Too Much Safety a Bad Thing?

I recently bought 2 tubes of toothpaste.  I opened the sealed box of the first, unscrewed the cap…and I was surprised to see that there was NO tamper seal covering the opening.  I opened the box and cap of the second tube, and it was the same: no safety foil to alert me if the product had been tampered with.   And even though I no longer had this extra security control available, I have to admit I was a little relived.

Security controls can actually reduce our awareness.  There is a concept called Risk Compensation.  Per Wikipedia:  “Risk compensation is a theory which suggests that people typically adjust their behavior in response to the perceived level of risk, becoming more careful where they sense greater risk and less careful if they feel more protected.”

Tylenol put in extra tamper protections after the cyanide scare in ’82 (as discussed in a recent Slashdot post.)  But despite the efforts and resources invested, did they actually help?  And with protections measures like these in place, is it possible that we  might actually miss other indications of tampering?

We can get overly-focused, and over-reliant, on single controls to provide all security.  And when attackers know this, they work around these measures.   We need to continue to be engaged and aware, and not just rely on specific indicators to tell us when something is wrong.

I was relieved because the lack of foil, to me, was an indicator that some sanity may be returning to the marketplace.  Perhaps people will become more personally invested in the security of themselves and others.  And if this carries over into PC and mobile security, where device owners keep their systems updated and stop clicking links to malicious content, then cyber security for everyone has a chance to improve.


Alerts that Don’t Notify

I was awakened to the sound of a siren.  It wasn’t a fire truck, ambulance or the police, but a droning, slowly oscillating up and down whine emitting from the direction of downtown.  It was something I hadn’t heard before, and wondered it’s meaning.

How to find out…radio?  I don’t use the over-the-air radio, and even if I did, what station do I turn to?  Internet?  I checked the Facebook page for our neighborhood and village:  nothing.  No emergency notification on my phone either (even though Amber alerts have worked fine in the past.)  Wanting to confirm there wasn’t something I should be doing to prepare against a raging fire, severe weather or a terrorist attack, I called 311 (non-emergency services.)  No answer.  Now I was starting to get concerned.

I ended up calling 911 and immediately said that this was a non-emergency; I wanted to find out why the city’s siren was sounding.  “It’s a fire alarm that is malfunctioning, and they are working on it.”  This sounded like the person who had been providing that stock answer all morning to many callers before me.  Eventually, the siren did stop.

If the siren does go off again, what exactly are people supposed to do?  The only information source apparently is 911, and that could quickly become overwhelmed.  So the two choices appear to be: panic or ignore it.  For most people I assume the latter.

This made me think of security monitoring, detection and prevention solutions  that provide myriad alerts and notifications.  The implementation of any alert  should include a response process.  At a minimum, these questions should answered:

  • What is the value of this alert?
  • How can we be aware that this alert is triggered?
  • What should be done when this alert is triggered?

If any of these can’t be answered, then the alert should not be implemented.  Because if no one knows what to do when a siren sounds, what’s the point?  Panic, if anything, decreases security as it can provide a useful distraction for miscreants.  So deploy alerts and sirens responsibly, and provide quick and easy access to information regarding it.  Leverage social media, and consider the ways people access information nowadays.

A siren only has value if people know what it means, and how to respond to it.  Otherwise, it’s just noise.

A Lofty Example of Limiting Risk

I was looking at pictures of lofts recently (no I’m not moving). Lofts are wide open spaces with an interesting hybrid of industrial and residential features. They are similar to apartments or town homes as neighbors share walls, but lofts also often include rough and unimproved features such as exposed brick and conduit, heating and water pipes that run along the walls, and aluminum ducts snaking along the ceiling.

One loft that I thought particularly interesting had a completely remodeled kitchen. There was no loft-esque features about the room…except for an industrial sprinkler head jutting from the center of the ceiling. This was a conspicuous reminder that this kitchen was not part of a house or apartment, but of a remodeled industrial space that shared not just a roof and walls with other tenants, but an industrial fire suppression system as well.

kitchen2I wondered:  is it possible for any tenant in the building to cause the water sprinklers to go off in all the units?  If so, what level of due diligence can be done by a prospective buyer in order to reduce the risk of catastrophic water damage to an acceptable level? Below is a partial list I came up with.


  • Interview the building owner and/or landlord. Information about incidents may be limited or omitted, however.
  • Talk to other tenants, though their cooperation is not guaranteed.


  • What are the neighbors like?
  • What is the neighborhood like at night?
  • Can any security features be bypassed (such as by shadowing a resident through the lobby door?)


  • Are the records of the building ever having any fire or flood damage?
  • Is everything up to code (including the fire sprinklers?)
  • What is the reputation of the building owner when it comes to providing a safe living space?

I found this an interesting example, because I believe that finding a safe (and dry) place to live is analogous to evaluating vendor solutions for an organization.

I spoke to security analyst recently who received a vendor solution for her organization. Before installing it on the network, she applied the latest vendor-supplied updates, and then subjected it to a security scan. The scan found that the software included components and libraries that were several versions behind, despite the update. If she didn’t do that pre-installation assessment, those issues would not have been found, and the organization would have become more vulnerable as a result (which is ironic because it was a security appliance.)

Just as installing vulnerable software on a production network puts an organization at risk, in the case of lofts, it takes only one problem tenant to increase risk for everyone in the building. The challenge is to do an adequate evaluation before signing a software purchase order…or a mortgage for a loft.

The Starbucks Security Model

I was in Starbucks the other day, waiting for my hand-crafted drink to be pushed across the counter. I observed as the drinks ordered by the customers before us were called out: “venti latte…tall cappuccino…grande white chocolate mocha not fat with whip…” When the drink is called out, the presumptive person who ordered it takes it.

No formal method was used to match a customer with a drink. Anyone can pick up anyone else’s order, or even take one without paying. There are deterrents (or speed bumps) to reduce the chance of this happening: an observant barista, a miscreant who gives him/herself away, security cameras conspicuously hanging from the ceiling.

The practices vary. Some stores ask for the customer’s name and write it on the drink. This may be an improvement, but this could be circumvented also: an opportunist could eavesdrop the name, then grab the drink if it’s convenient, for example.

And yet, the Starbuck’s model works. Shrinkage (theft) is still at a tolerable level using this informal method of associating orders with individuals. So this made me think: maybe Starbucks has found the ideal balance between security and usability. They don’t have to implement rigid controls to prevent theft, yet don’t suffer an intolerable amount of shrinkage. Perhaps they have found a level of security that is commensurate with what they are protecting.

Finding that balance between usability and security is a never-ending challenge. As I left with my venti latte in hand, I asked myself: is there something to learn from the Starbuck’s approach to security?

UberEATS: Is It Safe?

Uber just announced a new offering that leverages their community of citizen drivers: food delivery. Is it only me who is concerned about the security of this service? Who is delivering these consumables to people throughout two U.S. major cities? Should there be additional scrutiny?

Food handlers are required to obtain a license before being allowed to serve customers, and in some situations food delivery permits are also required. Wouldn’t these conditions apply here as well? Let’s try not to sacrifice safety for convenience (again).