![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ciphergothBruce Schneier once wrote an excellent essay entitled Inside the twisted mind of the security professional.![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
booklectic):
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.This was my reaction on reading this story on craziestgadgets.com (propogated from
I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."
Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.
booklectic):A Norwegian hospital is outfitting all newborn babies with Anti-Theft Alarms. The alarms consist of a small chip placed on the baby’s ankle bracelet and it is paired with a matching chip on the mother’s bracelet.My question is, is there a crime you could commit by locking down the hospital at a time of the criminal's choosing? Prop open a few doors (or have associates hold them open), then snip the bracelet to lock down the rest, and use the ensuing chaos to steal stuff? Or indeed, could you use it to commit a murder?
If the two chips are separated by more than a certain distance, an alarm goes off. If the baby’s bracelet is removed without authorization, the whole hospital goes into lockdown mode with the elevators stopping and the doors locking. The alarms are meant to prevent both kidnappings and baby mixups.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2008-07-27 05:22 pm (UTC)If there's any treatment that involves moving the patient in a limited time - and that means *any* medical emergency - then locking the doors and elevators is manslaughter.
Luckily, intensive-care patients are placed right in amongst their essential equipment, and recovery rooms are right next to operating theatres. The predictable stuff is covered. But running of an essential consumable like (say) oxygen during a lockdown would be fatal. As would a medical emergency requiring a patient transfer... But neither of those are attacks on a single point of failure, so I won't count them as weaknesses - with the caveat that the systems of a badly-managed hospital might be so complex and so overextended that multiple near-failures exist at all times, and a global problem like a lockdown might not need additional 'bad luck' to kill a patient.
I find it difficult to believe that the security team would have no override key to gain rapid access to the immediate area of the alert signal. Trouble is, the very existence of a master key is a security flaw which can be exploited - again, we've moved beyond a single-point attack - but the next problem is that doctors will obtain override keys for life-and-death medical emergencies. Which means that senior managers, ingenious sysadmins and - eventually - everyone else will get them, including criminals: this is the real-life version of the 'doors-propped-open' escape route in a 'secure' building.
I can see why managers perceive a need for better security: too many highly-publicised cases of inadvertent baby swaps. But almost every security and safety measure ever taken by a bureaucrat addresses the symptoms of a problem without correcting the causes, and imposes burdens on the users of a system without actually making it safer. I doubt that this example will be any different, and I can already see several new dangers - in addition to the glaring security risk which nobody is mentioning: how do you know you put the right tags on the right mother and baby? Yes, the obvious answer is 'at birth' - but what if this critical step is inadequately administered and supervised? I bet that no-one knows when the majority of baby-swap accidents occur, and this is the obvious single-point-of-failure.