Jun 172014

These confessions of an ex-TSA agent — Dear America, I Saw You Naked — are well worth reading. For example:

We knew the full-body scanners didn’t work before they were even installed. Not long after the Underwear Bomber incident, all TSA officers at O’Hare were informed that training for the Rapiscan Systems full-body scanners would soon begin. The machines cost about $150,000 a pop.

Our instructor was a balding middle-aged man who shrugged his shoulders after everything he said, as though in apology. At the conclusion of our crash course, one of the officers in our class asked him to tell us, off the record, what he really thought about the machines.

“They’re shit,” he said, shrugging. He said we wouldn’t be able to distinguish plastic explosives from body fat and that guns were practically invisible if they were turned sideways in a pocket.

We quickly found out the trainer was not kidding: Officers discovered that the machines were good at detecting just about everything besides cleverly hidden explosives and guns. The only thing more absurd than how poorly the full-body scanners performed was the incredible amount of time the machines wasted for everyone.


But the only people who hated the body-scanners more than the public were TSA employees themselves. Many of my co-workers felt uncomfortable even standing next to the radiation-emitting machines we were forcing members of the public to stand inside. Several told me they submitted formal requests for dosimeters, to measure their exposure to radiation. The agency’s stance was that dosimeters were not necessary—the radiation doses from the machines were perfectly acceptable, they told us. We would just have to take their word for it. When concerned passengers—usually pregnant women—asked how much radiation the machines emitted and whether they were safe, we were instructed by our superiors to assure them everything was fine.

“Security Theater” seems like too benign of a term for these absurdities, I think. Now go read the whole article.

Dumbest Thing Ever

 Posted by on 9 July 2013 at 10:00 am  Security, Technology, WTF
Jul 092013

Although it’s only July, I feel pretty confident claiming that this Washington Post column by Robert J. Samuelson is the most ridiculously stoopid thing I’ll read all year: Beware the Internet and the danger of cyberattacks. It begins:

If I could, I would repeal the Internet. It is the technological marvel of the age, but it is not — as most people imagine — a symbol of progress. Just the opposite. We would be better off without it. I grant its astonishing capabilities: the instant access to vast amounts of information, the pleasures of YouTube and iTunes, the convenience of GPS and much more. But the Internet’s benefits are relatively modest compared with previous transformative technologies, and it brings with it a terrifying danger: cyberwar. Amid the controversy over leaks from the National Security Agency, this looms as an even bigger downside.

No, it doesn’t get any better. No, it’s not satire. So I’ll let Captain Picard “speak” for me:

Computer Security Versus User Stupidity

 Posted by on 30 April 2013 at 10:00 am  Security, Technology
Apr 302013

Most people are reasonable sensible and decent, in my experience. Alas, that’s not true of everyone, as this story of what’s wrong with IT security in a nutshell reveals. (It was posted to an IT security list.)

Last time [we] sent out a warning email along the lines of:

We never ask for your username and password. If you get an email that looks like: “There is an issue with your account. Please reply with your username and password and we will rectify it”

You should never reply to these messages with your details.

50 people replied with their usernames and passwords.

I’m not sure whether that’s better or worse than the vast numbers of people who use “0000″ as their ATM pin code. Either way, I’m just amazed… and I’m thinking that schools and businesses need to teach the basics of computer security.

Password Security

 Posted by on 23 April 2013 at 10:00 am  Security, Technology
Apr 232013

In my discussion of online privacy on March 10th’s Philosophy in Action Radio, I talked about how people need to take active measures to protect their privacy online, just as they do in real life. Also, just as in real life, criminals should be of concern. Hence, good passwords should be of concern.

I’ve long known that many people use insecure passwords — such as ordinary words, reusing the same password across many sites, or using an easy-to-guess pattern. However, I didn’t realize just how careless many people are until I read this article: PIN Analysis. Basically, the author analyzed the data from various databases of exposed four-digit passwords — 3.4 million PINs in total. Here are a few of his findings:

The most popular password is 1234 … it’s staggering how popular this password appears to be. Utterly staggering at the lack of imagination … nearly 11% of the 3.4 million passwords are 1234 !!!

The next most popular 4-digit PIN in use is 1111 with over 6% of passwords being this.

In third place is 0000 with almost 2%.

A staggering 26.83% of all passwords [are the table of top 20 passwords listed in the article]! (Statistically, with 10,000 possible combination, if passwords were uniformly randomly distributed, we would expect these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered)

For more fun facts, check out the article: PIN Analysis. If you’re now thinking that perhaps you should have more secure passwords… good! I’d recommend using a password program such as LastPass or 1Password. If you’re already using nothing but super-secure passwords, even better!

I’ve used 1Password to generate random passwords for me, store them securely, and access them on my phone and in my web browser for many years now, and I’d hate to go back to my old (and far less secure) methods!

Note: This commentary was originally published in Philosophy in Action’s Newsletter before the broadcast. Subscribe today!

Suffusion theme by Sayontan Sinha