Off-duty Taser's

Ladies and gents,

As I was perusing Amazon, I wanted to see if they had any of the personal use Tasers. Well, it turns out they do. They're called "TASER C2 - Black Pearl Personal Protector". They price around $350.oo and are small enough to fit in a map case or combat purse ("handbags" for the ladies). For those of you who haven't seen one of these in action, I've attached a video clip of their infomercial.

I know when this first came out there were some in our industry who had their trepidations about this. Once law enforcement began to use this, more and more people began to see the "pro's" of having one of these in their arsenal. Personally, I believe a Taser should be used in accordance with strict "objective reasonableness" standards. There are several consequences for not following these guideline both civil and criminal.

I suspect as more of these "personal use" Tasers are manufactured, we in the security industry are going to see more of them as well. I caution all security managers and project coordinators to consider certain risk assessments before you proceed and buy a few for your agency. If your folks aren't properly trained and selected, you could be faced with some serious problems. We have to caution our people this weapon is a weapon and not a toy. It should also be used as a last resort due to its potential lethality. There have been deaths which some attribute to the Taser, but we won't cover that here as it's a whole other topic.

Now, that I've mentioned the "cons", let's talk about the "pro's". of owning one of these for both personal and professional use. Imagine your wife or other loved one going on a jog when an attacker approaches them with an edged weapon. This weapon is capable of stopping that attacker and buying your wife and significant other some time to escape. On a professional note, a guy in HR called to report a disgruntled former employee still on the grounds swinging a bat and breaking things. You've tried verbal judo along with a show of force with no results. By the way, there was a school shooting about 10 miles away and the cops are tied up. You have to get this resolved soon. I can tell you once a "bad guy" see this being pulled out and being deployed their disposition changes. I imagine mine would too.

I'm no fan of the MP3 version, but I do think some people have taken this the wrong way. Taser incorporated that feature for the consumer I mentioned above who follows an active lifestyle. Many women are abducted or raped by strangers while jogging/walking along isolated paths. I do believe the MP3 feature would take away some situation awareness though.

I plan to post a poll to get your impressions of this product. Please, feel free to share your ideas now.

Microsoft's Reply To Encryption Weakness

Well, it appears Microsoft says the vulnerability with encryption key programs isn't with software makers. They say its with us. According to SecurityFocus, "A number of simple changes will make sleeping laptops immune to having their encryption keys filched from memory, a Windows Vista security expert said last week."

The article quotes a Microsoft senior product manager for Windows Vista security, Russ Humphries as saying on a company blog,

"The thing to keep in mind here is the old adage of balancing security, usability and risk. For example BitLocker provides several options that allow for a user -- or more likely Administrator -- to increase their security protections but at the cost of somewhat lowering ease-of-use."

It should be noted it was Mr. Humphries' program, BitLocker that was mentioned along with others in the report as being vulnerable to this hack.

UK Card Readers Hack

According to SecutrityFocus, an e-zine which focuses on electronic security issues, UK merchants have a problem. It sounds like a pretty significant problem with their card readers. SecurityFocus' article says the when credit cards are scanned through the readers the information is not encrypted and thus readable by anyone with access to the data stream from that reader.

The University of Cambridge discovered the PIN entry device (PED) vulnerabilities allow an attacker to wiretap a reader and collect enough data from cards and the PIN pad to create counterfeit cards.

For those of you unfamiliar with the UK's debit and credit setup, I'll explain. Let's say I go to a restaurant and purchase a dinner for two costing a certain amount of money. The waitress brings out a portable card reader in which instead scanning, she can take your debit or credit card from a UK bank and place the card which is embedded with a chip inside the reader. Then the transaction proceeds like it does everywhere else. The readers then transmit the card information through a wireless connection. Catch where I'm going with this? If not, continue reading and you'll get it eventually.

According to SecurityFocus, the researchers stated the vulnerabilities in a paper to be published at the IEEE Symposium on Security and Privacy in May.

"The vulnerabilities we found were caused by a series of design errors by the manufacturers," Saar Drimer, a researcher at UC's Computer Laboratory and an author of the paper, said in a statement. "They can be exploited because Britain's banks set up the Chip & PIN in an insecure way ... A villain who taps this gets all the information he needs to make a fake card, and to use it."

This is not just UK-only vulnerability. There are all sort of vulnerabilities with card readers all over the world. If the card information isn't encrypted on the merchant, purchaser, and bank ends, then there will always be a vulnerability.