Andrew Patrick

There are real, human risks to bad security. Infections on computers by spyware and viruses not only can make the computers slow, and lead to the loss of private information, but they can also make the computers misbehave in unusual ways. One of these ways is for many, many pop-up windows to appear on the screen, out of the control of the user. I have had this happen to my computer, and it is not pleasant. But I did not have to deal with over-reacting parents, and uninformed school system, and a crazy court system.

This is the detailed story of how a Connecticut teacher was convicted and then later vindicated with the help of a geek. She was still convicted of lessor charges and lost her teaching license, but avoided jail with the help of her “shining star”.

The risk of computer infections is bad enough, but the risk caused by people in authority not understanding the technology, its behavior, and its limitations is horrible.

How spyware nearly sent a teacher to prison

If there’s a poster child for the dangers of spyware, it’s Julie Amero.

The 41-year-old former substitute teacher was convicted of four felony counts of endangering minors last year, stemming from an Oct. 19, 2004, classroom incident where students were exposed to inappropriate images.

Prosecutors had argued that Amero put her students at risk by exposing them to pornography and failing to shield them from the pop-up images after they appeared on her classroom computer.

According to David Fraser, the issue of pre-employment polygraph (lie detector) screening has been raised in Halifax. Apparently, the police and fire services there are requiring potential employees to submit to a polygraph test (and pay for it). It appears that the debate has centered around the privacy issues raised by the questions being asked. Equally important is the accuracy question — are polygraph examinations accurate for determining the truth. The answer is clear no (see my previous post here), and yet organizations continue to use polygraph.

Slaw: Pre-employment screening

According to media reports, anybody applying for a job that falls within the purview of the Halifax Police Service and Fire Service is required to pay for a polygraph examination that includes a range of questions, some of which have been considered to be objectionable.

It is interesting to review the court decision (R. v. BÉLAND) mentioned in the Slaw article. That court found that polygraph evidence was not admissable in this case, even though they did not address the issue of the accuracy of the polygraph.

…the polygraph has no place in the judicial process where it is employed as a tool to determine or to test the credibility of witnesses.

…

…this view is not based on a fear of the inaccuracies of the polygraph. On that question we were not supplied with sufficient evidence to reach a conclusion. However, it may be said that even the finding of a significant percentage of errors in its results would not, by itself, be sufficient ground to exclude it as an instrument for use in the courts.

And be sure to check out this funny YouTube video…

It seems that PayPal is adding a second factor authentication scheme based on SMS text messages. These schemes work by send a unique code to your pre-registered cell phone, and you have to echo back that code to login. This kind of two-factor authentication (traditional password and unique SMS code) is a great idea, especially for services like PayPal that are frequent fraud targets.

PayPal offers SMS security key for mobile users

PayPal’s chief information security officer, Michael Barrett, believes this form of two-factor authentication, in which you need both something you know (your account password), and something you have (in this case, your mobile phone) is the next logical step for the company as it tries desperately to protect users against online security threats.

This is an interesting article by Camilo Viecco and Jean Camp of Indiana U on the recent rescue of hostages being held by the Columbian group FARC. There are interesting parallels between the real-world, life-and-death methods used for this rescue and the everyday attacks and defenses that occur in the online world.

A Life or Death InfoSec Subversion

…here we can look at a real-life analogue—an information attack on a highly complex security system, that of the Colombian guerrilla group FARC (Fuerzas Armadas Revolucionarias de Colombia, or the Revolutionary Armed Forces of Colombia). This operation included a man-in-the-middle attack, targeted denial of service (DoS), and authentication subversion. The attack on FARC’s communications structure is interesting not only because of its electronic and analog components, but also because it was a life-or-death matter.

I thought that Canada had mostly avoided the Intelligent Design controversy, but it seems that we have not. This article describes a disturbing statement from our Social Sciences and Humanities Research Council (SSHRC) concerning the rejection of an application to study “the detrimental effects of popularizing anti-evolution’s intelligent design theory on Canadian students, teachers, parents, administrators and policymakers.”

One Large Defeat for Science in Canada

For some reason, however, the adjudication committee that reviewed Alters’s application could not resist, in its statement of rejection, adding the following gratuitous comment:

Nor did the committee consider that there was adequate justification for the assumption in the proposal that the theory of Evolution, and not Intelligent Design Theory, was correct. . . .

This is the statement that caused concern among scientists around the world. Was SSHRC buying the creationist ploy of intelligent design, a shallow and obvious strategy to bring religion into the science classroom? Do people at SSHRC really think that the religious idea of intelligent design is just as valid as evolution?

James “The Amazing” Randi, “the Willy Wonka of scepticism, the Evel Knievel of debunking” was recently in London for what sounds like a very interesting evening…

An Evening with James Randi and Friends

[Randi] says the difference between a stage magician (or conjuror) and a self-proclaimed psychic is that the magician has an unspoken agreement with his audience. He will lie, cheat and generally employ all manner of deception in order to fool them; but this is part of the act. He is doing it purely for the benefit of their entertainment. Once the show is over, so too is the deception.

In contrast, the psychic demands the suspension of disbelief on a permanent basis. Randi draws the analogy of a Shakespearian actor asking the audience to accept that he really is the prince of Denmark. “Why are we not insulted by this?” he asked, “And why do such claims go largely unchallenged in our culture?”

This is an interesting article from Psychology Today, via Bruce Schneier. It explains how con artists exploit our trust in part by showing that they trust us, and they appear to be making themselves vulnerable. The author describes THOMAS, The Human Oxytocin Mediated Attachment System, as a key brain circuit involved in trust decisions.

How to Run a Con

The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS, the human brain makes us feel good when we help others–this is the basis for attachment to family and friends and cooperation with strangers. “I need your help” is a potent stimulus for action.

Hmmmm…. I got my oil changed this week and I, too, was offered an “engine flush” because my oil “looked dirty”. My last service was a routine, major service at the dealer so I refused the flush and just went with a regular oil change. It seems that this was the right decision, all the time.

Could This Damage Your Car?

“After engine flushes, there’s a pretty high incidence of some damage to the interior of the engine,” Chris Martin of Honda tells NBC Los Angeles.

That’s why Honda issued a memo to mechanics advising them not to perform engine flushes. Other major car-makers, including Ford, General Motors, and Nissan have all issued similar advisories against the service.

Why? Over time, gummy deposits can build up inside your engine. The chemicals used for engine flush, are supposed to break up those deposits. But car-makers say, pieces of that broken up sediment can clog up other parts of the engine and ruin it.

It seems that sleeping with your cellphone on the bed-side table is common. I thought it was only the habit of teenagers, and the parents of late-night teenagers, but apparently not. There is also some interesting data about how attached people are to their phones (willing to snatch it from the mouth of a rat? — who thinks up these questions).

More Men than women sleep with their cell phone

According to a study commissioned by the folks Windows Mobile, and carried out by research firm Ipsos Reid, three in ten Canadian cell phone owners say they sleep with their phone beside their bed at night. For reasons that might never be clear to any of us, men (36%) are more likely than women (24%) to say that their cellphone rests next to their bed at night.

Lauren Weinstein has posted about a troubling development in Italy involving free speech vs. privacy protections. What would happen if service providers, such as You Tube, become responsible for content they don’t control?

What are you in for, kid? – “I worked for Google … “

In Italy, prosecutors are bringing charges against four former and current Google employees, charging them with defamation and failure to appropriately control personal data.

The defendants in this case didn’t post anything themselves. At issue is the posting of a video in 2006 to YouTube that showed students humiliating a youth with Down syndrome. Italian authorities are asserting that the posting of this video is contrary to Italian law, even though the video was removed from YouTube by Google within hours of Google being notified of its existence.