Philosophy in Action: NoodleFood : Security

Confessions of the ex-TSA Agent

Posted by Diana Hsieh on 17 June 2014 at 10:00 am Foreign Policy, Government, Security, Technology

Jun 172014

These confessions of an ex-TSA agent — Dear America, I Saw You Naked — are well worth reading. For example:

We knew the full-body scanners didn’t work before they were even installed. Not long after the Underwear Bomber incident, all TSA officers at O’Hare were informed that training for the Rapiscan Systems full-body scanners would soon begin. The machines cost about $150,000 a pop.

Our instructor was a balding middle-aged man who shrugged his shoulders after everything he said, as though in apology. At the conclusion of our crash course, one of the officers in our class asked him to tell us, off the record, what he really thought about the machines.

“They’re shit,” he said, shrugging. He said we wouldn’t be able to distinguish plastic explosives from body fat and that guns were practically invisible if they were turned sideways in a pocket.

We quickly found out the trainer was not kidding: Officers discovered that the machines were good at detecting just about everything besides cleverly hidden explosives and guns. The only thing more absurd than how poorly the full-body scanners performed was the incredible amount of time the machines wasted for everyone.

And:

But the only people who hated the body-scanners more than the public were TSA employees themselves. Many of my co-workers felt uncomfortable even standing next to the radiation-emitting machines we were forcing members of the public to stand inside. Several told me they submitted formal requests for dosimeters, to measure their exposure to radiation. The agency’s stance was that dosimeters were not necessary—the radiation doses from the machines were perfectly acceptable, they told us. We would just have to take their word for it. When concerned passengers—usually pregnant women—asked how much radiation the machines emitted and whether they were safe, we were instructed by our superiors to assure them everything was fine.

“Security Theater” seems like too benign of a term for these absurdities, I think. Now go read the whole article.

Dumbest Thing Ever

Posted by Diana Hsieh on 9 July 2013 at 10:00 am Security, Technology, WTF

Jul 092013

Although it’s only July, I feel pretty confident claiming that this Washington Post column by Robert J. Samuelson is the most ridiculously stoopid thing I’ll read all year: Beware the Internet and the danger of cyberattacks. It begins:

If I could, I would repeal the Internet. It is the technological marvel of the age, but it is not — as most people imagine — a symbol of progress. Just the opposite. We would be better off without it. I grant its astonishing capabilities: the instant access to vast amounts of information, the pleasures of YouTube and iTunes, the convenience of GPS and much more. But the Internet’s benefits are relatively modest compared with previous transformative technologies, and it brings with it a terrifying danger: cyberwar. Amid the controversy over leaks from the National Security Agency, this looms as an even bigger downside.

No, it doesn’t get any better. No, it’s not satire. So I’ll let Captain Picard “speak” for me:

Computer Security Versus User Stupidity

Posted by Diana Hsieh on 30 April 2013 at 10:00 am Security, Technology

Apr 302013

Most people are reasonable sensible and decent, in my experience. Alas, that’s not true of everyone, as this story of what’s wrong with IT security in a nutshell reveals. (It was posted to an IT security list.)

Last time [we] sent out a warning email along the lines of:

We never ask for your username and password. If you get an email that looks like: “There is an issue with your account. Please reply with your username and password and we will rectify it”

You should never reply to these messages with your details.

50 people replied with their usernames and passwords.

I’m not sure whether that’s better or worse than the vast numbers of people who use “0000″ as their ATM pin code. Either way, I’m just amazed… and I’m thinking that schools and businesses need to teach the basics of computer security.

Password Security

Posted by Diana Hsieh on 23 April 2013 at 10:00 am Security, Technology

Apr 232013

In my discussion of online privacy on March 10th’s Philosophy in Action Radio, I talked about how people need to take active measures to protect their privacy online, just as they do in real life. Also, just as in real life, criminals should be of concern. Hence, good passwords should be of concern.

I’ve long known that many people use insecure passwords — such as ordinary words, reusing the same password across many sites, or using an easy-to-guess pattern. However, I didn’t realize just how careless many people are until I read this article: PIN Analysis. Basically, the author analyzed the data from various databases of exposed four-digit passwords — 3.4 million PINs in total. Here are a few of his findings:

The most popular password is 1234 … it’s staggering how popular this password appears to be. Utterly staggering at the lack of imagination … nearly 11% of the 3.4 million passwords are 1234 !!!

The next most popular 4-digit PIN in use is 1111 with over 6% of passwords being this.

In third place is 0000 with almost 2%.

A staggering 26.83% of all passwords [are the table of top 20 passwords listed in the article]! (Statistically, with 10,000 possible combination, if passwords were uniformly randomly distributed, we would expect these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered)

For more fun facts, check out the article: PIN Analysis. If you’re now thinking that perhaps you should have more secure passwords… good! I’d recommend using a password program such as LastPass or 1Password. If you’re already using nothing but super-secure passwords, even better!

I’ve used 1Password to generate random passwords for me, store them securely, and access them on my phone and in my web browser for many years now, and I’d hate to go back to my old (and far less secure) methods!

Note: This commentary was originally published in Philosophy in Action’s Newsletter before the broadcast. Subscribe today!

Explore Atlas Shrugged

Do you want to better understand and appreciate Ayn Rand's epic novel Atlas Shrugged? Explore Atlas Shrugged -- my in-depth course consisting of a podcast series, study questions, and other resources -- will help you do that.

Check out the free previews, then purchase access to the whole of Explore Atlas Shrugged for just $20.

The written materials of Explore Atlas Shrugged are also available from Amazon in paperback and kindle formats, and purchasers of those editions pay just $10 for access to the podcasts.

Responsibility & Luck

My first book, Responsibility & Luck: A Defense of Praise and Blame, is available for purchase in paperback and kindle formats.

Responsibility & Luck defends the justice of moral praise and blame of persons using an Aristotelian theory of moral responsibility, thereby refuting Thomas Nagel's "problem of moral luck."

Credits

NoodleFood is powered by WordPress using the Suffusion theme by Sayontan Sinha.

The comments are powered by Disqus. If you register, rather than posting as a guest, you will be able to edit your comment once posted. Spam, rude comments, and off-topic comments will be deleted.

All content on NoodleFood is copyrighted by its author. Please inquire with the author if you wish to reprint more than 600 words of a post.

Suffusion theme by Sayontan Sinha

The Blog

NoodleFood

Confessions of the ex-TSA Agent

Dumbest Thing Ever

Computer Security Versus User Stupidity