Mashup Idea of the Day

With yesterday’s unsalted password dump at LinkedIn (seriously LinkedIn, wtf are you doing not salting your passwords?), the password dump of eHarmony and today’s suspected compromise at last.fm, this would be an ideal time to provide a service that tells the truth behind an eHarmony profile simply by matching email addresses and passwords.

For example you could enter an eHarmony profile ID in, and it would check the user’s LinkedIn and last.fm profiles. A sample output could be:

“Sorry love, you know that 28-year-old, dashing, handsome, eco-friendly power company executive who loves 80s and 90s ballads whilst sunset walks on the beach, kittens and surprise weekends away? He’s actually a married 45-year-old IT Support Executive who’s favourite hobby is being Waldorf on World of Warcraft (as per the Twitter feed connected to his LinkedIn account). His favourite bands are Slayer and Megadeath, but recently has been listening to the Eurovision Song Contest Dusseldorf 2011 CD … a lot.”

Not a bad idea, hey? Please send all revenues from this service, if you implement it, to one of my nominated charities. Or buy me a book from my Kindle Wish List.

Chasers War on Sydney APEC Security: The Video

It was aired last night on the ABC. Media reports say that over 2.3 million people watched it last night, just in the Capital Cities alone. Which, I find amazing given that this is over 10% of the Australian population, and Wednesday evenings are usually reserved for the pub quiz or a barbie.

Those of you in Australia can download the full episode from the ABC, those internationally can find a higher-quality video, and those who are too lazy can just see it below.

Chasers’ War on Sydney APEC Security

Well, it had to happen didn’t it.

The Federal and NSW Governments spent over $250m on securing the Sydney CBD for the ongoing 2007 APEC Summit.

Two of the Chaser’s War on Everything guys, not only did they get waved through two checkpoints and posing as the Canadian motorcade, thy got as far as near Dubya’s hotel before being stopped, arrested and charged under the APEC Act.

The APEC Act restricts people from being in the “secure area” without justification during the summit (a case of guilty until you prove yourself innocent?). Even the ABC’s own report states that they didn’t intend to get as far as they did.

True, Chas being dressed up as Bin Laden during the stunt probably didn’t help, but is bloody funny.

This incident is highly embarrasing for the police, federal and state governments who have essentially fallen for the old trick of Social Engineering to bypass Security measures. For example, the media are reporting that it was due to a “breakdown in communication”, but surely they could have checked to see if the Canadians were in town in the first place (the Canadian PM hasn’t even arrived in Australia yet).

Of course, its not the only Security gaffe so far. Two “unauthorised” men were arrested for being in the hotel lobby when Dubya arrived. Two members of the Labor party were issued police passes for the security zone.

With the global media (so far: CNN, el Reg via Reuters, Australian news.com.au, etc) already covering the story, I believe its likely that they will be made an example of when they front court in Early October.

Hopefully, these minor gaffes will jolt the authorities into a proper state of alert, against real risks or threats. Personally, i can’t wait until next weeks’ episode of The Chaser as they’ll be taking the piss big time.

Initial Experience of Accessing Patient Confidential Data over the Internet using a PKI

Chadwick, D., Harvey, S., New, J. & Young, A.J. (2000). Initial Experience of Accessing Patient Confidential Data over the Internet using a PKI. Proceedings of the Information Security Solutions Europe (ISSE 2000) Conference, Barcelona. 27-29 September 2000.

Abstract

A project to enable health care professionals (GPs, practice nurses and diabetes nurse specialists) to access, via the Internet, confidential patient data held on a secondary care (hospital) diabetes information system, has been implemented. We describe the application that we chose to distribute (a diabetes register); the security mechanisms we used to protect the data (a public key infrastructure with strong encryption and digitally signed messages, plus a firewall); the reasons for the implementation decisions we made; the validation testing that we performed and the preliminary results of the pilot implementation.

Download Paper