can travel at mach 10 and reach its maximum range of 2000km in less than 12 minutes.” That’s the US Naval Institute talking, remember. They’re understating the case when they say that, with speed, satellite guidance and maneuverability like that, “the odds that it can evade tracking systems to reach its target are increased.”

You know why that’s an understatement? Because of a short little sentence I found farther on in the article—and before you read that sentence, I want all you trusting Pentagon groupies to promise me that you’ll think hard about what it implies. Here’s the sentence: “Ships currently have no defense against a ballistic missile attack.”

That’s right: no defense at all. The truth is that they have very feeble defenses against any attack with anything more modern than cannon. I’ve argued before no carrier group would survive a saturation attack by huge numbers of low-value attackers, whether they’re Persians in Cessnas and cigar boats or mass-produced Chinese cruise missiles. But at least you could look at the missile tubes and Phalanx gatlings and pretend that you were safe. But there is no defense, none at all, against something as obvious as a ballistic missile.

Stunning.

Posted via web from danielmiessler.com | posterous

What nobody in authority thinks us grown-up enough to be told is this: We had better get used to being the civilians who are under a relentless and planned assault from the pledged supporters of a wicked theocratic ideology. These people will kill themselves to attack hotels, weddings, buses, subways, cinemas, and trains. They consider Jews, Christians, Hindus, women, homosexuals, and dissident Muslims (to give only the main instances) to be divinely mandated slaughter victims. Our civil aviation is only the most psychologically frightening symbol of a plethora of potential targets. The future murderers will generally not be from refugee camps or slums (though they are being indoctrinated every day in our prisons); they will frequently be from educated backgrounds, and they will often not be from overseas at all. They are already in our suburbs and even in our military. We can expect to take casualties. The battle will go on for the rest of our lives. Those who plan our destruction know what they want, and they are prepared to kill and die for it. Those who don’t get the point prefer to whine about “endless war,” accidentally speaking the truth about something of which the attempted Christmas bombing over Michigan was only a foretaste. While we fumble with bureaucracy and euphemism, they are flying high.

Posted via web from danielmiessler.com | posterous

uncertainty

I love content like this that opens one’s mind to the flawed ways in which we’re processing input. This is a site to watch. ::

Links

[ Understanding Uncertainty | understandinguncertainty.org ]

atheism

We’ve been debating agnosticism and atheism here for the last couple of weeks. One of the sub-arguments that has pronounced itself has come from my general proposition that religion is harmful.

My friend CarlM has repeatedly argued against this. His argument seems to be that religion is not the actual cause of any danger, but rather one of several means or instruments that can be used to commit evil–just like guns. He has challenged me to substitute the word “guns” in any argument I make about the danger of religion, as he thinks they are both simply means, and thus interchangeable.

So I will try here and now to concisely argue why religion is in fact more dangerous than handguns.

When we talk of harm being caused by humans to other humans, and we seek to understand why it happens in order to stop it, it is important to identify the variables involved. It’s also important to differentiate between active and passive participants.

So if I, for example, I am angry at my neighbor’s car exhaust kit, and I pick up a stone in the yard and hurl it at my neighbor’s head–causing a wound–it is fairly difficult for me to blame the stone. In this case, as most will agree, the stone was completely passive, and the real problem here was that I threw it at someone’s head.

One could make the argument, however, that there were simply too many stones in the yard, and that this made it too easy for me to throw one at someone. This is a silly argument because stones are plentiful in nature and are not much more dangerous than many other things found in the natural world. So I won’t be setting this up as a strawman argument on behalf of Carl.

So, to blame the stone in that case is completely illogical, and if that were Carl’s argument then I would have already won. But it isn’t. The strength of Carl’s argument comes with the creation of efficient killing machines–e.g. handguns.

Let us imagine that there are certain variables to the causation of harm between humans, and the total is a product of these variables. Let’s try to list them:

  1. The belief it’s either ok, OR the inability to control anger that would be unacceptable to the human in less emotional circumstances. We’ll call this WILLINGNESS.

  2. Ease of access to a weapon that will satisfy the feeling of aggression. We’ll call this ACCESS.

  3. The lethality of the weapon. LETHALITY

These combine via multiplication to produce a product, so if any of the three are zero we have no harm caused. Let’s say all have a range of 1-10, so we have a maximum of a 1000 harm score.

WILLINGNESS x ACCESS x LETHALITY = HARM

Let’s test this with model with my rock. The willingness–in this case coming from anger and not an actual justification that I would have were I not mad– was high, and the access was high, but the lethality was very low. So let’s say:

7 x 7 x 2 = 98

Yes, the numbers are arbitrary, but I promise to try to be fair.

To Carl’s argument, let’s decrease the access level some and increase the lethality:

7 x 5 x 5 = 175

So, almost double. I agree with this being bad, so on that point I do not object.

But with religion I think we need to add an entirely new variable–namely CONTAGIOUSNESS. This variable will indicate how likely others are to increase their own WILLINGNESS to cause harm–in this case from a belief in justification rather than an inability to control temporary anger.

Let’s modify the formula to include it.

WILLINGNESS x CONTAGIOUSNESS X ACCESS X LETHALITY = HARM (total now 10,000)

And let’s recalculate my score with the stone:

7 x 2 x 7 x 2 = 196 out of 10,000 (pretty low)

And now with a handgun:

7 x 2 x 5 x 5 = 350/10,000 (still pretty low, but much higher)

So this is where my argument about religion comes in. Religion can raise the WILLINGNESS and CONTAGIOUSNESS values, whereas weapons cannot. Weapons can only raise the ACCESS and LETHALITY values, which I am arguing are far less significant.

For example: I believe a large percentage of the American public, if told by President Bush, that the best method for dealing with the Iraq or Iran or Afghanistan, which are mostly Muslim (and therefore against God), was to level the place and start over–would go along with it.

They’d basically say:

Well, this is unfortunate, and I don’t like it, but you have to do what you have to. They hate Jesus and want to hurt us. They want to make my little angel into a Muslim and marry her off at 9!

And so when it comes time to man the Crusade, they’ll happily send Billy off to kill bad guys abroad. Let’s do the calculation for this:

8 x 8 x 7 x 7 = 3136

The key here is that there is another actor that has entered the mix. It’s not the Christian who wants to hurt the Muslim, and it’s not the Muslim. It’s God. God becomes an EXTREMELY powerful force for raising the WILLINGNESS and CONTAGIOUSNESS in our harm equation.

In short, God telling someone that person x is against them is a CAUSE of WILLINGNESS. The CONTAGIOUSNESS is contained within the Bible and all the Churches across the country fostering the belief that this WILLINGNESS to harm others is justified. And this is religion doing this, not the M16 or the cluster bombs that will be used to actually do the harm (LETHALITY).

Conclusion

WILLINGNESS x CONTAGIOUSNESS x access x lethality = Harm

So here’s the knight’s move:

  1. WILLINGNESS is the variable we should seek to control the most, as in the years to come it will continue to get easier to gain ACCESS and LETHALITY, and the only long-term solution is to limit our WILLINGNESS to cause harm to others.
  2. Therefore, anything that raises WILLINGNESS is the cause of the most harm, and this includes most notably doctrines or religions that, through Biblical texts and/or churches, teach that the creator of the entire universe is being offended by x, y, or z.
  3. This why religion is much more dangerous than handguns: it serves both as a justification for inflicting said harm, and as means of spreading this willingness to others.

::

This is a Craigslist posting out of Savannah, Georgia:

To the Guy Who Mugged Me Downtown (Downtown, Savannah)

I was the white guy with the black Burberry jacket that you demanded I hand over shortly after you pulled the knife on me and my girlfriend. You also asked for my girlfriend’s purse and earrings. I hope you somehow come across this message. I’d like to apologize.

I didn’t expect you to crap your pants when I drew my pistol after you took my jacket. Truth is, I was wearing the jacket for a reason that evening, and it wasn’t that cold outside. You see, my girlfriend had just bought me that Kimber 1911 .45 ACP pistol for Christmas, and we had just picked up a shoulder holster for it that evening. Beautiful pistol, eh? It’s a very intimidating weapon when pointed at your head, isn’t it?

I know it probably wasn’t a great deal of fun walking back to wherever you’d come from with that brown sludge flopping about in your pants. I’m sure it was even worse since you also ended up leaving your shoes, cell phone, and wallet with me. I couldn’t have you calling up any of your buddies to come help you try to mug us again. I took the liberty of calling your mother, or “Momma” as you had her listed in your cell, and explaining to her your situation. I also bought myself some gas on your card. I gave your shoes to one of the homeless guys over by Vinnie Van Go Go’s, along with all of the cash in your wallet, then I threw the wallet itself in a dumpster.

I called a bunch of phone sex numbers from your cell. They’ll be on your bill in case you’d like to know which ones. Alltel recently shut down the line, and I’ve only had the phone for a little over a day now, so I don’t know what’s going on with that. I hope they haven’t permanently cut off your service. I was about to make some threatening phone calls to the DA’s office with it. Oh well.

So, about your pants. I know that I was a little rough on you when you did this whole attempted mugging thing, so I’d like to make it up to you. I’m sure you’ve already washed your pants, so I’d like to help you out. I’d like to reimburse you for the detergent you used on the pants. What brand did you use, and was it liquid or powder? I’d also like to apologize for not killing you and instead making you walk back home humiliated. I’m hoping that you’ll reconsider your choice of path in life. Next time you might not be so lucky. If you read this message, e-mail me and we’ll do lunch and laundry.

Peace! – Alex

obama_official_photo

So we’ve heard all the arguments about Republicans being strong on defense, and Democrats being weak in this area. This isn’t one of those arguments. It is true, however, that we will likely be attacked again, in the United States, as a result of Obama being President.

The reason for this is that terrorists don’t want a healer in power. Terrorists want to be hunted an oppressed; their ability to recruit and amass power feeds on feelings of unjust prosecution by the evil. So when Obama steps up and says, “It’s a new day; let’s talk.” he reduces the power of the terrorist leadership. He takes away, to a significant degree, the ability to claim that killing innocent people is the only option.

Terrorists loved Bush, and they wish McCain had won. Bush grew their ranks more than anyone before him. Sure, he did some damage to them as well, but they love to be injured by those their followers hate; it just makes them stronger.

In short, Obama’s openness and ability to reduce global hatred for the United States is a direct threat to the livelihood of terrorist leadership. As he begins making progress on his agenda there will be significantly less support for operations that harm the U.S., as we will once again be seen as a positive force rather than a negative one.

But there’s a solution for them–attack us again on our own soil. This will result in a very predictable series of events:

  1. It will (falsely) vindicate Bush by showing that his actions were for a reason. In short, the sentiment will be, “Well, whatever Bush did…at least he kept us safe.”
  2. This will lead to a forced, massively non-progressive swing by Obama. He’ll have no choice but to implement an approach very similar to Bush’s, which the world will hate and will lead to more power for the attackers.
  3. But this won’t be enough. At the end of Obama’s term, he’ll be replaced by a “strong conservative” who can “keep us safe”. And we won’t be attacked again during his term because his backward policies (like Bush’s) will once again grow their power.

It’s simple. We’re about to be played. Terrorists need someone like Bush in charge of the United States in order to further their own goals, and attacking us during Obama’s administration is the best way to bring that about.

So keep your eyes open. Not for a potential terrorist attack (you have a better chance of dying from a lighting strike). No, keep your eyes open for the reaction to it, if it happens. Our ability, as a nation, to see through such a tactic will be absolutely crucial. ::

image_brain
Image from wired.com

Holy shit. I mean, yeah, I knew this would eventually happen–maybe 5 or 10 years from now, but damn.

These scientists in Japan can show people a word and then pull it back out of their brain–without even touching them (fMRI). I add that last part because it’d still be cool if they needed to be jacked into their skull to do it. But no, they don’t.

Wicked brutal stuff. Here’s a funny quote from this article about it:

The researchers suggest a future version of this technology could be applied in the fields of art and design…

Yeah, that’s the first thing I thought of, too. You can read people’s minds from a distance, and now we’ll be able to do better art. Someone needs to get out more.

gate_bypass
Image from infosecblog.org

I have a wicked crazy idea.

What if we in the information security community were to organize a campaign to get level-headed, rational thinkers into positions of influence (as advisors) to Obama’s administration. I’m thinking of people like Lawrence Lessig (who I understand is a friend of Obama already), and Bruce Schneier.

I actually pitched the idea to Bruce Schneier in person at the Security Bloggers Meetup at RSA this year. He was on his way out, so we didn’t like go into it, but he told me he’d be interested. So then I called Rich Mogull and asked him what he thought. He had some good input on the topic, and he then clued me in on the Lessig angle.

The Pitch

The United States needs to fundamentally revisit how it approaches security. We need to incorporate more of Schneier’s approach, i.e. addressing risks based on their true weight rather than the weight our irrational human minds assign to them. And Obama is the type of person who can 1) understand this concept, and 2) might actually take action.

Imagine no more wasted millions on security measures that have virtually no effectiveness. And think of what we could do if we invested that money in measures that could actually make a difference.

Obama can do this. He’s our best shot at a leader who will listen to logic. And we, in this small but talented and vocal community, could perhaps organize a meeting between some true experts and Obama’s people.

Think about it. Lessig, Ranum, Scheier, Bejtlich…overseeing (or at least advising) a logical overhaul (with others in his staff of course) of our existing and antiquated approaches to security.

What do you guys think?

Stratfor Awareness Video

October 25th, 2008 | Security

I’ve recently been turned on to Stratfor (thanks John Heasman), which is a private intelligence organization that serves as an extremely interesting source of information.

Anyway, they have an interesting video on their site about how people tend to miss things they aren’t looking for. Check it out.