Feeds

Letter bombs: an expert writes

Reg UXB man delivers the facts

Protecting users from Firesheep and other Sidejacking attacks with SSL

People and groups of this kind very seldom have access to proper manufactured explosives, which is another comforting factor when dealing with postals. A victim can still be badly hurt (blindings and severe burns aren't uncommon: letter-bombers are still violent criminals) but it does mean that protective gear can be very effective.

Pleasingly, it also means that a bomb-disposal operator may be able to get permission for a manual render-safe procedure: that is, he may be allowed to cut into the package and actually snip a wire in true movie-hero style, rather than going for the safer, more prosaic remote disruptor shot. This will permit him to become an insufferably smug bore in bomb-disposal bars for the rest of his life.

For all these reasons, most bomb-disposal ops pretty much live for the day when they may encounter a live postal device. The rest of us normally have a rather different viewpoint, but on the whole there's no great need to worry about letter bombs – even if your job does involve opening mail for someone unpopular.

Nearly every postal has a visible giveaway of some kind (the MI5 guidance is perfectly OK, though in classic British government style the relevant webpage seems to be down right now. However, a pdf booklet with a section on postals is still available).

If you've got the least doubt, don't open it, it's as simple as that. Very few things that come by post are so critical they can't wait for a bit. An X-ray will soon let you know if there's a problem. If your organisation is too stingy to spring for an X-ray scanner, don't fret: just put the suspect package to one side, call the cops and carry on working. Someone will eventually come round and X-ray your suspect pile for you, though you'll probably have to wait a while in the UK just at the moment.

The only cases where you might not want to be in the room with a dodgy package is if it was brought by a courier service with guaranteed delivery timings, or dropped off by hand, or if you've opened it. In that case, get everyone well away from it and keep them away, and call the cops – making clear that the thing isn't an unopened postal. You should get quicker service that way.

A lot of people feel a mysterious urge to put suspect items in buckets of water; don't do that, it doesn't help. If the courier guys arrive well ahead of their guaranteed deadline, you can make a judgement call whether you want to put the delivery somewhere more convenient before you cordon it off. There might be a place nearby where a smallish explosion wouldn't be that big a deal.

In the end, though, you've got to keep these things in perspective. Even if you're a mail-opener by trade, should you die today, chances are it'll be a traffic accident or a heart attack that gets you, not a letter-bomb. You'd probably improve your life expectancy more drinking red wine than you would swotting up on the MI5 advice, and it'd be a lot more fun too. ®

Lewis Page spent several years as a military bomb-disposal operator tasked in support of the UK police. He attended more than 200 incidents, a number of which involved actual explosives – though sadly, never a postal. Other highlights of his service included commando training with the Royal Marines, and the opportunity to render safe bona-fide "weapons of mass destruction". Disappointingly, these WMDs were discovered in Wales rather than any sunnier clime. On leaving the service he wrote a book, Lions, Donkeys and Dinosaurs: Waste and Blundering in the British Armed Forces, which was so successful that it is now almost impossible to obtain, though a paperback is forthcoming. Page can be found on the web at www.lewispage.co.uk.

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.