11 August 2011


I never thought a "free" society would consider something like the UK is currently discussing.
Several MPs in the British parliament want to ban the use of social networking sites, such as Twitter and Facbook, if a person is suspected (not convicted) on charges of instigating unrest and riots. Now, let's set aside the whole "suspected" issue.  The first problem that the UK faces is that this would be a nearly unenforceable law.  I've expressed my opinions on the validity of laws that cannot be enforced before.  They are complete and utter....rubbish.  Add in the fact that they want to ban the use of these type of sites to anyone who is SUSPECTED of contributing to unrest, and now you have a totalitarian state who can suspect mischievous behavior of anyone as an excuse for silencing them.

But wait, there's more!

So not only are they wanting to restrict a person's freedom of speech because they are merely "suspected" of causing unrest via the statements they make online.  They also want to force social media companies to take down any images, statements or other content that the British government deems inflammatory causing said unrest and riots.

I guess United KINGDOM never really shed their totalitarian monarchist views of governing.

05 August 2011

Personal Spy Drones = COOL!

Wired has an article about two security researches who presented their personal hacking spy drone at BlackHat this week. And although the idea of a personal drone with some type of surveillance equipment is not new, some of the tools they equipped this drone with are down right awesome.

IMSI catcher to trick cell phone signals into connecting instead of to a cell tower for calls? Check

GPS receiver for pre-programmed flight plans? Check

WiFi for connecting to networks? Check

340 million word dictionary for brute force attacks? Check

The list goes on...

I personally agree with one of the commenters that I would prefer a rotory wing aircraft, such as a helicopter, because landing and takeoff would be easier and require less space, and because you would have much better maneuverability.

Regardless it is a cool concept, just wish I had the cash lying around to make it a weekend project!

04 August 2011


As a big zombie culture geek, I love seeing more zombie culture hitting the mainstream.

Navy Times has a great article about how to survive a zombie attack. h/t SayUncle

Back in May, the CDC posted Zombie Preparedness 101, in response to the hype about the predicted rapture.

The Colorado Springs Gazette has an article about the popularity of zombie culture.

In addition to the pop culture trend, zombies have fully infiltrated a segment of the RKBA community with companies offering zombie related stripped AR-15 lowers, zombie targets (h/t TFB), and tons of other gear.

I, for one, am excited to see zombies become big in pop culture!

Update: A good friend pointed me to this Wired article talking about reseach on the neuroscience of zombies and how to protect yourself with Science (cue Weird Science theme song from Oingo Boingo).

Israel Security Coming Soon...

Saw it over at SayUncle first. The TSA seems to be completely out of touch with reality here in America. 

As the article linked at SayUncle states, the first enormous problem is that Israel's only international airport handles approximately 10 million passengers per year.  Bring that to America and any one big city airport handles twice that traffic each year on its own.  That means longer waits in line while each individual person is "screened".

The second problem is that Americans, especially while travelling domestically, don't tolerate "invasive" questions quite the same as international travelers going to another country.  Add in that if you get picked out of the line because you didn't respond just right to their questions, people will become even more defensive and intolerant of the process.

That brings me to the next issue, which is that the agents the TSA will be using for this $1 billion program (yes I said 1 BILLION DOLLARS) are receiving a whopping 4 DAY training to be able to detect people who have a "nefarious" agenda.  Now, as an auditor you learn very early on in your career that you will NOT be conducting fraud interviews on your own for several years. Why? It takes a lot of interviewing experience to start to be able to detect actual "tells".  People are diverse in behavior, and although certain types of behavior can be indicative of a lie, there are more false positive that there are actual true results. 

Take, for example, an male agent asking a young woman, "where have you been?" (one of the standard questions apparently).  She doesn't look the "agent" in the eyes when she answers clumsily "I have been visiting my grandmother".  Now, in 4 days of training this will likely cause this "agent" to flag her as requiring a full pat down, body scan, and further interviews.  In reality, she is originally from Japan where it is respectful to avoid prolonged eye contact with people in authority positions.

I think this whole thing is going to be a $1 billion waste of tax payer funds that will not make us any safer and will only cost this country in time and money.  Hopefully it falls flat on its face and someone is held accountable for wasting $1 billion in taxpayer money.

03 August 2011

Massive Security Breaches

From Dmitri Alperovitch, VP of Threat Research over at McAfee: Operation Shady RAT.

Also, and article from the BBC.

I am almost shocked at the sheer scope of the attacks and successful intrusions (after all, IT security is still not a priority on many people's list).  Not only were several US government (Fed and local) entities successfully breached, but so were several US companies.  Defense contractors, a real-state firm, an accounting firm, an electronics company, several IT companies, and a construction company were among the known targets that were breached. Some of these breaches lasted for over a year!

Speculation focuses on China as the most likely source of the attacks, which means there would be a high likelihood of State involvement. If this is the case, I wouldn't be surprised if several firearms manufacturers were also breached and don't know it yet.  China's military has been searching for ways to gain a strategic advantage, other than the sheer size of their military, for years.  Being able to obtain new gun designs and schematics that are being engineered for the US military would be a huge competitive advantage, both to the Chinese military, as well as any Chinese arms manufacturers.

Just some food for thought.

29 July 2011

RFID and Guns

So there has been a lot of talk about Chiappa Firearms of Italy announcing that they will start using RFID tags in their firearms to improve manufacturing and distribution accuracy and efficiency. (See TFB, SayUncle, Weerd). This seems like a perfect topic for me to write since I consider myself an Information Security/Assurance nerd as well as a gun enthusiast.

I am not going to address Chiappa's underlying business reasons for deciding to use RFID during the manufacturing an distributing process.  The realizable benefits of using a system like this in an environment such as manufacturing firearms is questionable, but is an entirely different conversation.

I want to address the security/privacy concerns that has the blogosphere on fire.  For those of you who are unfamiliar with Radio Frequency IDendification (RFID), they come in two basic forms: Passive, and "Active". 

Passive tags work in a similar fashion to the old idea of a crystal radio.  There is no internal power source so the tag does not actively broadcast anything.  The power comes from radio signals that a RFID Reader sends outs.  The reader must send a radio signal at the specific frequency that the tag is designed for. Radio signals at the correct frequency cause the tag to react and respond with a feedback signal that contains the stored information.  The best examples of these tags in every day life are in the retail industry where they are affixed to DVD and CD cases, high-end clothing, and electronics.  They are used less for inventory control than they are for loss prevention.

Active tags, unlike passive tags, have an internal power source, often in the form of a battery.  Active tags are often used for things like remote sensors or tracking.  They are not as prolific and are rarely used for manufacturing or inventory control because they are much more expense.  The best example I can think of for the use of active tags are in animal research where a certain animal is tagged in order to understand migration patterns or other behavior.  Over time the battery will run out and the tag will no longer broadcast its information.

The type of tag that will most likely be used in Chiappa's guns are passive tags.  These tags will likely contain a product number, manufacture date, and serial number ( more on this later). They will use RFID readers at various points in the manufacturing and distributing process to track individual products to strengthen their quality controls and increase the speed at which they are able to produce and ship guns.

So what's the big deal?

Computer and tech geeks have been considering the privacy and security concerns of RFID tags for nearly 10 years. The concerns range from the government being able to track your purchasing habits and movements to people finding out that you went to the local adult video store because your girlfriend was going to be out of town for a couple of weeks visiting her parents.

So what is the risk of any of the above situations actually happening.  RFID readers and scanners generally have to be withing a few feet to be able to have enough power to read the information off of an RFID tag.  That is why you have to walk through the little "gates" at Target or Wal-mart after making a purchase.  Most RFID readers are designed to have an effective range of 4-6 feet (some more expensive tags are designed to be read out to 30 feet with the proper reader).  This means that someone with an RFID scanner would most likely have to be within 6 feet of you for an extended period of time while the reader scanned through all the available RFID frequencies and searched for a tag. It isn't all that unlikely to be that close to someone for an extended time at a restaurant, library, concert or other event where people will be sitting in close proximity to each other for extended periods of time.

If someone is able to sit next to you for an extended period of time, and if they have an RFID scanner, what kind of information would they get?  Well that is where some of the gun community's concern lies.  What if you have a concealed carry permit and the gun your are currently carrying has an RFID tag in it.  A person with a scanner and enough time could potentially discover that you are carrying concealed. 

One aspect I didn't address is that RFID scanners are generally "directional", meaning that the radio waves that it emits are usually sent in one general direction, but they are not able to pinpoint an RFID tags exact location ( you would need to triangulate the position using at least 3 strategically placed RFID scanners.... and... give me a break!).  Take the concert example.  If someone sitting two seats to your righthas a scanner and pulls it out and points it to his left and gets results back that indicate someone is carrying a Chiappa revolver.  The person carrying could be any of the three or four directly to his left, or even a few people sitting to his left in the rows behind and in front of him. All he knows is that someone in the half dozen people sitting near him are carrying a revolver. All in all I don't find that to be an overly threatening situation.

Generally the risk that people will know you are carrying a firearm, or like to buy expensive shoes, or went to your local adult video store, are low and don't pose any significant threats.  That being said, I do no like the idea of wearing or carrying ANYTHING that can aid in identifying me from a distance (yet I still carry a GPS enabled cell phone with WiFi and Bluetooth...).  Chiappa did the right thing by disclosing the fact that they will be including RFID tags.  And despite the fact that I don't believe they will realize any significant gains in efficiency or quality control, it is their right to use them.  Their next step should be to provide instruction on how to safely remove the RFID tags should the consumer not want it after purchase.

So what went wrong in this situation? Quite honestly I think the biggest mistake made here was on the part of the Chiappa distributor here in the US, MKS Supply.   Their response to customer concerns over the RFID tags was to mock and make fun of people who would like to protect their privacy. Instead of chuckling in private but being professional in their response, they chose to call people with privacy concerns conspiracy theorists and overly paranoid.

MKS will not see any of my business because of the sheer arrogance and disregard for their customers that they showed in their handling of this situation.  No loss for them or me really. I thought Chiappa's Rhino was a novelty that might be worth owning, but overall it is not a gun I must have. And MKS also distributes Hi-Points, which I have absolutely no desire to own.

In summary, RFID tags can present privacy issues, but I will not be purchasing an RFID reader to scan every good that I purchase to determine if it has a hidden RFID tag.  And finally, don't buy from MKS Supply. If they handled this PR situation so poorly and have such contempt for a large section of their customer base, imaging what kind of customer service you would get out of them after making a purchase.

14 July 2011

Wild Bunch

I was watching the Outdoor channel last night and the episode of Shooting Gallery was covering a SASS national championship. Now I haven't really been interested in SASS before, but the championship was for the relatively new Wild Bunch matches.

Wild bunch is much more appealing to me because of the 3 gun aspect using a mil-spec (or close to mil-spec) 1911, a lever action rifle chambered in a big bore pistol caliber, and a Winchester model 1897 shotgun.

It wont be cheap considering I don't currently own any of the above firearms.  I am guessing an initial investment of about $2,500. But it's a goal I can start saving for.

Now if I can just get over the requirement to be in period dress during matches...

They are out there

Met some more firearms fans today at work.  Looks like my initial  apprehension about sharing my passion in a work setting was not necessary. Looking forward to getting out to the range with them and having more gun related discussions in the future!

12 July 2011

And we're back

Ok, so two months, one job, and lots of other events later and I'm posting again.  In the past 2 months I have left my job at a public accounting firm to join an internal audit team for a large publicly traded health care company.  I also got the news that my sister was diagnosed with breast cancer.  And of course I have been busy with baby girl and my amazing wife whenever I haven't been working.

All I can say is I need to get to the range, it is LONG over due and if I plan on pursuing my concealed carry permit soon, I need to start getting in some practice regularly.   As a birthday treat, my mother-in-law gave me some cash for my upcoming birthday to spend on ammo or other range supplies to I can make it out to the range on Saturday.  I ended up at my local big-box sporting goods store thinking it would be easy to pick up some ammo. But when I arrived and started looking at the selection, I realized I had forgotten what I already had "in stock" at home. Lo and behold, this is what I found when I decided to take inventory before making any more purchases:

Not all of the boxes are full, but I think I'm good for this Saturday!

I'm going with my wife's step-father and step-brother so I will try to get some pictures taken to post. I'm looking forward to some fun!

12 May 2011

Online shopping

To piggy-back off my last post about purchasing firearms online, I thought I would vent my frustrations with the mark-ups seen at physical retailers.

While searching for some inexpensive 8GB+ flash drives to have on hand for some bootable Linux drives, some security tools, and other information, I noticed a significant price difference in online prices versus in-store prices.  Take for example an 8GB SanDisk Cruzer, not the best performing flash drive but it will do.  Average online price, with tax (if applicable) and shipping, the average price is $15. Cheapest in-store price locally? $29.99.  Average in-store price? $34.99!!

I guess my frustration really got worse when I noticed the difference in price between the online and in-store prices of the same retailer.  Best Buy, for example, has an 8GB HP Flash Drive online for $12.99 with free shipping.  In-store price? $26.99.  Now I understand that there is considerable overhead in running a "brick and mortar" store, but I can't imagine paying twice the price in-store, even if I needed it urgently.

I guess I should just be glad that I can get some things much cheaper online.

10 May 2011

Buying guns online

I have been shopping around for a small caliber pistol or revolver for my wife.  We are going to go to the indoor range and renting a few of handguns first so she can try them out and see what type of handgun she likes best. What I was fairly disappointed in is the fact that purchasing a gun online is often no cheaper than buying one in a local gun store or big box sporting outlet.

Take, for example, a Charter Arms Pink Lady in .38 special.  On a popular firearm auction site, the average price of a Pink Lady up for auction right now is $360.  Add in the shipping which appears to average approximately $25 and the FFL transfer fee, which we will assume is another $30, although most places are charging more these days, and we are up to $415 to order the gun online.

If I go to my local pawn shop, they don't have on in stock but they will special order one, brand new from the manufacturer (actually through Davidson's) for $395 including all taxes and fees.

The big-box-superstore in town has one for sale for $405 (before taxes).

And finally, my local family owned gun store has a new one for sale for $415 (before taxes).

That brings me to the question, is it worth spending hours searching the web for a deal? I have yet to research a gun I wanted that I couldn't find at least $30 cheaper locally.  I know the more expensive the gun, the more room online retailers have to play with pricing, but it really doesn't seem like it is worth the time I would have to spend searching the internet for deals that don't appear to exist.

How to Clean a Handgun

Although every experienced gun owner has their own opinion on how often to clean firearms, and what solvents and lubricants to use, this is a great basic guide to caring for your handguns.

How to Clean a Handgun
B. Gil Horman
American Rifleman

The Daley Chronicles

Last week this editorial in the Washington Times was published about Chicago's supposedly "reasonable" restrictions on the purchase of firearms. Aside for the immense amount of red tape necessary to get a firearm registered (and renew that registration ANNUALLY), the other striking item is the list of "unsafe" firearms which include mostly antiques and black powder.

One modern firearm that is immensely popular, the Walther P22, even made the list of unsafe firearms.

Of course the other thing the editorial points out is that Daley wants 5 full-time armed bodyguards to protect him around the clock. He doesn't need to own a firearm because the City of Chicago will be provided him with 5 trained bodyguards who carry. I guess if I had 5 armed bodyguards I wouldn't necessarily feel the need for daily carry either.

EDITORIAL: Gun-grabber misfire - Washington Times

I guess all I have to say is thankfully I live in a mostly pro-gun state.


08 May 2011

Mother's Day

Happy first Mother's Day to my beautiful wife, our daughter couldn't ask for a better mommy!

05 May 2011

The cloud

Cloud computing is all the rage these days, and I even attended a company conference on the audit and security of cloud computing back in March.  My good friend Joey has a great post on cloud computing, pointing out common misconceptions.  From his post, "Most importantly, Cloud Computing is not a product to be bought. It is a set of items, methods and best practices for deploying the multitude of products, tools and solutions."

My wife's first time

My wife and I decided to drop the little kiddo off at her grandparents and go on a much needed date on Saturday.  We headed out to the City range with the Henry It was my wife's first time ever firing a gun, so we spent time going over firearms safety and basics about the Henry.  I have to say, she did a great job and wants to go out to the range again soon! Here are a couple pictures from the range:
The wife with the Henry at 25 yards
Me with the Henry at 50 yards

All I can say is that I am looking forward to another excellent date in the near future!

A love of firearms

I have been shooting for several years now. I learned to shoot with my dad when I was pretty young. He taught me with a pellet gun at first, and then let me shoot is Winchester model 670 in .30-06. The Winchester left a huge bruise around my collar bone because I didn't have it shouldered properly.

Move forward about 15 years and I have been back in the shooting sports since 2005. I started with a purchase of a Springfield XD-45 Compact, the only pistol I own and one of my favorite pistols to shoot.  Then I decided I needed a rifle, and after having recently shot a friend's AR-15, decided to pick up a Bushmaster O.R.C that had just been introduced.  For my birthday last year, my amazing wife, pitched in with some family members and bought me a nice little Henry Lever Action in .22LR.

Now I have a beautiful baby girl in my life and hope that when she is old enough, I can teach her to shoot on the Henry. I even got my wife to go out to the range just last weekend, and she loved it!

Now if I can only solve those two pesky problems that keep me, and many other enthusiasts, from being at the range more often. Time, and money.