This page has moved to a new address.

Reconnaissance Gone Retail and Security - A Challenging Duality

body { background:#aba; margin:0; padding:20px 10px; text-align:center; font:x-small/1.5em "Trebuchet MS",Verdana,Arial,Sans-serif; color:#333; font-size/* */:/**/small; font-size: /**/small; } /* Page Structure ----------------------------------------------- */ /* The images which help create rounded corners depend on the following widths and measurements. If you want to change these measurements, the images will also need to change. */ @media all { #content { width:740px; margin:0 auto; text-align:left; } #main { width:485px; float:left; background:#fff url("http://www.blogblog.com/rounders/corners_main_bot.gif") no-repeat left bottom; margin:15px 0 0; padding:0 0 10px; color:#000; font-size:97%; line-height:1.5em; } #main2 { float:left; width:100%; background:url("http://www.blogblog.com/rounders/corners_main_top.gif") no-repeat left top; padding:10px 0 0; } #main3 { background:url("http://www.blogblog.com/rounders/rails_main.gif") repeat-y; padding:0; } #sidebar { width:240px; float:right; margin:15px 0 0; font-size:97%; line-height:1.5em; } } @media handheld { #content { width:90%; } #main { width:100%; float:none; background:#fff; } #main2 { float:none; background:none; } #main3 { background:none; padding:0; } #sidebar { width:100%; float:none; } } /* Links ----------------------------------------------- */ a:link { color:#258; } a:visited { color:#666; } a:hover { color:#c63; } a img { border-width:0; } /* Blog Header ----------------------------------------------- */ @media all { #header { background:#456 url("http://www.blogblog.com/rounders/corners_cap_top.gif") no-repeat left top; margin:0 0 0; padding:8px 0 0; color:#fff; } #header div { background:url("http://www.blogblog.com/rounders/corners_cap_bot.gif") no-repeat left bottom; padding:0 15px 8px; } } @media handheld { #header { background:#456; } #header div { background:none; } } #blog-title { margin:0; padding:10px 30px 5px; font-size:200%; line-height:1.2em; } #blog-title a { text-decoration:none; color:#fff; } #description { margin:0; padding:5px 30px 10px; font-size:94%; line-height:1.5em; } /* Posts ----------------------------------------------- */ .date-header { margin:0 28px 0 43px; font-size:85%; line-height:2em; text-transform:uppercase; letter-spacing:.2em; color:#357; } .post { margin:.3em 0 25px; padding:0 13px; border:1px dotted #bbb; border-width:1px 0; } .post-title { margin:0; font-size:135%; line-height:1.5em; background:url("http://www.blogblog.com/rounders/icon_arrow.gif") no-repeat 10px .5em; display:block; border:1px dotted #bbb; border-width:0 1px 1px; padding:2px 14px 2px 29px; color:#333; } a.title-link, .post-title strong { text-decoration:none; display:block; } a.title-link:hover { background-color:#ded; color:#000; } .post-body { border:1px dotted #bbb; border-width:0 1px 1px; border-bottom-color:#fff; padding:10px 14px 1px 29px; } html>body .post-body { border-bottom-width:0; } .post p { margin:0 0 .75em; } p.post-footer { background:#ded; margin:0; padding:2px 14px 2px 29px; border:1px dotted #bbb; border-width:1px; border-bottom:1px solid #eee; font-size:100%; line-height:1.5em; color:#666; text-align:right; } html>body p.post-footer { border-bottom-color:transparent; } p.post-footer em { display:block; float:left; text-align:left; font-style:normal; } a.comment-link { /* IE5.0/Win doesn't apply padding to inline elements, so we hide these two declarations from it */ background/* */:/**/url("http://www.blogblog.com/rounders/icon_comment.gif") no-repeat 0 45%; padding-left:14px; } html>body a.comment-link { /* Respecified, for IE5/Mac's benefit */ background:url("http://www.blogblog.com/rounders/icon_comment.gif") no-repeat 0 45%; padding-left:14px; } .post img { margin:0 0 5px 0; padding:4px; border:1px solid #ccc; } blockquote { margin:.75em 0; border:1px dotted #ccc; border-width:1px 0; padding:5px 15px; color:#666; } .post blockquote p { margin:.5em 0; } /* Comments ----------------------------------------------- */ #comments { margin:-25px 13px 0; border:1px dotted #ccc; border-width:0 1px 1px; padding:20px 0 15px 0; } #comments h4 { margin:0 0 10px; padding:0 14px 2px 29px; border-bottom:1px dotted #ccc; font-size:120%; line-height:1.4em; color:#333; } #comments-block { margin:0 15px 0 9px; } .comment-data { background:url("http://www.blogblog.com/rounders/icon_comment.gif") no-repeat 2px .3em; margin:.5em 0; padding:0 0 0 20px; color:#666; } .comment-poster { font-weight:bold; } .comment-body { margin:0 0 1.25em; padding:0 0 0 20px; } .comment-body p { margin:0 0 .5em; } .comment-timestamp { margin:0 0 .5em; padding:0 0 .75em 20px; color:#666; } .comment-timestamp a:link { color:#666; } .deleted-comment { font-style:italic; color:gray; } .paging-control-container { float: right; margin: 0px 6px 0px 0px; font-size: 80%; } .unneeded-paging-control { visibility: hidden; } /* Profile ----------------------------------------------- */ @media all { #profile-container { background:#cdc url("http://www.blogblog.com/rounders/corners_prof_bot.gif") no-repeat left bottom; margin:0 0 15px; padding:0 0 10px; color:#345; } #profile-container h2 { background:url("http://www.blogblog.com/rounders/corners_prof_top.gif") no-repeat left top; padding:10px 15px .2em; margin:0; border-width:0; font-size:115%; line-height:1.5em; color:#234; } } @media handheld { #profile-container { background:#cdc; } #profile-container h2 { background:none; } } .profile-datablock { margin:0 15px .5em; border-top:1px dotted #aba; padding-top:8px; } .profile-img {display:inline;} .profile-img img { float:left; margin:0 10px 5px 0; border:4px solid #fff; } .profile-data strong { display:block; } #profile-container p { margin:0 15px .5em; } #profile-container .profile-textblock { clear:left; } #profile-container a { color:#258; } .profile-link a { background:url("http://www.blogblog.com/rounders/icon_profile.gif") no-repeat 0 .1em; padding-left:15px; font-weight:bold; } ul.profile-datablock { list-style-type:none; } /* Sidebar Boxes ----------------------------------------------- */ @media all { .box { background:#fff url("http://www.blogblog.com/rounders/corners_side_top.gif") no-repeat left top; margin:0 0 15px; padding:10px 0 0; color:#666; } .box2 { background:url("http://www.blogblog.com/rounders/corners_side_bot.gif") no-repeat left bottom; padding:0 13px 8px; } } @media handheld { .box { background:#fff; } .box2 { background:none; } } .sidebar-title { margin:0; padding:0 0 .2em; border-bottom:1px dotted #9b9; font-size:115%; line-height:1.5em; color:#333; } .box ul { margin:.5em 0 1.25em; padding:0 0px; list-style:none; } .box ul li { background:url("http://www.blogblog.com/rounders/icon_arrow_sm.gif") no-repeat 2px .25em; margin:0; padding:0 0 3px 16px; margin-bottom:3px; border-bottom:1px dotted #eee; line-height:1.4em; } .box p { margin:0 0 .6em; } /* Footer ----------------------------------------------- */ #footer { clear:both; margin:0; padding:15px 0 0; } @media all { #footer div { background:#456 url("http://www.blogblog.com/rounders/corners_cap_top.gif") no-repeat left top; padding:8px 0 0; color:#fff; } #footer div div { background:url("http://www.blogblog.com/rounders/corners_cap_bot.gif") no-repeat left bottom; padding:0 15px 8px; } } @media handheld { #footer div { background:#456; } #footer div div { background:none; } } #footer hr {display:none;} #footer p {margin:0;} #footer a {color:#fff;} /* Feeds ----------------------------------------------- */ #blogfeeds { } #postfeeds { padding:0 15px 0; }

Thursday, November 4, 2010

Reconnaissance Gone Retail and Security - A Challenging Duality

Reconnaissance has “gone retail.” Capabilities that used to be the costly province of nation states have been democratized.

Communications technologies have become so pervasive that a newborn's first pictures are likely to be transmitted wirelessly within moments of birth, arriving at beaming grandparents half a world away within seconds, if not in real-time.

Smart phones, digital cameras, and netbooks, are only the most recent signposts on a road of information fluidity.

Life can certainly be more pleasant and entertaining when distant events are no longer distant; when a child's birth or first steps can be shared with friends and family half a world away in mere seconds.

At a recent security conference in Tel Aviv, Yuval Diskin, the Director of Shin Beth, an Israeli intelligence agency, recently observed:[1]

“Intelligence once enjoyed only by countries and world powers can now be obtained through Internet systems like Google Earth, Internet cameras that are deployed all over the world and linked to the Web, or applications for IPhone [sic] devices that allow for quality intelligence to be received in real-time.”

Director Diskin has a point, albeit this djinni escaped its bottle long before the most recent cavalcade of portable electronic devices and network connectivity.

I noted that connectivity, accessibility and computing power created a collation hazard in 1995.[2]

In 2002, I noted a corollary of this: that the costs of data collection and correlation had decreased dramatically,[3] from the scale of a nation state to the retail level, exposing people to hazards previously feasible, but uneconomically unviable (e.g., the 1989 murder of actress Rebecca Shaeffer by an obsessed stalker who located her residence from then easily available public motor vehicle records).

Intent is difficult, if not impossible to determine. Nature is always impartial. Physics rules with draconian impartiality.

This underlies a duality that many find troubling: Connectivity brings us closer together, both friend and foe. Our great-grandparents waited anxiously for letters to arrive bearing the first pictures of a new grandchild; often weeks after the birth.

Today, the time span of anxiety is reduced to mere minutes, practically the interval between labor contractions.

This is the dilemma to which Director Diskin refers: the same technology that brings families closer together for the birth of a child, can just as easily be used to celebrate terrorism and other far less peaceful pursuits.

Recently, I had to visit someone in a nearby major hospital center. Just a few years ago, the possession of a notebook computer would have been cause for a cautionary warning that electronic devices are not allowed within the building.

Now, much, if not all of the facility is equipped with Wi-Fi, and there is an unencrypted Wi-Fi available for patients and visitors. I am almost certain that this is not merely altruism.

I expect that the connectivity provided to patients and visitors is, in effect, spare bandwidth from a properly encrypted co-network, one that directly supports patient care.[4,5]

Yet another example of the economics of the cloud; otherwise unused capacity is used for a purpose, rather than simply being discarded.

As a result, families can share precious moments with others at the press of a button. No longer is the hospital an isolating experience.

Indeed, as a visitor, I was able to use my waiting time somewhat productively, securely connected back to my office through my wireless card and virtual private network.

Regrettably, there are no good answers to the concerns raised by Director Diskin. There is no a priori way to differentiate between pictures of new homes or cars, and a pre-attack reconnaissance of the same by a terrorist group.

In the recent Mumbai attack, terrorists are reported to have used communications devices to coordinate or receive instructions; but these same communications channels were also separately being used by civilians to communicate their location for rescue, yet another example of how communications are neutral.

Notes

[1]Reuters (2010, November 1) “Google Earth and iPhone Trouble Israeli Security Chief” The New York Times

[2] Robert Gezelter (1995) “Security on the Internet”, Chapter 23 in Computer Security Handbook, Third Edition, pp 23-6, et seq.

[3] Ibid (2002) “Protecting Web Sites”, Chapter 22 in Computer Security Handbook, Fourth Edition, pp 22-20, et seq.

[4] Ibid (2003, June) “Internet Dial Tones & Firewalls: One Policy Does Not Fit All” Charleston, South Carolina chapter of the IEEE Computer Society.

[5] Ibid (2007) “Safe Computing in the Age of Ubiquitous Connectity”, Long Island Science Applications Technology 2007 References

Seymour Bosworth and Michel Kabay (2002) Computer Security Handbook, Fourth Edition WileyRobert Gezelter (1995) “Security on the Internet” (Chapter 23) in Computer Security Handbook, Third Edition Wiley(2003) “Internet Dial Tones & Firewalls: One Policy Does Not Fit All” Charleston, South Carolina chapter of the IEEE Computer Society. Slides retrieved from http://www.rlgsc.com/ieee/charleston/2003-6/internetdial.html on November 2, 2010Ibid (2007) “Safe Computing in the Age of Ubiquitous Connectity”, Long Island Science Applications Technology 2007. Retrieved from http://www.rlgsc.com/ieee/longisland/2007/ubiquitous.html on November 2, 2010Ibid (2009, December 9) “Networks Placed At Risk: By Their Providers” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/networks-placed-at-risk.html on November 2, 2010Ibid (2010, March 31) “Will Long Term Dynamic Address Allocation Record Retention Help or Hurt?” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/retain-dynamic-address-allocation-logs.html on November 2, 2010Ibid (2010, May 25) “New IRS Reporting Requirements Have Implications for Business Large and Small” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/new-irs-reporting-requirements.html on November 2, 2010Ibid (2010, August 31) “GPS Recorders and Law Enforcement Accountability” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/gps-and-law-enforcement-accountability.html on November 2, 2010Ibid (2010, October 25) “Google Street View and Unencrypted Wi-Fi: Not a Hazard” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/google-street-view-and-unencrypted-wifi.html on November 2, 2010Arthur Hutt, Seymour Bosworth, and Douglas Hoyt (1995) Computer Security Handbook, Third Edition WileyReuters (2010, November 1) “Google Earth and iPhone Trouble Israeli Security Chief” The New York Times. Retrieved from http://www.nytimes.com/reuters/2010/11/01/technology/tech-us-israel-security.html on November 2, 2010

Reproduced from Reconnaissance Gone Retail and Security: A Challenging Duality, an entry in Ruminations -- An IT Blog by Robert Gezelter. Copyright (c) 2010, Robert Gezelter. Unlimited Reproduction permitted with attribution.

Note: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.

View the original article here

Labels: , , , , , ,

0 Comments:

Post a Comment

Feel Free to Leave Your Comments/Thoughts Below

Links to this post:

Create a Link

<< Home