Debt Ceiling, Dr. Who, Tigger … and more

Tim Harford, The Undercover Economist , has snide comments about our debt ceiling debate.

A handbag away from our debt ceiling

 “It’s not that easy. The percentage of household income spent on handbags has been considerably exaggerated by your weaselly father. Far more important is the mortgage. If we stop the payments, we lose the house.”

Doctor Who at Fawlty Towers

The Doctor and Rose decide to go undercover at Fawlty Tower’s after Mickey reports strange goings on there. But the real threat is yet to come, and only the unlikeliest of heroes can save the day.

Is Your Luggage Safe from airport security?

Think your luggage and personal items are safe? Think again! Here’s how anyone can get in your luggage without you even knowing.

Click through for the video. He also has lots of other interesting looking videos, like

 Ball of fire! Make fireballs you can hold with household items! They are fun to play with! Amaze your friends! Learn how magicians do it!

As my son put it, “What!!! handheld fireballs!?!  Let me see!”

Savage Chickens

Savage Chickens is one of several “cartoons on post-it notes” sites I’ve encountered recently.

Here’s a great visualization of the United States debt

You have to go see it.

Schneier on Security (my italics):

Hacking Apple Laptop Batteries

Interesting:

Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple’s iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries could also be used for more malicious purposes down the road.[…]

What he found is that the batteries are shipped from the factory in a state called “sealed mode” and that there’s a four-byte password that’s required to change that. By analyzing a couple of updates that Apple had sent to fix problems in the batteries in the past, Miller found that password and was able to put the battery into “unsealed mode.”

From there, he could make a few small changes to the firmware, but not what he really wanted. So he poked around a bit more and found that a second password was required to move the battery into full access mode, which gave him the ability to make any changes he wished. That password is a default set at the factory and it’s not changed on laptops before they’re shipped. Once he had that, Miller found he could do a lot of interesting things with the battery.

“That lets you access it at the same level as the factory can,” he said. “You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You’d need a vulnerability in the OS or something that the battery could then attack, though.”

As components get smarter, they also get more vulnerable.

Schneier on Security (my italics):

Liabilities and Computer Security

Good article:

Halderman argued that secure software tends to come from companies that have a culture of taking security seriously. But it’s hard to mandate, or even to measure, “security consciousness” from outside a company. A regulatory agency can force a company to go through the motions of beefing up its security, but it’s not likely to be effective unless management’s heart is in it.This is a key advantage of using liability as the centerpiece of security policy. By making companies financially responsible for the actual harms caused by security failures, lawsuits give management a strong motivation to take security seriously without requiring the government to directly measure and penalize security problems. Sony allegedly laid off security personnel ahead of this year’s attacks. Presumably it thought this would be a cost-saving move; a big class action lawsuit could ensure that other companies don’t repeat that mistake in future.

I’ve been talking about liabilities for about a decade now. Here are essays I’ve written in 2002, 2003, 2004, and 2006.

Finally, this hits home.

Comments are closed.