finethen wrote:

Social Security numbers and other personal information for as many as 2.2 million U.S. military personnel were among the data stolen from the home of a Department of Veterans Affairs analyst last month, federal officials said yesterday, raising concerns about national security as well as identity theft.

Hotel.com had info stolen too in the last few days. Is there some fancy new trick to stealing info or are these just flukes?

Neither. These kinds of databases have been around a long time, but 20 years ago they'd require serious computing centers that couldn't be easily lost or stolen. They did get hacked into from time to time, but you can't take an IBM Mainframe with you in your carry on luggage. Today three things have occured:

1. Technology has advanced. The entire Veteran's Affairs database can run off of someone's laptop. That makes it easier for it to leave the building.

2. Technology has become more widespread. In the 80's these things were the exclusive domain of large businesses and government agencies. Now there are hundreds of thousands of dot com companies with customer databases that are directly connected to the internet, any one of which could get hacked into.

3. A larger criminal market has arrived. In the 80's very little actual theft occured as the result of computer crime. Today organized criminal groups have cropped up, largely situated in the anarchocapitalism that exists in Russia and the Eastern Block as they struggle to build real, sustainable economies. These groups target the wide array of potentially insecure information sources, collect identity data, and convert it into cash. Distributed international networks of operatives coordinated through the internet monetize the results of these thefts and funnel money back to central coordinators.

There are three things that need to be done:
1. Organizations that deal in personal information need to continue to take computer security seriously. In particular, the credit card companies, and other organizations that deal with money, need to build better systems for determining whether or not you are you before they'll authorize a financial transaction with your money.

2. Organizations that deal in personal information need to have strict internal policies for access to information. People shouldn't have the database floating around on CD.

3. Some amount of regulation may be needed. However, IMHO the feds are 0 for 2 with SOX and HIPPA, so I'm not sure they've proved that they can regulate in an effective way.

Real Computer Security is hard, because you have to prevent bad stuff without being noticed as the good guys go about their jobs. When you get noticed, you've done something wrong, either because there has been a breach or because someone can't do their job because your security system stopped them. There is a certain art to finding the balance and it depends greatly on the specific requirements of the people you are working for and your wisdom in being judicious about what you control. Things like SOX and HIPPA micromanage the problem with one size fits all policies that inevitably fail in the real world.

Congress should operate on the level of incentivization and not on the level of specific requirements. For example, one of the reasons credit card fraud is so easy is that credit card companies don't bare the costs associated with fraud (the merchants do) and so they don't have any economic incentive to deploy technologies that are harder to subvert. In fact, credit card companies are making money on fraud by selling useless identity theft protection and credit report monitoring services. This is a problem lawyers can fix. They should focus on who is liable and leave computer security to the computer security professionals.

RE: Data Theft Affected Most in Military

Let's say you just bought a Mercedes S550, a state-of-the-art, high-tech vehicle with an antitheft keyless ignition system. After pulling into a Starbucks to celebrate with a grande latte and a scone while checking your messages on a BlackBerry, a man in a T-shirt and jeans with a laptop sits next to you and starts up a friendly conversation: "Is that the S550? How do you like it so far?" Eager to share, you converse for a few minutes, then the man thanks you and is gone. A moment later you look up to discover your new Mercedes is gone as well. Now, decrypting one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car--making the hack tempting for thieves. The owner of the code is now the true owner of the car. And while high-end, high-tech auto thefts like this are more common in Europe today, they will soon start happening in America. The sad thing is that manufacturers of keyless devices don't seem to care.

As the F-Secure blog put it -- you wouldn't dream of securing 100$K of information with a 40-bit encryption system, right?

And my first thought -- as in general with electronic locks -- is that as Matt Blaze has shown, analog keys are far worse. Look at your car key, or your house key -- how many real bits of information are encoded?

But the electronic start and everything else... it feels too clean. The advantageous property of analog cracking is that in public, it requires the criminal to act in some way that is different from a legitimate user. The scenerio presented was that I sit near the car or key holder for a couple of minutes -- no sign of entry -- and then to steal the car I just walk up to it, laptop in bag, like I had pressed the remote in my pocket, car starts and off we go.

Also, traditional lock-picking also requires the criminal to possess a skill that requires practice. With these electronic systems, people will download the right script... Script-kiddie car thieves?

Security Watch: Gone in 60 seconds--the high-tech version - CNET reviews

"With Italian models, all you need are scissors," he says.

But as technology increasingly countered traditional methods of car theft, the thieves themselves have had to adapt. "Now you need a lot more technology," Souček says.

Souček says he used a laptop that he modified to be able to disarm car security systems.

Fascinating about car theft rates in the Czech Republic.

Fascinating about how confident this well-known and outspoken car thief is that he'll get off. Because the Czech government requires the release of anyone held for more than a year without charge, and because they caught him with his laptop. His laptop with a comprehensive list of the cars he stole (connected to 150 cars in a six-month period)... and therefore the scope of bringing charges is so large.

The Prague Post Online

Ran into a file on my laptop with some funny quotes from Shmoocon this past January:

"Boobs are always relevant"
-Rattle

"That is the most manly drink I've ever seen you drink"
-Decius

"Into freaky shit. I mean, I'm asian and it was freaky to me!"
-timball

"Are you interested in making lots of money?"
"Sure, Don't we all?"
-Abaddon to some Amway drone

"I just want to smack these people and say 'It's a freaking pyramid schema!'"
-Acidus

Digital technology has changed the way we interact with everything from the games we play to the tools we use at work. Designers of digital technology products no longer regard their job as designing a physical object--beautiful or utilitarian--but as designing our interactions with it. In Designing Interactions, award-winning designer Bill Moggridge introduces us to forty influential designers who have shaped our interaction with technology. Moggridge, designer of the first laptop computer (the GRiD Compass, 1981) and a founder of the design firm IDEO, tells us these stories from an industry insider's viewpoint, tracing the evolution of ideas from inspiration to outcome. The innovators he interviews--including Will Wright, creator of The Sims, Larry Page and Sergey Brin, the founders of Google, and Doug Engelbart, Bill Atkinson, and others involved in the invention and development of the mouse and the desktop--have been instrumental in making a difference in the design of interactions. Their stories chart the history of entrepreneurial design development for technology.

Moggridge and his interviewees discuss such questions as why a personal computer has a window in a desktop, what made Palm's handheld organizers so successful, what turns a game into a hobby, why Google is the search engine of choice, and why 30 million people in Japan choose the i-mode service for their cell phones. And Moggridge tells the story of his own design process and explains the focus on people and prototypes that has been successful at IDEO--how the needs and desires of people can inspire innovative designs and how prototyping methods are evolving for the design of digital technology.

Designing Interactions is illustrated with more than 700 images, with color throughout. Accompanying the book is a DVD that contains segments from all the interviews intercut with examples of the interactions under discussion.

Interviews with:
Bill Atkinson • Durrell Bishop • Brendan Boyle • Dennis Boyle • Paul Bradley • Duane Bray • Sergey Brin • Stu Card • Gillian Crampton Smith • Chris Downs• Tony Dunne • John Ellenby • Doug Englebart • Jane Fulton Suri • Bill Gaver • Bing Gordon • Rob Haitani • Jeff Hawkins • Matt Hunter • Hiroshi Ishii • Bert Keely • David Kelley • Rikako Kojima • Brenda Laurel • David Liddle • Lavrans Løvlie • John Maeda • Paul Mercer • Tim Mott • Joy Mountford • Takeshi Natsuno • Larry Page • Mark Podlaseck • Fiona Raby • Cordell Ratzlaff • Ben Reason • Jun Rekimoto • Steve Rogers • Fran Samalionis • Larry Tesler • Bill Verplank • Terry Winograd • Will Wright

Award-winning designer Bill Moggridge is a founder of IDEO, one of the most successful design firms in the world and one of the first to integrate the design of software and hardware into the practice of industrial design. He has been Visiting Professor in Interaction Design at the Royal College of Art in London, Lecturer in Design at the London Business School, member of the Steering Committee for the Interaction Design Institute in Ivrea, Italy, and is currently Consulting Associate Professor in the Joint Program in Design at Stanford University.

Designing Interactions

Venture funded Language Weaver showed a taped demo of a bidirectional Arabic - English speech translation system, running on a laptop and used to interview informants and suspects in the field. It's not possible to assess its speaker independence and range of domains from a tape of course, but it's a reasonable first draft of something I've wanted since I first read about translator discs in Larry Niven's Ringworld, over thirty years back. Based on the pace of AI to date, I'd more or less given up on seeing it.

Due Diligence: The War and Technology Discontinuity

The 2005 Year in Graphs is being held up due to my broken laptop. We have never released it on time, so this should not shock anyone. This year I get to blame it on Apple.. Which is so much better than just saying "my code is broken" or "this database is insane", which is usually (truthfully) the case. I should be back to those default explanations in about a week, depending on how fast Apple support repairs my machine. At worst, when I'm no longer traveling I'll be able to get it done on my backup machine.

I'm looking forward to seeing it myself. It was an interesting year. Interesting in the "may you live in interesting times" kinda way. I hope that comes through in the end result.

2005 was a crappy year. I am very happy that it is now 2006. The first half of the uh-oh's is over. Is this the point where the decade starts to turn around? I know things don't necessarly work that way, but hope and delusion are closely related.

I hope everyone is having a good holiday season this year. I'm on the road, so my blogging will be very light for the next two weeks. My new laptop apparently has a bad stick of ram causing it to crash on me, making matters worse.

I'm going to pretend its a good thing. I could use a bit of a vacation.

With luck, you have found this site via either my original Stompbox How-To or the article I wrote for Make: Magazine. I've put up these pages under the stompboxnetworks.com name as the original URL (moro.fbrtech.com/~tora/EVDO) was rather ugly. All the old project pages are mirrored here now.
If you just wandered in here from a web-search or a curious click, you may be wondering just exactly what a 3G/Wifi StompBox is. A Stompbox is a home-brew WWAN (Wireless Wide Area Network) router. In more human terms, it's a compact little box that gets data from cellular towers and re-shares it for multiple computers to use.
To use it all one does is plug it in to the cigarette lighter of a car (or a 12v supply when at home). It automatically boots up and links in to a cellular data service, turning itself into an access point. Turn on your laptop, join the network and voila -- you're on the net! It's just like using a hotspot (such as they have at Starbucks and airports), but it goes anywhere you car goes. Some people have even hauled them around in backpacks to make themselves into a walking network access site.

The Stompbox 3G to WIFI hotspot

The green machine was showcased for the first time by MIT's Nicholas Negroponte at the UN net summit in Tunis.
He plans to have millions of machines in production within a year.
The laptops are powered with a wind-up crank, have very low power consumption and will let children interact with each other while learning.

UN debut for $100 laptop for poor