Original URL: http://www.theregister.co.uk/2005/05/13/letters_1305/
Adventurous squirrels swap passwords for coffee beans
Or did we read that wrong?
Letters Why don't we kick off this Friday's trawl through the letters bag with a happy reminder of just how secure everything is in this high tech world of ours. We refer, of course, to the news that the average US citizen is happy to hand over his password in exchange for a coffee. We Brits are just as bad, of course, requiring only chocolate eggs as bribes. But that was another story:
Nice article and should it be true, it just confirms everything techies have been saying about users since the first password protected system was installed!
I should say though that the survey is somewhat flawed - from my caffeine addicted viewpoint that while giving out your password is dumb, it is the act of someone else using it that could be in breach of legislation, not the disclosure (although that could be seen as a breach of contract on the employees part...).
Therefore why not give the zeeb with the vouchers a duff password, and take your voucher and grin. They then tick the box as if another numb user has been duped and I get my free coffee at no risk to my data. I wonder how many of the 2 out of 3 did that?
Should it be that 2 out of 3 people when questioned were prepared to lie to get free coffee?
Its a crap bit of research for sure. What 'password' were people actually asked for? Or are we misinterpreting the results somewhat and seeing here that shockingly, most respondents only have one password! Or perhaps that most research firms are as thick as two short planks?
Here, have a password on me: 6477. I'll even give you a clue - its connected to a single bike wheel and wrapped round a lamp post in Amsterdam. Coffee please.
Regards Reg Steve.
Bogus survey. Most probably thought they were being asked for a pissword - of course they'd pick Starbucks. Love Brit writing. Americans, pants, password, security and Starbucks - all in the same story. Wow. Hey, fun to read. Keep up the good work!
This is an old chestnut of a story, and like the previous similar surveys it has a huge flaw which undermines the result: you don't know if the respondents are telling the truth.
If someone approaches me in the street with a coffee voucher for my "password" I'll happily give them a word. Of course, if they try to log into my computer they may find it doesn't work. But I'll have drunk my coffee by then :-)
I'll even give you my passphrase in return for publishing this letter -- it's "there's a sucker journalist born every minute".
This talk of password fraud is really starting to get tiring. The whole system of passwords was invented at a time when the only one you'd ever need would get you into the Caesar's palace without suspicion of being an enemy agent. It was flawed even then; it just takes the biscuit now.
I have several e-mail accounts, usenet forum accounts, bank accounts, debit cards, college accounts, work accounts, and more stuff that I can't even remember now; all of it is protected by PIN or passwords. Bear in mind that I DON'T use credit cards, an IPod or mobile phone, and that my computer and landline phone don't have individual access passwords, and that I don't use websites like ebay, and you see how many passwords and PINs that somebody who is a lot more technically-inclined than I am would have. It's absurd.
That said, I think the people who gave out their passwords for Starbucks coffee got a raw deal there. D'you think Gordon Ramsay would accept a Usenet password in exchange for a £120 three-course meal?
Omigod. My car caught a computer virus from my mobile phone. Well, actually, it didn't, and it turned out this week that even if it had more technology on it than the average San Franciscan it really couldn't be infected anyway. Nice to have one less thing to worry about...
Car computers, the ones that actually run the car, are entirely separate from the computer that interfaces with the communications capabilities within the car. Even if they are connected, as in the Lexus, the communication is strictly one way. More than this, they tend to be hardwired and hardcoded devices specific to a engine type. Lastly, the only write access to the operation computer, most specifically the engine chip, is via a data port (usually in the engine compartment). But even then, its more for output than input as while the direct access port does allow some control values to be altered; the possible alterations are bounded (more hardcoding) to insure that completely wrong or damaging values cannot be input.
That wasn't for virus and malware protection as much as it was originally designed as failsafe protection against severe mechanic or service person error. It was also to insure that no one could alter the cars (in the US) so that the pollution controls were rendered inoperative in order to get more performance at the expense of gas mileage or emissions. That it also had the effect of making the computers essentially virus proof was an unintended, although beneficial, by product.
Which is the point, one that possibly should be more considered by general software writers. The creators of the software that runs real equipment - cars, spacecraft, airplanes, radar tracking systems, hospital diagnostic machines, and so on make the assumption that every possible error situation is accounted for - every possible sort of bad input can be screened out, hardware and software failures accounted for so that the system always fails to an acceptable state or operates normally.
"Restarting the car cleared the problem but the same test repeatedly crashed car computer systems. The behaviour raised serious concerns. But after double checking systems F-Secure realised low-battery voltage - rather than Bluetooth attacks - were responsible for the car's systems going haywire."
Didn't they try closing all the windows to see if it freed up anything?
Oops, sorry, wrong OS...
Some home truths about the gender imbalance in computer science:
I think you'll find the REAL reason why the University of Derby is going all out to attract female students can be found in the BBC story here; http://news.bbc.co.uk/1/hi/education/4530583.stm
John Sear's quote at the end of the article says it all... "I'm a programmer by trade and I know probably several hundred, and I have only ever met one woman,"
And someone says what we were all thinking about Microsoft's recent brush with security-embarrasment that was The Gatekeeper Test:
This game raises issues about the reliability and security of the Microsoft solutions for ecommerce and commercial websites etc.
If a simple game can be fooled, how about a shopping cart using the same technology?
...and don't you find it comical that a game to 'promote security' shows how 'insecure' Microsoft is?
We take a peek inside the mind of a virus writer, and you remain unsympathetic that after five years of not saying sorry, the lovebug author is having paranoid nightmares:
" Local reports say he fears being kidnapped and has nightmares about being bundled on to a boat and taken to the USA."
He might have no criminal record, but one could quibble about the "free man" bit. The jail in your head is possible as bad as the real thing, except that there's no remission for good conduct.
Poetic justice I suppose, considering the paranoia and suffering he caused.
The British Computer Society is again bemoaning the lack of proper accreditation available for IT professionals. A lack of it, you said? More like drowning in it:
So the BCS wants more people to join it and get certification from them. There are already so many certifications out there it's worse than boxing, where you've got an alphabet soup of governing bodies each with its own "world" champion.
What will make the BCS certification stand out from the top Microsoft, Novell or Cisco certifications? ICT is not a regulated profession. Whether it should be is another argument. Management isn't a regulated profession either when perhaps it should be - the number of poor managers out there surely outnumbers the number of poor ICT professionals. Just because you follow a particular set of procedures doesn't make you an excellent professional in whatever you do.
Excellence comes from conduct and ethics - being open, honest, standing up for what you believe in and being that example to others. And there isn't much of that in management in the UK.
It sounds very arbitrary to me. The BCS imposing its views onto an industry already full of certifications which may or may not be meaningless. Are they trying to get all IT people looking and thinking alike? That sounds nasty to me...
What about the Java accreditation I've seen people slave so hard to get over the years? They have an "architect" exam. Totally threw me when someone who'd ever touched Autocad in their life got accredited as an architect...
Anyway, my qualifications are enough to get me into any job: I have a degree in fine art.
I went to art school, got into programming during the dot com bubble, moved into games development, hopped over to pre-press programming and I now work as a programmer porting software to Linux.
I just find it funny whenever people worry that they can't prove their experience or ability. They should have gone to art school, enjoyed themselves, and learnt how to bullshit effectively about their life and work.
- Rob. ;-)
A company in the US went ahead with some basic vacuum testing of the solar sail material they have designed. It turns out that the line between science and science fiction is even more blurry that we thought:
Nice article about solar sails.
One teeeny, pedantic point is that my father, Prof. Maurice Cohen, wrote a paper in 1959 showing that a solar sail powered orbital device could break earth orbit eventually. That was of course assuming the properties and characteristics of materials and technology appropriate to the age.
So I'd have to say that has been the stuff of science, as opposed to science fiction, longer than most people realise :)
And finally, you've all gone nuts about the squirrels who entertain themselves by chewing through BT phone lines. Alright, that was pretty weak, but we try, and it is Friday, after all:
Ah! the old squirrel story. Very probably true. As a BT engineer myself I have been on a job in Hertford where squirrels had chewed through dropwires from a pole to a customer's house. The customer had reported the line was noisy and then cut out when it rained. This had been going on for a while and true to form everytime a BT engineer visited it was sunny, warm and the line worked.
I picked up the job, went out and climbed the pole. I could see where the last engineer had remade the connections at the top of the pole and put WD40 on the block etc. Because he had cut the wire shorter there was no longer a loop at the top of the pole and so I looked to see if the wire was rubbing.
That's when I saw the teeny little tooth marks where the line had been gnawed. They had been through the insulation and the copper was exposed. Obviously as soon as it was wet it would short out and then dry out just in time for our bloke to visit! There were a couple of lines that had teeth marks but only one was cut through. I replaced the offending wire, cut the chewed piece out and gave it to the customer as proof.
I wouldn't be surprised. Once I worked managing servers at a NHS trust in Kent and I remember an adventurous squirrel taking out a substation in the hospital and putting it on emergency power until it was repaired. Why not a phone cable?
Until a few years ago I used to live out in the country and had regular problems with squirrels chewing on my phone line. They never managed to chew right through it although the chewing did cause excessive noise on the line and lower my modem connection speeds. It got to the point when, if my connection speed suddenly dropped I'd grab my rifle, lean out the window, and shoot the bugger!
And on that note, we think it is probably safest if we retire for the week. Have fun at the weekend, and no squirrel hunting, OK? ®