The logical conclusion that we draw from this game of cat and mouse is that we cannot protect ourselves by relying on airport security. I fail to see how you can draw this conclusion. Stringent airport security certainly helps reduce the chance of dangerous items being passed through the checkpoint, either maliciously or accidentally. Before the increased security measures, people routinely brought through all sorts of shit that wasn't allowed in the first place. The screeners were half asleep most of the time. It's hard to argue that security hasn't increased greatly.
I am surprised you bring this up as it only serves to prove that this requirement was reactionary and that potential attackers will continue to exploit the system in other ways. You can say the same about any type of security. Bank safes are useless, since bank robbers could always rob a bank some other way. Software security patches are useless, since you can always find more holes. Door locks are useless, since you can steal the keys. Do you see where this is going?
It can only become increasingly intrusive as each new vector of attack gets a knee-jerk reaction. Security always results in inconvenience. The federal government decided that inconvenience is preferable to terrorist attacks, and created the TSA. Their job is to ensure transportation security, not maximize passenger convenience. You would think Schneier would realize this, given that many security holes arise from attempts to make things more convenient.
To quote Bruce himself: "we should all be glad that Richard Reid wasn't the 'underwear bomber.'" It's much harder to put significant amounts of explosives in underwear than it is to conceal them in shoes. Shoes can easily be removed or switched without anyone really noticing. Pat-down searches and backscatter x-ray make it pretty likely you will be caught hiding stuff in your underwear. X-raying shoes is easily done and eliminates one easy way to sneak things through the screening process. Also, Bruce Schneier is not an authority on anything other than computer security, and his opinion is not significantly more important than anyone else's.
Here is some of the evidence that has been presented: "(HFMD is) usually located on the palms of the hands and soles of the feet" "Viruses landing on a hard, nonporous surfaces like steel or plastic have been shown to live for about 24 to 48 hours." "The virus can also spread by contact with skin shed from a wart or blood from a wart." You are talking about 3 different viruses here, which makes your "evidence" completely invalid. The only virus among the ones you listed that can spread by skin contact is HPV, and it requires a warm, moist environment or a break in the skin in order to infect. Since those conditions are generally not present in an airport environment, it's not really a concern.
In my opinion, the best solution is that people need not remove their shoes.
We are discussing ways of implementing the current security procedure. We are not discussing how said procedure needs to be changed. There was at least one actual attempt to commit acts of terrorism with bombs concealed in shoes.
If the TSA can prove that statistically relevant security gains are made by having them removed, then surely it is worth their while to provide recyclable foot coverings to protect us from other real threats.
Recyclability is not an excuse for creating waste. Also, you and the original poster have presented zero actual evidence that the current security procedure is a threat to public health.
Yes, but they are NOT being charged with copyright infringement. This is not copyright infringement at all, since this is quite obviously fair use. They ARE being charged with videotaping in a movie theater under the new Family Entertainment and Copyright Act of 2005. This law prohibits even ATTEMPTING to record a movie in a movie theater, and has no exceptions for actions that would otherwise be fair use.
This is clearly a case of bad laws being passed. Unfortunately, this is quite bad news to the woman being charged with this. Legally, she is completely in the wrong. Her only real option is to negotiate some kind of plea deal or settlement.
Hard, flat surfaces are a breeding ground for athletes foot, plantar warts and other lovely fungii
Only in a warm, humid environment, like a shower stall or near a swimming pool. Not on a dry solid floor in an air-conditioned building. Wearing socks pretty much eliminates the chances of catching anything.
There was a time in this country when one was free to exercise a level of hygiene that suited them.
You can practice any level of hygiene you desire. However, you do not have the right to make others cater to unreasonable demands at taxpayer expense.
Even supposing that the risk was indeed low, as you claim, why should we be subjected to the risk--just so you can feel more safe?
The risk is not just low, it is completely non-existent. I don't think we should be wasting taxpayer money and natural resources mitigating non-existent risks.
Viruses can survive on the dry, hard door knobs for 24 hours
Viruses are pieces of DNA in a protein sheath. They can "survive" anywhere, indefinitely. What's your point?
If whoever walked through the gates 5 minutes before me had a viral foot illness of some sort (such as HFHF), the subsequent passengers can pick it up -- even through the socks
Bullshit. Read the link you posted: HFMD is moderately contagious. Infection is spread from person to person by direct contact with nose and throat discharges, saliva, fluid from blisters, or the stool of infected persons. Unless your feet have open wounds on your feet, you are not going to contract any infections. If you do have open wounds, then maybe you should have them bandaged up before you go flying.
If the place is good enough for us to walk, certainly it is fine for the TSA folks.
OK, what if they need to take a piss? Or go to a different area of the airport? What exactly would be the point of this?
The fact is, there is no way to rationalize your attitude. Walking a short distance barefoot is far less hazardous to your health than touching a doorknob with your bare hands (which I'm sure you do 20-30 times a day). You aren't going to be touching your eyes/nose/mouth with your feet, which pretty much eliminates any chance of catching anything.
I think you just have major OCD. There is nothing unsanitary about walking a few feet without shoes, especially on a dry, hard surface. You can't spread any diseases that way. If you are so concerned, wear socks or something. People walk barefoot all the time at the beach, which is far more unsanitary -- you could step on something sharp, for instance. And I've never been at an airport where the screening area was not perfectly clean.
As far as having the TSA employees barefoot: that's just an incredibly stupid idea. I don't think more needs to be said.
3dfx? You have got to be kidding me. Yeah, they made a bunch of money figuring out how to attach an arcade chip to the PCI bus, and they made Glide (to try to monopolize their position -- remember the Glide wrapper lawsuits?). That was pretty much it. By the time they got around to making a real videocard (Voodoo 3), nVidia pretty much caught up to them and ended that monopoly.
Well, considering that the story is titled "Where in the US can you just get a cell phone", I would expect people to talk about how things are in the US.
What's the big deal? Sounds like your boss doesn't really care about security -- either there is nothing to protect, or it's not perceived as a security risk. Install MAC filtering, a firewall, and use SSL or whatever, and you should be OK.
Get one of those USB battery things and charge the phone off of that. Not exactly difficult, is it? Besides, you'll have to constantly keep swapping batteries to keep that spare from dying.
But hey, I like a phone I can throw around, so I use those $10 prepaid phones and not worry about damaging it.
Uh, dude. If the Wine project wanted to get aggressive, they would have already lost their permission to use any of that code, and would have to remove Parallels from distribution and replace it with something else. Things like sorting out legal issues for third-party code need to be done BEFORE you release the product, not a month afterwards. If they were violating the copyrights of an actual commercial company and ignoring their demands to pay up, they would probably be looking at a multi-million dollar lawsuit by now.
Uh, no. Consumer arbitration is far more expensive than standard litigation, since a private company is paid to hear your case. Everything costs money, and plenty of it -- things like filing a motion or presenting something might cost you $500 or so. While you can sue someone in small claims court for less than $100 in court fees, arbitration will cost, at a minimum, $10,000 or so for you -- since the suing party generally has to pay all of the arbitration costs. Furthermore, the process is inherently unfair: the arbitrator has a financial interest in the outcome of the lawsuit, since that's how they get repeat business. It sounds like you are quite misinformed.
It's extremely convenient for large companies that like to scam consumers. There is no risk of a class action lawsuit, and the arbitration process is guaranteed to favor the company.
You sure as hell can waive your right to sue in nearly every state out there. That's why all those arbitration clauses are making it into every single contract. As far as the negative publicity this generates: anyone stupid enough to buy a Gateway won't be affected by it much. Let's just say that if you think Dell sucks, you haven't used a Gateway.
Not too many leak sources, since there is only one company that needs to know how to program the chips, and interfacing information won't tell you much. The technicians don't need to know much beyond "put in the chip and push the red button". Information can be kept secret quite effectively -- the Coca-cola formula is a good example.
Security through obscurity is a VERY effective technique IF the obscurity is maintained. It doesn't work for software since there is no way to hide anything, but it works very well for hardware. For example, nobody has ever succeeded in cracking newer satellite boxes, even though it would be trivial if you had all the specs (the box firmware decides what you can and cannot see, and there is no two-way communication). When you don't even know the instruction set of the processor you are trying to crack, doing so becomes quite difficult.
The military knows this very well, which is why pretty much everything is classified and requires security clearances. The stuff you see leaked is nearly always leaked on purpose -- disinformation is a very effective tool. As far as WEP security and laptop loss: any company whose business actually depends on security would never allow anything like that.
I think the biggest issue as far as protecting the video stream is preventing casual copying. With DVDs, you can borrow one from a friend and easily make a copy for about a dollar (if you use dual-layer discs). The idea is to keep this from being possible with new generation discs. I don't think the net has enough bandwidth to distribute 50 gig movies easily, so that's an effective deterrent right there.
Besides, I am not sure why you think every manufacturer would need to spin their own chips. That would actually make it less secure. In my ideal scenario, a single trusted manufacturer would manufacture and distribute these chips, which would be tamper-resistant and have built-in secure ROM space for key storage and so on. If all of the specifications for these chips are kept secret, I don't see anyone cracking them.
I believe most older Satellite TV smartcards were actually Microchip PIC16-based. At least that's what I remember reading a while ago. This is a few notches below MCS51. The newer stuff isn't getting more complex (that would increase costs), it is just being made more resistant to hacking.
Smartcards are late 1970s technology. They are not sophisticated in any way, shape, or form. Even then, they have been quite resistant to attacks -- there is no cheap and simple way to steal satellite TV. Not to mention, modern VLSI chips have about 5 orders of magnitude more transistors than smartcards -- good luck figuring stuff out with an electron microscope.
You are making some big assumptions here. Who says the chip has to be a standard, off-the-shelf device? For all intents and purposes, the decryption function could be performed by a specialized chip which takes in the data stream on one end and produces a decoded output on the other. You could get the data off the disc, but you won't be able to get the decryption key out of the chip. Hell, the chip could encrypt all of its output before it hands it over to the next chip. Unless you somehow find a way to get keys out of the chip, this will be 100% secure against key extraction. Probing buses with logic analyzers and power analysis were decent methods back when people were trying to crack 1980s-era smartcards running at a few hundred kilohertz. They don't work too well against modern hardware.
As far as attacking the HDMI stream: good luck doing real-time encoding of a raw, uncompressed HDTV stream. Currently, that requires extremely expensive hardware (if it even exists).
Slashdot Mirror
In my opinion, the best solution is that people need not remove their shoes.
We are discussing ways of implementing the current security procedure. We are not discussing how said procedure needs to be changed. There was at least one actual attempt to commit acts of terrorism with bombs concealed in shoes.
If the TSA can prove that statistically relevant security gains are made by having them removed, then surely it is worth their while to provide recyclable foot coverings to protect us from other real threats.
Recyclability is not an excuse for creating waste. Also, you and the original poster have presented zero actual evidence that the current security procedure is a threat to public health.
Yes, but they are NOT being charged with copyright infringement. This is not copyright infringement at all, since this is quite obviously fair use. They ARE being charged with videotaping in a movie theater under the new Family Entertainment and Copyright Act of 2005. This law prohibits even ATTEMPTING to record a movie in a movie theater, and has no exceptions for actions that would otherwise be fair use.
This is clearly a case of bad laws being passed. Unfortunately, this is quite bad news to the woman being charged with this. Legally, she is completely in the wrong. Her only real option is to negotiate some kind of plea deal or settlement.
You must be aware that for decades people tromped through airport terminals without costing taxpayers a dime.
How about you read the actual discussion?
You have provided no evidence to this effect, however the GP post already provided evidence that demonstrates otherwise.
Our definitions of "evidence" must be very different.
Which natural resources are you speculating would be wasted?
The disposable shoes or whatever the OP was suggesting.
Hard, flat surfaces are a breeding ground for athletes foot, plantar warts and other lovely fungii
Only in a warm, humid environment, like a shower stall or near a swimming pool. Not on a dry solid floor in an air-conditioned building. Wearing socks pretty much eliminates the chances of catching anything.
There was a time in this country when one was free to exercise a level of hygiene that suited them.
You can practice any level of hygiene you desire. However, you do not have the right to make others cater to unreasonable demands at taxpayer expense.
Even supposing that the risk was indeed low, as you claim, why should we be subjected to the risk--just so you can feel more safe?
The risk is not just low, it is completely non-existent. I don't think we should be wasting taxpayer money and natural resources mitigating non-existent risks.
Viruses can survive on the dry, hard door knobs for 24 hours
Viruses are pieces of DNA in a protein sheath. They can "survive" anywhere, indefinitely. What's your point?
If whoever walked through the gates 5 minutes before me had a viral foot illness of some sort (such as HFHF), the subsequent passengers can pick it up -- even through the socks
Bullshit. Read the link you posted:
HFMD is moderately contagious. Infection is spread from person to person by direct contact with nose and throat discharges, saliva, fluid from blisters, or the stool of infected persons .
Unless your feet have open wounds on your feet, you are not going to contract any infections. If you do have open wounds, then maybe you should have them bandaged up before you go flying.
If the place is good enough for us to walk, certainly it is fine for the TSA folks.
OK, what if they need to take a piss? Or go to a different area of the airport? What exactly would be the point of this?
The fact is, there is no way to rationalize your attitude. Walking a short distance barefoot is far less hazardous to your health than touching a doorknob with your bare hands (which I'm sure you do 20-30 times a day). You aren't going to be touching your eyes/nose/mouth with your feet, which pretty much eliminates any chance of catching anything.
I think you just have major OCD. There is nothing unsanitary about walking a few feet without shoes, especially on a dry, hard surface. You can't spread any diseases that way. If you are so concerned, wear socks or something. People walk barefoot all the time at the beach, which is far more unsanitary -- you could step on something sharp, for instance. And I've never been at an airport where the screening area was not perfectly clean.
As far as having the TSA employees barefoot: that's just an incredibly stupid idea. I don't think more needs to be said.
If nobody clicks on the ads, it's kind of hard to justify their use.
Third, you are a moron. Decibels are units for expressing ratios.
3dfx? You have got to be kidding me. Yeah, they made a bunch of money figuring out how to attach an arcade chip to the PCI bus, and they made Glide (to try to monopolize their position -- remember the Glide wrapper lawsuits?). That was pretty much it. By the time they got around to making a real videocard (Voodoo 3), nVidia pretty much caught up to them and ended that monopoly.
Maybe you should look into Firefox and Adblock Plus. I can't remember the last time I saw an ad.
Well, considering that the story is titled "Where in the US can you just get a cell phone", I would expect people to talk about how things are in the US.
Bullshit. They use Sprint's network and their own custom Kyocera phones (at least the entry-level stuff).
What's the big deal? Sounds like your boss doesn't really care about security -- either there is nothing to protect, or it's not perceived as a security risk. Install MAC filtering, a firewall, and use SSL or whatever, and you should be OK.
Good god these things are fugly. It's good to see Dell providing employment opportunities to blind people...
Get one of those USB battery things and charge the phone off of that. Not exactly difficult, is it? Besides, you'll have to constantly keep swapping batteries to keep that spare from dying.
But hey, I like a phone I can throw around, so I use those $10 prepaid phones and not worry about damaging it.
Uh, dude. If the Wine project wanted to get aggressive, they would have already lost their permission to use any of that code, and would have to remove Parallels from distribution and replace it with something else. Things like sorting out legal issues for third-party code need to be done BEFORE you release the product, not a month afterwards. If they were violating the copyrights of an actual commercial company and ignoring their demands to pay up, they would probably be looking at a multi-million dollar lawsuit by now.
Uh, no. Consumer arbitration is far more expensive than standard litigation, since a private company is paid to hear your case. Everything costs money, and plenty of it -- things like filing a motion or presenting something might cost you $500 or so. While you can sue someone in small claims court for less than $100 in court fees, arbitration will cost, at a minimum, $10,000 or so for you -- since the suing party generally has to pay all of the arbitration costs. Furthermore, the process is inherently unfair: the arbitrator has a financial interest in the outcome of the lawsuit, since that's how they get repeat business. It sounds like you are quite misinformed.
It's extremely convenient for large companies that like to scam consumers. There is no risk of a class action lawsuit, and the arbitration process is guaranteed to favor the company.
You sure as hell can waive your right to sue in nearly every state out there. That's why all those arbitration clauses are making it into every single contract. As far as the negative publicity this generates: anyone stupid enough to buy a Gateway won't be affected by it much. Let's just say that if you think Dell sucks, you haven't used a Gateway.
Not too many leak sources, since there is only one company that needs to know how to program the chips, and interfacing information won't tell you much. The technicians don't need to know much beyond "put in the chip and push the red button". Information can be kept secret quite effectively -- the Coca-cola formula is a good example.
Security through obscurity is a VERY effective technique IF the obscurity is maintained. It doesn't work for software since there is no way to hide anything, but it works very well for hardware. For example, nobody has ever succeeded in cracking newer satellite boxes, even though it would be trivial if you had all the specs (the box firmware decides what you can and cannot see, and there is no two-way communication). When you don't even know the instruction set of the processor you are trying to crack, doing so becomes quite difficult.
The military knows this very well, which is why pretty much everything is classified and requires security clearances. The stuff you see leaked is nearly always leaked on purpose -- disinformation is a very effective tool. As far as WEP security and laptop loss: any company whose business actually depends on security would never allow anything like that.
I think the biggest issue as far as protecting the video stream is preventing casual copying. With DVDs, you can borrow one from a friend and easily make a copy for about a dollar (if you use dual-layer discs). The idea is to keep this from being possible with new generation discs. I don't think the net has enough bandwidth to distribute 50 gig movies easily, so that's an effective deterrent right there.
Besides, I am not sure why you think every manufacturer would need to spin their own chips. That would actually make it less secure. In my ideal scenario, a single trusted manufacturer would manufacture and distribute these chips, which would be tamper-resistant and have built-in secure ROM space for key storage and so on. If all of the specifications for these chips are kept secret, I don't see anyone cracking them.
I believe most older Satellite TV smartcards were actually Microchip PIC16-based. At least that's what I remember reading a while ago. This is a few notches below MCS51. The newer stuff isn't getting more complex (that would increase costs), it is just being made more resistant to hacking.
Smartcards are late 1970s technology. They are not sophisticated in any way, shape, or form. Even then, they have been quite resistant to attacks -- there is no cheap and simple way to steal satellite TV. Not to mention, modern VLSI chips have about 5 orders of magnitude more transistors than smartcards -- good luck figuring stuff out with an electron microscope.
You are making some big assumptions here. Who says the chip has to be a standard, off-the-shelf device? For all intents and purposes, the decryption function could be performed by a specialized chip which takes in the data stream on one end and produces a decoded output on the other. You could get the data off the disc, but you won't be able to get the decryption key out of the chip. Hell, the chip could encrypt all of its output before it hands it over to the next chip. Unless you somehow find a way to get keys out of the chip, this will be 100% secure against key extraction. Probing buses with logic analyzers and power analysis were decent methods back when people were trying to crack 1980s-era smartcards running at a few hundred kilohertz. They don't work too well against modern hardware.
As far as attacking the HDMI stream: good luck doing real-time encoding of a raw, uncompressed HDTV stream. Currently, that requires extremely expensive hardware (if it even exists).