But Who Is Going To Setup Their Own Email Server?

November 23, 2010 by Your Name in geek culture, Meme - Humor/Funny, Microsoft, Software

Many many years ago, back in the days when Microsoft's email address had exclamation points, an internal tool was developed to permit Microsoft employees to view and update their Benefits information from the comfort of their very own offices. Welcome to the paperless office!

One of my friends noticed an odd sentence in the instructions for using the tool: "Before running the program, make sure you are logged onto your email server."

"That's strange," my friend thought. "Why does it matter that you're logged onto your email server? This tool doesn't use email."

Since my friend happened at the time to be a tester for Microsoft's email product, he tried a little experiment. He created a brand new email server on one of his test machines and created an account on it called billg. He then signed onto that email server and then ran the tool.

Welcome, Bill Gates. Here are your current Benefits selections...

"Uh-oh," my friend thought. "This is a pretty bad security hole." The tool apparently performed authentication by asking your email server, "Hey, who are you logged in as?" The answer that came back was assumed to be an accurate representation of the user who is running the tool. The back-end server itself was not secured at all; it relied on the client application to do the security checks.

My friend sent email to the vice president of Human Resources informing him of this problem. "You need to shut down this tool immediately. I have found a security hole that allows anybody to see anybody else's Benefits information."

The response from the vice president of Human Resources was calm and reassuring. "My developers tell me that the tool is secure. Just enjoy the convenience of updating your Benefits information electronically."

Frustrated by this, my friend decided to create another account on his test email server, namely one corresponding to the vice president of Human Resources. He then sent the vice president another email message.

"Please reconsider your previous decision. Your base salary is $xxx and your wife's name is Yyyy. Would you like me to remind you one week before your son's tenth birthday? It's coming up next month."

A reply was quickly received. "We're looking into this."

Shortly thereafter, the tool was taken offline "for maintenance."

Fining Terrorists

November 23, 2010 by Your Name in News, Politics

Susanna Kim, ABC News:

The Transportation Security Administration (TSA) says it can fine individuals up to $11,000 for walking away from the airport security process. But will it? People in government say the fine is mostly a deterrent so that terrorists cannot back out of a security check once it starts.

They’re not even trying to make sense at this point. (Via Paul Kafasis.)

Adam Savage on Going Through TSA’s New Security

November 23, 2010 by Your Name in News, Politics

They missed the 12-inch razor blades he forgot to take out of his bag.

TSA Screeners Dislike the Pat-Downs, Too

November 22, 2010 by Your Name in News, Politics

Steven Frischling:

A few days ago I contacted 20 TSA Transportation Security Officers (TSO) to ask their opinions of the new “enhanced” pat downs. Of the 20 I reached out to, 17 responded. All 17 who responded are at airports where the new “enhanced” pat down is in place … and the responses were all the same, that front line TSOs do not like the new pat downs and that they do not want to perform them. I expected most to not like the pat downs … but what I didn’t expect was that all 17 mentioned their morale being broken down.

TSA Chief Digs in on Body Scans and Pat-Downs

November 22, 2010 by Your Name in News, Politics

The AP:

Pistole on Sunday noted the alleged attempt by a Nigerian with explosives in his underwear to try to bring down an Amsterdam-to-Detroit flight last Christmas. “We all wish we lived in a world where security procedures at airports weren’t necessary,” he said, “but that just isn’t the case.”

So one man from Nigeria tries to pack a bomb in his underwear last year, and now we’re all subjected to invasive naked body scans and physical pat-downs. Keep in mind that this “underwear bomber” succeeded in destroying nothing other than his own genitals, and that experts agree that even if his bomb had worked as he intended, it wouldn’t have brought down the plane.

Here’s the question for Pistole, and anyone else who argues that these new TSA procedures are an appropriate response to that incident: What happens if the next guy hides his bomb up his ass?

TSA Pat-Down Leaves Traveler Covered in Urine

November 22, 2010 by Your Name in News, Politics

Harriet Baskas, reporting for MSNBC on Thomas Sawyer, a retired teacher and bladder cancer survivor who now wears a urostomy bag to collect his urine:

“One agent watched as the other used his flat hand to go slowly down my chest. I tried to warn him that he would hit the bag and break the seal on my bag, but he ignored me. Sure enough, the seal was broken and urine started dribbling down my shirt and my leg and into my pants.”

The security officer finished the pat-down, tested the gloves for any trace of explosives and then, Sawyer said, “He told me I could go. They never apologized. They never offered to help. They acted like they hadn’t seen what happened. But I know they saw it because I had a wet mark.”

Humiliated, upset and wet, Sawyer said he had to walk through the airport soaked in urine, board his plane and wait until after takeoff before he could clean up.

This is how United States government agents treat innocent citizens.