Let me state the obvious: all humans are fallible; most human activities will
involve mistakes. So, I pick these two incidents not because I feel holier than those who screwed up. What I do feel is frustration that
we live in a country increasingly afraid of its own shadow and, at the same time, incapable of protecting anything. The highest standards
set by Our Beloved Leader, The Great Protector, don’t seem to be trickling down very far. mjh
Physical Safety
at Site of Explosives Theft By T.J. Wilham. Journal Staff Writer
No guards. No lights. No cameras. No alarms.
A
barbed-wire fence, a gate, a few warning signs and some locks are what guarded several hundred pounds of explosives, enough to blow up a
large building.
The security measures, which meet federal regulations, are what a thief faced sometime last week when the
plastic explosives, 2,500 blasting caps and explosive detonator cords were stolen from a Bernalillo County storage depot.
The
explosives belonged to Cherry Engineering. The company is owned by Chris Cherry, one of the nation’s most respected bomb
experts and a Sandia National Laboratories employee. …
The site was broken into in 2003, when
someone stole seven 50-pound bags of ammonium nitrate— the same material used in the 1995 Oklahoma City bombing that killed 168 people.
[mjh: Interesting to note that the paper version of this article was more specific as to how much stuff was
stolen and how the detonator cord could be used without explosives. I don’t know if the Journal just left that out because online
articles don’t have to match originals or if they modified the info after someone complained — I hope it was not the latter.]
Virtual Safety
Security Software Firm’s Customer Database Hacked By Brian
Krebs, Special to the Washington Post
Guidance Software Inc. — a leading provider of software used to diagnose hacker break-ins
— has itself been hacked, exposing financial and personal data connected to thousands of law enforcement officials and network-security
professionals. …
Hackers got access to company employees’ names, addresses, telephone numbers, credit card numbers, card
expiration dates and the three-digit verification numbers on the backs of credit cards, according to Guidance. …
Guidance’s
EnCase software is used by hundreds of security researchers and law enforcement agencies worldwide, including the Secret Service, the FBI
and New York City police. John Colbert, the company’s chief executive, said Secret Service and FBI customers were among those whose
information was included in the hacked database, but he declined to say whether credit card information belonging to those agencies was
compromised. …
Guidance had stored customer records in unencrypted databases and indefinitely retained
customers’ three-digit verification codes, according to Colbert and the notification letter sent to customers.
Merchant
guidelines published by both Visa and MasterCard require sellers to encrypt customer credit card databases and to discard verification
numbers after using them in a transaction.