Virus propagation via RFID tag

Ed Felten writes about a new paper that discusses the possibility of RFID tags being used to exploit flaws in RFID reader software to propagate a virus. The paper, authored by Melanie Rieback, Bruno Crispo, and Andy Tanenbaum of Vrije Universiteit in Amsterdam, includes a description of a proof-of-concept the authors developed. By including a SQL injection flaw in the reader software they wrote, and RFID tag containing appropriate malicious code, the reader then propagated the malicious code by writing it to new RFID tags. If such a flaw exists in real reader code, the potential exists for a virus to be transmitted from reader to reader via RFID tags, with each infected reader writing the virus out to additional tags.

BTW, this is the same Andy Tanenbaum who wrote the classic textbook Operating Systems: Design and Implementation and developed Minix, which inspired Linus Torvalds to create Linux.

Rieback gave a talk at last year's "What the Hack" hacker conference in Amsterdam on "Fun and Mayhem with Radio Frequency Identification."

Create your own police department

Bruce Schneier reports on a case of "police department privilege escalation," where, because California allows transit companies to create their own police departments, Yosef Maiwandi was able to do so. He created the San Gabriel Valley Transit Authority, a nonprofit operating out of an auto repair shop that gives bus rides to disabled people and senior citizens. He then created the San Gabriel Valley Transit Authority Police Department, and made Stefan Eriksson a deputy police commissioner of their anti-terrorism division, and gave him business cards.

Eriksson is the guy who went drunk driving in a million-dollar Ferrari Enzo that crashed into a telephone pole in Malibu--he claims he was the passenger, but no other driver has been found.

UPDATE (March 19, 2006): There's now video that shows Eriksson and another person--Trevor Karney--in the Ferrari.

Pocket-sized spectrometer from the University of Arizona

NASA's 2009 Mission to Mars will carry the Mars Science Laboratory, which includes a cell-phone-sized device capable of identifying minerals in the Martian soil. The device, designed by Robert Downs at the University of Arizona, shoots a laser at materials to be identified, causing its atoms to vibrate at different frequencies and generate a detectible signal. The process, known as Raman spectroscopy, is a quantum mechanical process that earned its discoverer, Sir Chandrasekhara Venkata Raman, the Nobel prize in physics in 1930.

Excerpts from an interview with Downs:

I know that Miami Police Department has about 220,000 spectra of all the illicit drugs that are out there in the world. You just take these things; you can shoot them and ten second later you know what they’re holding: is it baby powder, is it cocaine? Really easy to tell. This little white powder that came in envelopes that the post office was getting. Bonner Denton has a demonstration he uses upstairs. He takes a bottle of Tylenol, a white plastic container and the pills are inside. You can shoot the Raman and a laser goes through that white plastic, it identifies the three parts of Tylenol and it tells you what the plastic is made out of. It works on leaves. I can identify the species of trees by shooting their leaves. I don’t think the biologists are aware of this yet.

...

There is about just over 4000 mineral species that are known and we’ve shot about 700 of them so far; so, one fifth of the way. I think it will be about a six-year project to complete everything we know found on Earth. And we’re also looking at the meteorites as well with the NASA people.

(Via jwz's blog.)

Matt Stone calls Isaac Hayes on his double standard

Isaac Hayes has quit "South Park"--no more appearances from Chef, at least not with Hayes' voice. His reason, however, is bogus:

"There is a place in this world for satire, but there is a time when satire ends and intolerance and bigotry towards religious beliefs of others begins," the 63-year-old soul singer and outspoken Scientologist said.

"Religious beliefs are sacred to people, and at all times should be respected and honored," he continued. "As a civil rights activist of the past 40 years, I cannot support a show that disrespects those beliefs and practices."

"South Park" has been bashing religious views other than Scientology since began in 1997. Hayes is only upset now because his religion, Scientology, was targeted last season in the "Trapped in the Closet" episode, which correctly described some of Scientology's crazy cosmology.

"South Park" co-creator Matt Stone calls him on his hypocrisy:

"This is 100 percent having to do with his faith of Scientology... He has no problem — and he's cashed plenty of checks — with our show making fun of Christians." ...

Stone told The AP he and co-creator Trey Parker "never heard a peep out of Isaac in any way until we did Scientology. He wants a different standard for religions other than his own, and to me, that is where intolerance and bigotry begin."

Parker stated that they intentionally avoided the subject of Scientology--while taking on Christianity, Catholicism, Judaism, Mormonism, Buddhism and Islam--because of Hayes. "We knew he is a Scientologist and he's an awesome guy. We were like, 'Let's just avoid that for now.'"

"South Park" creators Stone and Parker also created a spoof of the Scientology-related film "Battlefield Earth" in 2000 for the MTV Awards, which Isaac Hayes did not play a role in.

CIA employee identities discoverable via web searches

The Chicago Tribune has reported that it was able to identify 2,653 employees of the CIA, including covert agents, from online data providers who charge for access to public records. The Tribune reports that it identified agents through telephone listings, real estate transactions, voting records, property tax records, and other documents, and that they were able to identify internal CIA phone numbers, covert mailing addresses, and two dozen CIA facilities. One facility, "The Farm" at Camp Peary, VA, was looked up via ordinary Internet searches, which yielded the names of 26 people who work there. (John Young's cryptome site features this May 31, 2005 New York Times story on Camp Peary.)

Amazon.com removes all customer reviews

It appears that Amazon.com has removed all customer reviews from their website, and has introduced a new beta feature called "Customer Discussions" for each product.

There are still customer rankings (the "Rate it" feature) and editorial reviews, but all the customer reviews are gone, the reviewer ranking is gone, and the helpful/unhelpful votes are gone.

A pity, as I was hoping to someday make the ranks of the top 1000 reviewers--my best rank was 2,171 in late February of this year.

This move seems to be really poor judgment on Amazon.com's part. I heavily relied upon customer reviews when making purchasing decisions, and I considered the reliability of individual's reviews by comparing them to other reviews by the same person. Now, that feature of Amazon.com is unavailable, as the huge existing database of commentary has been removed. Perhaps the "Customer Discussions" will replace it, but if the purpose is for people to go back-and-forth debating specifics of the content, rather than giving an overview and opinion of the work as a whole, it won't be the same.

It was also rather rude of Amazon.com to delete, without notice, the substantial contributions of its top reviewers. I was ranked only 2,171, but I reviewed 113 books to get there--and there were several million Amazon.com reviewers. Top reviewers reviewed thousands of books. That's an enormous amount of customer contribution to just throw away without notice or acknowledgment.

UPDATE (12:35 p.m. MST Sunday): As cowmix pointed out, the reviews are back. I spoke with a friend who works at Amazon.com, and he said that it is common for Amazon.com to make changes like this which are only visible to a test population of users, for a short period of time that's long enough to obtain information about how it affects customer behavior.

Global Crossing blog

Last week Global Crossing, my employer, unveiled a corporate blog site. The current bloggers there are David Siegel, writing on the future of the Internet (and most recently on the IPTV World Forum), Adam Uzelac, writing on VOIP technology, Norm Schilacci, writing to clarify new technologies and concepts for the layman, and Paul Kouroupas, writing on public policy issues and regulatory matters (most recently on net neutrality, in which he recommends an excellent paper by Blair Levin, Rebecca Arbogast, and David Kaut of Stifel/Nicolaus, "Net Neutrality: Value Chain Tug of War").

In conjunction with this blog site, Global Crossing has defined a fairly open blogging policy for employees to comment publicly about the company. The policy contains most of the core and common policies described at the CorporateBlogging Blog.

I've tended (with a few exceptions) to avoid blogging specifically about my employer here, and this is the first time I've specifically named the company on my blog. That's a tendency I plan to continue here, though I expect to comment from time to time on the company blog site. (You can find a couple comments of mine in the DRM thread on Siegel's blog.) Lest there be any doubt, any opinions I express on this blog (or on the company blog) are my own, and do not necessarily represent those of my employer.

Antony Flew on advisory board of Scientology front group

Lest anyone think that Flew's only lapse of judgment has been his off-again, on-again (PDF), off-again support for intelligent design and theism, it seems that he has also lent his name to the advisory board of Scientology's anti-psychiatry front group, the Citizens Commission on Human Rights, which opposes the use of drugs to treat mental illnesses.

Psychics and missing persons

Kelly Jolkowski is the mother of a child who has been missing for nearly five years. She has begun authoring a series of blog posts about psychics and the search for missing people from her perspective--and she characterizes them as "Advantage Takers" who are exploiting people at their most vulnerable. (Hat tip: Respectful Insolence.)

Former White House domestic policy advisor arrested for retail fraud scheme

Claude Allen, who was up February 9 the White House domestic policy advisor, advocating abstinence education, school prayer, and opposition to abortion, was arrested this week in Maryland for a retail fraud scheme. Allen, who was previously a deputy secretary in the Department of Health and Human Services, would purchase items at Target or Hecht's, take them out to his car, return with the receipts and take an identical item off the shelf and "return" it for a credit back to his credit card. He apparently did this more than 25 times between October 29, 2005 and January 2, 2006, defrauding the stores of more than $5,000. This from a guy who was making $160,000 a year. His attorney says it's just a misunderstanding.

(From Talking Points Memo.)

UPDATE (March 14, 2006): Claude Allen has an evil twin. No, really!

UPDATE 2 (March 14, 2006): But the twin wasn't the one who admitted the scam.