Story of an English traveler in Delhi
Psychology or awareness problem? The outcome is the same, he was rubbed.

I came around this interesting story of an English traveler in India.

The guy was trying to get a rickshaw that spoke English at the door of his hostel. Soon he gets one and an Indian English speaking lad of a certain age intercepted him:

“Sorry Sir, can I go with you? Will share the price of the run.”
It’s rare that I saved money on such a deal. “Yeah sure.”

Then they get in and drove down in Delhi’s streets and alleys. Our traveler, we’ll call him John, had remarked that the rickshaw was always stopped. The causes were always rickshaw malfunctions.

Soon they were in a dark alley of the old Delhi. One of the wheels had problem and forced the rickshaw to stop. All around there were just beggars, wearing drab and dusky clothes, sleeping near pestilential smelling detritus.

I was checking for the situation; no one was moving, my rickshaw companion was waiting after the driver, smiling. I get out of the rickshaw; I give 10 rupees to the driver.
“I’ll check for another rickshaw, thank for the run.”
“No, No!! I’ll repair the rickshaw soon; it’s just a little problem. No, don’t leave! Everything will be okay soon. Please!”
I tried to get another rickshaw; I seen no one; I was alone, with two Indians and a broken rickshaw in an somber alley of Old Delhi. I had nothing to do other than waiting and hoping. I seated back into the rickshaw.
My companion had just got out of his bag a bottle of water.
“In India, it’s in our tradition to share our food with our fellows. Take.”
“No thank, I’m not thirsty; thank a lot”
“No, no, take it, it’s in our traditions.”
“No, I don’t want it, thank a lot, but I don’t need it, thank”
Then he leaved me alone with his water.
I saw him getting cookies out of his dam bag.
“In our country, we are not rich, we don’t have many food, but we share our food with our fellows, take this cookie, it’s in our tradition to share.”
“No thank, I really don’t want this cookie, thank.”
“No, get it, it’s in our tradition! You can’t offend it like this!”
Then, knowing that it was not the thing to do, I don’t know why but I got the cookie and putted it in my throat. I knew that I was in trouble when the cookie was in my stomach. I feel asleep, my head had fallen on a metal bar on my side, and I was KO.
Some times later, I was lying in a ruin; dry blood in my hairs and sores all around the body. I didn’t know where and what was the time. I wasn’t in pain… I was… in another world…

The story is talking by itself. Everybody knows that they need to be aware of drugged food. Don’t take food from strangers; my mother said to me when I was young. This advice is good anywhere in the world even in your neighborhood.

What is interesting in this story is the cultural side of it. You are a foreigner; you travel to a new country to meet new people and cultures. Then what you do in this situation? You don’t want to obfuscate them. You are here to learn their habits. You started with this minding, then, going against it is not coherent. You know that you can be in troubles, but your mind seem to bypass your awareness. This situation is more a question of psychology then a question of awareness; you need to be consistent with your thoughts. It can seem stupid but it’s the reality. Many of these tricks can be used by marketing peoples. An excellent book on the subject is Influence: Science and Practice by Robert B. Cialdini.

Read the story, ask you what would be your reaction in this situation and hope that it will really be your if the situation arise.

What’s the cost of a nuclear weapon?
Get back the field agents

When I read this article I was thinking of a post that I wrote some months ago.

This article restart the question: Why field agents are essential in information gathering? There was a shift in the nineties to cut off field agents and put efforts of information gathering on airwaves or wires taping. As I said, it’s probably a big mistake decry by many CIA agents. Hopefully the CIA had infiltrated the ground in 1990. They had been able to get prime information on the network; they used it and put down Khan’s network around the world. Some expert critic the delay of the intervention. I’m not in position to put an opinion on that fact but my point is that without well trained field agents I don’t think that the modus operandi of the network was ever discovered. Don’t forget that other such networks can exists or can emerge from the ashes of Khan’s network. There is probably money to do and power to get.

This rise a question: how can cost a nuclear bomb? This question is interesting when you consider some things. First, it’s a very specific type of traffic with quite few clients. The risk is greater than narco-traffic and narco-traffickers can do billions of dollars. Then how can cost a nuclear bomb?

Rogue states can afford it. Big criminal groups can probably too. What’s the real danger of such a situation? I don’t think that anybody know the answers to such questions. We can only guess the threat by analyzing the short know history of it.

The operating system oriented security debate is restarted – Phase 2
Examples of what I was saying.

Some days ago I was saying:

“What about the configuration? The complexity of an Operating System with all their services, applications and connectivity hardware is not to forget. A program or a service can be well programmed; without any programming bugs; but only a bad configuration can lead to a security hole. You’ll tell me: Yes but the programming is perfect, without bugs then it’s impossible that such a thing append; if it happened then the cause is the user, not me, so it’s not mine. If you build a hell to configure system then yes it’s your problem. The interaction between a program and their plug-ins or a program with other programs can lead to unexpected behaviors. Usability is probably as important as programming practices”

As you can read, it was not really a great discovery. But today, while reading my blogs entries, I was amused by some of them. Let me point them.

First, Google Desktop. As you can read in the New-York Times:

“The glitch, which could permit an attacker to secretly search the contents of a personal computer via the Internet, is what computer scientists call a composition flaw – a security weakness that emerges when separate components interact. “When you put them together, out jumps a security flaw,” said Dan Wallach, an assistant professor of computer science at Rice in Houston, who, with two graduate students, Seth Fogarty and Seth Nielson, discovered the flaw last month. “These are subtle problems, and it takes a lot of experience to ferret out this kind of flaw,” Professor Wallach said”

It’s probably one of the best examples of the phenomenon I was talking about two days ago. It’s sure that these problems are really hard to find and need imagination to discover them. But the point I want to bring is that the security of a program isn’t just in function of his code quality. Two programs can be without security flaws but together, security holes appear.

A post from Peter Torr also worth the reading. He was writing about Firefox and its appearance of security. Sure the code is probably not too bad, but some of the features (including the download and the installation) are obscures. So, my two pennies in the conversation is just to emphasis on the plug-ins point. I already said it before but please take care of smalls and cools plug-ins. As Peter said it, you don’t have any way to check their authenticity.

What’s cool with Firefox is that it’s a potentially slim browser, that you can change at will, with the features you want. The principle is great but also paradoxical when you have security in mind. Probably that Firefox is or will be well studied to upgrade and patch security, but will it be the case with all available plug-ins on their website? Let me doubts. The solution? Probably the certification of them. The feasibility? Near null for the moment.

Finally I don’t say to stop using it and not using the cool plug-ins available; but only to be aware of the situation when you are using these types of softwares.

The operating system oriented security debate is restarted.
Please stop your child plays.

I read today an article on Wired News that restart the debate on Linux versus other operating system security issues. The conclusion is:

1. 0.17 bugs per 1,000 lines of code in the Linux kernel
2. 20 to 30 bugs per 1,000 lines of code for commercial software

These statistics have been collected by the Carnegie Mellon University’s CyLab Sustainable Computing Consortium. The problem with these numbers is that they tell nothing. Fine, theoretically I have less chances that my Linux kernel had bugs that cause security threats. It’s sure that there are chances that the core (open source) of an OS was more studied than the softwares he runs. It’s exactly the present situation.

What about all other things that come with all Linux distributions? Are they as studied as the Kernel? Let me doubts about it.

What about the configuration? The complexity of an Operating System with all their services, applications and connectivity hardwares is not to forget. A program or a service can be well programmed; without any programming bugs; but only a bad configuration can lead to a security hole. You’ll tell me: Yes but the programming is perfect, without bugs then it’s impossible that such a thing append; if it happened then the cause is the user, not me, so it’s not mine. If you build a hell to configure system then yes it’s your problem. The interaction between a program and their plug-ins or a program with other programs can lead to unexpected behaviors. Usability is probably as important as programming practices.

How can they resume computer security risks with lines of code? Is anyone can tell me this?

Security saw by the History
Quotes that pass the time.

I was playing around with quotations websites. I searched for the term “security” and found interesting results.

This exercise is interesting in the point of view of history; how historical characters saws security in their everyday life. By knowing their history you?ll learn more on their thoughts, at this time, about security.

—–

Quote that describes the state of security. Knowing that security and safety are not immutable will possibly preserve you from many unsolicited situations:

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved.

Confucius

Chinese philosopher & reformer (551 BC – 479 BC)

—–

Overconfidence can lead you to many unsolicited situations:

Better be despised for too anxious apprehensions, than ruined by too confident security.

Edmund Burke

Irish orator, philosopher, & politician (1729 – 1797)

—–

Is opportunity creating your security?

There is no security on this earth, there is only opportunity.

General Douglas MacArthur

US WWII general & war hero (1880 – 1964)

Too many people are thinking of security instead of opportunity. They seem more afraid of life than death.

James F. Byrnes

US jurist & politician (1879 – 1972)

—–

Will you miss things of live if you paranoid with security measures? There is a comfortable zone where it worth it but there is also a gap to not cross.

Life is either a daring adventure or nothing. Security does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than exposure.

Helen Keller

US blind & deaf educator (1880 – 1968)

Security is mostly a superstition. It does not exist in nature…. Life is either a daring adventure or nothing.

Helen Keller

US blind & deaf educator (1880 – 1968)

Security is a kind of death.

Tennessee Williams

US dramatist (1911 – 1983)

Security is when everything is settled. When nothing can happen to you. Security is the denial of life.

Germaine Greer

Author (1939-today)

—–

Think about the weakest link. If he is present, the whole chain will break.

There is no security for any of us unless there is security for all

Howard Koch

U.S. screenwriter (1901-1995)

—–

Is security a brake to progress?

He who is firmly seated in authority soon learns to think security, and not progress, the highest lesson of statecraft.

James Russell Lowell

American poet, critic, and editor (1819-1891)

—–

Security over freedom?

Those who desire to give up freedom in order to gain security, will not have, nor do they deserve, either one.

Benjamin Franklin

American statesman, scientist, philosopher, printer, writer and inventor. (1706-1790)

—–

Innovation in insecurity?

It’s an old adage that the way to be safe is never to be secure. Each one of us requires the spur of insecurity to force us to do our best.

Harold W. Dodds

American educator (1889-1980)

—–

Finally for the paranoids.

Security gives way to conspiracy.

William Shakespeare

British dramatist, poet. (1564-1616)