While Brady and Manning are tossing the pigskin inside Lucas Oil Stadium, the 44 surrounding blocks will be crawling with all kinds of new futuristic tech to make sure the fireworks, tackles, long bombs and fumbles are just inside the stadium. This year’s Super Bowl is special, and its not just because of that Ferris Bueller commercial.

“We’re using more technology, and state of the art technology, than has been used in any Super Bowl before this one,” explained Indianapolis Public Safety Director Frank Straub.

Will there be dozens of undercover cops with 4G smartphones running around livestreaming the crowds back to a Hall of Justice style $18 million HQ?  Yes.

Will there be x-ray trucks that x-ray other trucks?  Yes.

But it wasn’t until we found out about the $40,000 per each special explode proof sewers (and watched this awesome video of controlled sewer explosions) that we realized TNW readers needed to know about this.

Read on for our Four Coolest New Security Tech Things for Superbowl 46.

X-Ray Trucks

If that dude driving the truck next to you seems distracted its because he’s counting the vuvuzelas in your trunk that you’re trying to smuggle in to the Superbowl!  Yes – he’s looking at what’s in your trunk, and anywhere else in your car.

Indy’s Super Bowl security team is using mobile X-Ray Inspection, similar to the gear shown below, to keep contraband of all kinds out of Peyton’s house. According to manufacturer AS&E, the technology “creates photo-like x-ray images revealing threats including explosives, plastic weapons, and drugs.”  What’s extra awesome is that customs agents reportedly call these x-ray vehicles “Ice Cream Trucks”.  Its not just vuvuzelas, the systems also feature radioactive threat detection and can locate neutrons and gamma rays to sniff out nuclear WMDs and dirty bombs.

X-Ray trucks like this AS&E model will be scanning for contraband.

Pretty heavy stuff, but what’s really impressive is:

Super explosion-proof sewer caps!

Indy’s been victim to a rash of mysterious and unexplained sewer explosions that can blast heavy manhole covers into the air. To prevent a rain of sewer caps, Indianapolis paid $180,000 for 150 specialized hi-tech “Swiveloc” manhole covers. The Swivelocs, made from military grade stainless steel alloy, have a special bolt that can withstand over 12,000 pounds of force without budging. The coolest thing about Swiveloc though would have to be its testing facility where sewer covers are shot 100s of feet into the air as shown in this video:

 “The Whole World is Watching” you, Mr. Pedestrian

That’s right, dozens of police officers will be roaming the stadium perimeters equipped with 4G smartphones and they will not be afraid to use them. On the contrary, they’ll be live streaming them back to the new $18 million, 6,700 square Regional Emergency Management Center where crime analysts will observe and direct the 4G show.

4G streaming means robots can stay at home and watch the game.

New counterfeit detection technology to combat new counterfeiting technology

Over $3 million worth of fake NFL jerseys were seized at the last Super Bowl via the U.S. Customs slickly named “Operation Interception”. This year, with tickets retailing at $800 to $1,200 and reselling for up to $14,000 a pop, the Feds are closing in on tix.

Thermachrome, holograms, and laser cuts aren't enough to stop Super scammers.

The NFL tickets now include holograms, laser cut-outs and ink that changes color depending on the temperature. Over 40,000 visitors to Indy are expected to arrive with no tickets but a lot of hope and cash. Motivated counterfeiters can beat ticket tech with stickers for the holograms, ink mimicry, laser cuts and more. To keep things legit police and authorities outside the stadium will be armed with special handheld scanners that detect fraudulent tickets.

Beyond Roughing The Passer

Nothing evokes America’s “Homeland” like the Super Bowl, and DHS has classified the big game as a National Special Security Event – on the level of papal visits and inauguration.

Homeland Security Chief Napolitano is Head Coach for this year's Super Bowl Security (photo: AZNow, 2008)

In case any baddies manage to slip past the x-ray trucks, DHS Secretary Napolitano was in Indy yesterday to remind fans “If You See Something, Say Something”. Its all of our job to make sure the violence on Sunday, er, stays on the field.

According to a 9to5Mac, the Vice President of Global Security at Apple, John Theriault, has left the company.

This comes amidst ongoing criticism after the lost prototype of the iPhone 4S. Having worked for the FBI and at Pfizer as the Chief Security Officer, Theriault joined Apple in 2007. He reported directly to General Counsel Bruce Sewell, according to a organizational chart published by Fortune.

It’s not known if Theriault was forced out, or chose to leave on his own. During his tenure, there were two lost iPhone prototypes, both involving a bar. The previous lost stolen iPhone was purchased by Gizmodo.

Perhaps the shakeups at Apple are inevitable, as Tim Cook is now the full-time CEO. Other notable Apple employees who have left recently are Senior Vice President of Retail Ron Johnson, Senior Vice President of Mac OS X Bertrand Serlet, Vice President of iAds Andy Miller, and lead designer Sarah Brody.

Find the latest Apple news every day at TNW Apple.

Facebook has taken its fair share of hits in the press about privacy and security, while managing over 800 million users on its platform. Today, Facebook has announced a series of features focused on strengthening the security for Facebook users, as well as making people more comfortable with giving their data to the company.

In a blog post, Facebook discussed its dedication to personal security and support of October’s “National Cyber Security Awareness Month”. The company had this to say:

Security and safety are at the core of Facebook. We have entire teams dedicating their time to building tools that give people even more control over their account and specifically the way they access their information. In fact, many of our most talented engineers are working exclusively on creating a secure environment on Facebook. This October, as part of National Cyber Security Awareness Month, we are working with others in the community to help educate those online about techniques and tools for securing your devices and networks. Additionally, we thought this would be a great opportunity to tell you about some of the systems working behind the scenes to keep you and your data safe.

Today, we wanted to provide all of you with an update on some new features we will be testing in the coming weeks – Trusted Friends and App Passwords – and remind you of the many user tools we offer to help keep you secure on Facebook.

The features, which are slated to be available in “the coming weeks”, are aimed at personal account security, and are quite creative and advanced.

Trusted Friends

If you’ve ever forgotten your password or locked yourself out of your account, you know how frustrating this can be. In the event that you can’t get into your email address, Facebook will soon let you designate three to five “trusted friends” who can help you once again gain access to your account. This will happen through a series of codes sent to your friends, who will then give them to you, which will help confirm your identity to Facebook.

Facebook had this to say about “Trusted Friends”

We’re excited to begin testing this new tool to help you in case you ever get locked out of your account. Similar to other features that help you prove your identity through your friends, you can now select three to five trusted friends who can help you if you ever have issues accessing your account. It’s sort of similar to giving a house key to your friends when you go on vacation–pick the friends you most trust in case you need their help in the future.

If you forgot your password and need to login but can’t access your email account, you can rely on your friends to help you get back in. We will send codes to the friends you have selected for them to pass along to you.

App passwords

Up until now, you’ve had to log into Facebook apps with the same credentials you use for your Facebook account. If you’re an avid Facebook app user, you’ve probably given your credentials to hundreds of developers and apps. Facebook will soon let you generate a new password just for apps, and you’ll be able to access it through your privacy settings. This is a good move for Facebook, and can help users feel more comfortable with using third-party applications without worrying about having their account hacked.

Facebook shared this about app passwords today:

There are tons of applications you can use by logging in with your Facebook credentials. However in some cases you may want to have a unique password for that application. This is especially helpful if you have opted into Login Approvals, for which security codes don’t always work when using 3rd party applications.

We’re rolling out a feature that allows you to use app passwords for logging into 3rd party applications. Simply go to your Account Settings, then the Security tab, and the “App Passwords” section. You can generate a password that you won’t need to remember, just enter it along with your email when logging into an application.

Understanding Facebook Privacy and Security

Along with these two changes, Facebook has realized that all of its privacy and security features might be a little too difficult for the majority of users to figure out. The company provided us and its users an infographic demonstrating all of the work Facebook has put into keeping you and your data private and secure.

Facebook explains:

Over the past few years we have introduced a number of new security tools – Login Approvals, Login Notifications, and One Time Passwords to name a few – and developed several back-end systems to help keep you and your data secure. To better illustrate the full range of these features and show how they all work together to keep you safe while on Facebook we are releasing this infographic. Check it out yourself so you can find out more about our security infrastructure and an overview of the tools available to all our users to increase their level of account security.

Facebook Security Infographic

Future dedication to Security

Even though there are groups that call Facebook unsafe or point out their privacy concerns, the site continues to grow. You can call me naive, but I truly believe that a company that employs as many people as Facebook simply has to focus on keeping data safe and secure. It would be silly to think otherwise. I remember when Gmail was launched in private beta and many yelled about how creepy it was that Google was looking at their email. Of course Google doesn’t “read” emails, it just processes the data.

On its security post today, Facebook had this to say about the future of security at Facebook:

Our considerable work has undoubtedly made Facebook a safer environment – less than half a percent of users experience spam on any given day and only a fraction of fraction of a percent of our users ever experience any security-related issues. But we know there’s plenty of more work to be done, so we will keep striving to make sure that every time you log in to Facebook, you have a safe and social experience. We are adapting and responding to new threats everyday and will continue to bring the people that use our site new ways to protect themselves. Be on the lookout for more announcements throughout the rest of this year, and remember to stay vigilant while online and remind others to do the same.

Again, these new features will be available in “the coming weeks”, and perhaps these changes are in preparation to launch “Timeline” sitewide. There have been privacy concerns about new information popping up in the Timeline feature, thus causing users to scramble and learn how to change their privacy settings.

According to a blog post by Google, the company is taking steps towards making search more secure for its users. For some of us, we’ve been redirected to https:// instead of http:// when going to do a Google search, and the company is making that happen for everyone over the next few weeks. The company is dedicated to SSL and securing search and privacy for its signed in users.

Google had this to say on its blog:

We’ve worked hard over the past few years to increase our services’ use of an encryption protocol called SSL, as well as encouraging the industry to adopt stronger security standards. For example, we made SSL the default setting in Gmail in January 2010 and introduced an encrypted search service located at https://encrypted.google.com four months later. Other prominent web companies have also added SSL support in recent months.

As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra “s”) when you’re signed in to your Google Account. This change encrypts your search queries and Google’s results page. This is especially important when you’re using an unsecured Internet connection, such as a WiFi hotspot in an Internet cafe. You can also navigate to https://www.google.com directly if you’re signed out or if you don’t have a Google Account.

If you’re signed out, you’ll be directed to the regular unencrypted version of Google search.

The company says this won’t change reporting data for webmasters who use analytics tools too see how much traffic Google sends them.

The internal memo pasted below, sent to the Gawker staff from their chief technology officer Thomas Plunkett, reveals that the Gawker Hacker disaster happened in large part due to a lack of preparation and commitment by the media giant’s tech team. He apologizes to the staff and promises to be much more communicative in the future.

From: Thomas Plunkett

Subject: The Gawker Media security breach — status and moving forward
To: [Gawker staff]
Date: Friday, December 17, 2010, 4:43 PM

Everyone -

As you know, this has been the Gawker tech team’s most difficult week ever. This note has been too long coming, but the following is meant to communicate several things: what happened, our current activities, and our plans for moving forward. I suggest you read all of this as I am making several recommendations below, and we are implementing some changes that will affect all of you.

What Happened
Gawker Media servers and some company email accounts were compromised by hackers at some time during the last few weeks; the compromise was made public to us (and everyone else) this past weekend. In recent weeks, intruders were able to gain access to our web servers by exploiting a vulnerability in our source code, allowing them to gain access to user data and passwords. With this information, they were able to gain access to the editor wiki, some Gawker Media email accounts, and other external resources.

It is clear that the Gawker tech team did not adequately secure our platform from an attack of this nature. We were also not prepared to respond when it was necessary. These things can be attributed to several factors.

First, we never planned for such an event, and therefore had no systems, or processes in place to adequately respond. Our focus as a team (and company) has been on moving forward. This put up blinders on several fronts. As a result, numerous wrong decisions were made by me this past weekend in responding to the security breach.

Further, attention to completed work is every bit as important as attention to upcoming work. Our development efforts have been focused on new product while committing relatively little time to reviewing past work. This is often a fatal mistake in software development and was central to this vulnerability.

Finally, we have not only seen tremendous growth as a company, we have never been afraid to take an unpopular or controversial stance with regard to individuals or organizations. Let’s face it: we draw the ire of many. This creates a unique set of demands to meet rapid growth as well as threats that often specifically target us. We did not establish standards and practices to handle growth and the fact that we have a target on our back.

On several fronts — technically, as well as customer support and communication — we found ourselves unprepared to handle this eventuality. The tech team should have been better prepared, committed more time to perform thorough audits, and grown our team’s technical expertise to meet our specific business needs. As a result of not having done these things, we have not adhered to standards expected of us, and our response was inadequate. The remedy to this situation will not be immediate, but it will be swift as possible.

Current Activity: Regaining Control
The tech team have moved our operation to the third floor of the Gawker Media office in order to focus on the work that needs to be done. We are currently in the process of performing a complete review of what happened with an independent security firm.

Here’s what we’ve done so far to regain control:

We have been able to establish a fairly complete timeline of intrusion activity, and have identified compromised assets within Gawker. We have re-established control of compromised systems including our Google Apps accounts. As a result, you will have to reconfigure your Google Apps access (more on this below).

In addition, we have addressed all known vulnerabilities and will continue auditing our system for security flaws, and we have made appropriate changes to administrative accounts to our web and application infrastructure. There are many people reviewing our code base, and because of this, we will also reach out to members of the technical community to harness their expertise. This process will continue as we move to an entirely new, hardened web infrastructure.

We have introduced a help desk to address commenter concerns related to the breach. This will continue to exist as long as it is needed. Scott, Greg, Jeremy, Nick and a host of interns, and many of you, have been active in the threads, and communicating as much as possible as we work through this event.

Moving Forward
We’ve learned many lessons from this experience, both as a tech team, as a company, and as individuals. If there’s one lesson nearly all of us learned, it’s that we can and must be smarter with passwords. Lifehacker is a great resource for password advice (and there are many others). I suggest you start here: http://lifehacker.com/184773/geek-to-live–choose-and-remember-great-passwords.

Efffective immediately, we have enabled SSL, a more secure method of communicating over the internet, for all users with Gawker Media accounts on Google Apps (this does not affect your personal Gmail). Those of you not using web-based Gmail will have to reconfigure your clients (this includes any desktop mail client as well as other devices). The attached document provides instructions to make this easier, and includes information to configure different devices including iPhone, Android and Blackberry phones.

Also effective immediately: If you require access to sensitive materials (legal, financial, or accounting documents) on Google Docs, you must have two-factor authentication setup on your account. No documents will be shared with personal Gmail accounts. We are also strongly encouraging all staff to setup two-factor authorization even if you do not require access to sensitive material.

We will enforce a policy that sensitive information not be posted to the editor wiki. This policy will also apply to chat communications (e.g., Campfire, AIM).

On all of our sites, we will be introducing several new features to our commenting system to acknowledge the reality that we have lost the commenters’ trust and don’t deserve it back. We should not be in the business of collecting and storing personal information, and our objective is to migrate our platform away from any personal data dependencies (like email & password). We will push further integration of external account verification sources using OAuth (like Facebook, Twitter, and Google) for those that want to use them, and we’ll also be introducing disposable accounts. Disposable accounts are similar to the service a pre-paid phone offers to drug dealers (a disposable, untraceable communication device). Commenters seeking anonymity will be able to do so confident that when necessary they can simply toss out the account and there will be no connection to the individual. They will work like this:
- no password will be stored
- no email will be stored
- account can be used as long as you have the key code; lose or delete it, the account is abandoned.

In addition, we are establishing a public Gawker Tech & Product blog (a long time coming) from which we will communicate product information as well as product plans to our readers. You can expect to see it by early next week.

This has been a very unfortunate event in Gawker Media history, and we have learned much from it. Above all, this has been an enormous inconvenience for everyone affected, and for this I apologize. You can expect a much more responsive and proactive technology and product team for 2011. You can also expect a much more public me — if there is one critical thing that has been missing, it is a lack of consistent communication from me. That will change.

Regards,

Tom Plunkett

Got an e-mail from LinkedIn this morning? LinkedIn may have suspended your account to protect its users from any further data breach.

The e-mail read: “…In order to ensure that you continue to have the best experience using LinkedIn, we are constantly monitoring our site to make sure your account information is safe. We have recently disabled your account for security reasons…” The message goes on to explain how to reset your password.

This morning, they tweeted, “sorry for the inconvenience, as a proactive measure we’ve reached out to users potentially affected by the gawker breach regarding password”

LinkedIn has a security team that keeps them abreast of everything that’s current on the Internet. They take action on anything deemed relevant or potentially threatening to their 85 million members’ LinkedIn profiles. The team downloaded the list of e-mails that had been harmed by the hacks and overlapped the list with all LinkedIn accounts. LinkedIn wouldn’t disclose the number of people they emailed but it was a small fraction of LinkedIn’s users on the Gawker list. LinkedIn did not match passwords, but only looked at the corresponding e-mail addresses.

In the interest of safety LinkedIn shut down and suspended every person’s account who was on the list. “We just wanted to stop the Gawker messages and passwords by going further than they already have,” said LinkedIn.

In their blog post today, LinkedIn writes,

Many of you may have heard by now that a prominent blog had its commenting system hacked into and a large number of user names and passwords were exposed.

As we closely monitored the situation, we decided it was imperative to take preemptive action to help ensure that those leaked passwords were not being used to attack any LinkedIn members.

Here’s how we’ve taken steps to address this situation in the past 24 hours. We’ve identified a very small fraction of our members whose accounts could potentially be affected by the recent breach. If you were in the group of users who may have been at risk, you should have received an email with instructions to reset your password. Note, to make sure we have you covered, you will receive an email from us to each email you have on file. You only need to act on one of them.

Even if you weren’t affected, it is a good reminder to proactively manage your online accounts. The number one tip is to use a unique password for each site. For additional tips check out my other post on security here.

LinkedIn acted commendably and safely to keep their name clear as well as to stop users from having more information stolen. For a complete run down of Gawker’s security hacks this weekend, read our earlier post.