That is not what I am saying. I am saying that some random person isn't going to be able to walk up to you and read the data off your passport.
How hard the passports will be to tamper with or forge is a different questions. This will depend on the hardware used, and the design and implementation of the security system. A well designed system will have data on it signed by a key that is not present on the card, so even if you hack your own card you won't be able to put valid data on it since you won't have the signing key.
If the system is properly implemented then no human eyes will ever see the keys. They are locked in the hardware and can't get out. I am not talking about a pin to unlock the data on your card, though the cards could implement that as well. I am talking about card master keys, encryption keys, MAC keys, and key encryption keys using techniques such as Open Platform secure messaging.
I am talking about using tamper reactive hardware like an IBM 4785 on the back end and putting unique keys on all the cards. This isn't that complicated but nobody on/. understands it and they all bitch about things that understanding it would resolve and I am sick of it.
There are cryptographic protocols that are well known and widely implemented to make sure that your smart card won't even talk to anything but an authorized system. There is no way that somebody can just go out and buy an ISO 14443 reader and war drive your pocket. They need the proper keys to talk to the card and if they don't have them they are out of luck.
There have been several articles stating that two player cooperative mode will only be included on the xBox version. There is no plan for a co-op on the PC.
I am sorry if I came across as saying that you in particular fear technology. I meant that many on/. seem to fear RFID and associated technologies without understanding the proctections they offer.
Multi-application smart cards have been around for a long time. The device reading the card could select the most appropriate application or offer the user a choice if there are two credit apps (unlikely) or perhaps a credit app and a stored value purse.
As far as the pin goes, EMV requires that the pinpad have certain protections (both electronic and physical) in order to be used in credit transactions. A computer keyboard does not qualify. Also note that at least a pin is verified. How often is your signature actually verified? My signature barely resembles the nice signature I put on the back of most of my bank cards yet I have NEVER been challenged on it. I could sign anything in many instances and be fine. The pin give a binary yes or no response without relying on the judgement of the 17-year old at the register.
I have demo of electronic signature verification using a smart card which is pretty cool. That (or any other biometric that can fit on the card) could be used instead of a pin.
Finally, even if someone does snoop your pin, they would have to steal your card as well or spend the money to dupe it, which is a significant investment, certainly not worth the money they could get out of it. Magstripe cards can be duped with almost no effort and thus are a target for fraud.
Do you have any links on this? There are systems out there that use ISO 14443 smart cards (often mistankenly called RFID) that can do 3DES, RSA, and AES and have well tested protocols so that only authorized readers can talk to cards and an eavesdropper can't get any info.
With mag stripe there is no security, so the waiter has to verify that the physical card is not a counterfeit. This wouldn't be needed with a smart card (I doubt that these are RFID tags) since it would be the cryptographic protocols that guarantee that the the card is legitimate and not the look/feel of the card. Thus the waiter doesn't need to handle the card to verify it. If you have a pin instead of a signature you could keep it in your wallet, pass the wallet over the reader, and then enter you pin without your card ever being seen, and the transaction would be more secure than what you do everyday with your current credit card. Of course this is/. so lots of people look for excuses to fear RFID.
Stanford has a Gates building for CS as well. When it opened there was some concern that the keys had electronically encoded id numbers in them. Of course the doors were open until 8 pm, so you only needed to use the key if you were there late. On top of that there was a privacy policy instituted that I forget now, but basically they said that they weren't going to use it to track the number of hours you spent in the building.
It seems reasonable to me that the doors of the CS lab shouldn't be unlocked at 3 am. It also seems reasonable that if someone who works there wants in, they should be able to get in a 3 am. Finally, you need a method of giving people keys that won't allow them to copy them. I am sure that the hackers at MIT have little regard for the "do not duplicate" warning on traditional keys. They'll probably figure out how to dupe an RFID card as well (it can be done) and pretty soon everybody will be able to access the building as RMS.
If RMS is this concerned about his "privacy" wait till he finds out that the GNU/Linux systems he logs on to have "log files" that the administrator can read!
The rest of the world is switching to EMV, a smart card based standard for credit card transactions. Why? Because of simple economics. Fraud rates have been high in Europe so the banks have switched to EMV smart cards to reduce fraud. Countries that mandate EMV have seen sharp reductions in fraud. As this happens criminals move towards the low hanging fruit. Again, the simple economics, which you are so fond of.
So if you are in a country that hasn't switched to smart cards yet, your bank is the low hanging fruit. Once fraud rates go up in your country, your bank will switch to EMV as well and you'll have a smart card as well, because it saves the bank money. Simple economics, right? There are advantages to contactless cards (including cost) that might make them the most attractive option to some banks and merchants. That might be more complex economics though, so we will ignore that in this lesson.
I would guess that this is an ISO 14443 smart card rather than an RFID card, especially since there is nothing to indicate otherwise on the website linked to. If the system is well-designed then you would need to know the proper cryptographic keys just to get it to talk and different keys to understand what it is saying. Note that ISO 14443 works on some of the same technology as RFID but can be much more secure. So it doesn't matter if you have a giant reader that will turn your ass into rump roast from 100 yards away if you don't have the keys. BTW, you don't have the keys.
In other words this is both safer and more convinient than a traditional credit card. Of course here on/. simply mentioning that something MIGHT be RFID (and that it will be the end of privacy!) without backing it up is enough to get a submission on the front page. Slashdot should have one of the editors take smart cards 101 and RFID 101 so that they can filter all the chicken little submissions more effectively. Most the people posting here haven't the slightest clue about the technology involved, what the protections are, and what it takes to break one of these versus a a normal card.
You had all better get used to it anyhow. EMV is getting implemented all over the world to reduce fraud. Pretty soon the USA will be the place to go to commit credit card fraud since we aren't widely using smart cards. Once the fraud rate goes up the banks will be forced to implement EMV and we'll all be using smart cards as credit cards. Then the fraud rates will go down again. This process will play itself out in the next five years, so you have a little time to construct your tinfoil hats and wallets.
there are all sorts of applications. Without being too specific, I want to read tags on crates of bottles, loaded on pallets, which are already loaded on a truck. For some reason reading prior to loading on the truck won't work.
You are right that your chances of being in a store that has the winning can when you are there are very small. Even if it was there you would have a hard time finding it.
The problem is that there isn't a good way to scan large numbers of cans quickly. You can't just walk by a shelf of 12-packs and scan the shelf. You would have to pull each 12 pack off and scan it. The large amount of metal and liquid between the scanner and the phone would prevent you from getting a reading. Not to meniton the fact that you wouldn't even know what to look for. I suppose you could practice by sticking your own cell phone in a 12 pack and scanning it.
If you know a way to read an RFID tag (not what this is, and probably an easier problem) through a few feet of liquid and occasional metal please let me know. That would actual solve a problem I have...
I know someone who at least claimed to be considering it. The plan was to become a high school math teacher and say that there was no way to pay off the loan bills. Instead he works for the NSA now.
In any case, and maybe I am just being self-centered here, I enjoyed my university experience so much that I don't look at it just as a risk/reward proposition.
If I ever decide to go to grad school it will pay off again. Had I gone to grad school immediately it would have paid off even more. As the number of years since graduation increases the importance of where I got my degree decreases.
I am quite happy with my crippling debt, and I happen to think it was a good investment. Still, I am getting out of it only a little faster than a payment at a time, so that part is still valid.
Another option, which I don't respect, is to graduate and declare bankruptcy. Good luck buying a house soon after that.
Heh I have a CS degree from Stanford and I took three classes from the "math" department. Calculus, statistics, and linear algebra. Is that all the math I took? No way.
At least half of the CS classes were math, or "computer science" if you will rather than programming. Things like logic, complexity theory, algorithms, and AI were taught without the use of computers and are for the most part specialized math. Other courses suchs as compilers, graphics, and operating systems required applying math and theory as well as learning some new math.
Don't be fooled by labels, if you have a real CS degree you mostly took math courses with some programming thrown in.
The article also complained that the pixels were bigger than on another 17 inch Samsung monitor running at the same resolution. Obviously someone doesn't understand what dot pitch is.
Hopefully with the sequel they removed the ridiculous ability to stick webs to the sky, too.
The developers have said that webs won't stick to the air in the next game. This will make movement more interesting and realistic but potentially awkward.
I wasn't nearly as nice as that one. I did the best I could with a hand held electric jigsaw, bunch of plywood, some 2x4s, and a few dowels.
It isn't clear from the drawing (which might have been done by a student of Da Vinci and not Da Vinci himself) how the steering would work. I could have put a hinge in the frame but I didn't, so I steered by pulling a small wheelie and jerkign to one side. Not very effective. The drive train didn't work very well either, so both propulsion and stopping we difficult. Still I could get around on it faster than walking. I rode it for about a week after presenting it.
I made a Da Vinci bicycle my freshman year out of wood. Got a lot of odd looks riding it around campus. It was also quite loud. When I left at the year of the year I locked it to a bike rack and it wasn't there when I got back. If you ever see someone riding around Palo Alto on a primitive wooden bicycle knock them off it for me!
You are entirely correct. There are some other advantages that the iPod has over what I have as well, such as naviagtion and different play modes and I don't feel like I need them.
I have a 512MB flash player that is also a usb pen drive. It cost about $160. It is smaller and lighter than an iPod mini and runs for over 12 hours on a single AAA battery. I bought mine here but they seem to be out of stock of the 512 MB version right now.
It isn't fancy but it works, and can jog all day and it will never skip.
Especially if you are dealing with an IBM 4758. They detect a casual battery replacement as an attack and clear their memory, which is a good thing. Point is, you had better know what you are doing.
Slashdot Mirror
How hard the passports will be to tamper with or forge is a different questions. This will depend on the hardware used, and the design and implementation of the security system. A well designed system will have data on it signed by a key that is not present on the card, so even if you hack your own card you won't be able to put valid data on it since you won't have the signing key.
If the system is properly implemented then no human eyes will ever see the keys. They are locked in the hardware and can't get out. I am not talking about a pin to unlock the data on your card, though the cards could implement that as well. I am talking about card master keys, encryption keys, MAC keys, and key encryption keys using techniques such as Open Platform secure messaging.
I am talking about using tamper reactive hardware like an IBM 4785 on the back end and putting unique keys on all the cards. This isn't that complicated but nobody on /. understands it and they all bitch about things that understanding it would resolve and I am sick of it.
I'll turn off rant mode now...
There are cryptographic protocols that are well known and widely implemented to make sure that your smart card won't even talk to anything but an authorized system. There is no way that somebody can just go out and buy an ISO 14443 reader and war drive your pocket. They need the proper keys to talk to the card and if they don't have them they are out of luck.
There have been several articles stating that two player cooperative mode will only be included on the xBox version. There is no plan for a co-op on the PC.
Multi-application smart cards have been around for a long time. The device reading the card could select the most appropriate application or offer the user a choice if there are two credit apps (unlikely) or perhaps a credit app and a stored value purse.
As far as the pin goes, EMV requires that the pinpad have certain protections (both electronic and physical) in order to be used in credit transactions. A computer keyboard does not qualify. Also note that at least a pin is verified. How often is your signature actually verified? My signature barely resembles the nice signature I put on the back of most of my bank cards yet I have NEVER been challenged on it. I could sign anything in many instances and be fine. The pin give a binary yes or no response without relying on the judgement of the 17-year old at the register.
I have demo of electronic signature verification using a smart card which is pretty cool. That (or any other biometric that can fit on the card) could be used instead of a pin.
Finally, even if someone does snoop your pin, they would have to steal your card as well or spend the money to dupe it, which is a significant investment, certainly not worth the money they could get out of it. Magstripe cards can be duped with almost no effort and thus are a target for fraud.
Do you have any links on this? There are systems out there that use ISO 14443 smart cards (often mistankenly called RFID) that can do 3DES, RSA, and AES and have well tested protocols so that only authorized readers can talk to cards and an eavesdropper can't get any info.
With mag stripe there is no security, so the waiter has to verify that the physical card is not a counterfeit. This wouldn't be needed with a smart card (I doubt that these are RFID tags) since it would be the cryptographic protocols that guarantee that the the card is legitimate and not the look/feel of the card. Thus the waiter doesn't need to handle the card to verify it. If you have a pin instead of a signature you could keep it in your wallet, pass the wallet over the reader, and then enter you pin without your card ever being seen, and the transaction would be more secure than what you do everyday with your current credit card. Of course this is /. so lots of people look for excuses to fear RFID.
It seems reasonable to me that the doors of the CS lab shouldn't be unlocked at 3 am. It also seems reasonable that if someone who works there wants in, they should be able to get in a 3 am. Finally, you need a method of giving people keys that won't allow them to copy them. I am sure that the hackers at MIT have little regard for the "do not duplicate" warning on traditional keys. They'll probably figure out how to dupe an RFID card as well (it can be done) and pretty soon everybody will be able to access the building as RMS.
If RMS is this concerned about his "privacy" wait till he finds out that the GNU/Linux systems he logs on to have "log files" that the administrator can read!
So if you are in a country that hasn't switched to smart cards yet, your bank is the low hanging fruit. Once fraud rates go up in your country, your bank will switch to EMV as well and you'll have a smart card as well, because it saves the bank money. Simple economics, right? There are advantages to contactless cards (including cost) that might make them the most attractive option to some banks and merchants. That might be more complex economics though, so we will ignore that in this lesson.
In other words this is both safer and more convinient than a traditional credit card. Of course here on /. simply mentioning that something MIGHT be RFID (and that it will be the end of privacy!) without backing it up is enough to get a submission on the front page. Slashdot should have one of the editors take smart cards 101 and RFID 101 so that they can filter all the chicken little submissions more effectively. Most the people posting here haven't the slightest clue about the technology involved, what the protections are, and what it takes to break one of these versus a a normal card.
You had all better get used to it anyhow. EMV is getting implemented all over the world to reduce fraud. Pretty soon the USA will be the place to go to commit credit card fraud since we aren't widely using smart cards. Once the fraud rate goes up the banks will be forced to implement EMV and we'll all be using smart cards as credit cards. Then the fraud rates will go down again. This process will play itself out in the next five years, so you have a little time to construct your tinfoil hats and wallets.
there are all sorts of applications. Without being too specific, I want to read tags on crates of bottles, loaded on pallets, which are already loaded on a truck. For some reason reading prior to loading on the truck won't work.
Is there a reason nobody is mentioning that he shared the Oscar with Stephen R. Marschner and Pat Hanrahan?
The problem is that there isn't a good way to scan large numbers of cans quickly. You can't just walk by a shelf of 12-packs and scan the shelf. You would have to pull each 12 pack off and scan it. The large amount of metal and liquid between the scanner and the phone would prevent you from getting a reading. Not to meniton the fact that you wouldn't even know what to look for. I suppose you could practice by sticking your own cell phone in a 12 pack and scanning it.
If you know a way to read an RFID tag (not what this is, and probably an easier problem) through a few feet of liquid and occasional metal please let me know. That would actual solve a problem I have...
In any case, and maybe I am just being self-centered here, I enjoyed my university experience so much that I don't look at it just as a risk/reward proposition.
If I ever decide to go to grad school it will pay off again. Had I gone to grad school immediately it would have paid off even more. As the number of years since graduation increases the importance of where I got my degree decreases.
Another option, which I don't respect, is to graduate and declare bankruptcy. Good luck buying a house soon after that.
At least half of the CS classes were math, or "computer science" if you will rather than programming. Things like logic, complexity theory, algorithms, and AI were taught without the use of computers and are for the most part specialized math. Other courses suchs as compilers, graphics, and operating systems required applying math and theory as well as learning some new math.
Don't be fooled by labels, if you have a real CS degree you mostly took math courses with some programming thrown in.
No, rendering each frame is a separate task. This more comparable to Google than to traditional supercomputing applications.
The article also complained that the pixels were bigger than on another 17 inch Samsung monitor running at the same resolution. Obviously someone doesn't understand what dot pitch is.
The developers have said that webs won't stick to the air in the next game. This will make movement more interesting and realistic but potentially awkward.
I wasn't nearly as nice as that one. I did the best I could with a hand held electric jigsaw, bunch of plywood, some 2x4s, and a few dowels. It isn't clear from the drawing (which might have been done by a student of Da Vinci and not Da Vinci himself) how the steering would work. I could have put a hinge in the frame but I didn't, so I steered by pulling a small wheelie and jerkign to one side. Not very effective. The drive train didn't work very well either, so both propulsion and stopping we difficult. Still I could get around on it faster than walking. I rode it for about a week after presenting it.
I made a Da Vinci bicycle my freshman year out of wood. Got a lot of odd looks riding it around campus. It was also quite loud. When I left at the year of the year I locked it to a bike rack and it wasn't there when I got back. If you ever see someone riding around Palo Alto on a primitive wooden bicycle knock them off it for me!
You are entirely correct. There are some other advantages that the iPod has over what I have as well, such as naviagtion and different play modes and I don't feel like I need them.
It isn't fancy but it works, and can jog all day and it will never skip.
Especially if you are dealing with an IBM 4758. They detect a casual battery replacement as an attack and clear their memory, which is a good thing. Point is, you had better know what you are doing.
you are getting troll votes for referencing CNN.com without throwing up a link. You need to document your claim.