For punch card machines you can go all the way back to the Jaquard Loom in 1801 which used punch cards to set weave patterns. Again, probably 95% of you readers knew this, but no one else had mentioned it yet so...
"Childs claimed he never intended any harm, but did not trust his superiors with the passwords. He eventually gave the passwords to then-Mayor Gavin Newsom in a jail cell visit"
1.5 million to teach them how to type "joshua"? Seems exhorbitant.
There are some pretty inexpensive ways to do this (grid cards) so like the article you linked, I don't buy cost as an excuse. Of course I did take a photo of my buddy's grid card once as a joke, but at least it isn't personal data I could harvest from his facebook page which most of those bank questions are. If people are willing to carry a "bonus" card for every flipping retail establishment in existence, they should be willing to carry a card to keep their money secure. And I can't believe that the added cost of the security wouldn't pay for itself in the long run.
Of course if you have the ability to surreptitiously place a 200 Euro (quote from the article) RFID reader at the passport agency to snoop traffic, you probably can also place a surreptitious CAMERA ( probably less than 200 euro) to photograph the bar code containing the KEY on the printed page. Much more efficient.
BTW as I've said before this same statement applies to the "passport detonator" FUD. I bet some Iraqis would be more than happy to hide in the bushes with a remote control detonator for far less than 200 Euros. And they will be better at detecting Americans too.
Passports are a mechanism for me to identify myself, not for any random mugger/secret policeman/terrorist to cherry-pick me out of a crowd
But to whom are you identifying yourself? Passports are an assertion by your government to another government that the data in the passport correctly identifies you and that you meet that country's criteria for holding a passport (citizen diplomat etc.). It is not for you. It is for other countries to identify you as a citizen of whatever country you claim to be a citizen of.
The other uses of a passport are merely conveniences. You are not forced to travel btw, it is a privilege not a right, so you accept the risks when you choose to travel (airflight accident, luggage theft, passport catching fire and burning your butt because someone scanned it with too strong a signal...)
Or do you habitually carry your passport in one hand, waving it over your head and loudly proclaiming "Look at me, I'm an American citizen!"?
Only when I am trying to attract hookers
...opening your passport for any reason immediately announces to anyone nearby that you're a US citizen, in case they might be interested
Only if they have the right equipment and are actively seeking the information. When you open a current passport without a chip in it, you are broadcasting to anyone who has thought to install a hidden camera nearby or paid some fanatic or criminal or intelligence agent to hang out with a pair of binoculars, a pencil, and a piece of paper that you are an American citizen. The risk is roughly the same.
Frankly, the day when the act of opening my passport in my bag potentially identifies me and/or my nationality to anyone within up to tens of metres is the day I staple the blooody thing shut, and I'm not even a US citizen (with all the attendant antipathy that carries with it across the world).
I would recommend a rubber band if you feel the need. Less destructive. Although I will give you credit for being more moderate then the microwave and hammer crowd.
This is actually a very good question. The answer is twofold:
1) Most contact chips don't last past 5 years, and they wanted a longer validity (10 years in the US case)
2) The chip specification was for the 28 (?) Visa-waiver countries and each of them can have a different passport form factor, so it would be very difficult/expensive to implement a single contact based reader or set of readers for them all. Contactless solves this issue and allows each country to keep whatever form factor they want.
The specifications for this were acutally developed by the International Civil Aviation Organization. Anti-Skimming is not a part of any of those specifications, however data encryption schemes are.
And a happy RTFA to you. Let's just try your suggestion shall we? Ah! here is an interesting tidbit Mr. Troll -
"ID thieves who figure out a way around the security precaution on RFID passports, which includes anti-skimming material in the cover"
So actually an inch is terribly optimistic. More like 0 inches really. Unless you open the passport, in which case you undergo the same risk that you do from hidden cameras and fanatics with binoculars and detonators.
Also, Blackbox did NOT conduct the audit. They recommended two security companies to the COUNTY clerk who hired them in line with his purview to conduct an independent audit. BTW, this is not some random clerk as one poster suggested. County Clerk is an elected office in my county.
Also, there were apparently 3 versions of the voting machine delivered (So which one is the validated one?)
Also, the delivered machines had been marked as having failed acceptance testing BY DIEBOLD.
Also, the memory discrepancy cannot be accounted for by Diebold's font explanation.
Also, apparently Diebold is running around replacing motherboards on other delivered systems.
Question: Why aren't we throwing bricks yet? This is way worse then bad French labor laws.
Note to the literal minded: I am not actually advocating that anyone engage in violent rioting, however a good loud peaceful protest is definitely in order. And I am not one to protest frivolously (see sig)
What if my dog detects that I am home and starts jumping up and down on the door in excitement (as he should) while I am trying to open it? That could cause some interference no?
Also from TFA: "Another advantage of the technology is that all 'KnocKeys' are the same, if the 'KnocKey' is lost or stolen, it is possible to simply buy another 'KnocKey' and enter your personal code"
So you really don't have a second factor of authentication at all. You just have a PIN that opens your door, using a commoditized detached device. To be fair, they don't claim that you have a second factor, but it gives that illusion.
Boy the more I think about this...
How does that work? How does the device know which code in the (i assume OTP) I am on? If all I have to do is buy any old Knockey and enter my PIN, how does it know? Doesn't add up.
1. Contact chips only last 4-5 years. US passports are valid for 10. The contactless chip is more durable.
2. There is no need to attempt to mandate the exact size and shape of 28 countries different passport. Very difficult, especially in the current political climate. Remember that this initiative started when the US said you have to do this to be a visa waiver country. The International Civil Aviation Organization then set the standards. So don't blame just the US for the fact that it's an RFID chip. 28 countries agreed to this because it was the path of least resistance.
Also, I don't think optical codes can store as much data as this RFID chip, but I may be wrong about that
Like when you check into your foreign hotel or buy a train ticket. Maybe there's a 6-foot dish concealed 60 feet from the check-in desk. Or maybe the clerk's palmtop/scanner is sitting just out of sight, and he gets $1 for every GUID he collects (with timestamp).
Or Maybe there's a hidden camera looking through the window reading the passport when the clerk opens it. Or maybe the hotel has a security camera that could read it. Actually that would be a definitely wouldn't it. I say we should issue all passports with invisible ink from now on!
US Passports have a validity of 10 years. Modern contact chips in smart cards have an estimated life of 4-5 years. So you would theoretically have to get at least twice as many passports. Also, you can't really just replace passports with smart cards because not every country in the world will be able to read those smartcards at the get go. (Think Chad or other 3rd world countries) so you have to continue to use a typical human readable passport. This program is designed for the 27 or so VISA-waiver countries. There was no way that anyone was going to successfully mandate a single physical form factor for the passports of 28 different sovereign nations, but they were able to (finally) reach an agreement on an embedded chip, interface and some minimal and optional contents. These were the driving reason for contactless, and it is unfortunate that the US State Dept. did not consider privacy from the get go. But thanks to a public outcry, now they have.
Someone else asked what was wrong with the current passports. In a word, the answer is forgery. The new passports include a digital signature across the entire contents of the passport including the photo. So if I as a bad guy, take your passport and try to replace your photo with mine, either the photo on the chip won't match, or if you somehow figure out how to replace the photo on a chip that has had its write mode disabled permanantly, the digital signature will not verify. So with the new passports, the only way to get an undetectable forgery is to get the real thing through the passport office, probably not impossible (think bribes and extortion of issuance officers), but now we have an honest shot at detecting it, and if one does turn up, you might be able to go back and figure out who issued it. This has an additional side benefit in that it makes stealing chip equipped passports worthless. This should help increase the security of travellers who are sometimes attacked or robbed solely for their passport.
Im my opinion, now that steps have been taken to reduce the possibilities of skimming, the benefits of the new passports outweigh the negatives. Schnier's alarmism about the serial numbers is just that. If someone really wants to track people so badly that they will start building databases of those serial numbers and correlating them with information that they have obtained through some justified mechanism, just so that they can track you when you happen to have your passport open anyway, then they are going to track you, and there is not much you can do about it anywyay. This is roughly the same risk as having a hidden camera near a point where you open your passport (or someone opens it for you). It's just to far to go for the limited benefit. The new protections have tipped the balance in favor of the new ePassport, and while Schnier does point out a flaw that is unfortunate, it is certainly repairable in the future, and not "fatal". If the US starts issuing passports without the flaw in the next few years (before all the passports with no chip at all expire) no one will bother trying to attack passport security in this fashion. It just isn't worth it.
New standards are emerging from NIST, including AES (Advanced Encryption Standard) and TDES (Triple DES).
Once again even most Slashdot readers know that TDES is finished emerging from NIST and is in the process of being obsoleted by AES which also emerged from NIST long ago.
It is also interesting to note the bias they give PGP here. Basically, there are two good asymmetric key distribution schemes in the world: PGP and PKI.
PGP is very useful if you have a small group or feel you can rely on out of band mechanisms for key distribution. For example, if I have been talking to you on the phone, and say I am going to email you my public key, you can be pretty sure it came from me when it arrives a little later.
In a large organization though, key distribution is more problematic, and this is where PKI excells. For example if I receive a message that purports to be from the CIO telling me to install a patch how can I be sure it is really him and not some random dude(ette)? Ah! because the certificate that contains his public key is digitally signed by an entity that I trust (because they told me that I will trust it when I took the job ). PGP is good for dealing with people you know personally or have met in some fashion. PKI is good for dealing with both people you have met personally, and people that you have not met, but need to be able to exchange secure communication with anyway.
Good post!
One nit pick - it's usually called M of N (just in case someone wants to google it). Also hardware scheme won't work for them here, due to the distribted nature of the organization.
I may be misunderstanding you, but generally in digital signing, you don't recover the signing private key, because there is no point to it. Just issue a new one. Key Recovery is only useful for encryption purposes when there is data that is encrypted and will be lost unless you can recover the key. With digital signing, losing the private key (or compromising it) just means you can't use it to sign anymore. You can still validate signatures created with the compromised or lost private key using the public portion of it, which is usually included in the signed object itself. If you have an associated trusted time stamp that is, and the signature predates the compromise event.
I think the OTS code signing certificate is a good idea, and you could entrust the use of it (private key password) to a small group. if you do this, I would highly recommend that if someone that is trusted with the signing duties, or holds part of your multi-part key as detailed above, leaves your organization, that you revoke that certificate (or whatever PGP uses) and issue a new one.
I would also recommend trusted timestamping if you are concerned about continuity of validations following a compromise.
Actually the interesting thing about the SWG economy is the degree to which it is managed by SOE. For instance, they have been purposely tooling the economy towards running at a deficit for some time now. Reasoning: A slew of credit duping bugs flooded the galaxies with credits, and they want to siphon off a lot of it. Because it does operate like a sink as the previous poster mentioned, they can simply tighten the spigots to a dribble and open the drains, by decreasing fees paid out for missions and quest rewards, and increasing fees for travel, building and vehicle maintenance etc. Presumably when they have decreased the amount of cash available in the game, they will bring back a more even rate of flow.
The only reason that SSL continues to work so well, is that it is still not the weakest link in the security chain. As other posters have pointed out, it is much easier to crack the endpoints of an SSL transaction.
There are products out there that will keep information encrypted through to your back end servers, but as long as the credit card companies are limiting liability, there will be no public insistence on using them.
Q: Who is doing all the writing off of this theft and who is ultimately paying for it?
A: The costs of these thefts are hidden in higher prices for products and insurance of course.
Slashdot Mirror
No no, you eat the Olivine after you drink your Martian-tini.
For punch card machines you can go all the way back to the Jaquard Loom in 1801 which used punch cards to set weave patterns. Again, probably 95% of you readers knew this, but no one else had mentioned it yet so...
"Childs claimed he never intended any harm, but did not trust his superiors with the passwords. He eventually gave the passwords to then-Mayor Gavin Newsom in a jail cell visit"
1.5 million to teach them how to type "joshua"? Seems exhorbitant.
There are some pretty inexpensive ways to do this (grid cards) so like the article you linked, I don't buy cost as an excuse. Of course I did take a photo of my buddy's grid card once as a joke, but at least it isn't personal data I could harvest from his facebook page which most of those bank questions are. If people are willing to carry a "bonus" card for every flipping retail establishment in existence, they should be willing to carry a card to keep their money secure. And I can't believe that the added cost of the security wouldn't pay for itself in the long run.
Of course if you have the ability to surreptitiously place a 200 Euro (quote from the article) RFID reader at the passport agency to snoop traffic, you probably can also place a surreptitious CAMERA ( probably less than 200 euro) to photograph the bar code containing the KEY on the printed page. Much more efficient. BTW as I've said before this same statement applies to the "passport detonator" FUD. I bet some Iraqis would be more than happy to hide in the bushes with a remote control detonator for far less than 200 Euros. And they will be better at detecting Americans too.
While radioactive elements give a more attractive decay curve, Methane smells more like decay, and is thus less attractive to those with curves.
Only when I am trying to attract hookers
Only if they have the right equipment and are actively seeking the information. When you open a current passport without a chip in it, you are broadcasting to anyone who has thought to install a hidden camera nearby or paid some fanatic or criminal or intelligence agent to hang out with a pair of binoculars, a pencil, and a piece of paper that you are an American citizen. The risk is roughly the same.
I would recommend a rubber band if you feel the need. Less destructive. Although I will give you credit for being more moderate then the microwave and hammer crowd.
Seriously though, I hope by now you have seen that there is a sheild in the cover that prevents this type of skimming.
This is actually a very good question. The answer is twofold:
1) Most contact chips don't last past 5 years, and they wanted a longer validity (10 years in the US case)
2) The chip specification was for the 28 (?) Visa-waiver countries and each of them can have a different passport form factor, so it would be very difficult/expensive to implement a single contact based reader or set of readers for them all. Contactless solves this issue and allows each country to keep whatever form factor they want.
The specifications for this were acutally developed by the International Civil Aviation Organization. Anti-Skimming is not a part of any of those specifications, however data encryption schemes are.
OK OK here you go, but you will have to buy them:
http://www.icao.int/
And a happy RTFA to you. Let's just try your suggestion shall we? Ah! here is an interesting tidbit Mr. Troll - "ID thieves who figure out a way around the security precaution on RFID passports, which includes anti-skimming material in the cover" So actually an inch is terribly optimistic. More like 0 inches really. Unless you open the passport, in which case you undergo the same risk that you do from hidden cameras and fanatics with binoculars and detonators.
Here is the link to the article mentioned in parent.
h .cgi?file=/1954/19743.html
http://www.bbvforums.org/cgi-bin/forums/board-aut
Also, Blackbox did NOT conduct the audit. They recommended two security companies to the COUNTY clerk who hired them in line with his purview to conduct an independent audit. BTW, this is not some random clerk as one poster suggested. County Clerk is an elected office in my county.
Also, there were apparently 3 versions of the voting machine delivered (So which one is the validated one?)
Also, the delivered machines had been marked as having failed acceptance testing BY DIEBOLD.
Also, the memory discrepancy cannot be accounted for by Diebold's font explanation.
Also, apparently Diebold is running around replacing motherboards on other delivered systems.
Question: Why aren't we throwing bricks yet? This is way worse then bad French labor laws.
Note to the literal minded: I am not actually advocating that anyone engage in violent rioting, however a good loud peaceful protest is definitely in order. And I am not one to protest frivolously (see sig)
Yes and this makes me think of another problem:
What if my dog detects that I am home and starts jumping up and down on the door in excitement (as he should) while I am trying to open it? That could cause some interference no?
Also from TFA:
"Another advantage of the technology is that all 'KnocKeys' are the same, if the 'KnocKey' is lost or stolen, it is possible to simply buy another 'KnocKey' and enter your personal code"
So you really don't have a second factor of authentication at all. You just have a PIN that opens your door, using a commoditized detached device. To be fair, they don't claim that you have a second factor, but it gives that illusion.
Boy the more I think about this...
How does that work? How does the device know which code in the (i assume OTP) I am on? If all I have to do is buy any old Knockey and enter my PIN, how does it know? Doesn't add up.
What kind of cheese? Swiss? Cheddar? Muenster? Gouda? Edam? Havarti? Camembert? Bleu? Look this is a cheese shop right? Roquefort? St Jaques? etc.
wrong. There are still 2 important benefits:
1. Contact chips only last 4-5 years. US passports are valid for 10. The contactless chip is more durable. 2. There is no need to attempt to mandate the exact size and shape of 28 countries different passport. Very difficult, especially in the current political climate. Remember that this initiative started when the US said you have to do this to be a visa waiver country. The International Civil Aviation Organization then set the standards. So don't blame just the US for the fact that it's an RFID chip. 28 countries agreed to this because it was the path of least resistance.
Also, I don't think optical codes can store as much data as this RFID chip, but I may be wrong about that
I see your B.S. and raise you!
Or Maybe there's a hidden camera looking through the window reading the passport when the clerk opens it. Or maybe the hotel has a security camera that could read it. Actually that would be a definitely wouldn't it. I say we should issue all passports with invisible ink from now on!
Excellent Question!
US Passports have a validity of 10 years. Modern contact chips in smart cards have an estimated life of 4-5 years. So you would theoretically have to get at least twice as many passports. Also, you can't really just replace passports with smart cards because not every country in the world will be able to read those smartcards at the get go. (Think Chad or other 3rd world countries) so you have to continue to use a typical human readable passport. This program is designed for the 27 or so VISA-waiver countries. There was no way that anyone was going to successfully mandate a single physical form factor for the passports of 28 different sovereign nations, but they were able to (finally) reach an agreement on an embedded chip, interface and some minimal and optional contents. These were the driving reason for contactless, and it is unfortunate that the US State Dept. did not consider privacy from the get go. But thanks to a public outcry, now they have.
Someone else asked what was wrong with the current passports. In a word, the answer is forgery. The new passports include a digital signature across the entire contents of the passport including the photo. So if I as a bad guy, take your passport and try to replace your photo with mine, either the photo on the chip won't match, or if you somehow figure out how to replace the photo on a chip that has had its write mode disabled permanantly, the digital signature will not verify. So with the new passports, the only way to get an undetectable forgery is to get the real thing through the passport office, probably not impossible (think bribes and extortion of issuance officers), but now we have an honest shot at detecting it, and if one does turn up, you might be able to go back and figure out who issued it. This has an additional side benefit in that it makes stealing chip equipped passports worthless. This should help increase the security of travellers who are sometimes attacked or robbed solely for their passport.
Im my opinion, now that steps have been taken to reduce the possibilities of skimming, the benefits of the new passports outweigh the negatives. Schnier's alarmism about the serial numbers is just that. If someone really wants to track people so badly that they will start building databases of those serial numbers and correlating them with information that they have obtained through some justified mechanism, just so that they can track you when you happen to have your passport open anyway, then they are going to track you, and there is not much you can do about it anywyay. This is roughly the same risk as having a hidden camera near a point where you open your passport (or someone opens it for you). It's just to far to go for the limited benefit. The new protections have tipped the balance in favor of the new ePassport, and while Schnier does point out a flaw that is unfortunate, it is certainly repairable in the future, and not "fatal". If the US starts issuing passports without the flaw in the next few years (before all the passports with no chip at all expire) no one will bother trying to attack passport security in this fashion. It just isn't worth it.
If I hear "Oh security doesn't matter because it's a special operating system" someone is going to get such a pinch. arcing!
Yea you can get this kind of thing off the shelf
It is also interesting to note the bias they give PGP here. Basically, there are two good asymmetric key distribution schemes in the world: PGP and PKI.
PGP is very useful if you have a small group or feel you can rely on out of band mechanisms for key distribution. For example, if I have been talking to you on the phone, and say I am going to email you my public key, you can be pretty sure it came from me when it arrives a little later.
In a large organization though, key distribution is more problematic, and this is where PKI excells. For example if I receive a message that purports to be from the CIO telling me to install a patch how can I be sure it is really him and not some random dude(ette)? Ah! because the certificate that contains his public key is digitally signed by an entity that I trust (because they told me that I will trust it when I took the job ). PGP is good for dealing with people you know personally or have met in some fashion. PKI is good for dealing with both people you have met personally, and people that you have not met, but need to be able to exchange secure communication with anyway.
On the other hand PGP is free.
Good post! One nit pick - it's usually called M of N (just in case someone wants to google it). Also hardware scheme won't work for them here, due to the distribted nature of the organization.
I may be misunderstanding you, but generally in digital signing, you don't recover the signing private key, because there is no point to it. Just issue a new one. Key Recovery is only useful for encryption purposes when there is data that is encrypted and will be lost unless you can recover the key. With digital signing, losing the private key (or compromising it) just means you can't use it to sign anymore. You can still validate signatures created with the compromised or lost private key using the public portion of it, which is usually included in the signed object itself. If you have an associated trusted time stamp that is, and the signature predates the compromise event.
I think the OTS code signing certificate is a good idea, and you could entrust the use of it (private key password) to a small group. if you do this, I would highly recommend that if someone that is trusted with the signing duties, or holds part of your multi-part key as detailed above, leaves your organization, that you revoke that certificate (or whatever PGP uses) and issue a new one. I would also recommend trusted timestamping if you are concerned about continuity of validations following a compromise.
Actually the interesting thing about the SWG economy is the degree to which it is managed by SOE. For instance, they have been purposely tooling the economy towards running at a deficit for some time now. Reasoning: A slew of credit duping bugs flooded the galaxies with credits, and they want to siphon off a lot of it. Because it does operate like a sink as the previous poster mentioned, they can simply tighten the spigots to a dribble and open the drains, by decreasing fees paid out for missions and quest rewards, and increasing fees for travel, building and vehicle maintenance etc. Presumably when they have decreased the amount of cash available in the game, they will bring back a more even rate of flow.
Both are correct. Estavez and Sheen stole it from Cusak.
The only reason that SSL continues to work so well, is that it is still not the weakest link in the security chain. As other posters have pointed out, it is much easier to crack the endpoints of an SSL transaction. There are products out there that will keep information encrypted through to your back end servers, but as long as the credit card companies are limiting liability, there will be no public insistence on using them. Q: Who is doing all the writing off of this theft and who is ultimately paying for it? A: The costs of these thefts are hidden in higher prices for products and insurance of course.
A lot of folks around the DC area use dub dub dub. I don't because I am not sure if this qualifies as a soft money contribution.