A criminal gang starts scanning lots of cards. This can take place at airports, concerts and so on. The actual person doing the scanning is a low-ranking know-nothing who is just following orders. Disposable. The scanned details go into a large database controlled by the gang. It will contain tens or hundreds of thousands of cards.
Someone wanting a card goes to the gang and sits in front of a camera. The face scanner looks at their facial geometry and gives a list of cards which have faces which look closest. Pick one, pay up and you've got yourself a new cloned ID in minutes. Forgery? Not in this century.
Facial is sufficient for most uses envisioned by Big Brother. For instance, if you have an Australian passport, you probably already know about the new walk-through system being introduced for Genuine Aussies. Go through the channel, the facial recognition system remotely reads your card, looks at your face and lets you go through.
Don't be too surprised if armed police bust into your home at 6AM. If I were going to do a kidnapping or murder, I'd be carrying a clone of someone else's ID. Yours would do. Nothing personal.
How do you revoke your ID card without establishing your ID? How do you establish your ID without your ID card? How long does it take to empty your savings account and max out your credit?
This is one reason why you should have separate cards for identity and authorization (purchases/bank accounts/etc), and why you should keep your ID card in a safe place, where it won't get stolen along with your DoStuff[TM] Card in your pocket.
Current anti-ABM tech includes the British Chevaline system of decoys. It dates back to the 1970s. If your ABM defence is helpless against such an ancient and simple system, don't bother. It's a waste of money. Anyone who can build their own ICBMs and nuclear warheads from scratch can build Chevaline.
In Chevaline, each decoy consists of a metalized mylar balloon with a heating element and gas generator. After deployment you get a large, shiny, warm balloon impenetrable to radar. The warhead is surrounded by a similar balloon. Outside the atmosphere, the two look identical to optical, IR and radar.
To defend against Chevaline, you need to wait for the warheads to enter the atmosphere (the decoys slow down very quickly), then use Sprint.
The new ABM system has only been tested against decoys a few times in early tests. It couldn't tell the difference between the decoys and dummy warhead, despite using balloon decoys and a naked warhead. Since then, every decoy system used has mysteriously failed. Just like this latest test.
I remember Geoffrey Perkins from the days of the radio series Radio Active. Geoffrey played the gleeful and shameless bully Mike Flex, who was always making the life of Mike Channel (Angus Deaton) a living hell.
The series itself was a spoof of the low-budget and lower-standards private radio, the personality defects of the characters, and the toxic atmosphere they created. Each program was also a spoof on a particular genre of programme series, for instance: Round Your Parts (local interest), Probe Round the Back (consumer affairs) and God Alone Knows. After a few series on Radio 4 the show transferred to TV for it's swan song KYTV "You'll never be stuck with KY Telly".
Mornington Crescent is an improvisational comedy sketch based roughly on the pocket A-Z. The formula is mythic, and the game follows a simple pattern:
A player makes a move. Another player challenges this with an improvised rule, which can itself be challenged by other improvised rules. The object of the game is to entertain the audience.
The entire population of the UK can now participate in this humorous diversion with the new "Justice Ministry Accredited Status" of many dog wardens, park keepers, charity workers and others. These people are be able to harass and fine (£100) you without any evidence of a crime, merely by claiming that you've done something wrong. They are, of course, encouraged to photograph you while demanding money. Examples of reasons for a fine, given by the Justice Ministry, include dropping litter, but it's really up to the improvisational skills and straight face of the Accredited Person.
I assume that some of the fines find their way into official coffers.
Firstly, let's remember that so far, cold fusion has been a con. A rip-off. A fraud. Call it what you will. Treat it with major-league skepticism.
Secondly, remember the Nuclear Physics. Any useful reactor is going to produce prodigious amounts of radiation, neutron and gamma. That means lots of heavy and bulky shielding. This is not going to appear in a home or car near you.
Thirdly, remember thermodynamic efficiency. If the hot side of the reactor is 100C and the cold side is - say - 40C, then your *maximum* efficiency is about 15%. For every kW you extract, there's about 7kW of waste heat (assuming that everything else is 100% efficient). If you want to make the thing efficient you have to raise the temperature of the hot side to - say - 800C, with a cold side of about 100C. That's much more practical, but has a maximum efficiency of only 50% and requires a strange definition of cold.
If all you want is to warm the planet up, cold fusion might help. Provided it's not a con. Again.
I've used a few MTAs over the years, and each has it's own baked-in assumptions about virtual domains, queuing, bounces, etc. Exim, for instance, has an almost paranoid aversion to queuing. It wants to deliver the mail or reject it NOW! No waiting. No queuing. It resolves all addresses, bursts bulk emails only when unavoidable, and does this before actually accepting the email. Exim only queues when there is a real temporary failure such as a non-responsive downstream MTA. Postfix, on the other hand, absolutely must queue all mail before resolving addresses. For this reason it must accept email regardless. I'd guess Google don't use Exim.
Range 450 FEET. Note the bit in the web page about tracking PEOPLE.
Check it out. It can be buried in walls and is handy-dandy small. Size 3.3in x 1.6in x 0.7in; weight 1.6 oz. Power requirement 12VDC - 14.5VDC, ±30mA -- it'll run off batteries, no problem.
Let's see.. an eeepc, one of these and you have a very portable long range sniffer hidden in a briefcase.
Google is your friend.. unless you're astroturfing.
You're pretty much right, but it depends upon which govt you ask, and when.
Originally, the concept was that a bus load of people could simply drive across the border and their passports would be read from the roadside as they passed. Sounds simple enough, but there was no assessment of the security. No handshake, no encryption. These designs would have lead to worse things than datatheft; think roadside bombs programmed to kill anyone with a passport in the name of Jack Bauer. Assassination was never so easy.
Because so many of the technical decisions were made then, and the politicians are too vain to flip-flop, we have a number of permanent problems and work-arounds.
Firstly, there's the RFID. This is wireless and interceptable. The cards are powered by the interrogation signal, so there's nowhere near enough power for the card to carry out encryption, so there's no authentication of the interrogation signal so anyone can interrogate the card. Therefore no crypto handshake. There's also no change in the cyphertext from one interrogation to the next, so assassins can still trigger a bomb using the cyphertext without the need to decrypt anything.
Another political decision was that the cards are to be contactless. No contacts. Really. You can't provide power or interrogate the cards by other means, so you can't do an end-run around the above problems.
This also means there can be no cryptographic authentication of the card itself. Hello forgeries. These forgeries will have their limits since the data can be digitally pre-signed. Hopefully, all the data is signed, but given the competence of the deciders, I wouldn't bet on it. Actually, I will. We all will.
There have been some attempts at making the cards less of a liability. Data can be pre-encrypted. However, the lessons of DVD CSS have taught us that One Key To Rule Them All is no security at all, so all cards must have unique encryption keys.
This leads to another problem: if you can't handshake (because there isn't power for crypto processing) how does the scanner at the airport discover the key, without the key being broadcast in the clear to everyone in 20m? The answer is some kind of optical scanner, so you have to put the passport on a scanner to allow the key to be read (almost in the clear), but without radio broadcast. This introduces the same inconvenience as a contact card, but without the security.
Don't allow your optically readable data area to be photographed (eg by a long lens). Really. This is your only real protection.
The schemes for optically scanning the keys varies. The dutch tried to mangle a key using personal data such as name, date of birth and passport issue date; this scheme was broken on a laptop in two hours by knowing only a few details and brute-forcing the rest. The best scheme which could be used would be to put a random number on the passport, send it to the issuing government's computers and get the key back that way; but then the computers could supply all the other info too, so why bother with the RFID? Another political decision rules this out - the passport must be readable without a network connection to central computers. Ho hum.
So the key must be stored on the card, and must be readable by any official reader. Remind you of anything? DVD CSS? We're back to the One Key problem again. This time it will be different (yeah, right). Criminals will have a choice: either find the One Key (a once-only task), or steal one of the hundreds of thousands of readers which will be distributed around the world and use that. Once that key is known, all the world's passports become open books.
I wish it were that easy. I work in a small law firm in Blighty, and the new laws require us to use web services for searches, HIPS and the like. The damn things use activeX. In the last few weeks, a training CD arrived in the post from some gov.uk agency. Guess what - it uses activeX. On a freaking CD! ActiveX in the UK is like an infestation of cockroaches. It's not going away any time soon; if anything, it's getting worse.
The multi-streaming solves a nasty gotcha with forwarding multiple traffic over a single ssh connection: one stalled forwarded connection brings the entire show to a dead stop.
To get around ISPs throttling bt, the program should adapt it's ports and protocol negotiation so that it looks like other services (html, VOIP, etc).
Making bt fully protocol-adaptive would be take away all traffic shaping control from ISPs. Their response to this would likely be to look for high upload traffic from users and firewall off the users to stop all incoming connections.
There are counter-moves to this (client-mode bt), but an arms race between users and their service providers is going to be messy and one-sided (they write the T&Cs).
I think it's better that users should vote with their wallets.
For those who are interested, http://www.aljazeera.com/ is a fake site registered in the UK and slanted to provide Western/Israeli propaganda. I don't know which agency runs it, but it's quite well done, provided the viewers have no knowledge of Arabic culture (the graphical styles are a dead give-away ). Compare and contrast the two.
Put a nice long Yagi on a sniper rifle and a PDA to control it. Go to a convenient rooftop and survey your choice of targets. Choose a likely one and squeeze lightly.. the Yagi sends an activation pulse to the target's passport and listens for the nationality.. "USA". A second later, one less Merkin.
Your tax dollars at work!
Actually, a hidden roadside bomb is more likely. You can even target on the basis of other data, such as name or religion. Great fun.
Slashdot Mirror
The attack is simple:
A criminal gang starts scanning lots of cards. This can take place at airports, concerts and so on. The actual person doing the scanning is a low-ranking know-nothing who is just following orders. Disposable.
The scanned details go into a large database controlled by the gang. It will contain tens or hundreds of thousands of cards.
Someone wanting a card goes to the gang and sits in front of a camera. The face scanner looks at their facial geometry and gives a list of cards which have faces which look closest. Pick one, pay up and you've got yourself a new cloned ID in minutes.
Forgery? Not in this century.
Facial is sufficient for most uses envisioned by Big Brother. For instance, if you have an Australian passport, you probably already know about the new walk-through system being introduced for Genuine Aussies. Go through the channel, the facial recognition system remotely reads your card, looks at your face and lets you go through.
Don't be too surprised if armed police bust into your home at 6AM. If I were going to do a kidnapping or murder, I'd be carrying a clone of someone else's ID.
Yours would do. Nothing personal.
How do you revoke your ID card without establishing your ID?
How do you establish your ID without your ID card?
How long does it take to empty your savings account and max out your credit?
This is one reason why you should have separate cards for identity and authorization (purchases/bank accounts/etc), and why you should keep your ID card in a safe place, where it won't get stolen along with your DoStuff[TM] Card in your pocket.
Current anti-ABM tech includes the British Chevaline system of decoys. It dates back to the 1970s. If your ABM defence is helpless against such an ancient and simple system, don't bother. It's a waste of money. Anyone who can build their own ICBMs and nuclear warheads from scratch can build Chevaline.
In Chevaline, each decoy consists of a metalized mylar balloon with a heating element and gas generator. After deployment you get a large, shiny, warm balloon impenetrable to radar. The warhead is surrounded by a similar balloon. Outside the atmosphere, the two look identical to optical, IR and radar.
To defend against Chevaline, you need to wait for the warheads to enter the atmosphere (the decoys slow down very quickly), then use Sprint.
The new ABM system has only been tested against decoys a few times in early tests. It couldn't tell the difference between the decoys and dummy warhead, despite using balloon decoys and a naked warhead. Since then, every decoy system used has mysteriously failed. Just like this latest test.
Or there's the older Eric Idle song:
I Bet You They Won't Play This Song On The Radio.
Congratulations to Microsoft on yet another completely original idea. Clbuttic!
I remember Geoffrey Perkins from the days of the radio series Radio Active. Geoffrey played the gleeful and shameless bully Mike Flex, who was always making the life of Mike Channel (Angus Deaton) a living hell.
The series itself was a spoof of the low-budget and lower-standards private radio, the personality defects of the characters, and the toxic atmosphere they created. Each program was also a spoof on a particular genre of programme series, for instance: Round Your Parts (local interest), Probe Round the Back (consumer affairs) and God Alone Knows. After a few series on Radio 4 the show transferred to TV for it's swan song KYTV "You'll never be stuck with KY Telly".
Mornington Crescent is an improvisational comedy sketch based roughly on the pocket A-Z. The formula is mythic, and the game follows a simple pattern:
A player makes a move. Another player challenges this with an improvised rule, which can itself be challenged by other improvised rules. The object of the game is to entertain the audience.
The entire population of the UK can now participate in this humorous diversion with the new "Justice Ministry Accredited Status" of many dog wardens, park keepers, charity workers and others. These people are be able to harass and fine (£100) you without any evidence of a crime, merely by claiming that you've done something wrong. They are, of course, encouraged to photograph you while demanding money. Examples of reasons for a fine, given by the Justice Ministry, include dropping litter, but it's really up to the improvisational skills and straight face of the Accredited Person.
I assume that some of the fines find their way into official coffers.
Energy Crisis
The gas prices are climbing
And the fraudsters smile
The scared and foolish
Will buy the stupidist hope
With their last dollar
Someone always wins
Whatever the latest fear
With a well timed scam
All Airbus jets are fly-by-wire. Even the aging A300. Boeing went the same way shortly afterwards on their new airliner designs.
They can be bricked just as surely an as iphone.
Firstly, let's remember that so far, cold fusion has been a con. A rip-off. A fraud. Call it what you will. Treat it with major-league skepticism.
Secondly, remember the Nuclear Physics. Any useful reactor is going to produce prodigious amounts of radiation, neutron and gamma. That means lots of heavy and bulky shielding. This is not going to appear in a home or car near you.
Thirdly, remember thermodynamic efficiency. If the hot side of the reactor is 100C and the cold side is - say - 40C, then your *maximum* efficiency is about 15%. For every kW you extract, there's about 7kW of waste heat (assuming that everything else is 100% efficient). If you want to make the thing efficient you have to raise the temperature of the hot side to - say - 800C, with a cold side of about 100C. That's much more practical, but has a maximum efficiency of only 50% and requires a strange definition of cold.
If all you want is to warm the planet up, cold fusion might help. Provided it's not a con. Again.
I've used a few MTAs over the years, and each has it's own baked-in assumptions about virtual domains, queuing, bounces, etc.
Exim, for instance, has an almost paranoid aversion to queuing. It wants to deliver the mail or reject it NOW! No waiting. No queuing. It resolves all addresses, bursts bulk emails only when unavoidable, and does this before actually accepting the email. Exim only queues when there is a real temporary failure such as a non-responsive downstream MTA.
Postfix, on the other hand, absolutely must queue all mail before resolving addresses. For this reason it must accept email regardless.
I'd guess Google don't use Exim.
You can buy a long range reader TODAY from http://www.iautomate.com/r500sp.html for $499.
.. an eeepc, one of these and you have a very portable long range sniffer hidden in a briefcase.
.. unless you're astroturfing.
Range 450 FEET. Note the bit in the web page about tracking PEOPLE.
Check it out. It can be buried in walls and is handy-dandy small. Size 3.3in x 1.6in x 0.7in; weight 1.6 oz. Power requirement 12VDC - 14.5VDC, ±30mA -- it'll run off batteries, no problem.
Let's see
Google is your friend
You're pretty much right, but it depends upon which govt you ask, and when.
Originally, the concept was that a bus load of people could simply drive across the border and their passports would be read from the roadside as they passed. Sounds simple enough, but there was no assessment of the security. No handshake, no encryption. These designs would have lead to worse things than datatheft; think roadside bombs programmed to kill anyone with a passport in the name of Jack Bauer. Assassination was never so easy.
Because so many of the technical decisions were made then, and the politicians are too vain to flip-flop, we have a number of permanent problems and work-arounds.
Firstly, there's the RFID. This is wireless and interceptable. The cards are powered by the interrogation signal, so there's nowhere near enough power for the card to carry out encryption, so there's no authentication of the interrogation signal so anyone can interrogate the card. Therefore no crypto handshake. There's also no change in the cyphertext from one interrogation to the next, so assassins can still trigger a bomb using the cyphertext without the need to decrypt anything.
Another political decision was that the cards are to be contactless. No contacts. Really. You can't provide power or interrogate the cards by other means, so you can't do an end-run around the above problems.
This also means there can be no cryptographic authentication of the card itself. Hello forgeries. These forgeries will have their limits since the data can be digitally pre-signed. Hopefully, all the data is signed, but given the competence of the deciders, I wouldn't bet on it. Actually, I will. We all will.
There have been some attempts at making the cards less of a liability. Data can be pre-encrypted. However, the lessons of DVD CSS have taught us that One Key To Rule Them All is no security at all, so all cards must have unique encryption keys.
This leads to another problem: if you can't handshake (because there isn't power for crypto processing) how does the scanner at the airport discover the key, without the key being broadcast in the clear to everyone in 20m? The answer is some kind of optical scanner, so you have to put the passport on a scanner to allow the key to be read (almost in the clear), but without radio broadcast. This introduces the same inconvenience as a contact card, but without the security.
Don't allow your optically readable data area to be photographed (eg by a long lens). Really. This is your only real protection.
The schemes for optically scanning the keys varies. The dutch tried to mangle a key using personal data such as name, date of birth and passport issue date; this scheme was broken on a laptop in two hours by knowing only a few details and brute-forcing the rest. The best scheme which could be used would be to put a random number on the passport, send it to the issuing government's computers and get the key back that way; but then the computers could supply all the other info too, so why bother with the RFID? Another political decision rules this out - the passport must be readable without a network connection to central computers. Ho hum.
So the key must be stored on the card, and must be readable by any official reader. Remind you of anything? DVD CSS? We're back to the One Key problem again. This time it will be different (yeah, right). Criminals will have a choice: either find the One Key (a once-only task), or steal one of the hundreds of thousands of readers which will be distributed around the world and use that. Once that key is known, all the world's passports become open books.
So that's it. We're screwed. We are *so* screwed.
Your tax dollars at work!
I wish it were that easy.
I work in a small law firm in Blighty, and the new laws require us to use web services for searches, HIPS and the like. The damn things use activeX.
In the last few weeks, a training CD arrived in the post from some gov.uk agency. Guess what - it uses activeX. On a freaking CD!
ActiveX in the UK is like an infestation of cockroaches. It's not going away any time soon; if anything, it's getting worse.
Would you buy a $400 iPhone for $551? Really? /so/ 2002.
We aren't the gullible sheeple that Steve thinks we are.
Besides, it's only G2.5. That's
"Ars Technica goes on to recount suggestions that genomes evolved to the point where they work well with evolution."
I wouldn't put it past those Godless bohemian radicals to deny Devine Intervention in the creation of species.
Pish and Tush, I say. Pish and Tush.
Here in Limeyland, Alan Sugar put his personal reputation on this with the em@iler._ article_id=407184&in_page_id=2
After 6 years, he finally gave up early this year. http://www.thisismoney.co.uk/news/article.html?in
The multi-streaming solves a nasty gotcha with forwarding multiple traffic over a single ssh connection: one stalled forwarded connection brings the entire show to a dead stop.
Encryption is the wrong tool for the job.
To get around ISPs throttling bt, the program should adapt it's ports and protocol negotiation so that it looks like other services (html, VOIP, etc).
Making bt fully protocol-adaptive would be take away all traffic shaping control from ISPs. Their response to this would likely be to look for high upload traffic from users and firewall off the users to stop all incoming connections.
There are counter-moves to this (client-mode bt), but an arms race between users and their service providers is going to be messy and one-sided (they write the T&Cs).
I think it's better that users should vote with their wallets.
At the last D: All Things Digital conference, Mr B Gates KBE made the observation that "during the last year, if you had up-to-date Windows, you would have been safe if you didn't have" antivirus software also running.
If a Blue Badger (full MS employee) were to run his/her Windows machine on the MS campus without AV, would this behaviour be considered loyal, courageous, reckless, career limiting or grounds for dismissal?
Don't believe everything you read.
'penalties against those who patent software or use anti-piracy technology.' I think not.
It may (or may not) address these issues, but I don't think it'll punish users.
For those who are interested, http://www.aljazeera.com/ is a fake site registered in the UK and slanted to provide Western/Israeli propaganda. I don't know which agency runs it, but it's quite well done, provided the viewers have no knowledge of Arabic culture (the graphical styles are a dead give-away ). Compare and contrast the two.
Put a nice long Yagi on a sniper rifle and a PDA to control it. Go to a convenient rooftop and survey your choice of targets. Choose a likely one and squeeze lightly .. the Yagi sends an activation pulse to the target's passport and listens for the nationality .. "USA". A second later, one less Merkin.
Your tax dollars at work!
Actually, a hidden roadside bomb is more likely. You can even target on the basis of other data, such as name or religion. Great fun.
I already have my aluminium card holder.
I think you're referring to the E Technologies Associates -v- IBM case.
Does this mean that shell scripts are patented now?
Too easy. I like Lemmiwinks, too :>