Berkeley CSUA MOTD:Entry 49257
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2018/08/15 [General] UID:1000 Activity:popular
8/15    

2008/2/26-3/4 [Transportation/Airplane, Computer/SW/Security] UID:49257 Activity:nil
2/26    Documentary team says bomb ingredients can still be smuggled onto
        airplanes:
        http://preview.tinyurl.com/39basa (telegraph.co.uk)
        http://preview.tinyurl.com/yqflv9 (thisislondon.co.uk)
        The TSA disagrees:
        http://preview.tinyurl.com/3b6agt (tsa.gov/blog)
        \_ Airport screening is all about making people *feel* safer and
           very little about actually making people safe.
           \- no, it is about political CYA.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2018/08/15 [General] UID:1000 Activity:popular
8/15    

You may also be interested in these entries...
2013/2/26-3/26 [Transportation/Airplane, Consumer, Consumer/Audio] UID:54614 Activity:nil
2/26    How does a hot air balloon pilot control the flight path?  I'd think
        one can only control the vertical movement using the flame.  Thanks.
        \_ You move vertically trying to catch wind currents blowing in the
           direction you want.  http://en.wikipedia.org/wiki/Hot_air_ballooning
	...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
Cache (3143 bytes)
preview.tinyurl.com/39basa -> www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/02/26/nbomb126.xml
ACTIVITY PLANNER FEATURE FOCUS back forward Bomb chemicals 'can be smuggled on airplane' By David Millward Transport Editor Last Updated: 3:37am GMT 26/02/2008 Terrorists could smuggle the components needed to make a bomb on to a plane in Britain despite restrictions on taking liquids on board, it was claimed. Greenpeace activists scale plane at Heathrow A television documentary team said it had made a bomb by mixing a series of odourless and colourless chemicals that could be brought into an aircraft by passengers. Airport security - Bomb chemicals 'can be smuggled on airplane' The aviation industry said robust security was needed, while inconvenience should be kept to a minimum The liquids that were mixed to make the explosive cocktail were all contained in bottles of less than 100ml, which is the limit enforced at most airports around the world at present and was introduced shortly after British authorities thwarted an alleged attempt to blow up transatlantic aircraft in August 2006. Researchers for Channel 4's Dispatches programme used a commercial detonator to explode their "bomb" at Lasham airfield, Hants. It blew a gaping hole in a decommissioned aircraft, snapping the ribs of the fuselage. Were this to have happened in mid-air, the documentary makers claimed, the pilot would have lost control of the aircraft. The chemicals used were not identified by the documentary makers but it is widely known that commonplace liquids such as hydrogen peroxide, a contact lens cleaner available at most chemists, can be used in explosives. advertisement The claims by the documentary makers fly in the face of tests carried out by the American authorities in 2006. They claimed a viable bomb could not be made if a 100ml limit was imposed on individual containers of liquids and their findings led to the standardisation of restrictions across much of the world. Since then, more sophisticated hand luggage screening equipment has been introduced at a number of British airports. Critics say without passenger profiling - trying to identify potential terrorists before they board - such precautions are inadequate. "If you had enough people getting on board, they could easily bring on enough liquid between them to bring a plane down," said Roland Alford, of Alford Technologies, a company specialising in counter-measures. You really need to look at profiling, which has been a dirty word for political reasons." Philip Baum, the editor of Aviation Security International, warned of loopholes in the system. "We screen hand luggage, we don't screen people," he said. The aviation industry said robust security was needed, while inconvenience to passengers should be kept to a minimum - without jeopardising safety. "It is for the Government to stipulate what they look for," a spokesman said. A spokesman for the Department for Transport defended the present arrangements. "The requirements are both appropriate and necessary to ensure that flights are properly secure and that passengers are able to travel as freely as possible," he said. "If we did not believe it was safe we would not allow a single flight to take off."
Cache (5955 bytes)
preview.tinyurl.com/yqflv9 -> www.thisislondon.co.uk/standard/article-23441564-details/We+blew+hole+in+fuselage+with+mix+of+easily+disguised+liquids/article.do
Researchers for Channel 4's Dispatches programme and the Evening Standard blew a 6ft hole in the side of an aircraft fuselage, something that would probably bring down any aircraft in flight. The test exposes potentially disastrous loopholes in the security regime introduced after the alleged "liquid bomb" plot in August 2006. The explosive was made by mixing two easily obtainable chemicals that can be carried through security in the permitted 100 millilitre containers. To a security guard, the chemicals - which the Standard is not identifying and cost only a few pounds - are colourless and odourless and seem like water. They can be easily disguised, if necessary, as toiletries. Dr Sidney Alford, the leading explosives expert who made the bomb for us, said: "Terrorists could easily make this device. They could obtain access to the chemicals without too much difficulty. Dr Alford's company, Alford Technologies, specialises in manufacturing improvised explosive device countermeasures that have saved many lives in Iraq. The company won the Queen's Award for Enterprise in 2004. Only about 400ml in total of the liquids would be needed to make the bomb, meaning two or three terrorists could carry it through security in the permitted quantities without raising suspicion. The liquids were mixed in a 500ml water bottle bought in an airport departure lounge. Our explosion was initiated with a commercial detonator, but Dr Alford said a home-made one, which could also be carried through security in an electrical item such as a phone or iPod, would produce the same effect. We tested the bomb at Lasham airfield in Hampshire on a section of fuselage from a decommissioned passenger jet that was still fitted out with seats and other cabin furniture. The explosion caused a large fireball, a massive hole in the side of the aircraft and blew seats out of the cabin. The bomb snapped the ribs of the aircraft - the structure holding it together - and in the air would have led to rapid depressurisation and a loss of control. At altitude, Dr Alford said, the damage would have been even greater. The test comes as a leading airport security expert Philip Baum tells the Dispatches programme tonight that much airport security is "theatre" that fails to address the real dangers. Mr Baum, who edits the International Journal Of Aviation Security and has advised the Government, said airport X-rays and metal detectors were ineffective against many threats. "I cannot cite a single example of a bomb being found using an airport X-ray machine alone," he said. "X-rays were introduced to identify dense metallic items, not bombs. If you've got a well-concealed bomb, it's possible to get that through many an X-ray machine." Mr Baum described a deeply disturbing trial he had run for a European government. On her body were the complete components of an improvised explosive device," he said. "At each of those airports, she alarmed the metal detector and was subject to a pat-down search on her body. But not a single item was identified in any of the 24 searches." Further tests leaked to Dispatches show that, even using more easily- spotted, fullyassembled weapons and bombs, British X-ray security operators failed to see them in hand luggage 27 per cent of the time. Mr Baum said X-rays had identified bombs in conjunction with intelligence or passenger profiling. He called for the emphasis of airport security to change from identifying suspicious objects to identifying suspicious people. "We are currently guarding against business travellers with penknives, not international terrorists," he said. The person who has negative intent will show signs of stress and nervousness." Mr Baum adds that trained spotters should be deployed in terminals to watch for suspicious behaviour, passengers who do not fit the normal traveller profile for a flight should be flagged and software such as voice stress analysis should be used to select certain travellers for more thorough checks that stand a better chance of detecting a weapon. The technique, called behaviour pattern recognition, is controversial because of fears that it will be used in a racist way. But its supporters say the idea is to target particular behaviour, not skin colour. To single out, say, all young Asian men would be failing to implement the technique properly. Norman Shanks, a former head of security for BAA, operators of Britain's largest airports, tells Dispatches that he trialled behaviour pattern recognition at Stansted, but the experiment was ended by the Government. "We used a process not unlike the one that Customs officers use to spot potential smugglers," said Mr Shanks. But we hit a brick wall when the worker bees in the Department of Transport responsible for inspecting the security process couldn't find a way of satisfying themselves they could test it correctly. "The real definition of success is surely something we cannot measure - a lack of attacks. We know from elswhere, for instance in Israel, that this technique prevents attacks." New hand luggage screening machines recently introduced at British airports have a greater chance of detecting explosives than the previous machines, the Government says. Aviation security minister Jim Fitzpatrick added that the 100ml limit for carrying liquids through security was determined as "appropriate" by safety and risk assessments". He said: "Nobody is absolutely protected, but we need to put in place staff and equipment to protect people as best we can and ensure the terrorist doesn't get an easy ride." You have more chance of getting killed crossing the road or falling down the stairs than being a victim of terrorism. This is all the government and BAA need to introduce even more draconian security measures at airports. The West End hotel with rooms for 20 a night YHA hotel This hotel cost millions to build and boasts all mod cons - yet a bed here starts at less than 20 a night...
Cache (8192 bytes)
preview.tinyurl.com/3b6agt -> www.tsa.gov/blog/2008/02/more-on-liquid-rules-why-we-do-things.html
ars technica blog by Jon Stokes, Senior Editor and Co-Founder, posing some questions on TSA's liquids rules similar to other questions we've gotten on the blog so far. Kip Hawley wrote the following response, and we wanted to post it here for TSA blog readers to see as well. gov) going into the liquids issue so that is available for background, including the video of it blowing up. I'll try here to break the question down into the sub-questions I hear most. I enjoy ars technica, especially that it is thoughtful and issue-oriented and I appreciate having the opportunity to address your question. Yes, there was a very serious plot to blow up planes using liquid explosives in bombs that would have worked to bring down aircraft. Because our National Labs and international allies demonstrated to my satisfaction that there is, in fact, a scientific basis for allowing small amounts of liquids on as carry-on. We try to prohibit the minimum possible from a security standpoint. Also, the consequence of banning all liquids is a large increase in the number of checked bags, which creates its own issues. Why can't multiple people bring on explosives in three-ounce containers and mix them post security? Tough because there are parts of the reason that are truly classified but here goes... The question to me is: "What do you have to do to make a successful attack so complex that an intelligent enemy would recognize that the odds of success are too low?" For example, I and senior leaders at TSA work every day with the intelligence and law enforcement communities world-wide to get insights in how to make our security better -- frequently adding specific training and sometimes, respecting our obligations to the intell and law enforcement communities (like our remote control toys advisory), communicating directly to the public. Also, we reduce risk by a) adding behavior detection capability, K-9 teams, surge teams and document checking out front; and b) by undercover presence throughout the area behind the checkpoint, as well as better screening of the supply chain of items in the sterile area after the checkpoint. Extensive testing began the morning of August 10, 2006 -- the day the liquids plot was made public -- to determine if there is a level at which any liquid brought onboard a plane represents little risk. These were tests by multiple government agencies, National Laboratories and other nations and they assisted in the 3-1-1 formulation. We announced 3-1-1 on September 26, 2006 and that allowed travelers to go on overnight trips without having to check a bag. That is the trade-off: if 3-1-1 is too complicated, you can always just check your bag. In fact, in recent tests, a National Lab was asked to formulate a test mixture and it took several tries using the best equipment and best scientists for it to even ignite. That was with a bomb prepared in advance in a lab setting. A less skilled person attempting to put it together inside a secure area or a plane is not a good bet. You have to have significant uninterrupted time with space and other requirements that are not easily available in a secured area of an airport. It adds complexity to their preferred model and reduces our risk, having the expert make the bomb and give it to someone else to carry aboard. They are well aware of the Richard Reid factor where he could not even ignite a completed bomb. A 100ml container limits the effect of, and even the ability of, a detonation. It also forces a more precise mix, and a lot more boost -- which makes it easier to detect from that side. Even creative ways to smuggle liquids in are less effective because, eventually, they still have to mix it right and get it into the right container, etc. There are also issues with what kind of container you use, but let's leave them to puzzle that out further... Even if they wanted to bring multiple bottles to mix, we limit the quantity of their total liquids as well (bottles "hidden" in the carry-on bag stick out). B) The baggie serves to concentrate the vapor - substances used to create liquid explosives are very volatile and emit fumes even through sealed bottles. This way, we do not have to examine what's inside every bottle, regardless of what the label says. With the larger bottles, the other features needed to make it viable would be very apparent. A few other points, this policy has been adopted in more than 80 countries worldwide and means that there are common rules almost everywhere you fly. The choice is a total ban or this, and we are working very hard at a technology solution that should make this better all around. The challenge is to reduce risk on the things we know about (shoe bombs, liquids) while having enough other measures in place to disrupt what we don't know is coming. Any time we fixate on one thing, you have to be concerned about opening up something elsewhere. So is going on offense by being connected to intelligence / law enforcement and being proactive with our surge patrols, undercover activities, etc. That last one is what we're trying to do at our checkpoint with our TSOs and online with our blog. Whatever you think about our policies -- please recognize our Security Officers who train and test every day and will do whatever it takes to make you and your families safe when you fly. please give them a little recognition when you see them. Coming from an agency that does not even deploy technology that would enable it to detect plastic explosives (or a stick of dynamite) carried in someone's pockets or pants, worrying about the liquid threat is idiotic. TSA should focus on finding all the test bombs it is currently letting through before worrying about liquids. Also, how does this add a layer of security if the limitations are so easily circumvented by one person taking multiple trips through security or multiple persons aggregating materials past security? Your answer seems to be, "Parceling it out into 34-oz containers forces the terrorists to have to measure carefully." There are no liquid explosives that can be manufactured on the flight. If the bad guys are bringing pre-mixed, they can still collude and combine their bottles onboard (Kip dodges this one). It doesn't answer why liquids have been singled out (when there's hundreds of times more powder and solid explosives). It doesn't answer why liquids are confiscated under the presumption they're dangerous, then dumped in a big old bin next to the queues, with no testing or assaying. I've never seen anyone weasel out of a question like that before. He takes eight bullet points to say things that are completely oblique to the question. Yes, there was a very serious plot to blow up planes using liquid explosives in bombs that would have worked to bring down aircraft. Unfortunately for your story, many prominent chemists world wide have already debunked it. It is a hollywood version of events - a serious plot in an action movie. Your whole heightened security rests upon it being possible to construct such an explosive under carefully controlled conditions but not on an airplane. That is the reason why some of your reasons are classified. You don't want the public to see that a ventilation hood is required, that bunsen burners are required, that liquid cooling agents such as N2 are required, et cetera. Do you ever worry that your credibility is declining so much? You say there was a real threat to blow up planes using liquid explosive. I don't doubt there was a threat, but then I don't doubt that there might be a threat to blow up planes with plastic, solid or any other type of explosive. Nor do I doubt that there might be a threat to hypnotise cabin staff into killing the pilot, or any one of a thousand ways of bringing down a passenger plane. The question, which you do mention in passing, is whether this threat is believable? What, for example, do you say about the various testimonies from those that apparently know, that mixing binary explosives on board an aircraft is practically impossible? How can the UK "plot" be considered a "very serious" one when the would-be conspirators had not procured tickets, passports (in some cases)...