Okay, so let me just get this straight. Executive summary, "moral of the story," whatever, is...
Don't use agent forwarding when connecting to an untrusted box?
Can you just mandate that as a policy or are there times when you absolutely have to use agent forwarding via an untrusted/DMZed machine? I don't think I've ever used a DMZ machine for agent forwarding, but then again it's not really a feature I've used very heavily.
Well anything that flattens and rasterizes the document will do that -- you could open the PDF in Photoshop and save it out as a JPEG or something if you wanted; the downside of doing this is that it probably increases the size quite a bit, and also breaks accessibility features. You can't use a screenreader or Braille terminal with a rasterized document.
Stands for Venture Capital or Venture Capitalists. Though similar in practice to the Southeast Asian guerillas of the same name, these are native mostly to California.
Having worked with a few, I can understand the confusion.
True, but physical planting of evidence is something that most people actually understand, and it entails a certain amount of risk on the part of the planter (plus, you actually have to have said drugs/guns/bombs/etc. to plant).
By making something that's written on the internet a violation, it means that someone can sit at home with nothing but a computer, and possibly a camera to take photos with, and produce that "evidence."
It lowers the barrier to entry on producing incriminating evidence to a very low level, which is very different (in degree, if not in kind) from what's required to frame someone in a more traditional setting.
Actually all emergency legislation should have expiration dates on it. I.e., anything that's done as a kneejerk response to some particular event: school shootings, 9/11, whatever. Anything made that way ought to have an automatic expiration date associated with it, so that it can be evaluated by clearer minds, further down the road.
I think some sort of system which had two paths for legislation would be good. An "emergency path" that required less votes to close down debate, but could only produce laws valid for the remainder of that legislative body's term, or a "standard path" that required a supermajority that could produce laws that have no expiration date.
Laws produced in response to particular catastrophic events are generally some of the worst legal constructs we have, and are almost always plagued with unintended consequences. While to me this seems like it ought to be obvious (using the legal system to solve or react to a particular social problem is like using a Minuteman III to kill a fly), Congress too often falls into the trap of just "doing something" because they want to justify their paychecks, and they deepen the legal morass that we're in as a nation.
Yeah I was thinking about that as well. It would be particularly effective if you had multiple people doing it: create a small army of fictitious students online, with blogs and MySpace sites and the rest of it, and all allude to various corrupt and/or criminal activities going on by the staff.
The only downside is that allegations like that generally get looked into much more closely than allegations of misconduct by a student, meaning that the people making the blogs/sites would have to be much more careful to cover their tracks, because while I doubt that a school administrator is going to be able to get a subpoena to figure out the identity of someone behind an IP address, when the State Police are investigating sexual abuse, they probably can.
Still, it would sure be an amusing way to dick with the people responsible for such an inane policy. What's sauce for the goose is sauce for the gander.
Reminds me why the day I walked out of my high school was the happiest day of my life. (No, I never formally graduated.) It seems as though the level of jackassery is even higher today than it was then. I'm sort of surprised more students don't snap and go crazy. I guess more of them are probably on Prozac, too.
Yeah but none of those things are conclusive, or couldn't be forged.
Let's say there was some kid I really didn't like, named Joe Smith. So first, I go onto GMail, and make an account for Joe.Smith@gmail.com. Then, I go register to MySpace with that email address. While I'm standing around at school, with my cellphone or other small camera, I grab a few photos of Joe. I post those up to "his" MySpace page.
I develop this page for a few weeks, because I have nothing better to do, and this lends it more credibility. Nobody notices, because of course I haven't actually told anyone who knows the real Joe Smith about it. I start posting some racy stuff. Nothing that would get the Feds / Police / DEA involved, but some stuff that the school admin people wouldn't like. Maybe how I think they're real assholes, and how I wish they would do biologically impossible and reproductively unproductive things with themselves. Or maybe I mention some low-level criminal activity: shoplifting, marijuana, drinking, etc. Allude to underage sex -- there's nothing to get puritanical hearts racing like the thoughts of 17-year-olds getting it on. (Or, for even more effective hell-raising, dig up some good dirt on Joe that's actually true -- everybody has some skeletons in the closet, even at 17 -- and post that to the web page. That makes it harder for him to deny later and increases the potential damage inflicted on his friends.)
Then, after I've established this for a little while, I drop a dime on "Joe's" online presence, or maybe I just mention it to somebody else's parent (one of those everything-is-my-business, moralistic asshole types). They check out the webpage, and do the predictable kneejerk thing and immediately go to the school principal/headmaster asking for Joe Smith's head on a plate. The administrator looks up the MySpace page in question, finds incriminating text, finds GMail account in Joe's name that's connected.... that's all the evidence they need. Page, photos, email: what more could you want? They toss Joe in front of a kangaroo court (if they even have to do that), where all Joe can do is blubber that it's not his page. But of course the photos are of him, and it's his name on the email... so he just looks like a liar. Nobody will believe him.
End result: Joe gets suspended, suspension goes on his permanent record, messes up his chance to go to Princeton, he ends up going to community college and hanging himself while coming off of some bad LSD in his parents basement five years later. Or maybe just going to some other college. Whatever. The point is I was able to fuck with his life without really having to do anything -- I just created some stuff online, revealing nothing about myself besides an IP address (which the school probably wouldn't be able to trace back to me, especially if I was smart enough to use a proxy), and fucked up someone else's life hardcore.
That's the problem with policies like this: they don't take into account the fact that people will try to manipulate them to harm others, either for their own gain or just for the sheer hell of hurting other people. They're designed shortsightedly, and that's why they're almost always a very, very bad idea.
If all you did was store the key on the card in some encrypted form, and send that every time the card was swiped, you wouldn't have added any security.
The way most (insecure) RFID systems work is like this. Reader: What is your key? Card: My key is 123456. Reader: (consults lookup table to see if that key is authorized)... (opens door).
Since the key is being transmitted in the clear, it's trivial for someone to snoop on the conversation and then repeat that key to the reader, and also open the door. This happens whether the key is encrypted or not: if all the card has to do is transmit something, and the result is that the door opens, then you can sniff that transmission and use it to open the door.
The cards with "encryption capabilities" don't just store encrypted information, they actually do the encryption on the card. At least this is my understanding of them. There are some smartcards that do stuff like this also. I assume that their "conversation" with a reader is something like this:
Reader: What is your public key? Card: (sends its public key) Reader: The time now is "20060525131827"... authenticate. Card: (takes timestamp from reader, and appends it to its owner's secret identity string and other salt, then encrypts it with its private key) I authenticate with "6baff175ed8a185356d0bc66c892a974" Reader: (attempts to decrypt card's authentication string with the public key previously sent, if successful, checks the owner's identity string against lookup table)... Authentication okay... (door opens)
In the latter case, the challenge-response key exchange ensures that even if someone is snooping on the entire transaction, they don't get anything of value. This would not be possible unless the card had enough logic to do the encryption on its own.
There might be more-secure ways to do this than the way I'm envisioning, but I think this at least avoids having the key blasted out into the RF in an unencrypted form that could be easily reused.
I have to hand it to that guy, that's some pretty brilliant homebrew. (He even has a home-built PCB router!)
He's right though that if you did a multilayer board that you could make the device a lot smaller; and I tend to wonder if you used an FPGA if you couldn't make it even smaller, down to around key-fob size. At any rate, he already seems to have achieved the "cigarette pack" size benchmark for a portable device, or close to it.
From his "Security Implications" section:
I could also exploit the fact the distance at which the cards will be powered is less than the distance at which they can be read; if another reader is exciting the card then my reader can read that card from the other side of a wall!
This means that a sniffer concealed somewhere near a legitimate reader could intercept real transactions at a significant distance. This sort of attack is particularly good because the card repeats its id over and over as long as it is in the field, so that I could use signal processing techniques to combine multiple copies of the pattern to further improve my read range. This is easy--if I sample all 64 bits of the id then I don't have to get word-sync, and if I oversample then I don't even have to get bit-sync. Even if I capture the id with a few bit errors it is still useful; I could try the captured id, then every id with a Hamming distance of 1 from the captured id (one bit flipped), then 2, and so on. One or two bit errors would take seconds; three would take minutes.
I think this is worth pointing out, because most people think of RFID cards as line-of-sight devices. But there's nothing stopping someone from burying a sniffer on the other side of the wall that the reader is mounted on, or maybe some distance away if they have a high-gain receive antenna and some good pre-amplification and filtering (not too hard: they're only trying to receive on one very particular frequency, so the whole setup can be tuned for that purpose).
It's also worth noting the date on that article: October 2003. It's almost three years old at this point -- and I'm not convinced that RFID equipment has gotten any smarter, the installed base has increased significantly. The demand for sniffing equipment is going to be pretty big, and there are a lot of grey-market factories in Asia (like the ones that make console mod-chips) that will be happy to supply the hardware.
Yeah I started thinking about this as well, when I first saw those MasterCard and Amex credit cards that have embedded RFID chips so that you can use them to pay for things without having them swiped. (I forget what the system is called...FastPay? SpeedPay?)
I don't know whether they use the encrypting chips or not, but my feeling is that they probably don't. Call me cynical, but I have a feeling that if an encrypting chip costs 2,000% more than a non-encrypting one, the credit card companies are probably going to go with the cheaper route and just figure that they'll make up the costs of fraud with the savings.
Plus, there are other kinds of RFID cards besides credit ones: in the Washington, DC area, the Metro system uses RFID cards for payment of fares and parking, and it's not uncommon for people to keep a hundred bucks or more stored on their account (figure they load it once a month and pay for two metro fares and parking every day, that could be $250+), depending on the fare. I'm almost positive that those cards aren't encrypted: all they do is chirp back a serial number, which is then looked up in the system to find the value associated with it.
If you could build a small "harvester," a passive receiver that you put next to a legitimate RFID scanner and which recorded the transmissions of all the cards swiped past it, you could probably get hundreds of numbers a day, from any number of places in the metro system. (Next to a scanner on the exit of a parking garage, etc.) And depending what the frequencies are that the MasterCards use, you might get their numbers as well, if they're activated by the Metro cards' scanners.
I foresee a huge demand for shielded wallets and card-carriers, once the first large-scale RFID scams hit. And they're going to, sooner or later. The public is just setting itself up for a giant reaming: right now is the calm before the storm, because the black-hat technology hasn't been developed or perfected to the point where any idiot script kiddie can use it. When it gets to that point, and I suspect that it will eventually, people's unwarranted feelings of personal security are going to be deflated in a hurry. It's not going to be pretty.
I'm not sure I'm understanding what you're saying. Of course the keypad is digital. My keyboard is digital. Pretty much anything except for a mechanical combination lock is going to be "digital." (Well, even that you can argue is 'digital,' in the non-computerized sense of the term.)
Are you saying that the keypad appears on a screen, with the numbers in a random order in the array? E.g., so that some person might get a keypad numbered [[6,2,9][5,4,7][8,1,3]] and the next person would get [[3,8,4][5,2,1][6,9,7]]?
Seems like a system like that, which requires a touch-screen instead of a regular el-cheapo numeric keypad, would be pretty expensive to implement. If you have a small number of chokepoints where you can put them, it might work, but if you're trying to secure all the exterior doors of a large number of buildings, I could see it getting prohibitively expensive fast.
I have seen a lot of places that use Prox-Cards as their only form of authentication for access control: for whatever reason, people seem to think they're "more secure" than swipe cards. They were actually implemented at a place that I worked a few years ago this way, and I argued against them because of the RFID interception risk, but I got shot down by the PHB's and the system vendors, who said this was 'totally impossible.' I was tempted to try and figure out how to intercept the transmission, but I never had the time to get started.
If you provide an constant, optimum climate for your strain, however, there wouldn't be a great deal of evolutionary pressure forcing them to mutate into non-viable types.
I'm not sure this is a good assumption. If the bacteria were a product of genetic engineering and not selective breeding in that environment, they might be easily overwhelmed by a mutant strain that was more suited to the environment, but less useful to us. For example, we might engineer bacteria that produce electricity, but do it at the expense of reproduction rate. If a mutant strain appeared that didn't have that characteristic (i.e. if it didn't produce as much electricity but reproduced faster) then it would probably overtake the preferred/engineered strain.
I think what you'd want to do is probably have a supply of preserved "first generation" (or "zero generation") bacteria, and every once in a while sterilize the production tanks, kill off all the mutant bugs that have bred there over the interim period, and re-stock it with fresh stuff.
Or just use a fresh starter of bacteria for each batch. That's basically what bakers do today with yeasts: in the past, a good bakery would have had a 'starter' filled with yeast, which they'd put a small piece of into each batch of dough. Over time, particular bakeries ended up having particular strains of yeast, which makes for interesting flavors of bread but probably isn't a great idea if you're making industrial products. So instead you do what most bakeries do now: just treat the yeast as consumable, and add some fresh stuff to each new batch, ensuring that it doesn't make it into subsequent batches. That improves quality control, and doesn't give the yeast an opportunity to mutate very much.
All of this of course is dependent on the ability to preserve the bacteria while they're not actively reproducing. This is fairly trivial with yeasts (those little packets have a shelf life of a few years!), but might not be with the bacteria in question.
It is true that it's old, but the article also describes TAGES as a spinoff company created to market a particular copy-protection scheme which was invented by two other, much bigger, companies.
Now, perhaps I am displaying a personal bias here, but I generally don't expect a whole lot from such spinoffs. They have one core technology, and they're going to milk it for all it's worth: dress it up in whatever clothing they can, call it whatever names they can invent for it, and generally run with it as far as it'll take them. The two systems described in the CDFreaks article (the original TAGES system and the updated 2004 system) are both the same thing, just with some additional layers of obfuscation tossed onto the second scheme. I don't think there's any reason to believe that this third generation will be anything different. It's probably the same technology or concept at its core, with varying degrees of stuff tacked on.
At any rate, when this system gets broken I look forward to reading all about it.
I thought it was interesting that the one thing that the summary didn't link to was any information on the new scheme, TAGES.
A quick Google brought me to their site. It's mostly corporate PR-speak fluff, but there are some hints there:
Our main technical asset is our specific mastering process which builds up a programmable "secure area" on the disc. The secured area is used to protect useful application data sets or encryption keys.... With TAGES(TM) there will never be a generic crack, and there will never be one-to-one copies. It is physically impossible.... Nevertheless, we consider emulators to be a real threat and have all the necessary flexibility to be able to react immediately, with much more powerful solutions than blacklists - which are a very limited answer to emulation.
I don't buy the whole "physical impossibility" part. If you can read the data off of the disk with their special APIs and drivers, then those drivers can be reverse-engineered and someone else peel the data off and distribute a hacked version. The data is there, on the disk, they're just storing it in a way that the system can't normally access, without special code that they license out and allow software developers to integrate into their protected application. It's the same thing that game developers have done for years -- there were some old Apple II titles that did strange things with the floppy drive in order to pull off similar tricks.
*yawn* At any rate, just more security through obscurity. Not that I care, particularly, as I don't run Windows (or, for that matter, play games), but I find the whole area interesting enough to keep an eye on.
No, actually I don't think that's a correct usage of "it's" and "its."
He should have used "it's" in both cases. (Because "it's" is a contraction of "it is," while "its" is the possessive.) If you read it to yourself, replacing the apostrophe with the individual words, it becomes more clear.
For example, "whether it's why its slow..." I think should parse as 'whether it is why it is slow...' (which makes sense, if only as a fragment). So "its" in the article should correctly be "it's."
You can't have "why its", because the word 'why' can't possess anything. (Well, you could potentially have a question -- "Why its?" -- but that doesn't make sense in the context of the summary.) Frankly, the author would have been best served by dumping all the contractions and just running with the extra words: the few extra characters would have been worth not making the reader have to sound out the sentence in order to figure out what was meant.
I'd say the article is typical at 1 out of 3 correct, but still manages to be nonsensical for other reasons.
Most places now use credit-card like account-debit systems, rather than bearer stamps, for their "food stamp" programs, making this much more difficult to do.
You could I suppose borrow someone's foodstamp card, buy stuff with it, and then give it back, but you can't just buy x stamps and walk away with them. Not that there aren't junkies probably willing to trade the whole card for enough cash, but it doesn't allow for the sort of black-market arbitrage that used to exist with the real stamps.
YMMV, of course -- but it's been a long time since I've seen actual stamps in use, though. (This is in New England.)
Lastly, it is interesting to note that there is only one existing glabal standard for power, adopted in every nation: Power Over Ethernet. Same plug, same supply, same logic, all over the planet, for the few folks that use it.
What about automobile cigarette lighter plugs?
They're a pretty much worldwide de facto standard (with the exception I guess of some older vehicles that don't have 12V electrical systems). Is there anyplace that doesn't use the standard connector?
Back when the Schiavo thing was going on, somebody made what I thought was a reasonably apt computer analogy. I'll paraphrase as best I can (and apologies to whoever originally came up with it).
Being comatose is like a computer crashing. It can happen for a variety of reasons, hardware (injury) or software (psychological), and sometimes it's fixed by letting the system reboot itself (persn sits there until they wake up).
PVS is a lower-level issue. It's like having a device get bricked because the firmware gets hosed. Some low-level stuff might work, and the hardware might or might not be okay, but nothing's running on it.
The Schiavo case was like opening up a computer's case, and realizing that somebody's stolen the CPU, RAM, and motherboard, and replaced everything with the contents of the small-electronic-parts drawer at Radio Shack. You can try to reboot or re-flash that thing all you want, but it's never going to come back on.
I'm sure there's probably a bad car analogy in there somewhere, too.
Actually a foot pedal is a much better idea than a hand crank, if you are going to offer some sort of alternative power source. At least a person could conceivably use the computer while it's being charged that way, instead of having to stop using the computer every few minutes to crank it back up.
Actually I think the best thing they could do is make a charging circuit that accepts a very wide range of input voltages and frequencies, and then provide a variety of methods for providing power. Hand cranks, foot pedals, stationary bicycles, whatever. It's not hard to make a little generator out of an old AC motor and the back end of a bicycle set up on blocks (it's not terribly efficient either, granted), and you could charge a whole lot of laptops at once that way. The thing that's prohibitive about setting something like that up in the third world would be cleaning and regulating the power to the requirements of most portable devices. But if you designed the device to accept a big voltage and frequency range, I think people would figure out how to power it, if you gave them some ideas. In many cases, people may already have a source of mechanical power that's superior to muscle power, it's just a question of making the system adaptable.
Oh, and use a plug that's not horrendously obnoxious to work with. I'd say the best thing to do would be to use dual-bananna plugs as inputs on the laptop itself (maybe half-depth), since you can pretty easily shove a piece of bare wire in there if you needed to.
That's also price discrimination; it only works because you can't easily resell medical care.
Otherwise, I'd find some bum on the street, pay him fifty bucks to go into the medical center and get my "care," then buy it off of him for less than I'd actually pay.
There's a reason you don't see too many 'sliding scales' used for physical goods: it's too easy to turn around and resell them. Really, you can only vary the prices by less than it would cost to transport the good to an area where prices are higher. (Unless you have some artificial scheme for preventing the movement of goods, i.e. DVD region codes.) Otherwise, it doesn't take Adam Smith to figure out that people will just ship the low-priced goods to the areas where they sell for more, undercut the "official" channel, and make a profit.
And if they do intend to engage in price discrimination, I hope they have found a way to prevent arbitrage, or else people may make businesses out of buying them at $100 and selling them at ~$200...
What you imply is that if a culture suppresses criticism from itself, it should be immune from all criticism. That is a double standard. Further, you imply that the validity of a critique depends not on what it says but on who says it. That's ad-hominem. It's standard leftist ideology, and it's amazing that any person can espouse it and claim to be educated; the cognitive dissonance required to hold it should break any functioning mind.
Actually, in my experience, it's only "educated" people that espouse it. As the saying goes, you'd have to hold several advanced degrees to be that stupid.
Most reasonably intelligent people with a high-school education can figure out that something can be true or false, good advice or bad, independent of where it's coming from; it seems to be universities (and particular departments of universities) that convince people that the source of a particular viewpoint is more important than its content, and that some viewpoints are more valid than others.
At any rate, bull on that. While I'm not saying that some people don't have more background or authority on which to speak from than others, to blindly write off "external" criticism amounts to sticking one's head in the sand (especially in cases where most if not all "internal" criticism is suppressed or self-censored). That sort of litmus testing is totally contrary to the pursuit of knowledge, truth, and greater understanding; unfortunately, it's almost endemic in some places.
Okay, so let me just get this straight. Executive summary, "moral of the story," whatever, is...
Don't use agent forwarding when connecting to an untrusted box?
Can you just mandate that as a policy or are there times when you absolutely have to use agent forwarding via an untrusted/DMZed machine? I don't think I've ever used a DMZ machine for agent forwarding, but then again it's not really a feature I've used very heavily.
Well anything that flattens and rasterizes the document will do that -- you could open the PDF in Photoshop and save it out as a JPEG or something if you wanted; the downside of doing this is that it probably increases the size quite a bit, and also breaks accessibility features. You can't use a screenreader or Braille terminal with a rasterized document.
Stands for Venture Capital or Venture Capitalists. Though similar in practice to the Southeast Asian guerillas of the same name, these are native mostly to California.
Having worked with a few, I can understand the confusion.
True, but physical planting of evidence is something that most people actually understand, and it entails a certain amount of risk on the part of the planter (plus, you actually have to have said drugs/guns/bombs/etc. to plant).
By making something that's written on the internet a violation, it means that someone can sit at home with nothing but a computer, and possibly a camera to take photos with, and produce that "evidence."
It lowers the barrier to entry on producing incriminating evidence to a very low level, which is very different (in degree, if not in kind) from what's required to frame someone in a more traditional setting.
Actually all emergency legislation should have expiration dates on it. I.e., anything that's done as a kneejerk response to some particular event: school shootings, 9/11, whatever. Anything made that way ought to have an automatic expiration date associated with it, so that it can be evaluated by clearer minds, further down the road.
I think some sort of system which had two paths for legislation would be good. An "emergency path" that required less votes to close down debate, but could only produce laws valid for the remainder of that legislative body's term, or a "standard path" that required a supermajority that could produce laws that have no expiration date.
Laws produced in response to particular catastrophic events are generally some of the worst legal constructs we have, and are almost always plagued with unintended consequences. While to me this seems like it ought to be obvious (using the legal system to solve or react to a particular social problem is like using a Minuteman III to kill a fly), Congress too often falls into the trap of just "doing something" because they want to justify their paychecks, and they deepen the legal morass that we're in as a nation.
Good point; I stand corrected on saying that your way couldn't be correct, it certainly could be in that context.
Yeah I was thinking about that as well. It would be particularly effective if you had multiple people doing it: create a small army of fictitious students online, with blogs and MySpace sites and the rest of it, and all allude to various corrupt and/or criminal activities going on by the staff.
The only downside is that allegations like that generally get looked into much more closely than allegations of misconduct by a student, meaning that the people making the blogs/sites would have to be much more careful to cover their tracks, because while I doubt that a school administrator is going to be able to get a subpoena to figure out the identity of someone behind an IP address, when the State Police are investigating sexual abuse, they probably can.
Still, it would sure be an amusing way to dick with the people responsible for such an inane policy. What's sauce for the goose is sauce for the gander.
Reminds me why the day I walked out of my high school was the happiest day of my life. (No, I never formally graduated.) It seems as though the level of jackassery is even higher today than it was then. I'm sort of surprised more students don't snap and go crazy. I guess more of them are probably on Prozac, too.
Yeah but none of those things are conclusive, or couldn't be forged.
.... that's all the evidence they need. Page, photos, email: what more could you want? They toss Joe in front of a kangaroo court (if they even have to do that), where all Joe can do is blubber that it's not his page. But of course the photos are of him, and it's his name on the email ... so he just looks like a liar. Nobody will believe him.
Let's say there was some kid I really didn't like, named Joe Smith. So first, I go onto GMail, and make an account for Joe.Smith@gmail.com. Then, I go register to MySpace with that email address. While I'm standing around at school, with my cellphone or other small camera, I grab a few photos of Joe. I post those up to "his" MySpace page.
I develop this page for a few weeks, because I have nothing better to do, and this lends it more credibility. Nobody notices, because of course I haven't actually told anyone who knows the real Joe Smith about it. I start posting some racy stuff. Nothing that would get the Feds / Police / DEA involved, but some stuff that the school admin people wouldn't like. Maybe how I think they're real assholes, and how I wish they would do biologically impossible and reproductively unproductive things with themselves. Or maybe I mention some low-level criminal activity: shoplifting, marijuana, drinking, etc. Allude to underage sex -- there's nothing to get puritanical hearts racing like the thoughts of 17-year-olds getting it on. (Or, for even more effective hell-raising, dig up some good dirt on Joe that's actually true -- everybody has some skeletons in the closet, even at 17 -- and post that to the web page. That makes it harder for him to deny later and increases the potential damage inflicted on his friends.)
Then, after I've established this for a little while, I drop a dime on "Joe's" online presence, or maybe I just mention it to somebody else's parent (one of those everything-is-my-business, moralistic asshole types). They check out the webpage, and do the predictable kneejerk thing and immediately go to the school principal/headmaster asking for Joe Smith's head on a plate. The administrator looks up the MySpace page in question, finds incriminating text, finds GMail account in Joe's name that's connected
End result: Joe gets suspended, suspension goes on his permanent record, messes up his chance to go to Princeton, he ends up going to community college and hanging himself while coming off of some bad LSD in his parents basement five years later. Or maybe just going to some other college. Whatever. The point is I was able to fuck with his life without really having to do anything -- I just created some stuff online, revealing nothing about myself besides an IP address (which the school probably wouldn't be able to trace back to me, especially if I was smart enough to use a proxy), and fucked up someone else's life hardcore.
That's the problem with policies like this: they don't take into account the fact that people will try to manipulate them to harm others, either for their own gain or just for the sheer hell of hurting other people. They're designed shortsightedly, and that's why they're almost always a very, very bad idea.
If all you did was store the key on the card in some encrypted form, and send that every time the card was swiped, you wouldn't have added any security.
... (opens door).
... authenticate. ... Authentication okay ... (door opens)
The way most (insecure) RFID systems work is like this.
Reader: What is your key?
Card: My key is 123456.
Reader: (consults lookup table to see if that key is authorized)
Since the key is being transmitted in the clear, it's trivial for someone to snoop on the conversation and then repeat that key to the reader, and also open the door. This happens whether the key is encrypted or not: if all the card has to do is transmit something, and the result is that the door opens, then you can sniff that transmission and use it to open the door.
The cards with "encryption capabilities" don't just store encrypted information, they actually do the encryption on the card. At least this is my understanding of them. There are some smartcards that do stuff like this also. I assume that their "conversation" with a reader is something like this:
Reader: What is your public key?
Card: (sends its public key)
Reader: The time now is "20060525131827"
Card: (takes timestamp from reader, and appends it to its owner's secret identity string and other salt, then encrypts it with its private key) I authenticate with "6baff175ed8a185356d0bc66c892a974"
Reader: (attempts to decrypt card's authentication string with the public key previously sent, if successful, checks the owner's identity string against lookup table)
In the latter case, the challenge-response key exchange ensures that even if someone is snooping on the entire transaction, they don't get anything of value. This would not be possible unless the card had enough logic to do the encryption on its own.
There might be more-secure ways to do this than the way I'm envisioning, but I think this at least avoids having the key blasted out into the RF in an unencrypted form that could be easily reused.
He's right though that if you did a multilayer board that you could make the device a lot smaller; and I tend to wonder if you used an FPGA if you couldn't make it even smaller, down to around key-fob size. At any rate, he already seems to have achieved the "cigarette pack" size benchmark for a portable device, or close to it.
From his "Security Implications" section:I think this is worth pointing out, because most people think of RFID cards as line-of-sight devices. But there's nothing stopping someone from burying a sniffer on the other side of the wall that the reader is mounted on, or maybe some distance away if they have a high-gain receive antenna and some good pre-amplification and filtering (not too hard: they're only trying to receive on one very particular frequency, so the whole setup can be tuned for that purpose).
It's also worth noting the date on that article: October 2003. It's almost three years old at this point -- and I'm not convinced that RFID equipment has gotten any smarter, the installed base has increased significantly. The demand for sniffing equipment is going to be pretty big, and there are a lot of grey-market factories in Asia (like the ones that make console mod-chips) that will be happy to supply the hardware.
Yeah I started thinking about this as well, when I first saw those MasterCard and Amex credit cards that have embedded RFID chips so that you can use them to pay for things without having them swiped. (I forget what the system is called...FastPay? SpeedPay?)
I don't know whether they use the encrypting chips or not, but my feeling is that they probably don't. Call me cynical, but I have a feeling that if an encrypting chip costs 2,000% more than a non-encrypting one, the credit card companies are probably going to go with the cheaper route and just figure that they'll make up the costs of fraud with the savings.
Plus, there are other kinds of RFID cards besides credit ones: in the Washington, DC area, the Metro system uses RFID cards for payment of fares and parking, and it's not uncommon for people to keep a hundred bucks or more stored on their account (figure they load it once a month and pay for two metro fares and parking every day, that could be $250+), depending on the fare. I'm almost positive that those cards aren't encrypted: all they do is chirp back a serial number, which is then looked up in the system to find the value associated with it.
If you could build a small "harvester," a passive receiver that you put next to a legitimate RFID scanner and which recorded the transmissions of all the cards swiped past it, you could probably get hundreds of numbers a day, from any number of places in the metro system. (Next to a scanner on the exit of a parking garage, etc.) And depending what the frequencies are that the MasterCards use, you might get their numbers as well, if they're activated by the Metro cards' scanners.
I foresee a huge demand for shielded wallets and card-carriers, once the first large-scale RFID scams hit. And they're going to, sooner or later. The public is just setting itself up for a giant reaming: right now is the calm before the storm, because the black-hat technology hasn't been developed or perfected to the point where any idiot script kiddie can use it. When it gets to that point, and I suspect that it will eventually, people's unwarranted feelings of personal security are going to be deflated in a hurry. It's not going to be pretty.
Except the keypad is digital...
Huh?
I'm not sure I'm understanding what you're saying. Of course the keypad is digital. My keyboard is digital. Pretty much anything except for a mechanical combination lock is going to be "digital." (Well, even that you can argue is 'digital,' in the non-computerized sense of the term.)
Are you saying that the keypad appears on a screen, with the numbers in a random order in the array? E.g., so that some person might get a keypad numbered [[6,2,9][5,4,7][8,1,3]] and the next person would get [[3,8,4][5,2,1][6,9,7]]?
Seems like a system like that, which requires a touch-screen instead of a regular el-cheapo numeric keypad, would be pretty expensive to implement. If you have a small number of chokepoints where you can put them, it might work, but if you're trying to secure all the exterior doors of a large number of buildings, I could see it getting prohibitively expensive fast.
I have seen a lot of places that use Prox-Cards as their only form of authentication for access control: for whatever reason, people seem to think they're "more secure" than swipe cards. They were actually implemented at a place that I worked a few years ago this way, and I argued against them because of the RFID interception risk, but I got shot down by the PHB's and the system vendors, who said this was 'totally impossible.' I was tempted to try and figure out how to intercept the transmission, but I never had the time to get started.
At any rate, I don't work there anymore.
If you provide an constant, optimum climate for your strain, however, there wouldn't be a great deal of evolutionary pressure forcing them to mutate into non-viable types.
I'm not sure this is a good assumption. If the bacteria were a product of genetic engineering and not selective breeding in that environment, they might be easily overwhelmed by a mutant strain that was more suited to the environment, but less useful to us. For example, we might engineer bacteria that produce electricity, but do it at the expense of reproduction rate. If a mutant strain appeared that didn't have that characteristic (i.e. if it didn't produce as much electricity but reproduced faster) then it would probably overtake the preferred/engineered strain.
I think what you'd want to do is probably have a supply of preserved "first generation" (or "zero generation") bacteria, and every once in a while sterilize the production tanks, kill off all the mutant bugs that have bred there over the interim period, and re-stock it with fresh stuff.
Or just use a fresh starter of bacteria for each batch. That's basically what bakers do today with yeasts: in the past, a good bakery would have had a 'starter' filled with yeast, which they'd put a small piece of into each batch of dough. Over time, particular bakeries ended up having particular strains of yeast, which makes for interesting flavors of bread but probably isn't a great idea if you're making industrial products. So instead you do what most bakeries do now: just treat the yeast as consumable, and add some fresh stuff to each new batch, ensuring that it doesn't make it into subsequent batches. That improves quality control, and doesn't give the yeast an opportunity to mutate very much.
All of this of course is dependent on the ability to preserve the bacteria while they're not actively reproducing. This is fairly trivial with yeasts (those little packets have a shelf life of a few years!), but might not be with the bacteria in question.
It is true that it's old, but the article also describes TAGES as a spinoff company created to market a particular copy-protection scheme which was invented by two other, much bigger, companies.
Now, perhaps I am displaying a personal bias here, but I generally don't expect a whole lot from such spinoffs. They have one core technology, and they're going to milk it for all it's worth: dress it up in whatever clothing they can, call it whatever names they can invent for it, and generally run with it as far as it'll take them. The two systems described in the CDFreaks article (the original TAGES system and the updated 2004 system) are both the same thing, just with some additional layers of obfuscation tossed onto the second scheme. I don't think there's any reason to believe that this third generation will be anything different. It's probably the same technology or concept at its core, with varying degrees of stuff tacked on.
At any rate, when this system gets broken I look forward to reading all about it.
OF COURSE the magnetic field is going to be a bit assymetrical.
... that means we're ... where?
Assymetrical?
So if Voyager II found a bulge
A quick Google brought me to their site. It's mostly corporate PR-speak fluff, but there are some hints there:
I don't buy the whole "physical impossibility" part. If you can read the data off of the disk with their special APIs and drivers, then those drivers can be reverse-engineered and someone else peel the data off and distribute a hacked version. The data is there, on the disk, they're just storing it in a way that the system can't normally access, without special code that they license out and allow software developers to integrate into their protected application. It's the same thing that game developers have done for years -- there were some old Apple II titles that did strange things with the floppy drive in order to pull off similar tricks.
*yawn* At any rate, just more security through obscurity. Not that I care, particularly, as I don't run Windows (or, for that matter, play games), but I find the whole area interesting enough to keep an eye on.
No, actually I don't think that's a correct usage of "it's" and "its."
He should have used "it's" in both cases. (Because "it's" is a contraction of "it is," while "its" is the possessive.) If you read it to yourself, replacing the apostrophe with the individual words, it becomes more clear.
For example, "whether it's why its slow..." I think should parse as 'whether it is why it is slow...' (which makes sense, if only as a fragment). So "its" in the article should correctly be "it's."
You can't have "why its", because the word 'why' can't possess anything. (Well, you could potentially have a question -- "Why its?" -- but that doesn't make sense in the context of the summary.) Frankly, the author would have been best served by dumping all the contractions and just running with the extra words: the few extra characters would have been worth not making the reader have to sound out the sentence in order to figure out what was meant.
I'd say the article is typical at 1 out of 3 correct, but still manages to be nonsensical for other reasons.
Most places now use credit-card like account-debit systems, rather than bearer stamps, for their "food stamp" programs, making this much more difficult to do.
You could I suppose borrow someone's foodstamp card, buy stuff with it, and then give it back, but you can't just buy x stamps and walk away with them. Not that there aren't junkies probably willing to trade the whole card for enough cash, but it doesn't allow for the sort of black-market arbitrage that used to exist with the real stamps.
YMMV, of course -- but it's been a long time since I've seen actual stamps in use, though. (This is in New England.)
Lastly, it is interesting to note that there is only one existing glabal standard for power, adopted in every nation: Power Over Ethernet. Same plug, same supply, same logic, all over the planet, for the few folks that use it.
What about automobile cigarette lighter plugs?
They're a pretty much worldwide de facto standard (with the exception I guess of some older vehicles that don't have 12V electrical systems). Is there anyplace that doesn't use the standard connector?
Back when the Schiavo thing was going on, somebody made what I thought was a reasonably apt computer analogy. I'll paraphrase as best I can (and apologies to whoever originally came up with it).
Being comatose is like a computer crashing. It can happen for a variety of reasons, hardware (injury) or software (psychological), and sometimes it's fixed by letting the system reboot itself (persn sits there until they wake up).
PVS is a lower-level issue. It's like having a device get bricked because the firmware gets hosed. Some low-level stuff might work, and the hardware might or might not be okay, but nothing's running on it.
The Schiavo case was like opening up a computer's case, and realizing that somebody's stolen the CPU, RAM, and motherboard, and replaced everything with the contents of the small-electronic-parts drawer at Radio Shack. You can try to reboot or re-flash that thing all you want, but it's never going to come back on.
I'm sure there's probably a bad car analogy in there somewhere, too.
Actually a foot pedal is a much better idea than a hand crank, if you are going to offer some sort of alternative power source. At least a person could conceivably use the computer while it's being charged that way, instead of having to stop using the computer every few minutes to crank it back up.
Actually I think the best thing they could do is make a charging circuit that accepts a very wide range of input voltages and frequencies, and then provide a variety of methods for providing power. Hand cranks, foot pedals, stationary bicycles, whatever. It's not hard to make a little generator out of an old AC motor and the back end of a bicycle set up on blocks (it's not terribly efficient either, granted), and you could charge a whole lot of laptops at once that way. The thing that's prohibitive about setting something like that up in the third world would be cleaning and regulating the power to the requirements of most portable devices. But if you designed the device to accept a big voltage and frequency range, I think people would figure out how to power it, if you gave them some ideas. In many cases, people may already have a source of mechanical power that's superior to muscle power, it's just a question of making the system adaptable.
Oh, and use a plug that's not horrendously obnoxious to work with. I'd say the best thing to do would be to use dual-bananna plugs as inputs on the laptop itself (maybe half-depth), since you can pretty easily shove a piece of bare wire in there if you needed to.
That's also price discrimination; it only works because you can't easily resell medical care.
Otherwise, I'd find some bum on the street, pay him fifty bucks to go into the medical center and get my "care," then buy it off of him for less than I'd actually pay.
There's a reason you don't see too many 'sliding scales' used for physical goods: it's too easy to turn around and resell them. Really, you can only vary the prices by less than it would cost to transport the good to an area where prices are higher. (Unless you have some artificial scheme for preventing the movement of goods, i.e. DVD region codes.) Otherwise, it doesn't take Adam Smith to figure out that people will just ship the low-priced goods to the areas where they sell for more, undercut the "official" channel, and make a profit.
And if they do intend to engage in price discrimination, I hope they have found a way to prevent arbitrage, or else people may make businesses out of buying them at $100 and selling them at ~$200...
Yeah, the free market is a bitch like that.
What you imply is that if a culture suppresses criticism from itself, it should be immune from all criticism. That is a double standard. Further, you imply that the validity of a critique depends not on what it says but on who says it. That's ad-hominem. It's standard leftist ideology, and it's amazing that any person can espouse it and claim to be educated; the cognitive dissonance required to hold it should break any functioning mind.
Actually, in my experience, it's only "educated" people that espouse it. As the saying goes, you'd have to hold several advanced degrees to be that stupid.
Most reasonably intelligent people with a high-school education can figure out that something can be true or false, good advice or bad, independent of where it's coming from; it seems to be universities (and particular departments of universities) that convince people that the source of a particular viewpoint is more important than its content, and that some viewpoints are more valid than others.
At any rate, bull on that. While I'm not saying that some people don't have more background or authority on which to speak from than others, to blindly write off "external" criticism amounts to sticking one's head in the sand (especially in cases where most if not all "internal" criticism is suppressed or self-censored). That sort of litmus testing is totally contrary to the pursuit of knowledge, truth, and greater understanding; unfortunately, it's almost endemic in some places.