Fw: Lesson from Air Asia QZ8501 and MAS Airline MH370

It’s saddening to follow the news of another air disaster this year, especially when it was approaching a new year. Previous events had prompted many to suggest that the aviation industry and especially the aviation authorities do something about monitoring flights in real-time (i.e. continuous tracking of flights). If we had incorporated the real-time tracking system earlier, would 9/11 been possible to prevent? Could the crash sites of MH370 and QZ8501 been located quicker?

In my opinion, having a real-time tracking of flights would have allowed a speedy search and rescue missions. That would have been way better than having to search painstakingly and retrieve bodies, wreckage and the “black box”. In addition to having a system to track flights in real time, I think having the correct emergency kits on-board is also crucial, as suggested in this post (“How we can improve evacuation and rescue during plane crash”, 31 Dec 2014). Several suggestions such as having access to potable water and equipped with life-jackets tagged with radio-beacon (or radio transmitter) would be useful in cases where search and rescue might take several days.

Also, if the aircraft is designed such that when it crash-landed on water (either upside-down or not), a mechanism that increases the buoyancy time of the plane will be beneficial to allow sufficient time to evacuate all the passengers.

The provision of slide-turn-raft is useful and I hope that the raft comes with basic necessities such as a flare-gun, blanket to shelter from the intense sun and cold, manual pump (in case of leak), and hopefully in the future, these rafts will be equipped with manual filtration unit to purify sea water (or at least minimize the salinity of water).

Finally, I think the most important item for each evacuees would be to have a radio-beacon attached to their life-jackets so that rescue can locate them in the open sea.

Advertisements

Nearly 5 million Google email accounts & passwords exposed, how?

These accounts were hacked because users tended to reuse their logins and passwords on other sites that had no automated anti-hijacking systems (or security features), e.g. extra loading time for login attempt (i.e. time delay increases total guessing time that will hamper the hack), locking accounts for failed login attempts, token requirement, login only from certain IP addresses, mobile phone authentication code, two steps authentication, and many more.

Parking such sensitive information in unsafe sites will allow hackers to initiate Brute Force Attacks such as password-guessing attack, and the time hackers succeed in their unrestricted attempts depends on the strength of the password (you can predict the amount of time it takes to guess a password [by Gibson Research Corp.]), e.g. stronger password such as: T_*1s+pq9_1 takes approximately 1.83 years to figure out if the guessing attempt is unrestricted by the server.

Fortunately, Google does invest significant effort to ensure user accounts are not compromised. That is why I prefer not to share my Google account and password with other service providers.

However, it’s really difficult to find out what are the security features provided by service providers, e.g. Yahoo, Facebook, Blogs, Forums, etc. There is no standardization of security requirement for service providers, and thus it’s difficult to decide which sites should be avoided.

The expectation that users are the ones who should constantly increase their password strength and frequently change them is flawed. It’s very improbable to change passwords frequently and increase the complexity of passwords. Human brain is not programmed to be that “dextrous”. There should be a better way to authenticate user identity. That will be the million dollar question.

Just a thought.

References

  1. Brute force attack (by System Administration Database)
  2. WordPress – All in one WP security and firewall