Ok, last post of the day….  A panel discussion from Black Hat 2012 was a debate on who should be responsible for information security: the government, the company/website/service provider, or the user?

My answer is all of the above, but it the easiest/most effective way starts with the government.  The government, in conjunction with the Information Security industry, needs to set the standards.  Then, they should do 1 of 2 things: enforce those standards, much like they already do with HIPPA and PII related information, or, start a consumer watchdog organization that rates companies/sites based on their compliance with those policies.  The watchdog also would apply adjustments based on when/how their security is breached.

The companies should be self motivating, but sadly they need a push.  Google, Dropbox, Microsoft, Apple, Bank of America, etc… should all care about the security of their customer’s data.  Let’s breifly look at some memorable breaches as of late; in particular LinkedIn and Yahoo! Voices.  These services failed to use industry standards by either not encrypting the username/password database, or using a very simple form of encryption.   That also ignores how they failed to protect the database from the malicous users.  This will someday take its toll.

Eventually people will weigh their choices on given services factoring in their confidence in their security vs. the inconvenience of that security.  I loathe that I know of many sites that have an upper limit to password lengths that isn’t unreasonable to go over (10 for one in particular) and/or  limit what characters you can use in that password like a dollar sign.  In fact, I have cancelled a credit card when the site wouldn’t allow me to use more that 10 characters in my password.  I would also refuse to use a site that required people to use passwords that are 16 characters or longer.  Why?  Because I have the good habbit of changing my passwords periodically, not using a cyclical password (like having a number that I add 1 to every time I change it), and trying to vary my passwords form site to site.  I am a CISSP certified cybersecurity geek, so my demands might seem unresonable to many.  (Which makes for a nice segway into the inconvience factors of security measures.)

Security that is to strict has its consequences just as too lenient security standards.  One example is the ever increasing length and complexity requried for passwords.  In 1993, my AOL password only had to be 4 characters long, with no additional requirments.  Today, most sites require at least 8, are case sensitive, and need at least one number.  My network at home is at least 12 characters, requires 3 of the 4 categories (Uppercase, Lowercase, Numbers, Special Charaters), and cannot contain more than 3 characters in a row from your username or real name.  This (or something similar) is also common at most corporations that rely on passwords for user logons  Some are even longer and more complex.  This process of requiring longer and more complex passwords will eventualy lead to bad security habbits such as writing them down or using the same password for everything.  Of course, this will trigger the cybersecurity industry to press for alternatives.  Many already exist and are used more and more.

Smartcards and biometrics are examples of these alternatives to passwords and are much easier/cheaper/safer than 15+ character passwords for most people.  For example, some reasons for a company to require their employees to use smartcards to access their network is the reduced risk of break in due to weak passwords that happen to meet the requirements (ex. Password1111111) and the improved security by requiring the user to have a unique physical item in addition to knowing the password to access that item.  They also reduce helpdesk costs associated with password resets and with the cost of recovering from breaches.   These benefits are a by product of few lockouts and the greater difficulty for being hacked.  Once smartcards become common place or easily hackable, you move on to include biometrics.

Now, before I post this… I want to warn you: you are only partway into this article, and I am going on a huge tangent, or series of tangents, that only an obsessive and scatter brained mind like mine can see the connections to the question of who should be responsible throughout the blog posting.  Also, keep in mind that I am a geek, supposedly good at my job, and I love to splooge knowledge to anyone and everyone (to the point my wife yells for saying things she may already know and talking at her, not with her.)

As I have said, I am a big time cybersecurity geek and love to explain things to a painful/nausiating level of detail.  To secure the authenticity of a user’s identity, the computer effectively asks you to say who you are, and prove it by providing it with something that you and it knows and no one else.  Again, common methods include passwords, “random” number generators, smartcards, and biometrics.

Traditionally, you identify yourself with your username – something anyone can know (like your real name), and prove it with your password.  Thus proving you are who you say you are by providing something you know.  Passwords can be guessed, hacked, or be otherwise provided by someone else claiming to be you.  You are responsible for much of that, unless the site or network does not allow you to have longer, more complex passwords or allow you to change them periodically.  Regardless, a password system’s shortcomings can be overcome.  One method, as previously mentioned, is smartcards.

A smartcard is an electronic ID device that is about the size of a credit card, contains a small ammount of flash memory, and a simple program.  While RFID based cards exist, the most common form has a gold contact that is similar, if not identical, to the SIM cards for many cellphones. With thes smartcards, you who you are by merely having the card and reader for it- the card has a form of serial number uniquely assigned to you -and then you prove your identity by providing a password or code to access the contents of the card – again providing somthing you know.  The authenticity of the card is then proven by checking the contents of the card against the internal database… much like a cop running your license number and comparing the information on the card against the database.  This can also be called two-factor authentication because it checks two things.  In this case, as I called out, something your have and something you know.  There are other two-factor or multi-factor methods, which includes biometrics.

Biometrics: something that in all cases, is unique to you.  The etimolgy is rather straight forward: Bio, meaning life, and metrics, meaning a system of measurments.  There are many forms of biometrics, some than might not be exactly unique, like DNA.  Identical twins share the same DNA – baring any spontaneous mutations, but other things influence quicker methods of life-measurment comparisons.  Even in the case of twins, overall health can affect your retina’s pattern of veins, the geometry of your hand, face, or ears, and life experience(scars, chemical exposure, friction exposure) can affect some common biometric measurements.  Some of these subtleties are how people can tell the difference between twins.  Biometics prove identity by proving it through something you in fact are.  Now you may ask, how is that multi-factor?  The answer is for several reasons.  First and foremost, like the smartcard, your have whatever is being measured, and the second is that it is something your are.  To add depth, these systems combine either typing in a user name or providing a passcode, along with the appendage being measured.

Basically, the beauty of multifactor authentication is the fact is asks for more than what someone else could know or guess.  Practically speaking, what does that mean for you?  Good question, besides having a new laptop with a swipebased fingerprint reader, there are some ways you can use a multi-factor approach for security.

Think about a home WiFi network.  How does it know the computer/device is authorized?  Assuming you’ve secured it in some way, it typically does it by you providing the correct password.  However, other layers of secutiry exist as well.  First, you can set your router to hide itself by not broadcasting the network ID.  Also, you can limit the access to preauthorized devices by filtering MAC addresses.  A MAC address is a unique String of 12 characters made up of a combination of numbers (0-9) and letters (A-F).  This is usually displays as 6 pairs separated by hyphens.  The first 3 pairs represent the manufaturer of the network device, and the last 3 are a sort of serial number unique to that card.  By enabling these 3 options, the network can ask for something you know (the name of the network and/or password) and something you have (an approved network device).  Some high-end home routers may even keep a list of usernames so that you also have to prove to be an authorized user, not just a random user of an approved device who knows the password.  I mention this in part because of a recent CNN story about a European company that created a wi-fi deflecting/absorbing wall paper.

In short, the WiFi security wall paper limits how much of your wi-fi signal escapes your house (limiting it to ceilings, floors, and windows) and also limits how much signal can get in. The impressive part is how it only blocks 2.4 GHz (the RF range of WiFI) signals, leaving cellphones and other signals alone.  I mention this layer of security because many of the comments on this story ask “why should anyone bother since I can encrypt and/or hide my network” and my answer is simple, “because that isn’t enough”.  No security is perfect.

Most home WiFi, in order to meet ths standards to be called WiFi, must have an effective, unobstructed transmission range of 100 feet.  My router is not even 100 feet from the road, let alone my neighbors.  This means someone could capture my signal and use my connection, right?  The answer is yes, even if it is hidden and/or encrypted.  If the hidden signal is leaking outside of any phsyical control, ie your house, it still allows someone to guess the name or at least listen for the data in the air.  Eventually the hacker will see your signal.  Your data on that signal will occasionally indicate the digital ID of your network, thereby making the hidden nature pointless.  Did I forget the encryption for that signal?  Nope.  Even if the captured data is encrypted, that isn’t enough to gaurentee its security.  WEP is the oldest, and sadly still very common encryption method.  It can be hacked in minutes by my Driod.  WPA, while newer and better, can be cracked in an hour by my 6 year old laptop.  WPA2 is the best consumer grade encryption, but like it’s predessesor, can be cracked.  Remember that all encryption is designed to be decrypted, otherwise why not destroy the information our right?  If a hacker/cracker collects enough data, patterns will emerge, and those patterns will contain common functions based on the TCP/IP protocol.  Since not all common household devices allow you to manually set your IP, one pattern that can be detected is your DHCP requests.  DHCP is what allows you to automatically get an IP address that will work on that network.  That DHCP request packet will become part of the primer for cracking the encryption.  Next, the hacker/cracker can make the assumption that the IP address of your router will be either 192.168.0.1 or 192.168.1.1.  Why?  Because first, it is in one of the 3 “private” IP ranges that is part of the rules of internet addressing. Second, because its what the top 5 router manufacturers default to.  Third, people are either ignorant or lazy and don’t change it.  The last bits of infomration the hacker/cracker can use is more of a buckshot: they can assume that a good part of the traffic will be going to, or coming from, youtube, facebook, and twitter.  This, combined with an understanding of how the common encryption algarithms work, creates a recipe for an advanced cracking attack.  Or they can simply connect to you network directly…  When presented with the password for your network, they try your name, address, phone number, or any of the top 10 passwords used in the US.  If those fail, and basic brute force attack (which tries any and every possinle combination of characters) will eventually succeed.  Eitherway, they can get in even if you encrypt/password your network.  Now, suppose you’re smarter/less lazy than most and therefor also use MAC filtering.  Well, MAC addresses can be spoofed.  In fact, I bet your router is spoofing one of the computers in your house right now.  Basically you should remember if your data can be captured and cracked by the attacker, they are likely able to spoof your MAC address.  All said, however, the level of difficulty involved, plus needing to be physically close to the network, it is highly unlikely that unless the hacker has a reason to target you specifically, they won’t bother… because they too are likely lazy and need a motive to do all that work.  My point is ultimately is to say implementing multifactor/multilayered security, while imperfect, is a huge deterrent to most hackers.

At this point, I’ve established how multifactor options work by answering different questions,  but is that the end-all be-all that the responsible party should require?  Simply speaking, no.  I say this because no system is perfect and they can be hacked in one way or another. I showed this above while discussing home WiFi security measures.  Now, I would to get back to the basic act of logging on to something: Remember no encryption or authentication method is perfect, even advanced tools such as bio metrics.

Some weaknesses exist in biometrics – beyond what you see in TV and movies.  First, I want to dispell many of those TV and Movie myths.  Hollywood implies tricks such as the dead thumb on the scanner is a weakness.  Well I must say that is doesn’t work today because of how most modern scanners are designed.  These devices don’t look at your thumb like a photograph, unless that photo is a highly sensitive thermal image.  In another words, you hand must be warm enough to be alive, and the difference in temperatures within the patterns must also be enough to detect the design of the print itself – so you can’t just warm up a dead thumb either.  Now you are asking, “Ok, what are these weaknesses if the body part must be alive?”  First and foremost, it isn’t always cheap – especially if you want quality.  Second is accuracy.  You do not want “false-positives” which would allow a 3rd party to be accidently granted access.  This happens when sensitivity/accuracy is too low.  Nor do you want “false-negatives”, or when an authorized person is denied access because of a misread.  This can happen when the system is setup to demand too much accuracy.  Third, there are theoretical ways to trick the system as seen in some movies.  Unique vulnerabilities to biometrics include ways to copy things such as finger prints.  One method, as seen in “Gone in 60 Seconds” is gluing an artifical print on top of your fingerprint.  (I know they didn’t use them to hack, but it can be done for that purpose).  This will get warm enough, and keep the needed thermal variance.  Another movie, which I think it was one of the Tom Cruise “Mission: Impossible” films, showed a chemical that was sprayed onto the scanner.  The chemical reacted to the oil print left behind by the previous authorized user and formed their print on the scanner glass.  The unauthorized user pushed on the print with a latex-gloved finger.  Much like the glued-on false print, the gloved finger warms the fake print enough to show enough thermal variance of a live finger wiht an authorized print.

The system feature that prevents a dead hand from being used also has some faults by nature.  If the fingerprint is used to access a building in any location that gets cold, like outside entrances to buildings in Chicago, IL or Buffalo, NY, the cold can cause a major issue.  The system won’t allow the authorized users hand if it is too cold.  Meaning, if the surface temperature of your hand is colder than the system is designed to allow then it will not accept the print even if it is valid, thus creating those annoying false negatives. This proves that biometrics aren’t perfect either.

Multi-factor systems can be vulnerable to other attacks that can be used on traditional logins as well.  One such hacking method being a “replay attack”.  Basically, if the hacker records the authentication process, even while encrypted, repeats the same stream of data at a later time.  This vulnerability was hampered a long time ago with a security method call Kerberos.  Basically, the encryption used to transmit authentication data uses a timestamped access ticket.  If that timestamp is outside the programed time limits, it is ignored, denied, and/or logged.  Why do I bring this up?  Because that is an element of existing layered security.  There I go with that layered security mumbo-jumbo again.  Go ahead, and ask me “why mention that again? what is behind this obsession with layered security?”  Or don’t and realize the next paragraph will answer those questions.

Layered security is how you make it so difficult to break in that it isn’t worth trying to do so in the first place.  This is the de facto stance of security pros.  We accept the fact that regardless how much we try to prevent it, our system in vulnerable in one way or another merely because it exists in the first place.  Our job is to limit how often that it can be exploited.  This is done by the massive layering based on the value of what is being protected (or so we tell our bosses, sometimes we slip something through just because the feature is cool). “So, you’ve gone on and on and on, how does this tie into everyone being responsible for their information security?”  I’m getting to that!

I promised in the begning of this article that I would tie this all back into the original premise: The government, businesses, and users are all responsible for cyber security.  The logical arguments I intially suggest are: Businesses are driven by money and being hacked hurts financially – either in recovery costs or through loss of time and customers, people have responsibility for their own information – afteralll it is their information, and the government is responsible for the mass protection of the people.  What’s that?  I didn’t support the premis  I initially stated? The opinion the government should not only be involved but also be the one to start the whole thing?  And where is the layered security tie in?”  Patcience people.  The governments should start it all because no other entity can single handedly enforce laws and penalties like a government.  Meanwhile businesses will respond because laws will make it a more significant/costly of an issue, creating a threat to their financial stability.  Regarding the rest of the people?  Well, users are lazy and must be forced to do something, even if for their own good.  Christ, these are the same people that are why we have seatbelt laws!  They are responsible for their part because if their security shortcomings leads to a costly security breach, the following law suit could strip them of everything they have. OK? You still need to hang on because I haven’t tied this all to my obsessive layered security yet!

If you follewed me to this point, I thought you might be a geek like me and wouldn’t need this tie in fine print.  Alright, fine.  Here it is in plain English:  The laws can change, and are only really enforced after an entity’s shortcoming gets caught.  Think about speeding tickets.  I drive 70-80 MPH going to and from work every day and am yet to get a speeding ticket.  I willingly break the speed laws, but since I have not been caught yet, the law is pointless or weak.  This makes laws and their enforcement is incomplete in their security. Add a layer!  Businesses desire to be profitable and if being held accountable fo their shortcomings makes them practice and enforce stronger security policies, that becomes an additional layer!  A drive of compliance with the law or customer demands is needed in order for them to stay profitable and out of jail.  Thus leading to better use of defesive/preventative tech.  However, neither the government nor the businesses can prevent users from being lazy and/or slow in terms of security.  However, if we start holding people accountable for their potentiallly criminal negligence is as a good of a motivator for doing simple things like using different passwords that are complex and changed regularly as anything.  Thus creating a third layer of security.  3 layers, just like a username, fingerprint, and pin number, is by definition multilayered security.  Layers of security is exactly what is needed to improve cybersecurity for all people.

This is my response to the GOP’s efforts to blame the economic slowdown on President Obama.  For those who haven’t heard, apparently the GDP grew at the rate of only 1.5% from April through June, 2012.  This is also reported as being down from 2.0% for the 3 prior months.  I do not argue that, nor that it happened while Obama carries the title POTUS.  However, last time I checked, the Executive branch does not have the power to unilaterally enact domestic policy.  The President may write bills, and then sign them, but the important step is missing: both houses of Congress must sponsor the bill, Vote to dicuss/debate the bill, vote to close debate and either send it back to commitee or move to vote to approve the bill, and then Vote on the bill.  Both houses then must agree on any variances that are approved in the other house before the President may enact the bill.  So, is it really the President’s fault that the Federal Government has done next to nothing to address the economy?

Before we can answer that, we must look at what has been happening in the last 3 months.  The President has mentioned several ways to help, one of which was adopted by the Senate, and passed that house… in July.  Democrats in Congress want to keep the Bush era tax laws in place for another year for those making up to 200,000 USD a year, or 250,000 USD for married couples filing jointly.  Meawhile, republicans want everyone to continue to enjoy those tax cuts:  Those making 0 to 250,000 USD, and those making more than 250,000 USD.  I write it that way so I can then ask you to draw a Venn Diagram – think the MasterCard logo so we may compare and contrast these opinions.  Draw the 2 partially overlapping cicles.  In the left, write “Let the Bush era tax cuts expire on the wealthy”.  Got it?  Great.  Now in its mirrored section on the right, add the phrase “Keep the current taxes on the wealthy”.  Done?  Excellent!  Now in that football shaped middle section, write “keep the current tax rates on the middle and lower class”.  Finished?  Perfect!

Now if you drew the diagram the same way I did, you’d have very large areas for the left and right, and a small section in the middle.  (You would also have the left side blue, the right side red, and the middle being purple.)  This, while meets the basic purpose, is not quite right, unless you’re trying to show how the house might vote on the Senate’s bill.  What you need to do is make the circles overlap almost as much as possible, leaving just about, say, 1% on either side.  That’s better.  This now reflects the ammount of people who would be effected by the commonalities, and the differences.  The realatively massive center is the majority of people, the 99% if you will.  The area of disagreement is enormous compared to the differences.  Yet the house republicans would rather vote on repealling ACA (aka Obamacare) at least 33 times instead of discussing the economy.  Remember, the Senate republicans were generous to allow the Senate bill to actually get a vote knowing the house would never pass it. So, the house majority, the GOP, refuses to allow the vote or they may eventually allow it then strike it down in a strictly partyline vote.  Basically, the GOP is blocking legislation that will benefit that big purple blob because of the thin little red or blue slivers on the outside. I have a guess as to why and also why they most likely won’t let it get to a vote before election day.

First off, they don’t care about the middle class, nor do they care about cutting taxes, despite what they say.  Common sense says pass what you can agree on now that will help the majority of people and then work on mitigating the differences.  Letting the subtle differences prevent any bill from passing is essentially being the cause of raising taxes on all people, not just the wealthy.  Voting for the Senate bill does not say the opposite however.  It says I’m going to help as many people as I can, and those I can’t right now, I will continue to try and help them out too.  Voting for the middle and lower class extension does not equate to voting for raising taxes on the wealthy.

Secondly, the GOP does not care about anyone but themselves.  This is proven in two ways. FIrst is the 33+ votes on repealling ACA which I mentioned earlier.  The other is part of the reason they do not want to approve the extention on the poor without including the wealthy.  All congressional members have at least 174,000 reasons not to.  That’s their personal salary.  As most of them also have other sources of income either through their spouses, books, and other revenue streams, they make more that the 200/250K cutoff.  They are the wealthy.  Add it the decision maker for what gets presented to the House floor, the Speaker of the House, who has 223,500 reasons to oppose the bill without cutting the wealthy a break.  That’s right, by merit of being the Speaker, and 3rd in the Presidential line of succession, you become that sliver on the outside of our diagrams.

Third reason – and why it won’t come to a vote:  The GOP knows that this vote is toxic to the swing vote moderates who decide to vote becuase of, or vote explicitly on, issues.  If the house votes on a bill to extend the tax cuts on the lower and middle classes before the election they will shoot themselves in the foot one way or another, regardless of the outcome.  By voting against the bill, they vote to raise taxes on the majority of Americans on the principle they do not want to raise taxes on the wealthy/themselves exclusively.  If the vote for it, they hand Obama and their democrat counterparts a political win, because the spin on voting to help the majority of people at the cost of the wealthy, does not play well with the wealthy who bankroll their campaigns.

Now to make full circle back to the primary purpose of this article: Is the President at fault for the lack of government action on the economy?  The answer is undeniably “No, he is not.”  Why?  Because the congress is, and more specifically, the House Majority.  Ironically, the staunches republicans also tout being of good Christian Faith (or at least of good faith in one of the Abrahamic religions).  Allow me a quote from the King James Bible, Matthew 5:30, “And if your right hand causes you to offend, cut it off, and cast it from you: for it is better for you that one of your members should perish, and not that your whole body should be cast into hell.”  Basically translates to the great Vulcan quote, “The good of the many out weighs the good of the few, or the one” -Spock, the Wrath of Khan, while going on to say hurt the few if it will save the majority.  Similar passages are scattered throughout the Gospel according to Matthew.  So a good Christian, voting on their religous beliefs, would support helping the majority of people even if it means cutting out the minority.  Yet they refuse.

If the republican GOP really thinks that the majority of Americans can not see through their schemes, they must think that we are truly inept.  And if they prove to be right on that matter come November, then we the people will reap the idiocy that we sow.

Want to know something?  I have no problems with the “Enhanced
Scanning” that the TSA has started to use.  Yes, it means when I fly I
am exposed to a small amount of X-Rays.  Yes, if I elect to skip the
scanner I will be frisked. Is this an invasion of privacy?  Is this a
form of consent to some stretch of sexual assault? Is this Mr. Tyner,
who made a stink about it, a crybaby and a pretentious snob?  Am I
somehow shortening my lifespan?  Am I on a soapbox and unable to
reason with some of the more recent complaints.  In short. “No, No,
Yes and Yes, No, Yes, no.”  But that is no fun, after all, if you are
still reading this you have a valuable question: Why.  And I answer
with this: Because…(yes, that ellipse is annoy, so read on!)

Yes, I do not care if the government wants to see a virtual rendering
of my naked form before I hop on a plane.  The biggest reason being
the sense of security.  I can trust that until a way to make
explosives (or any other device) disappear from x-ray is created, the
air plane I ride in will not blowup because someone doesn’t like the
way I live, the way I honor God, my pasty white flesh, nor my
interfaith home.  I prefer, much like the vast majority of this
country, to get to my destination on time (give or take a couple
hours, this is air travel after all) and not be a pile of ash,
horrible disfigured, or a eunuch.  For that, good TSA agent sir, pat
me down, touch my junk, fondle if you must.  After all it is
a small price to pay for not dying.

Is my naked likeness on a monitor an invasion of privacy? Nope.
Though the skin tone for the body is a little creepy.  It would be an
invasion if I didn’t have the choice or if there wasn’t good reason to
scan.  I don’t feel a need to explain the choice portion of what
excludes the scans from it other than the random pat-downs.  We all
know technology isn’t perfect, so we must include a human element.
Tangible evidence is the only true way to ensure safety.  These random
pat downs are not something you can choose.  However, you still have
the choice.  You can drive, or simply choose not go to your desired destination.  The
other bit that prevents this from invasion is the reasoning behind it.
 We all know too well that there are monsters roaming the proverbial
countryside.  There are people who want to kill us to prove a point.
Who want to use our airplanes and guided missiles in an effort for us
to give up what they believe to be evil.  Things like mini skirts,
porn, women’s right to vote, and Victoria’s secret.  Why else would
some ultra conservative religious zealot hate us?  Oh yeah, that thing
called the bill of rights.  The constitution.  And our beloved
freedom.  I wasn’t a New Yorker on September 11, 2001.  No, i was a
husky at NIU in DeKalb IL.  It would take a few years for me to
become a New Yorker.  But as an American, I cried that day.  I know
exactly where I was.  I remember finishing my work shift, walking home and remaining in
front of the TV for the better part of the week.  (Took time out to
attend a couple of events relating to it.  The following week I
attempted to enlist.)  That is a pretty damn good reason.  No one will
die from being frisked.  No one should die from a bomb carried on
board with these procedures and technological devices in place.  More
people would if we went along with business as usual.  Frisk me! Frisk
them!  Lets all be Frisky!

The biggest complaint seems to be the pat down.  (Love that segway
don;t you?)  I’ve been frisked before.  No, not  TSA, nor was it by a
cop.  Nope.  I was frisked by the bouncer/security guard at a
Metallica concert in 1998.  My junk was touched.  Did I feel
assaulted? hell no.  Was it weird?  Yes, it was my first time.  But
sex was a little weird my first time too.  Speaking of sex, the
kinkier kinds are more related to sexual assault than the rub/pat down
one gets going to a rock concert.  The rock concert frisking is
reported more aggressive and thorough than the TSA Enhanced pat-down
too.  So I don’t think there is much sexual assault going on.
Instead, I am being assaulted with the sensationalist news about the
pat downs and scans.  Where, voices like my own, might get some air
time, but if the reciprical to the ration of people that complain.  In
the end people more people say, “Ok, touch my junk” than “Don’t touch
my junk or I’ll…”

“Don’t touch my Junk” is as much of a punchline as “Don’t
Tase me Bro!” or at least it will be in my book.  Mr. Tyner is one of
the many names to come out since the new policies were enacted.  I
rate him up there with most wing nuts who are capable of doing a great
deal with very little.  Tyner took advantage of the perft recipe for a
“good” news story.  This was pointed out in the one opinion article I
have agreed with and I wish I could credit that author right now for
pointing out this recipe.  Government, Privacy, Sex, public health,
and air travel. Add the accelerant that is Twitter, Facebook, and
iReport with your video taken by that cell phone (which is supposed to
be turned off at security checkpoints) and you have an easy public
outcry.  Thank you Mr. Tyner, for being to closed minded and unable to
get past the fact you are alive today and that no one has died in a
terror plot on an airplane in the US for a while now.  Thanks again
for being that asshole in a theater who yelled “fire!” because public
fear has done so well in the past.

Next headline should be something like this: “Newsflash!  There
has been in recent outcry due to increased radiation exposure. 
If you fly you will be exposed to higher than normal ammounts of
radiation.  Radiation has been identified as a cause for cancer and
death of cancer cells, headaches, vommiting, nausea, skin
discoloration, cognitive impairment, and many other terrible
things, including death!” 
Yes, all of that is true.  If that fake newsflash scares you go buy
thick clothing, paint it with lead paint, and move into a bomb
shelter.  Oh, yeah, also don’t drink anything that contains water. 
Don’t let any light, noise, or heat be in your shelter, it all has a
high risk of being a radioactive substance. You also need to
vetilate your bomb shelter well as Radon will collect inside and
it is a know radioactive gas.  Come on you ignorant people.  Our
Bodies are designed to put up with radiation, it is infact why 
our skin tans!  Our bodies were designed in nature, under direct
sunlight, and is made to resist radiation.  2.4 mSv of radiation
happens just from the sun shinning on the Earth.  If you work in
a Nuclear Power Plant, your exposure my double annually, but
you won’t die from it.  IF YOU FLY, you expose yourself to more
radiation than the scanners.  FACT:  In Europe, pregnant women are not
allowed to be part of the Air Crew.  The FAA limits you to an estimate
1 mSv (a measure of radioavtive energy per kilogram) exposure from
flying during pregnancy.  Yes, these new scanners use XRays.  However,
the power is less than that your doctor may order.  Biggest reason?
They don’t need to see much inside you.  Dense objects will show up,
so if you have things imbedded in your body, carry the doctors note to
go with it.  The TSA reports that the exposure is less that 9 minutes
of flight.  You could be in the air for an extra 9 minutes
invoulentarily due to airport conditions, so go cry a river on the
exposure.  It really adds up to nothing.

I hope you enjoyed my preaching because the last question is Yes, I am
on a soapbox about this issue.  To the second half of that question, I
am able to reason with those who have had problems, like the poor guy
who “pissed himself” when the agent was a little to rough with his
urine bad.  BAD Agent, no doughnut.  There is a weak argument out
there regarding cancer patients about chemo ports.  I suppose the same
would apply to fatties with lap bands.  If these people are patted
down, then agent might feel the ports tha are under the skin.  Carry
your medical notices about them.  The cancer patients might not want
to because it is a reminder of their condition.  Get over it.  You
might be dying, we get it. But you having to deal with a reminder that
you really don’t need (as I imagine you are always well aware of your
condition) vs a terrorist blowing up the plane is not a difficult
call.  Carry the damn card.  I did when I underwent a nuclear study
for my heart.  I didn’t need the reminder that my ticker isn’t in the
best condition.  But I was emmiting gamma radiation, so I carried the
card.  (I didn’t annouce it to the people in the elevator so I must
have endagered their lives with radiation, oh wait… I finished that
argument already.)  Yes, TSA should be better with people who are
living with medical problems, but this is also only 1 story, and if it
was more widespread, we would be hearring about the high numbers of
these situations.

Ultimately people… grow up and think.  This new level of security is
a good thing and it does little more than annoy.  Deal with it.  If
you don’t want to deal with it, realize this:  It is not a God-Given
right to fly.  It is a priviledge we purchase.  If you don’t want to
deal with TSA, there are other forms of transportation you can
utilize.  We are not entitled to fly.  It is not a social security
check.  It is not medicare insurance.  It is more akin to a driver’s
license.  A priviledge you get by proving yourself worthy, and giving
some money.  If you can’t appreciate that, then simply go BLEEP
yourself, and do it with a smile.

Hello world!

Posted: January 20, 2011 in Uncategorized

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!