Wednesday, March 30, 2011

Information security threat models, folk & expert

I've written a pair of blog posts for Global Crossing's "Defense in Depth Security" blog based on recent work by Rick Wash and by multiple people at Intel including Timothy Casey about modeling the agents behind information security threats. The first post is about non-expert home computer users' "folk models" of the threats from viruses and hackers,which makes the point that seemingly irrational decisions about security may in fact be completely rational based on their conceptual understanding of the threat they believe they are combatting.  Only by changing their understanding of the threat, which requires not just information but appropriately salient information and the right incentives, are we likely to see changes in user behavior.  I point out an example of a recent news story that might help provide both elements with regard to one type of vulnerability, open wireless access points.

The second blog post, which will appear tomorrow, is about expert models of threat agents--the Intel Threat Agent Library.  Intel created a large set of attacker personas and identified their attributes, for use in matching against vulnerabilities and prioritizing controls as part of a broader risk assessment process.

I'm happy to discuss these further either here or at the Global Crossing blogs.

Saturday, January 08, 2011

Rep. Gabrielle Giffords shot at Tucson grocery store event

Rep. Gabrielle Giffords (D-AZ CD8) was shot this morning at an event at a Tucson grocery store, along with several other people.  The Tucson Citizen reports that she was "shot point blank in the head."  This brings to mind a previous gun incident at another Tucson event at a grocery store in August 2009.

The image below is from Sarah Palin's website, "Take Back the 20."  The lower right target sight image on Arizona is Congressional District 8, which was one of the "targets" for candidates who supported the Health Care Reform bill to be defeated.


UPDATE: CNN reports that an employee of a nearby business reported "15 to 20 gunshots" and 12 victims.

UPDATE: The Arizona Republic reports that at least four of the victims are dead.

UPDATE: NPR reports that Rep. Giffords is one of the dead and that the killer, a male in his teens or twenties, was apprehended at the scene.  The death toll is up to seven.

UPDATE: KOLD News-13 in Tucson says Giffords is not dead but is in surgery at University Medical Center.

UPDATE: Another version of Palin's "target map" explicitly called out Giffords as a target:


UPDATE (1 p.m. Arizona time): The Palin takebackthe20.com gunsight map has been removed.

UPDATE: In an MSNBC interview after her office was vandalized after her vote for Health Care Reform, Rep. Giffords said:
We need to realize that the rhetoric, and the firing people up and … for example, we’re on Sarah Palin’s ‘targeted’ list, but the thing is, the way she has it depicted, we’re in the crosshairs of a gun sight over our district. When people do that, they’ve gotta realize that there are consequences to that action.

UPDATE (1:29 p.m.): Talking Points Memo reports that a federal judge was also one of the shooting victims. There will be a UMC press briefing at 1:30 p.m.

UPDATE: NBC reports that the federal judge is one of the dead.  That judge, John Roll, was chief judge  of the U.S. District Court for Arizona and received death threats last year over an immigration case.

Sarah Palin has deleted her tweet from March, below:


UPDATE: Correction, the tweet above has NOT been deleted from Sarah Palin's tweetstream.

UPDATE (1:54 p.m.): The shooter suspect in custody is named Jared Loughner. The Pima County Sheriff's Office reports 6 dead, 18 wounded.

UPDATE: A YouTube video from Jared Lee Loughner.  He was a student at Pima Community College and apparently a disturbed individual.  Here's an apparent sample of his writing:

Hello, and welcome my classified leak of information that's of the United States Military to the student body and you. Firstly, I want you to understand this from the start. Did you know grammar is double blind, listener? Secondly, if you want to understand the start of revelatory thoughts then listen to this video. I'll look at you mother fuckin Anarchists who have a problem with them illegal illiterate pigs. :-D If you're a citizen in the United States as of now, then your constitution is the United States. You're a citizen in the United States as of now. Thus, your constitution is the United States. Laugh. I'll let you in on their little cruel joke that's genocidal. They're argument is appeal to force on their jurisdiction with lack of proof of evidence. Each subject is in question for the location! The police don't quite get paid correctly with them dirty front runners under section 10? Their country's alliances are able to make illegal trades under section 10. Eh! I'm a Nihilist, not someone who put who put trust in god! What is section 10 you ask? If you make a purchase then it's illegal under section 10 and amendment 1 of the United States constitution. You make a purchase. Therefore, it's illegal under section 10 and amendment 1 of the United States constitution. We need a drum roll for those front runners in the election; those illegal teachers, pigs, and politicians of yours are under illegal authority of their constitution. Those dirty pigs think they know the damn year. Thirdly, tell them mother fuckers to count from 0 to whenever they feel a threat to stop their count. We can all hope they add new numbers and letters to their count down. Did you run out of breath around the trillions, listener? Well, B.C.E is yet to start for Ad to begin! What does this mean for a citizen in any country? Those illegal military personal are able to sign into a country that they can't find with an impossible date! How did you trust your child with them fraud teachers and front runners, listener? Did you now know that the teachers, pigs, and front runners are treasonous! You shouldn't jump to conclusion with your education plan. The constitution as of now, which is in use by the current power pigs, aren't able to protect the bill of rights! Do you now have enough information to know the two wars are illegal! What is your date of time, listener? Fourthly, those applications that are with background checks break the United States constitution! What's your riot name? I'll catch you! Top secret: Why don't people control the money system? Their Current Currency(1/1) / Your new infinite currency (1/~infinte) This is a selcte information of revoluntary thoughts! Section 10 - Powers prohibited of States No State shall enter into any Treaty, Alliance, or Confederation; grant Letters of Marque and Reprisal; coin Money; emit Bills of Credit; make any Thing but gold and silver Coin a Tender in Payment of Debts; pass any Bill of Attainder, ex post facto Law, or Law impairing the Obligation of Contracts, or grant any Title of Nobility. No State shall, without the Consent of the Congress, lay any Imposts or Duties on Imports or Exports, except what may be absolutely necessary for executing it's inspection Laws: and the net Produce of all Duties and Imposts, laid by any State on Imports or Exports, shall be for the Use of the Treasury of the United States; and all such Laws shall be subject to the Revision and Controul of the Congress. No State shall, without the Consent of Congress, lay any duty of Tonnage, keep Troops, or Ships of War in time of Peace, enter into any Agreement or Compact with another State, or with a foreign Power, or engage in War, unless actually invaded, or in such imminent Danger as will not admit of delay. Each subject is unlocatible!

UPDATE: Another video shows someone, apparently Loughner, burning a U.S. flag.  His YouTube profile says:

Name: Jared Lee Loughner
Channel Views: 271
Joined: October 25, 2010
Website: http://Myspace.com/fallenasleep
Hometown: Tucson
Country: United States
Schools: I attended school: Thornydale elementary,Tortolita Middle School, Mountain View Highschool, Northwest Aztec Middle College, and Pima Community College.Interests: My favorite interest was reading, and I studied grammar. Conscience dreams were a great study in college!
Movies: (*My idiom: I could coin the moment!*)
Music: Pass me the strings!
Books:
I had favorite books: Animal Farm, Brave New World, The Wizard Of OZ, Aesop Fables, The Odyssey, Alice Adventures Into Wonderland, Fahrenheit 451, Peter Pan, To Kill A Mockingbird, We The Living, Phantom Toll Booth, One Flew Over The Cuckoo's Nest, Pulp,Through The Looking Glass, The Communist Manifesto, Siddhartha, The Old Man And The Sea, Gulliver's Travels, Mein Kampf, The Republic, and Meno.

UPDATE: Someone who knew him in 2007 says his politics then were left-wing.  Looks like a flag-burning nihilist kook, perhaps schizophrenic.

UPDATE: The Arizona Daily Star has fairly detailed background on Loughner, who would interrupt his pre-algebra class with "nonsensical outbursts" and was barred from class.

UPDATE: A New York Times profile of Rep. Gabrielle Giffords, titled "A Passionate Politician with a Long List of Friends."

UPDATE (January 9): The federal complaint against Loughner.  Loughner was good enough to leave clear evidence of premeditation at his home.

UPDATE: A "second suspect" turned out to be the cab driver who drove Loughner to the Safeway, who came inside as Loughner had to get change to pay him.  He has been cleared as to any involvement in the shooting.

UPDATE (January 10): The Daily Beast points out, via the Southern Poverty Law Center, that Loughner's rants closely resemble the writings of Milwaukee-based David Wynn Miller, in talk about grammar and mind control--which brings us back to right-wing nutcases.

UPDATE (January 11): CNN is still saying it can find no link between Loughner and any groups, while Boingboing has posted further comparison to the insanity of David Wynn Miller.  It's amazing that this guy has people buying into his nonsense and trying to use it in court (always unsuccessfully, of course).

UPDATE: The DC points out that Loughner was a commenter at the UFO/conspiracy website AboveTopSecret--where his fellow commenters found him difficult to understand, considered him to be crazy, and asked him to get help before he hurt himself or someone else.  Despite mental health programs in Arizona that allowed anyone in contact with him to report him, and Pima Community College's recognition that he had mental problems, no one reported him to the state for evaluation.

Thursday, January 06, 2011

Global Crossing blogging

I've joined the team of Global Crossing bloggers--please check out my initial post at Global Crossing blogs, "Forget passwords!"

(BTW, my friend and colleague Glen Walker independently wrote a blog post making a very similar recommendation.)

Friday, December 31, 2010

Books Read in 2010

This was a good year for getting a lot of reading done, including a number of fairly lengthy books, thanks to going back to school full-time for the fall of 2009 and spring of 2010.

Books read in 2010:
(Previously: 20092008, 2007, 2006, 2005.)

Tuesday, November 30, 2010

Review of CMI's "Voyage That Shook the World"

John Lynch and I have co-authored a review of the Creation Ministries International film on Darwin which will be appearing in vol. 30 of Reports of the National Center for Science Education and which may be found on their website.

My previous blogged review of the film is here.

I gave a little more background on the film here.  John Lynch has said more about it here, herehere, and here, mostly about the deception used to get interviews by prominent historians.

Saturday, November 20, 2010

What to think vs. how to think

While listening to a recent Token Skeptic podcast of a Dragon*Con panel on Skepticism and Education moderated by D.J. Grothe of the James Randi Educational Foundation, I was struck by his repeated references to Skepticism as a worldview (which I put in uppercase to distinguish it from skepticism as a set of methods of inquiry, an attitude or approach).  I wrote the following email to the podcast:
I am sufficiently irritated by D.J. Grothe's repeated reference to skepticism as a "worldview" that I will probably be motivated to write a blog post about it.
There is a growing ambiguity caused by overloading of the term "skepticism" on different things--attitudes, methods and processes, accumulated bodies of knowledge, a movement.  To date, there hasn't really been a capital-S Skepticism as a worldview since the Pyrrhonean philosophical variety.  A worldview is an all-encompassing view of the world which addresses how one should believe, how one should act, what kinds of things exist, and so forth.  It includes presuppositions not only about factual matters, but about values. 
The skepticisms worth promoting are attitudes, methods and processes, and accumulated bodies of knowledge that are consistent with a wide variety of world views.  The methods are contextual, applied against a background of social institutions and relationships that are based on trust.  There is room in the broader skeptical movement for pluralism, a diversity of approaches that set the skepticisms in different contexts for different purposes--educational, political, philosophical, religious.  An unrestricted skepticism is corrosive and undermines all knowledge, for there is no good epistemological response to philosophical skepticism that doesn't make some assumptions.
Trying to turn skepticism into a capital-S Skeptical worldview strikes me as misguided.
To my mind, what's most important and useful about skepticism is that it drives the adoption of the best available tools for answering questions, providing more guidance on how to think than on what to think, and on how to recognize trustworthy sources and people to rely upon.  There's not a completely sharp line between these--knowledge about methods and their accuracy is dependent upon factual knowledge, of course.

I think the recent exchanges about the Missouri Skepticon conference really being an atheist conference may partly have this issue behind them, though I think there are further issues there as well about the traditional scope of "scientific skepticism" being restricted to "testable claims" and the notion of methodological naturalism that I don't entirely agree with.  Skepticism is about critical thinking, inquiry, investigation, and using the best methods available to find reliable answers to questions (and promoting broader use of those tools), while atheism is about holding a particular position on a particular issue, that no gods exist.  The broader skeptical movement produces greater social benefits by promoting more critical thinking in the general public than does the narrower group of skeptical atheists who primarily argue against religion and especially the smaller subset who are so obsessed that they are immediately dismissed by the broader public as monomaniacal cranks.  The organized skeptical groups with decades of history have mainly taken pains to avoid being represented by or identified with the latter, and as a result have been represented by skeptics of a variety of religious views in events of lasting consequence. Think, for example, of the audience for Carl Sagan's "Cosmos" and his subsequent works, or of the outcome of the Kitzmiller v. Dover trial.

In my opinion, the distinction between skepticism and atheism is an important one, and I think Skepticon does blur and confuse that distinction by using the "skeptic" name and having a single focus on religion. This doesn't mean that most of the atheists participating in that conference don't qualify as skeptics, or even that atheist groups promoting rationality on religious subjects don't count as part of the broader skeptical movement.  It just means that there is a genuine distinction to be drawn.

(BTW, I don't think atheism is a worldview, either--it's a single feature of a worldview, and one that is less important to my mind than skepticism.)

Previous posts on related subjects:
"A few comments on the nature and scope of skepticism"
"Skepticism, belief revision, and science"
"Massimo Pigliucci on the scope of skeptical inquiry"

Also related, a 1999 letter to the editor of Skeptical Inquirer from the leaders of many local skeptical groups (Daniel Barnett, North Texas Skeptics, Dallas, TX; David Bloomberg, Rational Examination Association of Lincoln Land, Springfield, IL; Tim Holmes, Taiwan Skeptics, Tanzu, Taiwan; Peter Huston, Inquiring Skeptics of Upper New York, Schenectady, NY; Paul Jaffe, National Capitol Area Skeptics, Washington, D.C.; Eric Krieg, Philadelphia Association for Critical Thinking, Philadelphia, PA; Scott Lilienfeld, Georgia Skeptics, Atlanta, GA; Jim Lippard, Phoenix Skeptics and Tucson Skeptical Society, Tucson, AZ; Rebecca Long, Georgia Skeptics, Atlanta, GA; Lori Marino, Georgia Skeptics, Atlanta, GA; Rick Moen, Bay Area Skeptics, Menlo Park, CA; Steven Novella, New England Skeptical Society, New Haven, CT; Bela Scheiber, Rocky Mountain Skeptics, Denver, CO; and Michael Sofka, Inquiring Skeptics of Upper New York, Troy, NY).

UPDATE (December 1, 2010): D.J. Grothe states in the most recent (Nov. 26) Point of Inquiry podcast (Karen Stollznow interviews James Randi and D.J. Grothe), at about 36:50, that he has been misunderstood in his references to skepticism as a "worldview."  This suggests to me that he has in mind a narrower meaning, as Barbara Drescher has interpreted him in the comments below.  My apologies to D.J. for misconstruing his meaning.

Monday, November 15, 2010

Does Vocab Malone understand the implications of his own position?

Vocab Malone, with whom I had a blog debate about abortion and personhood last year, recently came across this comment of mine on the Point of Inquiry podcast with Jen Roth, an atheist who argues for the immorality of abortion:
Was Jen Roth ultimately arguing that personhood is something that a human organism has for its entire lifecycle? At what starting point? Conception, implantation, or something else?

I find it completely implausible that an organism at a life stage with no capacity for perception, let alone reason, counts as a person. Nor that a particular genetic code is either necessary or sufficient for personhood.

I think every point that she made was brought up in a debate I had with a Christian blogger on the topic of abortion, who similarly argued for an equation between personhood and human organism. I wonder if she has any better rejoinders. Does she think that IVF and therapeutic cloning are immoral? IUDs?
Vocab claimed that my argument was a "Chewbacca argument," a smoke screen, or a slippery slope argument, but in fact it is none of these.  I posted the following comment in response to him:
Vocab:
The argument I made is not a slippery slope argument, it's a reductio ad absurdum.  Your position is that the human organism is a person and has a right to life from fertilization to death (and presumably beyond), so you've already gone down the "slippery slope" and must of necessity say that IVF, therapeutic cloning, and IUDs are immoral because they result in the destruction and death of fertilized ova.  My position is that it is absurd to think that these things are immoral, and if you were to avoid the slippery slope by agreeing with me, you would have contradicted a logical consequence of your own position--thus, a reductio ad absurdum by being committed to a proposition and its negation.
A slippery slope argument is an argument that says your position is committed to some consequence because there is no criterion that you can use to draw a line to avoid.  For example, if I argued that your position committed you to giving a right to life to all animals, and required you to be a vegetarian, or that it required you to give a right to life to every organism with DNA, and required you to hold a position like the Jain religion that all killing is wrong.
As it happens, you never did supply an account of just what it is about the human organism that gives it a right to life or personhood--you offered no constitutive account of what properties entail a right to life or personhood, other than a genetic one.  I made the case near the end of our debate that you are probably implicitly assuming that personhood comes from a soul, and that souls are connected to human organisms at the point of fertilization, but there's clearly no evidence for that position, scientific, philosophical, or theological.
BTW, my argument is also clearly not a Chewbacca argument or smoke screen, which is a simple non sequitur.  To think that, you would have to fail to understand that the items I identified all result in the destruction of fertilized human ova.
It's important to note that not all slippery slope arguments are fallacious--if there really is no criterion to stop the fall down the slope, the argument is valid.  As Vocab never did explain what it is about human organisms that make them rights-bearers, I think he does face the slippery slope argument I presented unless he can offer some criterion for distinguishing human organisms from other organisms with respect to having a right to life.

Wednesday, November 03, 2010

Pamela Gorman edits her own Wikipedia entry?

Former Arizona state legislator Pamela Gorman, or someone claiming to be her, took issue with the following passage in her Wikipedia entry:
Also in 2005, Gorman was one of several Arizona legislators who supported parental rights legislation which was also supported by the Citizens Commission on Human Rights. She attended the grand opening of the Church of Scientology's "Psychiatry: An Industry of Death" exhibition in Los Angeles in December 2005 at the request of Robin Read, President of the National Federation for Women Legislators.
The edit, which was described as "clarification of falsehoods entered about me and other organizations" and came from Cox Communications Phoenix IP 68.231.27.68, added the following right after that text:
It was a quick visit which did not include any meals or other "fluff." The goal of the trip was to determine what the Citizen's Commission on Human Rights was about, as they were becoming heavily involved in NFWL. The cost of the roundtrip flight for the small group to tour the museum was reported by CCHR, according to Arizona disclosure laws. Gorman's political enemies have tried for years to make a leap from her touring a museum as a favor to the president of her professional organization to her actually being a Scientologist. Further attempts to alter this page with falsehoods of this nature may be met with legal action.
I'm not aware of any online claims that Gorman, who is an evangelical Christian, is a Scientologist, only that she was one of several Arizona legislators who sponsored legislation on behalf of a Scientology front group and accepted gifts from the Church of Scientology.

It's good that Gorman was willing to give a bit more context, but it should be noted that this was not simple "parental rights legislation which was also supported by the Citizens Commission on Human Rights," it was a bill that was at least partly written by CCHR. As the Arizona Republic reported at the time, the original text required not only parental consent before mental health evaluations by schools, it required that parents read CCHR anti-psychiatry propaganda before signing a consent form:
Another bill introduced this year would have required written consent from parents for any mental-health screenings in schools. The bill was similar to other measures passed in previous years and vetoed by the governor. Sponsored by Sen. Karen Johnson, a member of the commission's international advisory group, the bill had a bipartisan group of 36 co-sponsors. Still, it failed by a tie vote in the Education Committee, in part because of testimony of mental-health advocates.

The original text of the bill would have required parents to sign a lengthy consent form that contained paragraph after paragraph of negative information about psychiatric practices.
Information about CCHR is easy to come by on the Internet (e.g., at Wikipedia or xenu.net), so it's unclear why Gorman needed to accept a round trip flight to Los Angeles on the CCHR's dime to find out "what the Citizen's Commission on Human Rights was about," or why she sponsored their bill.

Monday, September 13, 2010

James Dobson's dog-beating story

In James Dobson's 1978 book, The Strong-Willed Child, he writes about using a belt to beat his dachshund into submission:
Please don't misunderstand me. Siggie is a member of our family and we love him dearly. And despite his anarchistic nature, I have finally taught him to obey a few simple commands. However, we had some classic battles before he reluctantly yielded to my authority.

The greatest confrontation occurred a few years ago when I had been in Miami for a three-day conference. I returned to observe that Siggie had become boss of the house while I was gone. But I didn't realize until later that evening just how strongly he felt about his new position as Captain.

At eleven o'clock that night, I told Siggie to go get into his bed, which is a permanent enclosure in the family room. For six years I had given him that order at the end of each day, and for six years Siggie had obeyed.

On this occasion, however, he refused to budge. You see, he was in the bathroom, seated comfortably on the furry lid of the toilet seat. That is his favorite spot in the house, because it allows him to bask in the warmth of a nearby electric heater...

When I told Sigmund to leave his warm seat and go to bed, he flattened his ears and slowly turned his head toward me. He deliberately braced himself by placing one paw on the edge of the furry lid, then hunched his shoulders, raised his lips to reveal the molars on both sides, and uttered his most threatening growl. That was Siggie's way of saying. "Get lost!"

I had seen this defiant mood before, and knew there was only one way to deal with it. The ONLY way to make Siggie obey is to threaten him with destruction. Nothing else works. I turned and went to my closet and got a small belt to help me "reason" with Mr. Freud.

What developed next is impossible to describe. That tiny dog and I had the most vicious fight ever staged between man and beast. I fought him up one wall and down the other, with both of us scratching and clawing and growling and swinging the belt. I am embarrassed by the memory of the entire scene. Inch by inch I moved him toward the family room and his bed. As a final desperate maneuver, Siggie backed into the corner for one last snarling stand. I eventually got him to bed, only because I outweighed him 200 to 12!

Dobson's book is a promotion of corporal punishment in child rearing. This story is complementary to Jerry Falwell's cat-killing story, written at a time when Christian fundamentalists didn't seem overly concerned about abuse of animals--the 1970s.  It's also complementary to the story of Mike Huckabee's son killing a dog, and Mormon Mitt Romney's dog abuse story.

Thankfully, most of us today recognize that abusing animals is a sign of psychopathy.

UPDATED: To lengthen quote and correct source book title, as per Snopes.  The original 1978 hardcover version of the book is available for $0.01 on Amazon.com Marketplace.

Saturday, August 14, 2010

Gun-toting, Scientology-supporting, Bible-thumping, climate change-denying Pamela Gorman wants to be elected to Congress

Former Arizona State Representative Pamela Gorman, whose promo video proudly proclaims her to be a gun-toting Bible thumper, spent some of her time in the Arizona legislature supporting Scientology front groups and denying the existence of human-caused global warming through her affiliation with the sleazy Heartland Institute. Here's her video: