Airline security failure overseas

(via Bruce Schneier’s blog)

I know that neither of my visitors likely share my fascination with computer and physical security, but I still like to share interesting stories I read about security problems.  This one, in particular, caught my eye because I’ve pointed out the same potential problem numerous times in real life (yes, I actually interact with people not online at times).  Here is the full story from the link:

An investigation is being conducted into a security breach at Dublin Airport last week.

A female member of the airport search unit is undergoing re-training after the incident in which a Department of Transport inspector passed unchecked through security screening.

It is understood that the department official was waved through security checks having flashed an official badge. The inspector immediately notified airport authorities of a failure in vetting procedures. Only gardai are permitted to pass unchecked through security.

Informed sources said the incident which took place last Tuesday was a ‘‘procedural’’ breach.

Flash a badge that looks like the right one, and through you go without screening.

I’ve worked places where security requirements are such that all employees must pass through metal detectors and have all packages hand inspected.  All employees except the security guards, that is.  I’ve worked places where security requirements are such that all contract employees must pass through a metal detector and have bags passed through an X-Ray machine, but company employees don’t have to submit to any inspection.

In each of these cases, consider who the most likely culprits are in cases of stolen equipment or prohibited items making their way inside the security perimiter.  But if you state the obvious answer, you’ll be accused of having a bad attitude because you are in the former groups instead of the latter.

So, continuing with the above article, this is a failure where someone in charge of screening allowed someone who upon cursory inspection appeared to pass the “allowed to enter without screening” requirements, and was therefore allowed to enter without screening.  This risk can be reduced somewhat with better inspections than cursory, but it can be reduced even more by getting rid of that exception.  Of course, this won’t happen, because too many those in charge of physical security prefer to consider their groups outside the need for physical security checks.  Isn’t it ironic?
[tags]Security failures[/tags]

Sony still hates consumers, now also hates artists

(via boingboing)

Sensationalist headlines just sound good to me some times.  For this write-up, the title refers to the fact that Sony pays its recording artists royalties on iTunes downloads as if the download were a sale of music.  This means lower royalty payments.  However, when a consumer downloads a tune from iTunes, Sony has a license agreement that restricts the user’s rights, basically stating that the download is a licensing of content, not a sale of goods.

NEW YORK – Rock bands Cheap Trick and The Allman Brothers Band are suing Sony Music, claiming they are being shortchanged on royalties for songs downloaded legally over the Internet.

. . .

According to the suit, the record company is treating digital downloads like traditional record sales, rather than licensed music, triggering a different royalty deal.

Under that old rubrik, the record company deducts fees for the kind of extra costs they used to incur when records were pressed on vinyl, including packaging charges, restocking costs and losses due to breakage.

Tracks sold over the Internet usually go for about 99 cents. About 70 cents of the sale price goes to Sony. The bands are getting about 4 1/2 cents per song, according to the suit, rather than the approximately 30 cents they claim is rightfully theirs.

Something smells fishy here.  Anyone know what that is?

[tags]Sony, iTunes, Screw the consumer[/tags]