Every few months or so, I trawl several film location databases to find new places to look round. 95% of the sites are of no interest, and only a few of the remaining 5% can easily be found.

This place, off the Itasca location database, really got my interest with the strange turret like structure – it really looks like prison watchtower or similar.

So, it looks like a board room in there. Where’s the stairs though? What does that sign say “SLIDE TABLE TO OPEN FIRE EXIT”?

Oh right, so you actually slide the table apart to get to the stairs…

And down we go…

Nadine Dorries has passed comment on social media and the recent civil unrest. It’s an interesting topic, and one that could be debated for many hours. However, keeping to form, she bases her arguments on untruths and presents opinion as fact.

Her statement:

During 7/7, mobile networks were instantly closed down.

Is false.

The 7 July Review Committee in their report stated:

We subsequently found out that in fact ACCOLC had been activated, by the City of London Police, on the O2 network in a 1km area around Aldgate Station

ACCOLC, according to wikipedia is:

ACCOLC (Access Overload Control) is a procedure in the United Kingdom for restricting mobile telephone usage in the event of emergencies. It is similar to the GTPS (Government Telephone Preference Scheme) for landlines.

This scheme allows the mobile telephone networks to restrict access in a specific area to registered numbers only and is normally invoked by the Police Incident Commander (although it can be invoked by the Cabinet Office). The emergency services are responsible for registering their key numbers in advance.

Also in that report:

The O2 network was closed … at about noon, and remained closed until 4:45pm

That is neither instant (the first bomb was at approx 0850) or across more than one network, or in anything but a very small area.

Also, evidence given at the inquest (yes, this is protectively marked restricted and is on a gov.uk website):

I just had the TV Licensing man knock on the door. Their database has been looking at us, because we don’t have a license at this address. We do, however, have a license at our old address (despite which, the letters keep on arriving).

Today I am doing anti-money laundering training. This comprises of
several things:
1. What is money laundering.
2. Why you shouldn’t do it.
3. How to spot money laundering.

Now, prior to today I only vaguelly knew what money laundering is. I
also just knew it was illegal, but not what others could lose from
doing it. Also I had no idea how to spot it.

But now, truth be told, all they have done is give me the information
to launder money successfully.

They have given me the motive – previously I didn’t know how it
disadvantaged people. I just look at the opposite side of it and see
how it would advantage me.

They’ve given me the means – I now know how it works.

They’ve also told me how to spot it, and by extension, how to avoid
being caught.

It really does seem that all the training has achieved is keeping the
honest people honest.

I guess however, when it comes down to it I fall into that group.

An interesting development on the Chip and PIN flaw made public this week. On the lightbluetouchpaper.org blog of the Security Research group at Cambridge, a poster called Scrutineer comments:

The attack was never successfully executed. To be successful it had to be done against a card that was reported lost and stolen. Nowhere in the report do they assert that they reported their cards they tested as lost or stolen! All they have done is prove a genuine card can be processed with odd and inconsistent CVR and TVR settings. Hardly compelling evidence.

The rest of the post goes on to use ad-hominem and straw man arguments against the research. Although frequently the discussions on full-disclosure or other mailing lists will drop to this level, it’s pretty rare to see this kind of childish argument on this particular blog.

Indeed, the paper does actually present some opinion and conjecture – but what’s the point in purely theoretical security research? It’s vital that someone takes the time to think about how theoretical attacks can be extended into the real world. 

When it gets really interesting is when Ross Anderson himself performs a whois on the IP address – and it appears to be coming from APACS (which is now the UKPA) themselves. They are the body that should have really ensured that Chip and Pin wasn’t a gigantic fuck-up. It’s clear they failed, and failed badly.

Is someone who works for UKPA actually this stupid? 

The best bit is that his post admits that there is absolutely no value in the PIN. The only protection is simply:

• Having a card in your possession
• Not having a card in your possession but reporting it stolen.

It might be some kind of set up… but if not, EPIC FAIL.

UPDATE

Seems like it is a wind-up, in as much as there is an open proxy running at UKPA.