Posts Tagged ‘security’

The TSA Shifts the Goalposts Again

April 10, 2009

William Saletan has a new posting up over at talking about how the TSA (Transportation Security Administration) has changed the rules again and backpedaled on a prior promise (surprise, surprise).  He talks about how the introduction of millimeter wave scanners was accompanied by a promise that it only be used as a voluntary alternative to a pat-down but the machines are now being used in place of metal detectors.

It’s a reasonable article, but Saletan somehow misses the most important point — the erosion of our civil liberties by the TSA doesn’t really improve safety in the long term.

Saletan quotes the TSA:

As the ongoing terror trial in London clearly illustrates, terrorists actively look for ways to manipulate security protocols. Intelligence has also shown for decades, terrorists’ manipulation of societal norms to evade detection or use social engineering techniques to their advantage. Terrorists have successfully hidden explosives in these areas. … TSA developed this pat down as a measure to close the gap on items hidden on sensitive areas of the body.

In other words, the TSA is actually telling us that security protocols are subject to manipulation.  If you close one avenue of attack, terrorists will actively look for ways to subvert the system and wreak havoc.

I have a hint for everyone:  the solution to this never ending game is not further erosion of civil liberties.  The solution to this game is not more power to the thugs at the TSA.

Americans that line up and put up with this are being conditioned to accept further erosion of liberty in exchange for a false sense of security.

The answer to the problems is MORE freedom, FURTHER civil liberties, and a return to the way of life that made America great to begin with.

Nobody could pull a 9-11 today.  Nobody.  The game has changed.  Prior to 9-11 everyone knew that if your plane was hijacked the right thing to do was to keep your head down and do what you were told.  Today everyone knows that passivity will likely result in certain death.  If your plane was hijacked would you sit silently, or would you grab the nearest fork and try to save your skin?

So in light of that, ask yourself – why do you put up with this?  Why do you put up with the insult and debasement of having to remove your shoes to board a flight?  Remove the belt that is keeping your pants up?  Take off the watch that your father gave you on his deathbed? Show your naked body to some TSA hire at the airport?

I’m no prude – in fact I’m a devoted gymnosophist.  The issue I have is that this is theater, and the only thing it’s helping is the development of a police state.


Securing Mac OSX 10.5 Leopard

August 20, 2008

Security researchers at Corsaire have released a guide (PDF) that purports to be “aimed at users in environments requiring stronger security controls in their operating system, making full use of the protection features offered by Mac OS X 10.5.  It may also be of use to System Administrators wishing to enforce an organisation-wide desktop security policy.”

They claim clients including William Hill and Marks & Spencer.

Turn on permanent SSL for Gmail

August 20, 2008

Mike Perry of San Fransisco has developed a tool to break into Gmail accounts that are not using an SSL connection.  He presented details of his creation at Defcon 16, and is planning to release the tool over the next two weeks.

Part of the problem arises because when you go to the Gmail login page, the system logs you in using SSL, but then reverts back to an unencrypted connection to transfer the rest of the data to you.

To change the settings in Gmail permanently:

Log into your account using
Click on “Settings” on the top right hand corner of the page.
Scroll down to the bottom of the page and find the “Browser Connection” option.
Select the option “Always use https”
Click “Save Changes”

Google also notes that it is important to end each of your Gmail sessions by clicking Sign out at the top of any Gmail page and to close all Gmail browser windows.

There is currently no free fix for users who use Gmail with their own domain.

Mike Perry writes more about why Google’s “fix” is not adequate given the threat.

Update August 27,2008:  Also read about how this affects the “Gmail for Mobile” application here.