Tag Archives: Safety

Do you trust Google?

Posted on by

Everyone is scared about malware and hacking on the web. There is nothing wrong with this and there really is a genuine threat out there. People need to make sure that their browsing is as safe as possible. For most people, unless you are running a high volume internet banking transaction server this can be simply done by getting a good anti virus (AVG Free is cost effective) and a firewall (windows own, Zone Alarm or one on your router).

Despite this a lot of online organisations feel the need to join in and help out. Most modern browsers have built in “phishing filters” and will try to alert you when you click on what it thinks is an untoward link. This is all well and good and there are only minimal privacy implications.

Equally, search engines are doing the same thing now. When you google a search term, you get links with any potentially harmful ones highlighted. Just in case you ignore google’s advice, they have a blocking page pretty much ensuring you cant click through to malware from google. Again, this may seem all well and good but there are even more issues. For a start, it is down to google to decide what is, or isn’t malware. They may be correct 99% of the time, but what about the other 1%? It becomes the responsibility of the website owner to discover they have been flagged as “malware” by google and then jump through google’s hoops to clear their name. This is wrong.

More importantly, who is responsible when there is a problem with google? A sensible hacker could target google’s servers and create the illusion that certain companies are full of malware. It would take a brave person to ignore the warnings and keep going through to a site that is so heavily flagged on the search page.

Do you think this is unrealistic? Here is the results of a search I did today on www.google.co.uk – imaginatively I searched for “Google”:

Google Search results in Google Chrome

Google Search results in Google Chrome

The whole internet is infected with malware. Every link is flagged with the dire warning it may harm your computer. I am not alone in discovering this… (PCPlus simply suggests using another search engine for the afternoon, Neowin is more informative) Google isn’t hacked (this time), its just broken. The effect is the same though. Any attempt to search meets with this warning and googles intervention means you cant ignore it and click on. Well done Google – you have borked searching… Amazing.

This is (IMHO of course) the problem with allowing web services to have more and more control over our daily lives. It is bad enough that the most popular search engine on the internet suffers a glitch like this, but imagine if you were using Google to host your remote office systems – an outage can be crippling. Cloud computing may be in vogue, but it is fundamentally a bad idea. You can not delagate your responsibilities to unaccountable groups – you are responsible for making sure no malware gets on your PC, so why does google feel the need to intervene?

Bank Security?

Posted on by

Here in the UK things such as ID-theft and bank fraud are “big news.” It feels like almost every day there is a news item about the government or large organisations losing personal data or a scare about how many people are out there stealing our online banking details. While I have a professional interest in people worrying about information security (and will provide a wonderful consultancy service for a discount if you quote WhyDontYou Blog) I have to say there is more than a small dose of hype and overkill in this.

That said, there is a risk and it is only sensible that people are aware of the potential risks and given the correct advice to mitigate against them.

The important bit is the “correct advice.”

In the UK at least, the Banks are largely responsible for making good any fraudulent use of an account unless they can prove it was the account owners fault. This is a good thing and while the banks will suffer a bit because of some stupid people, the majority of “innocent” victims are protected.

Obviously the banks dont like this. They could take measures to improve their banking security or they could take measures that give a superficial improvement but, on the whole, only shift the burden onto the account holder. Not too long ago, in the UK, if you wanted to buy something with a card you had to sign to prove who you were. The shop owner compared this with the signature on the card and verified your ID – if they were in doubt, they could seek additional documentation. Despite what people think, signatures are hard to forge. This method also forced the shop keeper to physically check the card and read the details.

Despite this, there was still some residual fraudulent activity so the banks changed the process to “Chip and PIN” where you now enter your card into a reader and type in a 4 digit PIN. Wonderful. This is a reasonably secure system but it has a few pitfalls. The most basic is often the shop staff have no contact with the card during the transaction. This means they don’t carry out the basic authentication check of seeing if the person before them is the owner of the card. My wife regularly uses my credit card to shop, because nowhere we go checks that the person in front of them is Mr **** ****** despite it saying that on the front of the card in big letters. This is less important because the 4 digit PIN becomes the safeguard, but basically, it makes it easier to pass of a cloned / fraudently created card – 4 numbers are reasonably easy to find out or, if the card is “created” then they are irrelevant. As far as security goes, this is (largely) marking time. But it does the important task of moving the burden away from the bank.

The latest brainwave the banks have come up with actually annoys me.

Barclays Bank has decided to implement “PINSentry” when you log into their online banking or try to make online payments. Wonderful idea. Well, maybe.

In a nutshell, they have sent everyone a card reader that you use when you log in. To do online banking, you enter your password (etc) as normal, then you have to enter your card into the reader, get an authorisation code and enter that. All well and good – in fact this is a wide scale implementation of a time-worn authorisation system. Previously the entry system was username+password, then a “secret” code. Now the secret code has been replaced by this token generation system.

The problem is that it undermines one of the reasons you do online banking. For me, I like to use online banking from various locations – I often use it from work and if I am travelling. If I were a Barclays’ customer I would now be forced to carry this bloody stupid PINsentry device around with me. Should my bag be stolen, the thief would have my card and the PINsentry, defeating any security improvement it gives.

From the banks point of view, however, it is a good idea. It shifts the burden of blame in the event of a fraudulent transaction. Now you have to prove your PINsentry was compromised, not them having to prove their systems were not compromised.

This is not a good change. It doesn’t really make your transactions any more secure. It just makes you more to blame if something goes wrong. (Even, I suspect, if the bank has sold your details on eBay…)

Illogical ranting is wrong

Posted on by

Some people get all the luck and manage to cultivate their own crop of fundamentally hatstand commenters. I was reading the generally excellent Effect Measure blog over on scienceblogs today and I came across a post titled “Osama visits Bush in Oz, says it’s all a misunderstanding.” It is well worth a read but I know how you all like to stay here so I will summarise it.

Basically, the President of the US was on a visit to Australia. As you can imagine this resulted in all manner of high security perimeters being established and all manner of security guards employed to keep bad people away. A bunch of Australian comedians mocked up a Canadian diplomatic convoy, with one of their number dressed as Usma Bin Laden and made it through the outer perimeter – getting to the door of the hotel the President was staying in. It is only when the comedians pretty much out themselves that the police jump them and arrest everyone who moves.

All in all, this is mildly amusing – on a par with any other one of the stunt-comedy shows on TV at the moment. Still comical, but with a more serious twist, this shows that the vast sums of money (apparently $A165 million) spent on “security” are actually pointless. Yes these were comedians, but they did nothing a terrorist group couldn’t do and being able to drive a limo to the ground floor of a hotel is a good way of delivering several hundred pounds of explosive. (Brighton and the Hotel Europa provide UK based examples of hotels being hit). On this blog we have often ranted about the costs that the illusion of security are incurring and this is highlighted by these events. Every day we are being asked to sacrifice liberty, time and money for “security” measures which, in reality, are empty gestures.

Anyway, this is a side issue now. As always, the comments have gems. It seems that Effect Measure has a dedicated commenter who is so convinced about the inherent “rightness” of his beliefs that he will keep posting, no matter how incoherent or illogical the posts have become. This is some one who KNOWS they are right. Scary stuff. Why do we never get nutters like this commenting here?

The commenter in question here goes by the name “M Randolph Kruger” (which is strangely apt) and the first comment made opens with this line:

I likely would have just shot them and then said, “Its just a misunderstanding.”

And just think, people wonder why Americans kill so many people who are non-combatants or allied troops. It seems there is a significant proportion of the population there with a “shoot first so there is no need for questions” mentality. Wonderful, isn’t it? M Randolph Kruger continues:

I wonder of the Canucks think it was funny too?

Probably. Most Canadians I have met actually know what a sense of humour is.

In 1979 Revere while I was in San Antonio the base was locked down because of a credible threat against the airmen at the base. Along about 3 o’clock in the afternoon and I think it was the first week of August a car carrying some long haired anti establishment types charged the gate. A stop sign went up, they accelerated. Warning shots were fired, they accelerated more, then they opened fire on the SP’s. Bad move. 30 seconds later the assailants were all dead. Over 1000 rounds were fired and the engine was shattered. So in todays world, especially at our embassies and restricted areas to shoot or not to shoot is the question. Screw it. Shoot them all and let God sort them out.

Now, I can only assume this is largely bravado rather than a real boast. Any modern, first world military which needs to expend over 1000 rounds of ammunition to stop one vehicle has many, many problems. As an example, Lee Clegg managed to do it with four rounds and also managed to kill the occupants. Are American service personnel really that badly trained? More importantly this smacks of a military which has lost its purpose in life. The armed forces are not there to protect themselves from the people, but to protect the people from external threats. Was the base so badly defended with physical security measures (ever heard of barriers and gates?) that the vehicle could not be stopped without such firepower and loss of life? Still, I suppose the sign of a healthy democracy is that people need to be scared of the men in uniform, carrying guns…

These guys think this is funny. Okay, hows this? Say Osama bin a Bomba or one of his cronies made it thru and to the proximity of the PM and the Prez and got them both. That makes Dick Cheney President of the United States. Feel better now?

Wow. Prime example of how the angry rightwingers nearly always miss the point by such a degree they end up arguing with themselves. This is brilliant. The whole funny part of the stunt was the apparent ease with which the security was circumvented. Still, it just shows that deep down the ranting-right want to agree with the people they despise…

My point? This is classic treat a war like its a police action stuff. This leaves the point of good sense and fun at the first checkpoint. They could have been killed. Might have to do that once or twice to make the point that it wont be tolerated.

I think MRK’s point is that MRK has no understanding what he is talking about, but needs to sound off on some right wing talking points. I struggled to follow the line of reasoning here, so I might be wrong. I have read this that MRK is saying people who take part in these stunts should be shot to show that the stunts wont be tolerated. The fact that the overall security is a farce is something which should be disguised so that the general public can sit happy. Is that right? What makes this even more ironic is that the security cordon were not able to identify the imposters in time to have shot them anyway. Shooting them after they get to the bomb detonation point is somewhat pointless. What really should have happened is the security actually earned its money and prevented the incursion.

Ranting Freddie Randolph Kruger concludes:

There is a LOT of chatter on the internet right now about an attack along or about next week. Specific target?

Fear, uncertainty and doubt. Say it over and over again. There is a LOT of chatter on the internet about alien abductions. There is a lot of chatter on the internet about Elvis being alive. Neither of them are real so why is this “chatter” more believable? It is interesting that MRK uses a term which TV (24, Alias, Spooks etc) and Film (Bourne, Bond et al) have implanted in the collective conciousness as being synonymous with “intelligence” and spy agencies. Chatter is people talking. It means nothing. Don’t be fooled by buzzwords.

For extra comedy points, MRK posted his “next week” dire warning on 6 Sep 07. Come 13 Sep we may know more…

Manhattan…. Keep it in mind about the above post. If they take New York, they take the country with it. It would knock the markets to the ground, it would flatten our economy with it.

Really? Well the last attack didn’t manage to take the country with it. What is special this time?

Should have shot the bastards…… Then they would have my opinion on being funny around the leaders of any country and that includes Clinton.

Aha, again we see a democracy where the people need to fear and bow to their leader. The leader is no longer “of the people, for the people” but in a special class above the people. In the presence of the glorious leader, the general public must learn to modify their behaviour.

M Randolph Kruger is a nutcase of the highest order. I could spend weeks taking his froth filled rants apart, bit by bit, but I will spare you for now. However, as it has been some time since I got to rant at length online, please excuse one more bit of snippets. This time from MRK’s later comment: (Replying to someone called Troff who has ripped him apart)

And it would seem that everyone there in Oz is in la-la land about this and that its no big deal. You dismiss the fact that if it hadnt been a “giggle group” attack that it could have indeed been a valid one Hell bent on taking out the PM and Bush. I think its absolute bullshit that these guys got this close and Troff I really dont care whether you think I am right or not. But I do expect that you would be somewhat open minded to the facts and that is that they could have been anarchists just as well. Full blown wars have broken out over this exact same thing Troff. Archduke Ferdinand ring a bell? Bush wasnt around then old son and thats a fact. I guess that WWI never happened.

What? No, I mean, really, what?

Following this line of “logic” (sneer quotes intended) gives me a headache. MRK is still 180 degrees away from getting the point and arguing with himself. It is bullshit that the comedians got that close, but the shame is not on them for doing it – it is on the “security” for charging millions for nothing. MRK really is missing this by such a wide margin, I have to wonder if he can tie his own shoelaces.

The bit about WWI really is insane.

Anyway, do you see what I mean? Why does this blog only ever seem to get sane comments? This MRK makes Raphael seem “normal.”

[tags]Nutter, Scienceblogs, Society, Australia, Terrorism, Culture, Security, Safety, America, Osma Bin Laden, Philosophy, Effect Measure, Democracy, Rights, Liberties, Civil Liberties, Civil Rights, Civil Disobedience, Rightwing Idiot, Rightwing, Military, Scaremongering, FUD, Fear, Terror[/tags]

The Sainting of Baden Powell..

Posted on by

You would, possibly, be forgiven for thinking the BBC is leading a campaign to deify Baden-Powell. In the magazine section (so named to avoid having to publish news, one suspects) there is an article titled “What Would Baden-Powell Do?” It seems the BBC editor has enough humour to equate the racist, misogynistic Baden-Powell with Jesus. Seems about right to me. Too add to this allusion, there is breathless references to how Baden-Powell’s “wisdom” has stood the test of time… Seriously.

Once you finish reading the comments, you would expect good old Benedict to be writing a Papal Bull as we speak (I will ignore any Church of England issues…) and the image of a collection of crusty old fools sitting around saying how the youth of today, aided by soft government and human rights legislation, have destroyed the country will be permanently etched in your mind.

Before I properly rant, I need to make clear something. The Scout movement is wonderful. I have nothing but admiration for the people involved, leaders and members, who often give up huge amounts of their personal time for no reward other than the feeling of “Job Well Done.” Despite my dislike for Baden-Powell, the fact remains that Scouts are wonderful thing the world over. However, Baden-Powell simply started the movement and gave it impetus. He does not act from beyond the grave guiding scouts (pun intended) towards a “moral” future.

Early on, the BBC show which way this article is going with this:

And while some of Baden-Powell’s advice seems out of place in today’s risk-averse society, much of it seems prescient.

Here, we see a combination of the crackpot idea that people today are “risk adverse” as a society (pretty meaningless, but it ticks the boxes of the tabloid readers) with some major cherry picking and spin on Baden-Powell’s writing. Comically, even the selected bits published by the BBC fail to show that “much” of it is prescient — unless you have an oddly literal way of using the word much. In a way, this is somewhat like reading a theists blog about the Jesus and the bible.

Basically, the BBC reprint ten snippets of Baden-Powell’s (ahem) wisdom, out of which three remain valid today. If you see that as “much” then, as I said, I think you have an odd understanding of much. I am reasonably sure you could extract ten commandments out of any historical document and find two or three which were still valid today.

Where he is in keeping with modern thoughts, he is pretty wet for want of a better word – for example, he says people shouldn’t harm animals, shouldn’t smoke until they are adults and shouldn’t drink huge quantities. Today we would be happy with teaching the first to children, but the second two are not quite in keeping with modern standards.

Better still, when he strays from the current thinking he really goes off the rails. We get some wonderful snippets like:

The shape of the face gives a good guide to the man’s character.

(on bees) They are a quite a model community for they respect their Queen and kill their unemployed.

(on saving people about to be hit by a train) Lie flat and make him lie flat too between the rails, and let the train go over us both

And my personal favourite bit of nonsense:

(on saving people from drowning) Plunge in boldly and look to the object you are trying to attain and don’t bother about your own safety.

Wow. Risk averse or not – if you follow his advice on these topics not only are you an idiot, but you are more than likely to end up dead (or in prison). Trying to copy Harold Lloyd and letting a train run over you is a short cut to ending up dead. The is not some stupid rule pushed upon a care free society by evil Health and Safety people but a simple fact.

If you don’t bother about your own safety when you try to save someone else — in water or not — then the reality is you are more than likely to become a casualty yourself. Not only does this mean you fail to save the “object” you are after, but it means when (if) the emergency services arrive they have two people to deal with. It really is stupid, yet it is a common thing all over the world.

As for the phrenology and obscure social judgements, well, I hope I don’t need to explain why they are mad.

Showing how the idea that we are a “risk averse” society as the result of Health and Safety (and RoSPA) molly coddling, the comments give the ranting-tabloid readers the chance to mouth off, without considering the double standards of their complaints. It is somewhat infuriating that these people who rant about “taking risks” are the first to demand “public enquiries” whenever someone gets injured — or god-forbid a criminal moves into their neighbourhood…

The comments range from the somewhat confusing to the complete misunderstanding. Take this example:

If everyone selfishly followed ROSPA’s advice we would have no heroes.

Now, I know I have been having trouble getting my head round sayings lately, but this has stumped me as well. This person seems to want people to be put in harms way, often die, so that others can be hailed as a hero. Wow. How selfish…

We also get the predictable nonsense about how all anti-social behaviour is linked to (insert topic of choice) which is typified by these two:

Baden Powell was a real man, not like the Beckham boys generation of today. When was the last time anyone went out and fought a bear? Society should take notice of these true words of wisdom.

Perhaps if more of Baden-Powells philosophies on life were in place in todays world we wouldnt need so many ASBOs. As a former Cub, Scout and Venture Scout I beleive that the scouting movement helped to mould me and my attitudes towards others and we desperatly need more empathy towards others in our selfish modern age.

Yes, I am sure it is entirely down the scouting movement. Obviously, just like Christianity, without it people would be un-restrained murdering rapists… As for having to wrestle a bear to be a real man, well… I am sure in some neolithic community that would be good criteria for making your “wisdom” wise, but I doubt it is the case in modern times..

Thankfully, one commenter points out the problem with relying too heavily on “common sense” approaches to problems or dangerous situations. By and large, as humans, we have not yet adapted the proper “sense” responses to some situations, especially living in a temperate climate as the UK should be. This is why people make the mistake of trying to crawl out on breaking ice, or jump into raging torrent rivers, to save someone and often end up casualties themselves.

A very recent example of people making a mistake because they were in a situation they had no idea about has been during the recent floods in England and Wales. People here are not used to having to pump out their houses so end up using petrol powered pumps without ventilation and die. This is the sort of thing the HSE and RoSPA try to prevent.

Why do people have a problem with trying to save lives and prevent accidents?

[tags]HSE, Health, Safety, Society, Culture, Risk, Scouts, Baden-Powell, Nonsense, BBC, Idiocy, Belief, Risk averse, Risk Taking, RoSPA, HSE, Common Sense, Floods, Death, Accident, Injury[/tags]

If in doubt, appeal to ridicule

Posted on by

Reading through the comment is free part of the Guardian is enlightening, entertaining and a bit saddening. It is enlightening because it shows how confused people become when they want to find a target to attack, it is entertaining because the commenters are, basically, crazy and saddening because once upon a time you would have thought people who read the Guardian were reasonably educated. Obviously in the internet age, this is no longer the case…

Anyway, a rant against the HSE by Simon Jenkins, titled “The zombie health inspectors should be replaced with a risk commission” drew my attention today. As I have mentioned in the past, I am often drawn into the murky world of health and safety much more than I would normally like, so this intrigued me.

The title of the article seems to draw on this part of Mr Jenkins long, repetitive, rant:
Continue reading