Posts Tagged ‘security’

The Code Book

Friday, December 11th, 2015 | Books

In The Code Book Simon Singh discusses the history of cryptography. It is a journey through the first simple ciphers through to the war years and then the computerisation of encryption.

It was not a topic I thought I would be that interested in, but Singh’s writing makes it an enjoyable read.

It was originally published in 1999. Given the nature of the topic, the book is showing it’s age significantly. This only comes into play in the last few chapters, but is noticeable.

the-code-book

Please give x letter of your password

Friday, April 10th, 2015 | Tech

Recently I registered with the new Virgin Money credit card service. They have just taken over the running of their own credit cards from MBNA so everyone has to re-register on their new system.

I selected a 14-character password containing a mixture of upper and lower case letters, numbers and symbols.

Five minutes later I was changing it to a simple easy-to-remember phrase. Why? Because every time I log in to my account I have to enter a set of certain digits from my password.

The problem is that I have no idea what my password is. It is safely secured away in 1password; I never look it at, I never know what it is. But thanks to Virgin Money’s so called security measures, much like other financial organisations do, I am instead forced to use a far more easily crackable password.

Security in banks

Tuesday, May 14th, 2013 | Religion & Politics

Were you under the impression that you were not allowed to cover your face while in a bank, because of security seasons? I was. But it turns out that I was mistaken.

veil-in-a-bank

For privacy reasons, I’ve hidden the identity of the subject, but as you can see, this is a bank customer who has clearly hidden their face. Why is this an issue? Because if they are, but I am now, that is religious discrimination. You have to treat everyone equally, and if you grant or restrict extra privileges for one specific group, you are discriminating.

I wrote to HSBC to ask them to clarify the situation.

To Whom It May Concern:

I was of the understanding that when using your bank, I was not allowed to cover my face for security reasons. However, when I visited your branch on 17 April, I noticed a customer using the banks facilities while wearing a full-face veil. I was hoping you could clarify whether these restrictions have been relaxed?

Yours faithfully,
Chris Worfolk

HSBC phoned me a few days later in response. They said that balaclavas and motor cycle helmets were specifically band, because they are associated with burglaries, but I was otherwise free to cover my face while using their bank.

Airport security

Saturday, September 1st, 2012 | Religion & Politics, Thoughts

I’ve said it before and I’ll say it again – airport security should be relaxed.

Flying back from Dublin recently, we arrived at Dublin airport and joined the queue to pass through to the departures lounge – a queue that would take us 40 minutes to get through. That is really long and irritating. But often, these queues can be even longer (though in fairness, often shorter too).

Of course you can come back with “but you can’t put a price on human life”, but this is simply nieve and we all know you really can. For example, a million people a year die on the roads and we could reduce this by setting the speed limit to 20 miles per hour on every road everywhere. But this would be too inconvenient, we would rather let people die is the harsh truth.

So, putting emotional arguments aside, why should we relax airport security?

Well, first off, lets remember why we shouldn’t – if we did, more terrorists would get through with more bombs, and people would die. That is a good reason for airport security!

But there has to be a trade off between the lengths taken and the success. So my question is, have we got the levels quite right. I would argue that perhaps we have not.

Firstly, there is a time cost. 40 minutes for everyone passing through an airport is a long time. Given that the average person has around 3,000,000 (3 million) hours left on this Earth, that means that for every 6 million people that pass through airport security, we’ve essentially wasted a human life.

It isn’t as simple as time vs life as the emotional argument would have you belief – when it comes down to it, length queues in airport security take away small parts of people’s lives – and these quickly add up to entire lives.

London’s airports see 134,000,000 people pass through it each year. Based on our previous maths that is 22 people’s lives per year spent on airport security. That is just one city, albeit the busiest in the world in terms of air passengers – internationally, we’re losing hundreds of lives per year.

So terrorists would have to kill everyone on board a jumbo jet (or several smaller planes) at least once a year to make the time we spend on airport security cost effective.

Secondly, we have to wonder how effective these security checks are. Most terrorist plots are stopped by homeland security forces in the planning stage, airport security stops very few – indeed, security expert Bruce Schneier argues that a lot of the security added in recent years does absolutely nothing, and is merely a “theater” designed to make us feel safer. Is that the kind of system that saves a jumbo jet full of people, every year?

It is also arguable that it simply doesn’t work – even in a post 9/11 world we still have the shoe bomber and the printer cartridge bombs – we’re more paranoid than ever before and people are still getting bombs on our planes.

Finally, it is also worth asking what ideological cost we are paying for these security checks.

We have to remember that the aim of a terrorist isn’t to blow up an aeroplane – that is merely a means to an end, and the end is, as is suggested by their name, causing terror.

Now, I don’t know about you, but when we’re all too scared to let a small child take a bottle of water onto a plane, in my book that suggests that we’re pretty fucking terrified.

Like many of you, I’m sick and tired of hipsters wearing “keep calm and…” t-shirts. But what is worse is that the whole meaning of them has been lost. As you may well know, the original meme comes from British posters that said “keep calm and carry on” to tell the public what to do during the Second World War.

That is what London does best – when the terrorists struck on 7-7 and blow up our trains and our buses, what did Londoners do? They stuck two fingers up at the terrorists, got right back on those buses and showed them that we were not going to be scared of them.

Air transport however, has taken no such approach. As news stories about parents forced to drink baby milk to show it wasn’t actually liquid explosive have shown, there is literally no substance that we cannot be scared of.

Seems a high price to me.

Luckily, of course, you can buy a bottle of water once you have passed through security, for twice the price. But that is a different blog post.

So the situation is this.

In order to stop terrorists we’ve banned every single substance we can think of that could possibly be used as an explosive, even though they’re still getting explosives onto the planes and we’re using up hundreds of people’s lives a year in a line of defense which may or may not be saving any lives.

Maybe it is time that we, at least reviewed, the situation.

Securing your World

Thursday, August 16th, 2012 | Distractions, Video

A couple of weeks ago I was speaking to a friend who works for G4S, the company that totally messed-up the Olympics security.

He was telling us how we can somehow become some kind of comic villain – he only works on reception and yet he was telling us how kids have been booing him every time he goes out to get some lunch.

More importantly however, it turns out that G4S have a corporate song! Not just any song, but a rock power ballad with someone singing “G4S, protecting your world…” It’s brilliant! Check it out below.

Lloyds TSB headaches

Wednesday, February 8th, 2012 | Life

Recently, I received a letter from Lloyds TSB saying they had begun charging the charity a fee for its bank account. This seemed strange given we had a fee-free small charity account. So I phoned them up to find out what was going on.

Turns out, they hadn’t actually set it up as a charity account but had instead set it up as a regular business account. This meant they needed to transfer the account to a whole different area of the bank – something which is apparently quite complicated as when I phoned back to check two weeks later, the action which I was told I didn’t need to check up on because it would just be done, had not been done.

I gave it another few weeks and then I decided to log into my internet banking to see if I could see if it had been fixed. This is no small task because Lloyds TSB require you to use a card authentication system. But, because they don’t give debit cards out to small charities, they have to send you a special card, which isn’t a debit card, but which can be used in the card carder.

The card reader is massive btw, it’s not the kind of thing you can keep on your keyring, like you potentially could with the HSBC one, if you had seriously big pockets anyway, it’s not like theirs is tiny either.

So I arrived at the Lloyds TSB website and selected logon to business banking. First, I had to enter my user ID. This wasn’t easy because my user ID isn’t a memorable username as you would expect – it’s a string of nine random digits.

Luckily, they send you out a card to remember this. Though it isn’t a card with it printed on, it’s just a piece of cardboard with a white box that you can write it in yourself and hope that it doesn’t get rubbed off on the gloss finish.

I finally found my card and punched in my user ID. Step one was complete! Next I had to input the security code generated from the machine. So I dropped my authentication card into the authentication machine and typed in my PIN. It rejected it.

I tried again. It rejected it again.

So I clicked on the “I am having trouble logging in” link and it began asking me more questions about myself, for security purposes of courses. After four times of it telling me I didn’t exist, it finally let me through – only to tell me the only thing I could do was to phone the call centre.

I did phone the call centre and the nice woman at the other end of the phone said that she would have to get a new PIN sent out to me, and this would take a week to arrive (they can’t give it out over the phone to allow me to access my account now or anything). so I asked her to do that.

Next question, she needed two of the digits from my telephone banking password. I gave her those digits. She said they were incorrect. So now I can’t use telephone banking either apparently.

We eventually managed to bumble through, involving a shot in the dark guess about the year that I set up the account and a new PIN has now been dispatched to me in the post. As soon as I get that, I will be able to log into the account to check if they have changed it to the correct account type yet and refund the erroneous charge they put on the account. Wonderful.