A Denver TSA employee who brought a handgun to the airport and passed it around the metal detector is still on the job. The TSA won't say if he's been disciplined -- or how -- for doing this stupid thing that would land any of the rest of us in Gitmo for a decade's worth of stress-positioning. Of course, we can't expect TSA screeners to be held to the same legal standard as the rest of us -- since they work for the security administration, then everything they do, by definition, must be good for security.

Airport documents show that the security office suspended Crabtree’s badge for 30 days as a result of the incident, but a TSA spokeswoman cited privacy rules when asked if Crabtree received any formal punishment.

Link

A "genetically distinct" virus that causes bleeding and shock has killed at least one man in a remote part of Bolivia. The highly deadly organism appears to be carried by rodents, according to a report released in the Public Library of Science journal PLoS Pathogens.

They have named the new virus the Chapare arenavirus, and say it is related to the viruses that cause Lassa fever and other rare viruses such as Junin, Machupo, Guanarito, and Sabia viruses. They have about a 30 percent fatality rate. But it is genetically distinct.

"It is quite a unique virus and we are suggesting that it be considered as a new species of arenavirus," Stuart Nichol of the U.S. Centers for Disease Control and Prevention, who helped study the virus, said in a telephone interview.

The 22-year-old man was one of several who died of hemorrhagic fever near Cochabamba, Bolivia. A team of Bolivian health authorities and U.S. Navy health experts from Lima, Peru, got the samples.

Link to Reuters item, and here's the original report in PLoS. Image: "Map of Bolivia showing location of the Chapare virus-associated HF case relative to the Beni region where Machupo virus-associated HF cases originate." (thanks, Mike Outmesguine)

"Up and Then Down," Nick Paumgarten's New Yorker feature on elevators, is centered around Nicholas White’s ordeal of being trapped in an elevator for 41 hours after he left his office at Business Week to go downstairs for a cigarette. The article is accompanied by an extraordinary time-lapse video of White in his cage, rattling back and forth like a trapped insect:

At a certain point, he decided to open the doors. He pried them apart and held them open with his foot. He was presented with a cinder-block wall on which, perfectly centered, were scrawled three “13”s—one in chalk, one in red paint, one in black. It was a dispiriting sight. He concluded that he must be on the thirteenth floor, and that, this being an express elevator, there was no egress from the shaft anywhere for many stories up or down. (Such a shaft is known as a blind hoistway.) He peered down through the crack between the wall and the sill of the elevator and saw that it was very dark. He could make out some light at the bottom. It looked far away. A breeze blew up the shaft.

He started to call out. “Hello?” He tried cupping his hand to his mouth and yelled out some more. “Help! Is there anybody there? I’m stuck in an elevator!” He kept at it for a while.

Link, Link to article (via Kottke)

Security expert Bruce Schneier wrote a great essay for Wired called "Inside the Twisted Mind of the Security Professional." He says "Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail."

Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.

I replied: “What’s really interesting is that these people will send a tube of live ants to anyone you tell them to.”

Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They can’t use a computer without wondering about the security vulnerabilities. They can’t vote without trying to figure out how to vote twice. They just can’t help it.

SmartWater is a liquid with a unique identifier linked to a particular owner. “The idea is for me to paint this stuff on my valuables as proof of ownership,” I wrote when I first learned about the idea. “I think a better idea would be for me to paint it on your valuables, and then call the police.”

Really, we can’t help it.

This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.

Link

Becky sez, "The Boing Boing discussion of the woman who let her kid find his way home alone on the subway got me interested in comparing that risk relative to the risk of a child dying in a car accident. What I discovered en route is a treasure trove of car accident data, which can be sliced and diced any way you want it--click the Query tab for an array of very specific variables. (Want to know how many people died in car accidents in Tompkins County, New York, on Martin Luther King Day in 2004 while riding in the back seat on the right-hand side of a vehicle traveling at 23 miles an hour driven by a female living in zip code 60656? No problem. And that barely scratches the surface of the possibilities.) I answered my initial question, then played with the thing for hours." Link (Thanks, Becky!)

Lenore Skenazy, the author of the kick-ass column about letting her kid ride the subway alone, has started a blog called Free Range Kids, with a stirring call to action:

Do you ever... ..let your kid ride a bike to the library? Walk alone to school? Take a bus, solo? Or are you thinking about it? If so, you are raising a Free Range Kid! At Free Range, we believe in safe kids. We believe in helmets, car seats and safety belts. We do NOT believe that every time school age children go outside, they need a security detail. Most of us grew up Free Range and lived to tell the tale. Our kids deserve no less. This site dedicated to sane parenting. Share your stories, tell your tips and maybe one day I will try to collect them in a book. Meantime, let's try to help our kids embrace life! (And maybe even clear the table.)

Link (via Making Light)

Red light cameras cause more accidents, and not just because drivers slam their brakes to avoid getting a robo-ticket -- also because the optimal money-making strategy for red-light cams is to make them less safe.

If city planners want to reduce traffic accidents at intersections, the best practice is to make the yellow last longer and insert a pause between the red signal on one side and the green on the other. However, if the objective is to make as much money as possible from red-light cameras, the best thing to do is shorten the yellow signal, eliminate the pause, and enrich the city coffers (even as you kill its citizens).

Leftlane reports that six cities have been caught turning down the yellows to make more money. Link (via /.)

Bruce Schneier's launched his annual "Movie Plot Threat Contest," in which he challenges his readers to come up with ridiculous threat-scenarios (think of blowing up an airplane armed with nothing but some optimistic misapprehensions about organic chemistry, Tang, and hydrogen peroxide). A condition of the competition is that your weird-ass threat has to be preventable by means of a snake-oil security product that you want to sell us (bonus points if deploying your product makes our lives hell -- shoe-removing, liquid-confiscating indiginities!).

There's a ton of great entries already -- I like this one, from R. Serrano:

PROTECT your family!, SERVE your country!

Would you LIKE some terrorist bombing your son's school with YOUR VERY OWN just stolen and filled with EXPLOSIVES car?

Don't let this happen with CURARE SHOTS! An easy to mount hypodermic syringe hidden beneath the seat of your car prevents burglars, thieves and TERRORISTS to MISUSE your car in ways YOU COULD NEVER IMAGINE by literally stopping them on the seat of your car while a wireless silent alarm* warns the closest police station and a text message is sent to your cell phone**.

PROTECT your family AND SERVE your country well with CURARE SHOTS.

* Alarm sold separately.
** Text message service only available with selected providers.

Link (Thanks, Bruce!)

Julio Diaz, a social worker, was robbed at knifepoint by a teenaged mugger in the Bronx. Instead of getting angry or scared, he offered the kid his coat, and struck up a friendship:

As the teen began to walk away, Diaz told him, "Hey, wait a minute. You forgot something. If you're going to be robbing people for the rest of the night, you might as well take my coat to keep you warm."

The would-be robber looked at his would-be victim, "like what's going on here?" Diaz says. "He asked me, 'Why are you doing this?'"

Diaz replied: "If you're willing to risk your freedom for a few dollars, then I guess you must really need the money. I mean, all I wanted to do was get dinner and if you really want to join me ... hey, you're more than welcome.

Link (via Kottke)

Update: Boing Boing is not in a position to fact-check this story, nor any of the versions of it reported in the comment thread.

This appears not to be a joke: the Quantum Sleeper is a bed that hermetically seals itself as you sleep to protect you from "Bio-Chemical terrorist attack," "natural disaster," "kidnappers/stalkers" (only those who don't possess a forklift, surely) and affords "Bulletproof 'Saferoom' protection."

1.25" Polycarbonate Bulletproof Plating/Shielding
Bio-Chemical Filtered Ventilation
Rebreather
Control Panel Mode Selection (i.e., Basic System Ops., Intruder Setting, Energy Status, Lock Down, etc.)
Cover & Door Actuators w/ Emergency Release
One way see through head cover (reflective mirror on 2 sides and front)
Safety Features (Proximity Sensor, O2 Sensor, Smoke Det., Motion Det. Ect,)
Emergency Communication system (Cellular, Short-wave Radio, CB ect.)
Audio Amplifier (Amplify sound from out side unit)

Air/Water Tight Sealing
External Override Key Pad & Remote Control
Battery Backup Power
Toiletry system

Ect! Link (via Warren Ellis)

See also: Creepy bed doubles a safe room

Ross sez, "The State Department is making a profit on every passport ordered by a US citizen because it has outsourced printing to Asia, including a Thai company that has had had problems with Chinese espionage. Not only is this stupidity from an administration supposedly committed to keeping the USA safe, it may also be illegal since Congress requires such activities to be break-even rather than to profit from the citizens it supposedly serves."

But GPO Inspector General J. Anthony Ogden, the agency's internal watchdog, doesn't share that confidence. He warned in an internal Oct. 12 report that there are "significant deficiencies with the manufacturing of blank passports, security of components, and the internal controls for the process."

The inspector general's report said GPO claimed it could not improve its security because of "monetary constraints." But the inspector general recently told congressional investigators he was unaware that the agency had booked tens of millions of dollars in profits through passport sales that could have been used to improve security, congressional aides told The Times

Link

Transport For London's brilliant "Do the Test" cycling safety video invites you to pay close attention to a video of some basketball players, then demonstrates just how little you really saw, ending with a voice-over that explains how easy it is to miss things you're not looking for, like cyclists:

This phenomenon is known as "change blindness" - only a tiny fraction of all the information going into your brain enters your consciousness. People often fail to see a change in their surroundings because their attention is elsewhere.

Even stranger, if you are concentrating on something, you can become blind to other events that you would normally notice. This "inattention blindness" is possibly the reason why motorists collide with cyclists.

Just as it is important for road users to keep an eye out for cyclists, cyclists must also take steps to ensure they are seen by motorists.

Link (Thanks, Mr Jalopy!)

Remember when they gave pilots guns to increase airplane security? On Saturday, a US Airways pilot accidentally fired his gun in the cockpit while trying to stow it, blowing a hole in the plane. Security expert Peter Biddle uses this as an object lesson to explain why "trust isn't transitive."

Let’s look at this quote from the article in question, attributed to Mike Boyd: “if somebody who has the ability to fly a 747 across the Pacific wants a gun, you give it to them.” This is a horribly flawed assumption, because it assumes that trust is transitive, when clearly it isn’t.

The reason trust isn’t transitive is because trust is most often based on data regarding the past which allows us to make assumptions about specific competence, quality of performance, and behaviors in the future.

We can assume that a trained pilot, when facing piloty thingies, will act like a trained pilot. WE CANNOT ASSUME THAT A TRAINED PILOT WILL ACT LIKE A TRAINED LION-TAMER WHEN FACING A WILD LION.

Skills from one domain cannot simply be moved from that domain to another. Saliently, the pilot in question must have thousands of hours of flight time, has done the pre-flight check hundreds or even thousands of times, has been steeped in pilot-ness and thus pilot-safety, probably since he was a late teen. He’s very likely an extraordinarily safe pilot. We can assume that every experienced 747 pilot has a keen awareness of the potential lethality of full loaded 747. In the past we can assume that they at least had a deep appreciation of the potential for harm to their own passengers, and post 9/11 we can assume that they appreciate the harm their plane can be to thousands of additional people.

Link

The Bush Administration has finally filled the long-vacant "cyber-security czar" -- with a guy who has no experience with cyber-security (though he seems a decent sort).

By all accounts, Beckstrom is neither a cyber-security expert nor a Washington insider. But his private-sector background and published writings emphasize a decentralized approach to managing large organizations.

Link (via Schneier)

Charles sez, "This Oregon resident lost almost all of his possessions including his horse (which he got back) because someone posted a craigslist ad saying that he had to move suddenly and that everything at his house was up for grabs. When he returned home to confront the people looting his house, many of them refused to give the stuff back. They simply waved a print out of the craigslist ad in his face as if that was some sort of proof that they were in the right."

Once home he was greeted by close to 30 people rummaging through his barn and front porch.

The trespassers, armed with printouts of the ad, tried to brush him off. "They honestly thought that because it appeared on the Internet it was true," Salisbury said. "It boggles the mind."

Jacksonville police and Jackson County sheriff's deputies arrived but by then several cars packed with Salisbury's property had fled.

He turned some license plate numbers over to police.

Link (Thanks, Charles!)

Lamperd, a "firearm training system" company, has patented a bracelet that delivers debilitating shocks when remotely triggered. Their killer app for this is aviation safety: they're proposing that the TSA could force everyone who flies to wear one of these and then flight-attendants could zap us into a stupor if we turn out to be Al Quaeda.

A method of providing air travel security for passengers traveling via an aircraft comprises situating a remotely activatable electric shock device on each of the passengers in position to deliver a disabling electrical shock when activated; and arming the electric shock devices for subsequent selective activation by a selectively operable remote control disposed within the aircraft. The remotely activatable electric shock devices each have activation circuitry responsive to the activating signal transmitted from the selectively operable remote control means. The activated electric shock device is operable to deliver the disabling electrical shock to that passenger.

Best part? They're Canadian! Oh, my countrymen, you have a wicked sense of humo(u)r.

Link to patent, Link to Lamperd FTS site (via Schneier)

Lee Gomes of the Wall Street Journal writes that recent research shows that a brain rewards itself with a squirt of natural opiates when it comes across new information that requires interpretation. That's why, he concludes, people stay on the Web for long periods of time.

What is it about a Web site that might make it literally irresistible? Clues are offered by research conducted by Irving Biederman, a neuroscientist at the University of Southern California, who is interested in the evolutionary and biological basis of the human need for information.

Dr. Biederman first showed a collection of photographs to volunteer test subjects, and found they said they preferred certain kinds of pictures (monkeys in a tree or a group of houses along a river) over others (an empty parking lot or a pile of old paint cans).

The preferred pictures had certain common features, including a good vantage on a landscape and an element of mystery. In one way or another, said Dr. Biederman, they all presented new information that somehow needed to be interpreted.

When he hooked up volunteers to a brain-scanning machine, the preferred pictures were shown to generate much more brain activity than the unpreferred shots. While researchers don't yet know what exactly these brain scans signify, a likely possibility involves increased production of the brain's pleasure-enhancing neurotransmitters called opioids.

Link

The TSA endangered the life of child who has a surgical feeding tube in his stomach by opening up his backup tube, contaminating it. The child pleaded with the TSA officer, who said that she had to open it or refuse to allow the child to board the plane. After an Orlando television station investigated the story, the TSA agreed to look into the incident:

James Hoyne, 14, has a feeding tube in his stomach and carries a back-up in a sealed clear plastic bag. Hoyne said two weeks ago a TSA officer insisted on opening the sterile equipment, contaminating his back-up feeding up tube which he later needed.

"I said 'Please don't open it' and she said 'I have to open it whether you like it or not. If I can't open it, I can't let you on the plane,'" Hoyne said of his conversation with the TSA screener.

Link

Click for larger size. I'm at O'Reilly's ETech conference in San Diego, shooting stuff for Boing Boing tv. I ran into my friend Anil Dash from Six Apart (the company that makes the Movable Type platform we use to publish BB). I ogled his Clear card, which he received as a speakers' gift from another event. Later, the BBtv team and I shot a segment about devices that can be used to sniff out and display personal data stored on RFID-embed cards such as this. Schneier has an thoughtful post up about Clear, here.

Please don't flame Anil in the comments, he's not a Clear spokesperson, he was just kind enough to show me the card he received as speaker schwag.

Update: Anil wrote up a review of the Clear card a while back. Snip:

I think any feeling person's gonna have a little bit of guilt using this Clear to skip the security line. There's no more straightforward expression of class inequity than the fact that I can use my disposable income to get treated better in a situation that is mandated and policed by our federal government. We all reckon with these things in our own way, but this falls squarely into the category of things make you confront your privilege in an unsubtle way.

I'm at the O'Reilly Emerging Tech conference in San Diego -- the highlight of my conference-going year, every year, for most of a decade now -- and I've just caught Saul Griffith's presentation of hacking and understanding energy consumption and production. Saul's a brilliant polymath geek, an MIT Media Lab alum who's responsible for everything from Howtoons to Squid Labs to a new alternative energy company (he was awarded the MacArthur Genius Grant this year).

Saul's talk was a fast-paced discussion of the cold, hard, engineering reality of CO2 production, its relationship to energy consumption, climate change, and the human cost of all that. Saul sliced and diced the numbers every which way from joules per nanosecond to total wave-energy of the entire Earth, and laid out the program we need to adopt if we're going to do something about it.

This was a refreshing, engineer-oriented, can-do approach to climate, one that actually ended on an up note (if you do the stuff you want to do: exercise more, buy better stuff, do fewer business trips, live closer to your loved ones, and so on, you can reduce your energy consumption by 90 percent).

I took notes as fast as I could through the talk and I've put them online.

What does 2C mean?

Reports from BP and others are pretty conservative: 1.5 deg == 10% species lost, 3.5 deg 1-4 billion people in water shortage; 4.5 deg == entire cities and countries vanish

But none of these account for the environmental consequences of these consequences, e.g., what happens when 10 million people leave a drowned city and go somewhere else (war, famine, etc)

At 450 ppm CO2 temp goes up 2C.

We have to accept 2GtC into oceans/year, even though ocean acidification has its own grave consequences

There are long time-lags in the system -- CO2 is a lead indicator. Curve down the CO2 for 50 years, reap the rewards over 300 years.

It takes centuries after CO2 stabilization to reap temperature stabilization -- we've never deployed this kind of foresight before

2C gives you 7.3 GTCO2

Link to my notes, Link to talk precis

(I'm liveblogging from TED 2008, in Monterey, CA)

Presenter: MIT Media Lab's Todd Machover, who talks about how music has a special power in our lives.

We all love music, but it's even more powerful if you don't just listen to it -- you must make it yourself. Mozart Effect (increasing IQ in babies by subjecting them to music) doesn't work, you can't just listen to music to become smarter, you have to make it.

He created Brain Opera, which is 100 instruments anyone can play using natural skills -- you don't need to know how to play a traditional instrument. The Brain Opera led to Guitar Hero, which also came out of MIT Media Lab.

Music can change your life and the way you communicate with others and change your mind. What's after Guitar Hero? We are making toys for little kids like squeezie instruments. Software to help kids make music, called Hyperscore, allows anyone to compose music.

Music is one of the only things that people with advanced Alheimer's can respond to. It's also good for people with schizophrenia and other metal illnesses. Music is accelerating treatment in hospitals.

Music shows you who you really are. He says he's more nervous talking on stage than playing music. He's working on an opera called Death and the Powers. It will premiere in Monaco in September 2009. It's about a rich guy who wants to live forever, so he downloads himself into the environment. The stage becomes a character. The stage is a giant stringed instrument. There's also an army of robots on stage, a Greek chorus that observes the action. They are cubes, but they have a lot of personality. Stage also has a library with robotic books, each of which have high packed LEDs on the spines.

Machover wants to make personal opera and personal instruments, that can be adapted to the way you personally behave. It's the future of interfaces. He invites a young man on stage. His name is Dan Ellsey and he's in a wheelchair. He has cerebral palsy. He was flown in from the hospital where he lives in a special jet. He hardly ever travels -- this is the second time he's been out of Massachusetts in his life. He's using a text-to-speech to talk the audience. He just said he loves musics, and is using this personal instrument to compose and perform music.

Dan says he is going to perform a song called, "My Eagle Song." They are showing his Hyperscore composition. Now the music is playing. I'm not sure if Dan is controlling the playing of the music or not: he has a headband with some LEDs on it, and an iSight camera trained on him, so I think he is controlling the playback of his composition in some way.

Here's an article about Dan with a link to his music. Link

(I'm liveblogging from TED 2008, in Monterey, CA) Presenter: Irwin Redlener, MD.

Irwin Redlener, MD is president of the Children's Health Fund spoke about how much loose nuclear material there is in the world, and how easy it is to make a suitcase nuke. Nuclear terrorism is probable, but survivable, he says. I missed most of his talk while typing up the last one (I'm sure Ethan Zuckerman will have a nice report on the talk). Here's a slide Redlener prepared on how to survive a nuclear attack.

Declan McCullagh reports at News.com that....

Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account.

The vulnerability arises out of a programming error that stores the account password in the computer's memory long after it's needed, meaning it can be retrieved and used to log into the computer and impersonate the user.

"This is a real problem and it needs to be fixed," said Jacob Appelbaum, a San Francisco-area programmer who discovered the vulnerability and reported it to Apple. He said he disagreed with the company's response: "They won't put it in the latest security update or release a security update just for this issue."

Appelbaum is one of the team of researchers who published a "cold boot" paper last week describing unrelated vulnerabilities in encrypted filesystems, including Apple's FileVault, Windows Vista's BitLocker, and a number of open-source ones.

Link. Image: "Rebooting the target MacBook in a studio at CNET on Second Street in San Francisco. From left to right: Paul, Schoen, Appelbaum, and [Declan McCullagh].

Update: All of the technical details are here on bugtraq.

(I'm liveblogging from TED 2008, in Monterey, CA)

Presenter: Susan Blackmore, author of The Meme Machine.

History of life is a history of replicators.

Language is a parasite we've adapted to. It may have started out being harmful, but we've developed a symbiotic relationship with it.

First replicators were genes. Then memes. We now have temes (tech memes) are a third repliciator on our planet.

Don't think of intelligence, thinnk of replicators.

New Drake equation. Start with number of planets -- what fraction of those get a first replicator, a 2nd replicator, a 3rd?

Getting a new replicator is dangerous. We need to pull through each time. The 2nd replicator (memes) was dangerous -= big brains are painful: kills a lot of mothers and babies. Brains uses 20% of body energy for 2% of body weight; it may have nearly killed us off.

temes are just information -- they use humans to suck up planet's resources. Don't think we created the internet to benefit us; we are being being used by temes. It convenient for temes to piggyback on us because we replicate. But when temes can replicate without us, they will carry on without us.

Jacob sez, "I'd like to pass on a nice practical attack against the Chip and Pin system used in most of the world Saar Drimer, Steven J. Murdoch and Ross Anderson, researchers at the University of Cambridge, have shown how to compromise supposedly tamper-proof Chip and PIN terminals. With a paperclip, off the shelf electronics, and basic technical skills, fraudsters can capture card details and PINs, then create counterfeit cards. The full results of the team are published their academic paper and were featured on BBC Newsnight." Link (Thanks, Jake!)

Two security researchers demonstrated a way to crack cellular phone encryption during this week's Black Hat security conference in DC:

David Hulton and Steve Muller demonstrated a new technique for cracking the encryption used to prevent eavesdropping on global system for mobile communications (GSM) cellular signals, the type of radio frequency coding used by major cellular service providers including AT&T, Cingular and T-Mobile. Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment.

Hulton, director of applications for the high-performance computing company Pico, and Muller, a researcher for mobile security firm CellCrypt, plan to make their decryption method free and public. In March, however, they say they'll start selling a faster version that can crack GSM encryption in just 30 seconds, charging between $200,000 and $500,000 for the premium version.

Who will be the customers for their innovative espionage technique? Hulton and Muller say they aren't sure yet. But they plan to offer the method to companies that will integrate it with radio technology, not sell it directly to the law enforcement and criminal customers who will undoubtedly be interested in putting it to use. "We're not creating the technology that does the interception," Muller says. "All this does is crunch data."

Link (thanks, JGB!)