The Electric Onion - A satirical take on the world of IT security

It’s Hammer Time…Again

On the outskirts of every agony, sits some observant fellow that points. That’s me. That’s my job. And I wouldn’t be doing my job if I didn’t point you to Apple’s current agony as everybody and their brother seems to be coming out of the woodwork to be the first to successfully crack their internet enabled iPhone.

The prize such as it is, goes to “DVD Jon” (AKA: “I-got-a-lot-of-time-on-my-hands Jon”) who just published cracking software that unlocks the latest U.S. iPhone release.

DVD Jon (formally known as BetaMax Jed) however only gets an honourable mention so far as his crack activates the internet browsing capability but kills the phone functionality (more than I can say for my crack). But he’s close. I’ll give him that. So close that the iPhones (not currently released in Europe) are starting to sell on eBay to U.K. buyers and have got Apple worried.

DVD Jon (affectionately known as “8-Track Jimmy” to his friends) is best known for breaking the encryption on commercial DVDs and the digital rights management (DRM) protection on tracks bought from iTunes, so you can imagine he’s one popular fellow in the entertainment industry.

DVD Jon (born Digital Venereal Disease, Jonathan) claims his fixation with cracking new phone software is purely technical. Yeah right. Ever notice how ignorance picks up confidence as it goes along? Every one of these “Johnny Come Latelys” does it for the notoriety and the potential income for handing over the code. Reminds me of what the Captain of the Titanic told the First Class Passengers: “We’re just stopping for ice”.

Top 10 Signs You Work in a Bad Company

10. The bathroom key is tied to an angry duck

9. The Christmas Party is a swig from the company thermos

8. The office intercom is two soup cans and a piece of string

7. Its hard to concentrate with all those "Panorama" reporters hanging around

6. Your Boss walks around wearing nothing but a Post-It note

5. Every week, your desk is subdivided into four smaller desks

4. Instead of Tipp-Ex, you're encouraged to use mayonnaise

3. After a few hours on your desk, the people in your family photos stop smiling

2. Cafeteria lunch special is whatever got caught in the glue trap

1. There are no desk chairs - everybody squats

Born in the USA

I don’t know, maybe it’s all this rain we’ve been having lately. But I’ve been getting flash backs of my days as a grunt back in Quang Tree in 67. Back when the name on my uniform read S. Monkerelli but everyone in the platoon knew me as “Sgt. Rock”.

I was working through my second bout of malaria and Corpsman Robinson had just given me 50 ccs of morphine and was trying to stop the bleeding. I’d just taken a couple ounces of steal from Charlie, lost just short of 2 pints of B+ juice and was feeling out of sorts. Maybe it was the rain. I was edgy. It just wouldn’t stop raining.

We’d been air dropped in the night before and had humped 8 clicks though the jungle soup in our black pyjamas when our point man set off a Bouncing Betty and we ran into a wall of lead. After the storm passed and Charlie disappeared back into the steamy jungle canvas, I yelled out to the boys to “Dig em and dig em deep!” then “Smoke em if you got em.” After we’d settled, I remember someone put on a Doors album and passed around some Mary Jane while Robinson made the rounds with the meds and took down personal information like blood type and next of kin stuff. We’d need it in the days ahead.

I think about those days now and then. Every time it rains or every time I hear a cut from the Doors, I wonder how Shapiro, Dumbrowski, Watson and the rest of the boys from the platoon are holding up. And I also wonder if all our personal details and medical histories were on that laptop that this geek from the U.S. Department of Veteran Affairs lost a few months ago.

Yeah, that’s where I’m going with this. The VA just issued the report of their investigation into the (second) mysterious missing laptop that was reported in the media last February. Originally, it was thought that it contained the personnel data of about 48,000 military personnel. Nope. It turns out that the real number is closer to 1.8 million according to the Office of Inspector General (OIG) report. That’s right. This guy lost the full and detailed service and medical records of 1.8 million veterans to include yours truly, Sgt Rock’s.

According to the report, the OIG only found this out during the forensics examination as the consultant (real name withheld so I don’t pull a pin on a pineapple and drop it in his drawers) actually deleted and encrypted the associated back up files “in an attempt to hide the extent, magnitude and impact of the missing laptop data”.

Not to be confused with the incident last year when another VA laptop was stolen from another consultant’s home containing the records of 26.5 million veterans and active duty personnel. While the fallout led to the resignation of VA Chief Information Security Officer Pedro Cadenas after just three months on the job, I certainly haven’t found any peace. I read this and I feel edgy and out of sorts. It seems like Uncle Sam and Aunt George owe me more than this. But maybe it’s this damn rain.

Overheard on the Piccadilly Line

“Saw the Americans finally got Paris Hilton, but still no word on Osama”

Somewhere between Earl’s Court and Hammersmith stations

Last Man Standing Takes The Bullet

Serpico: “I'm a marked man in this department - and for what?”

District Attorney Tauber: “I've arranged for a transfer for ya Frank”

Serpico: “Why? For being an honest cop, or for being stupid enough to get shot in the face?“

For (what’s left of) my money - the biggest cyber story of the year so far went quietly sailing by with virtually no notice by Johnny Q Public. On April 1, the U.K. Association of Chief Police Officers (ACPO) announced that they would no longer be responsible for investigating e-crime. Now go back and read that again and take a minute to let it sink in.

That’s right - without a trace of irony, on April Fools Day of this year the U.K. police quietly issued a report in which they resigned from their responsibility for catching cyber criminals. I know what you’re thinking now: “O.K, no biggy, you big drama queen, just tell us who’s responsible now”? Well, if you read The Report you’d know you apathetic couch potato From now on, if you become a victim of a cyber fraud online here in the U.K. you report it to the vendor involved.

The reason is simple. The report states that they just don’t have the resources to address the problem. Oh, well then, hey why didn’t you just say so? (The last line should be read aloud dripping with sarcasm).

This means that if you get hit by credit card fraud - you don’t report it to the police - you report it to the bank. Think about the logic here. It’s like saying that if you get shot - report it to the gun manufacturer. What’s happening here? The U.K. use to have one of the most cutting edge cyber cop organisations in the world. The National High Tech Crime Unit established back in 2001 wrote the rule book for how to track down and break up Eastern European cyber crime syndicates, organised crime groups, paedophile rings and Kevin Mitnick wannabes like Gary McKinnon.

Re-enactment of the NHTCU arrest of hacker Gary McKinnon

The biggest problem with the NHTCU was that they were too good at what they did. Yep, time for a transfer Frank. In a time when over 80% of large U.K. companies are reporting attacks and experience average losses between £65,000 and £130,000 this is not good news.

You want good news? I did read that a perverted burglar recently broke into a British museum and molested some of the life size statues of politicians. He was caught and charged with statue Tory rape.

Other News of Note

Jenny Bailey was elected mayor in Cambridge, England, in May, and her companion-partner Jennifer Liddle (a former Cambridge city council member) became the equivalent of "first lady"; both Bailey and Liddle were born males and became women as young adults. [Daily Mail (London), 5-23-07]

A 54-year-old man was killed while running to catch his bus in Greater Manchester, England, also in May; he accidentally ran smack into a lamppost and fell into the street, where the bus ran over him. [BBC News, 5-9-07]

In June Britain's Ann Summers announced it would stop selling its remote-controlled “Love Bug 2” personal vibrator in Cyprus after Cypriot military officials complained that the device's signals were interfering with army radio transmissions. [The Guardian (London), 5-6-07] (Insert drive by hacking joke here…)

Finally last week, the American Medical Association said that addiction to video games was becoming such a big problem that they were thinking of declaring it an actual medical condition. The video game condition will be called 'chronic persistent virginity' (OK we made that one up).

The King of Quizzes

As always, the winner of our monthly quiz will receive a .001% cotton Orthus Sales Monkey - Witness Relocation Programme T-Shirt (terms and conditions apply):

Question:Which of the following women did not appear in a movie with Elvis?

A. Ann Margaret
B. Shelly Fabres
C. Haley Millsv
D. Barbara Edenv
E. Nancy Sinatra
F. Dame Judi Dench

Answers to quiz@electric-onion.com

Quiz Rules:
1.Spider Murphy plays the tenor saxophone.
2.Little Joe blows on the slide trombone.
3.The drummer boy from Illinois goes crash, boom, bang.
4.The whole rhythm section’s gotta be the purple gang.

Answer to last Onion quiz: James Brown’s original backing group, The Famous Flames, were the former back up band of? Correct answer: C Little Richard. Winner of last month’s quiz: JPH

The Finest Print We Can Afford

Any way you cut it, the eOnion is still copyrighted to Orthus Ltd. so may not be used to mock, ridicule, tease, scorn, scuff, deride, disrespect or disparage other ICT security service or product vendors unless of course when it’s in our best commercial interest to do so or when it’s done in good clean fun. Either way, it’s our call so suck it up.

The eOnion may cause arrogance or involuntary spasms of smug self righteousness which may lead to public smirking or prolonged bouts of condescending behaviour (sort of like being a Royal). Symptoms include unexplained distain for information security product vendor marketing managers and an itchy flaking on the scalp. If drowsiness or nausea occurs, try reading SC Magazine. If symptoms persist, you try writing something funny for a cheesy monthly newsletter because it’s the only job you can get after 20 years of formal education. Not laughing now are you funny boy?

To unsubscribe go to the nearest window, stick your head out and yell “I’m not going to take it anymore.” Alternatively, send an e-mail to unsubscribe@electric-onion.com. All Information provided shall be processed in accordance with the Data Protection Act 1998 (and we don’t say that just because we have to – but yes, we have to).

Feeling Insecure?

The Electric Onion is an Orthus publication. If you're feeling a little lonely, vulnerable, exposed or insecure, tell us about it. Contact us at: +44 (0) 20 3170 8955 for information security consulting services, therapy, advice or assistance. Thoughts, feedback, comments, questions, veiled or unveiled threats? Send an e-mail to getalife@electric-onion.com