Have you seen this parrot?

Filed Under: Data loss, Privacy, Social networks

Please forgive this unusual post, which asks an unusual question - for Naked Security, at least - but which makes a pair of pertinent security points nevertheless.

Here we go.

Have you seen this parrot?

If so, do you live in the Carlingford region of Sydney (roughly the inner west-north-west of the metro area)?

The parrot is a female Alexandrine parrot called Icari, and she belongs to Matt, a psittacophile technology guru at one of Sophos's business partners.

Sadly, he's misplaced her.

More accurately, Icari took fright, escaped from the house, and - despite having limited takeoff ability - took wing in a untimely gust of wind, trying to escape from an onslaught of Indian mynah birds. In short, she got away against all odds.

(Icari was, as you've probably guessed, named after the Greek chap who flew too close to the sun, Ikaros. When she was old enough for her gender to be determined, her name was adapted.)

If you've seen, found or rescued this parrot, Matt would love to hear from you. A reward is offered for Icari's safe return.

OK. If you're not a parrot lover, or you don't live in or near Carlingford, please read on.

There are two security lessons in this story.

Firstly, you need to concern yourself with egress security - keeping the good stuff in - as much as with ingress security - keeping the bad stuff out.

A tiny ventilation crack in an open window and an unlikely combination of external circumstances saw Icari escape and get lost.

Your data faces similar threats. A well-meaning insider emailing the wrong person, or a cybercrook with a tiny footprint inside your network, can lead to an embarrassing or even a dangerous data spillage to outsiders.

Secondly, you need to be location share-aware.

We can't use technology to locate Icari, even though she's badly equipped to fend for herself without it. (Small parrots are difficult to microchip because they don't have much muscle into which an RFID chip can safely be injected; in any case, RFID chips don't have an energy source and so can't send out beacons allowing them to be located remotely.)

Ironically, though, many humans - despite being ideally equipped to survive in an urban environment of their own devising - seem to be unwilling not to be found at will.

The popularity of location-aware services such as Foursquare show just how keen many of us are to disburse veritable logfiles of our movement.

Most democratic countries would find it pretty hard to pass and enforce laws requiring all residents to wear tracking tags at all times.

For convicted criminals who would otherwise be incarcerated, wearing a tracking tag might be a reasonable compromise in return for early release. But as a condition of residence for everybody? Tourists tagged at their port of entry and tracked relentlessly?

We wouldn't tolerate it. But many of us do tolerate giving away masses of personal tracking data quite voluntarily - often to organisations who operate outside our own jurisdiction, and whose expressly-stated purpose is to commercialise that information.

So take something positive from Matt's Alexandrian disaster.

Don't accidentally let valuable data escape when you don't intend it to; and don't intentionally give valuable data away when you simply don't need to.


, , , , , , , , , , , , , ,

You might like

10 Responses to Have you seen this parrot?

  1. SchoolsOut · 1277 days ago

    Awwwww, I hope he finds her soon.

  2. Hopefully the carrier has a long TTL and returns home soon.

    Losing data via IPoAC (RFC 1149, RFC 2549) is terrible.

  3. Matt · 1277 days ago

    A wonderfully written piece, Paul.

    Possibly the most beautifully sculpted metaphor that I have ever had the pleasure of casting my weary eyes over.

    I may be somewhat biased, mind you.

  4. Ms Cookie · 1277 days ago

    Good advice! Hope the parrot is found. Prayors for all concerned.

  5. Lizbeth · 1277 days ago

    I would totally tolerate being tagged. The more it is known where I am, the less someone else can pretend to be me.

    • Nigel · 1277 days ago

      ...er, "being tagged" BY WHOM? That part of your statement lacks a semantic subject, so it's impossible to tell.

      Apparently your willingness to implicitly surrender all information about your movements and whereabouts carries a presumption that the tagging system (and whoever operates it) it has integrity...that it safeguards the information, and ensures that it can never be abused to your detriment.

      That, my dear Lizbeth, is one whopper of a presumption.

  6. sharp · 1277 days ago

    Darn I was hoping the story was about not telling your parrot your passwords, because he escaped and was passing them out to everyone.

    • that's just what i was hoping!!

    • Paul Ducklin · 1276 days ago

      I have heard a story (could well be an urban legend but it's a good one nevertheless) of a parrot which was reunited with its owners when - after a few days recovering its health and good humour with its resuers - it, errrr, parroted enough digits of a phone number that the owner could be contacted.

      Whether this is said to have happened because the owner was in the old-school habit of answering the phone by reciting her phone numbe every timer, or because she'd had the foresight to teach the parrot to say it, just in case, I'm not sure.

  7. richard overill · 1276 days ago

    I just hope that it doesn't turn out like the John Cleese / Michael Palin MPFC sketch.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog