"Somebody is trying to use pro-Tibet themed emails to infect computers of the members of pro-Tibet groups to spy on their actions."

So says F-Secure in this piece.  It's well worth reading.

I have little interest in the pro-Tibet movement, so I'm likely neither to receive one of the targeted emails, nor to click on the contents - but it's educational to find out how these things are done.

The tip comes from my favourite security expert, Bruce Schneier. There's also a lively debate about the possible source of the malware in the comments to the blog post there.

The big gun of Mosman

A couple of days ago we met our friends Alana, Sean and young Luca at a cafe on a headland above Mosman.  It's an amazing park with an amazing view. 

Set on a site which was once an artillery emplacement used to protect Sydney and its harbour it has been refurbished to provide studios for artists and a setting for a sculpture park.

As a homage to the site's military past there is also a preserved inoperable 6-inch Mark VII coastal gun on display.  According to historical surveys, the two World War II era Mark VII guns were moved from this site to South Head so this one must have been retrieved for dramatic effect.

In this picture at left we see the 6-inch Mark VII gun which was manufactured by the venerable British armourer Vickers.  The "6-inch" statistic relates to the internal diameter of the gun barrel, and hence the external diameter of the projectile shell.  The shell weighed around 100 pounds (48 kg) and the range was about 15 kilometres.

This photograph above gives a better idea of the gun's tactical field of fire, although this was not the exact position of the gun emplacement.  Sydney heads, the entrance to Sydney Harbour can be seen in the distance, North head at left, South Head at right.

Edward has seen the big gun before, but it still acted like a magnet to him.  Not so much because he has an interest in things military like his Dad, but because it is just so big.  And because it now has a fence around it - just making it so much more attractive to a young boy.

Ed also took some time out from military history to give vent to his artistic side and appreciate some sculpture.  Not so much from the aesthetic aspect as the athletic.

Sometimes my blog's referrer log keeps me awake at night.

Eleven years ago I was working for a large retail department store.  I received a telephone call from someone who said there was a bomb in the store, and in which room of the store the bomb was located. 

In my long career working in hotel and retail store security departments I had received several bomb threat telephone calls.  This call seemed different.  Amongst other things we did, the security team and I searched the room mentioned.  We found no bomb.  The caller rang back 15 minutes later and gave a more specific place to search.  Then we found the bomb.

The following day, as part of a complex extortion ploy, the bomber was caught by police.  Turns out he was following a scheme he had read about on the Internet describing how to extort money from a large business.   So, the bad things which can be found on the Internet are quite really dangerous.

Checking my blog statistics log today, I found this Google query for "bomb manufacture" brought someone to this blog's post about Churchill's cabinet meeting to discuss the H-Bomb.

That worries me.  Obviously nobody will learn how to carry out a criminal enterprise from this blog.  But they are looking.

Dr. Ken Henry talks about the economics of water in this wide brown land.

I mentioned some time ago an excellent speech given by Dr. Ken Henry.  I agree with Peter Martin who says that the head of Australia's Treasury writes the best speeches in public life.

Well, Ken Henry is at it again.  Last night he gave the Ian Little Memorial Lecture.  In a fascinating and even pugnacious speech he ranged over a number of topics, but the one picked up by most of the media today was his commentary about creating a market in water.

A small sample from his speech:

In times of drought, water prices would rise in order to equate demand and supply; just how high they would rise depends not only upon the severity of the drought, but also the price-sensitivity of both market demand and market supply.

In a well functioning water market, drought-induced increases in the price of water would reallocate water among users, with a higher proportion of it flowing to those who valued it more highly. In any place, or at any time, at which its marginal value fell short of its price, water would not be used. On the other hand, if a suburban gardener valued her roses sufficiently highly, she wouldn’t have to stand by and watch them die.

The supply response is even more important. The drought-induced increase in price would provide the signal for investment in additional supply, including things like desalination plants, new dams and water recycling plants. When brought on stream, these investments would reduce the price of water. That is the logic of markets: additional supply reduces price rather than, as under current water arrangements, increasing it.

As Seth Godin and I said, grass lawns are going to become a status symbol.

lifeasdaddy - If you are an Australian going to work in the USA you'll want to...

... read what Frank Arrigo had to say about his visa "interview".

Lots of security hoo haa and long queing for a very short interview.

lifeasdaddy - Blackberry spyware can steal secrets.

Here's the ZDNet Australia story.

Not just your emails, it'll bug your phone calls too.

Thankfully, I don't have one.

lifeasdaddy - Active Shooter Security at Australia's places of higher learning. Part 2.

UNIVERSITY OF MELBOURNE

Let's check the homepage.  Nothing directly linking to Security & Safety.  No quick links to there.

Try the Information page for Current Students.  I can't access this gated part of the site without a login code.

Try Information for Staff.  Nothing obviously relating to security matters from the front page.

Try the alphabetical index and find Security.

Finding my way to Emergency Management at the University, I see that Mr. Matt Bennett is the University's Emergency Management Coordinator, and his contact details are given with encouragement to get in touch with him on any issue.  I'll do so later.

Helpfully there's a menu at the side and navigating to Personal Threat emergencies (their Code Black) I see amongst the threats a confrontation with an armed person.  This is the essence of the clear advice:

Emergency Action

In the event of being confronted by an aggressive or potentially violent person:

1. Try to remain calm.
2. Alert supervisor.
3. Be firm but polite with the person and let them know that their behaviour is not acceptable.
4. If the behaviour of the person is such that outside intervention is required, contact or arrange to have contacted Security on 8344 6666.
5. You should not feel obliged to rectify the situation on your own. The Security staff are trained to handle these situations.
6. Abusive phone calls: hang up the phone and notify your supervisor. If calls persist, contact the Manager, Telephone Systems.
7. Security telephones, placed at strategic points on campus, are identified by a blue light and connect direct to security at central control 24 hours a day.

There is also the EMERGENCY ACTION GUIDE which is made available to staff to keep by their telephones, of which one of the sub-headings is Suspicious/Agressive People.

For Students, there is apparently not yet any similar publication.

For Building Emergency Controllers and Wardens there are a host of publications, none of which appear to add anything on the specific topic of Active Shooter Safety.

Through the FAQ there is some very helpful information, but again nothing specific about this issue.

Now, let's check other parts of the Uni Melbourne site.  Here's Environment, Helath and Safety. Nothing additional there, except for "New and Draft Procedures" .  Nothing new relating to Active Shooter Safety there.

Well, I'll email Mr. Matt Bennett and see what he has to add on the topic.

lifeasdaddy - Active Shooter Security at Australia's places of higher learning. Part 1.

BACKGROUND

After the tragic events of a few weeks ago, American universities are reviewing their security procedures, particularly for shooting incidents.

Here is some very good SHOOTER SECURITY advice from the University of California Police Department    [ tip from Schneier ]

It's great that the UCPD have put up that information, but how easy is it for the UC campus population to find that information?    (Yes, I know it's a multi-campus University)

I went to the home page of the University of California sytem here, and could not find it.  Going from that page through the "quick links" to Campus Safety - there's nothing obvious there either.  Going back and trying to search for "Shooter safety" or "shooting incidents"  - nope, not much use.

Analyzing the URL for the Shooter Security advice linked to above, http://www.ucpd.ucla.edu/ucpd/zippdf/2007/Active%20Shooter%20Safety%20Tips.pdf I can see that it has come from UCLA.  Let's check the UCLA homepage here.  Nope.  Nothing obvious.  Let's try some similar searches. OK, a search for "Safety" gives this result so I'll try the 'CAMPUS SAFETY PORTAL".

There's some good information there, but nothing I can see about what to do in case of a shooting incident on campus.  There is a link to the UCPD (of UCLA) and that's where I can find a direct link to the Shooter Safety tips.

THE AUSTRALIAN CASE

If only we could be certain that Australia would be immune from a campus mass killing like Virginia Tech experienced.  Unlikely.  We've had out own bouts of mass shootings, in Hoddle Street and Port Arthur.  We've even had a campus shooting at Monash University (2 killed, 5 injured).

MONASH UNIVERSITY

Let's start our survey of Campus security advice SPECIFICALLY about SHOOTING INCIDENTS  at Monash University.

Here at the homepage, unsurprisingly there's nothing obvious.

If I use the alphabetical index and go to the Security Services page I find plenty of useful information about security and safety, but nothing specifically about what to do in the case of a shooting incident.  The closest I can find is the Evacuation overview.

Now I'll try something different.  I'll use the site's search facility.  I'll search for "security".   That gives plenty of results relating to IT. Also,

- On a page that appears aimed at staff (workplace policies and procedures), we see under the heading SECURITY MATTERS  the very sad little note, "Security policy will be updated shortly."  No interim message.

Well, I'll try emailing the University's Security Manager Mr. Rusell Gammie requesting information about their specific advice to staff and students in case of a campus shooting incident.

To be continued ...

lifeasdaddy - Security technology providers at the London 2012 Olympics. You'd need to be a mojor sponsor.

Interesting story here on BBC news.  Apparently, the technology security at the London 2012 Olympics will be provided by major sponsor VISA.  This could lead to some less than optimum approaches:

Establishing identity was a crucial way of filtering out terrorists intent on disrupting the games, Mr Wyatt said in his keynote speech to the InfoSecurity conference in London last week.

He outlined some of the technologies that could play a part in providing a secure authentication system, including Transport for London's Oyster card and a mobile authentication system developed by Nokia.

But, he said, neither would make it to the table because neither of these firms were sponsors of the games.

"We will have to wait for Visa to come forward with a system to cover the ticketing and ID system," he said.

Derek Wyatt MP was speaking at a conference.  His comments have been picked up widely on the internet. 

[   tip from Schneier ]

lifeasdaddy - eXTReMe Tracking security glitch (part 2)

A problem with tracing various websites' referrer log via eXTReMe Tracking was mentioned before. 

I detected the problem via another website too, so decided to enter eXTReme Tracker into Google and see how many website's referrer logs are open for inspection.  It turns out to be lots and lots.

Check out the google search result here, and click through to a few different referrer logs to see for yourself.

To see some random examples, this one, and this,   this,   this,   and this one for a UNESCO site. 

I think I should contact extreme tracking and let them know.

Maybe they'll be concerned. Maybe not.

ADDED 1: I've just sent an email to info@extremetracking.com drawing their attention to the content of this blog post, and requesting a response.

ADDED 2: The result:  Nope the jokes on me. That's the way the free version of extreme tracker is meant to work.  Excerpts from the email I received from extreme Tracking's Herald'

"Free Tracker reports are indeed open to anyone, part of the deal"

and

"No security breach. If people want private stats they can go for the Non Public Tracker"

Case closed.

go for the Non Public Tracker.