In Europe it is not permitted to use any transmitter on broadcast frequencies, unless you are a licensed broadcaster. And it doesn't matter how low the output power is, so those Ipod thingies are not allowed either.
The splash screen is intentionally ugly to indicate that this is a developer's release, for evaluation and finding bugs. It is not intended for normal use!
From the viewpoint of an RFID reader designer...
on
Tin Foil Passports?
·
· Score: 4, Informative
I design RFID readers similar to those that would be used to read these passport tags, so I might be able to add some useful insights.
First of all, I agree it's unlikely that a reader could energize an ISO14443 tag from much farther than about 4 inches. It's possible to use a stronger field than allowed by local EM regulations, but with magnetic coupling antennas such as ISO14443 systems use, the field strength drops approximately with the third power of the distance, and the power needed to get that field is the square of the field strength. To read at 4 inches, a power of about 100 mW is needed. So to read at 40 inches, you would need some 10,000W, and trying to operate a reader for 400 inches would be like detonating a bomb...
So the likely scenario for reading at 30 feet would be "listening in" using a big antenna and sensitive receiver to the exchange of data between a legitimate reader that is much closer to the tag. Such an antenna could be mounted in a big suitcase, for example. As it would not transmit it would be difficult to detect.
Secondly, I can confirm that any well-conducting sheet metal covering the tag will effectively short the magnetic field of the reader, so that the tag can not be energized, there's simply no way to read it. Aluminium foil would work perfectly.
Thirdly, many ISO14443 tags contain support for public-key cryptography. The reason to include this is that the data exchange between the reader and the tag can be encrypted so if someone would be "listening in" it will be very difficult to obtain any useful information. Because of this security feature this kind of tag is often chosen for transport fare systems, access control, etc.
It seems a shame not to use this, but I think the reason is that the tags should be readable worldwide, so that many readers containing the private key will have to be in existance. It would only be a matter of time before some wrongdoers get such a reader in their hands, and the private key contained in it gets out. Once an unauthorized party has the private key, the encryption will be practically useless anyway (compare this to the CSS encryption of DVD's).
During the past months I have been receiving on average 3 to 4 spams per day from the IP range of Media Dreamland. These spams are cleverly constructed so that they are difficult to filter out automatically, and as they use a whole range of IP adresses and varying domain names, these are not likely to wind up on a blacklist.
I added rules in my.procmailrc file to block all e-mails from the IP range of this company, this has worked very well for me (100%/0% positives/negatives)
Interestingly, since a few days I was again receiving quite similar spams, and this time they originate from the IP range of a company called Big Time Fiber. It turns out that the spams from Media Dreamland abruptly stopped after 10 november (spammer kicked out?) and after a few weeks the spammer apparently found a new hosting service.
I put the following lines in my.procmailrc:
:0 H
* ^Received:.*\[204\.9\.24[0-7]\.
{
LOG = "[!!!! Big Time Fiber] " :0 /dev/null
}
and just this morning I found the following entries in my procmail log:
[!!!! Big Time Fiber] From rolffarris@newssign.net Sun Nov 21 00:16:08 2004
Subject: Would you like to stop smoking?
Folder:/dev/null 1550
[!!!! Big Time Fiber] From benniemilburn@minisaver.net Sun Nov 21 01:55:43 2004
Subject: Apple 17" iMac G5 Desktop!
Folder:/dev/null 1705
[!!!! Big Time Fiber] From rhettsmallwood@bigtopsavings.com Sun Nov 21 03:36:04 2004
Subject: Mortgage interest rates are at their lowest point ever.
Folder:/dev/null 1739
[!!!! Big Time Fiber] From bruce.tillery@e-goodstuff.com Sun Nov 21 05:20:55 2004
Subject: Women, something to rock your world
Folder:/dev/null 1565
[!!!! Big Time Fiber] From donovanragland@e-goodstuff.net Sun Nov 21 07:06:03 2004
Subject: Test & Keep an IBM Laptop - Product Testers Wanted
Folder:/dev/null 1623
[!!!! Big Time Fiber] From gilcolvin@bigfoodsavings.com Sun Nov 21 08:46:04 2004
Subject: You can be smart!
Folder:/dev/null 1563
As you can see from the type of domain names these spams are probably from one spammer.
In the past I have received spams using the same trick from Webhostplus, Pharmakon and Aphrodite Marketing, but the spammer (now) operating from Big Time Fiber IP range appears by far the most active.
See also http://ws.arin.net/cgi-bin/whois.pl (fill in "204.9.240.164" in the search box)
I am quite annoyed by the stream of scam emails I receive, and always forward them to abuse@ of the e-mail accounts provider that the scammers use (mostly free mailboxes).
Hopefully these accounts will then be shut down before any potential victim can respond. The fact that the scammers often use a different email address in their follow-up communication indicates that these accounts are indeed often short lived.
I have thought of mail bombing these accounts until they are shut down, preferably with legit looking bogus responses that the scammers have to read one by one, wasting their time and hopefully having them pay for extra online time in their Lagos cybercafe. It would help if each of you would send a response on any scam e-mail you receive (don't use your regular email account).
Frankly I don't have the time and the talent for elaborate scambaiting (http://www.419eater.com/html/joe_eboh.htm is hilarious!), but I am interested in any other simple but efficient ideas for frustrating these scambags.
Interestingly, one of the songs is from Gilberto Gil, not only a well known artist but also the Minister of Culture in a government which has a positive attitude to Open Source software.
If no encryption is embedded in the RFID tags, and the signature is done as a secret calculation on the data, you could copy all the data including the signature.
Of course it will be difficult to change the data and create a fake passport, but you could copy the tag from someone else's passport (without their knowledge) and use it in identity theft.
A complication would be that blank RFID tags cannot be obtained with the same serial number (current RFID tags mostly have unique serial numbers that are pre-programmed by the chip manufacturer). I would expect that the serial number is included in the signature calculation.
However, you could still build your own functionally equivalent "RFID tag chip" using off the shelf logic components and program any serial number you like. It would not be as compact as a real RFID tag, but it could be used in situations where the tag would be read without being visible.
Some of the vehicles have very complex behavior sets, but even the simple 'bots "know" how fast to go on which roads, to turn corners, to avoid collisions and to stay on the roads,
Hmmm. On this picture there are several cars that have seriously run into each other, and at least one that swerved off the side of the road...
I don't think that OpenOffice.org developers would see the need to look at this code. They have done pretty well without access to the MS Office sources so far...
The service sends you an image containing a 2-dimensional bar code such as Data Matrix. This bar code contains data that identifies your ticket.
The bar code reader uses a CCD camera to capture the image and a relatively powerful processor to decode the data from it.
It is actually not that easy to construct a reader that is able to read these bar codes, from a variety of mobile telephone displays. Especially when the backlight of the telephone is off, it is difficult to get an image with good contrast while avoiding reflections from the reader's light source.
If memory serves me right, a class 1 LASER device has a totaly enclosed interlocked LASER system.
Your memory doesn't serve you right:)
Class 1, according to the CDRH regulations (USA) and IEC825-1 (international), means that the laser product will not be harmful if used in foreseeable ways. These standards are based on extensive biophysical research to determine the allowable limits of optical energy entering the human eye. They prescribe the configuration and optical power calculations to determine the laser class of a product. In most countries, marketing of laser products is only allowed if they comply to these standards.
An interesting source of information about plane crashes is
planecrashinfo.
From the statistics on this web site it becomes clear that low-visibility landings account for far less than 80% of the crashes. So other measures are necessary as well if plane crashes are to be reduced by that factor.
During the spring, vast amounts of melt water feeding the lake will replace any water extracted for the city water supply. I don't think it will cause the lake to noticeably warm up.
A good ID verifying-device (card, token, whatever):
* Does not contain or rely on biometrics.
If it contains NO biometrics at all, it becomes very difficult to make sure the ID actually matches the person presenting it. Imagine a passport without a photo or any other biometrics...
If you are such a macho techno-geek that you really really really really just absolutely HAVE TO run your own mail server, you should have to ask them for persmission first and enter into some sort of agreement that you will not be part of the Spam problem.
ISP's could simply let whomever requests outbound port 25 traffic have it. People who know how to set up a mail server are probably also smart enough to keep their systems from being compromised.
I simply forward all of these (including full headers) to piracy@microsoft.com. Fighting these spammers is in the interest of MS, let them handle the problem.
Slashdot Mirror
In Europe it is not permitted to use any transmitter on broadcast frequencies, unless you are a licensed broadcaster. And it doesn't matter how low the output power is, so those Ipod thingies are not allowed either.
I doubt it because Samsung make their own ARM processors (XScale are Intel's ARM CPU's)
The splash screen is intentionally ugly to indicate that this is a developer's release, for evaluation and finding bugs. It is not intended for normal use!
First of all, I agree it's unlikely that a reader could energize an ISO14443 tag from much farther than about 4 inches. It's possible to use a stronger field than allowed by local EM regulations, but with magnetic coupling antennas such as ISO14443 systems use, the field strength drops approximately with the third power of the distance, and the power needed to get that field is the square of the field strength. To read at 4 inches, a power of about 100 mW is needed. So to read at 40 inches, you would need some 10,000W, and trying to operate a reader for 400 inches would be like detonating a bomb...
So the likely scenario for reading at 30 feet would be "listening in" using a big antenna and sensitive receiver to the exchange of data between a legitimate reader that is much closer to the tag. Such an antenna could be mounted in a big suitcase, for example. As it would not transmit it would be difficult to detect.
Secondly, I can confirm that any well-conducting sheet metal covering the tag will effectively short the magnetic field of the reader, so that the tag can not be energized, there's simply no way to read it. Aluminium foil would work perfectly.
Thirdly, many ISO14443 tags contain support for public-key cryptography. The reason to include this is that the data exchange between the reader and the tag can be encrypted so if someone would be "listening in" it will be very difficult to obtain any useful information. Because of this security feature this kind of tag is often chosen for transport fare systems, access control, etc. It seems a shame not to use this, but I think the reason is that the tags should be readable worldwide, so that many readers containing the private key will have to be in existance. It would only be a matter of time before some wrongdoers get such a reader in their hands, and the private key contained in it gets out. Once an unauthorized party has the private key, the encryption will be practically useless anyway (compare this to the CSS encryption of DVD's).
I added rules in my .procmailrc file to block all e-mails from the IP range of this company, this has worked very well for me (100%/0% positives/negatives)
Interestingly, since a few days I was again receiving quite similar spams, and this time they originate from the IP range of a company called Big Time Fiber. It turns out that the spams from Media Dreamland abruptly stopped after 10 november (spammer kicked out?) and after a few weeks the spammer apparently found a new hosting service.
I put the following lines in my .procmailrc:
* ^Received:.*\[204\.9\.24[0-7]\.
{
LOG = "[!!!! Big Time Fiber] "
}
and just this morning I found the following entries in my procmail log:
[!!!! Big Time Fiber] From rolffarris@newssign.net Sun Nov 21 00:16:08 2004 /dev/null 1550 /dev/null 1705 /dev/null 1739 /dev/null 1565 /dev/null 1623 /dev/null 1563
Subject: Would you like to stop smoking?
Folder:
[!!!! Big Time Fiber] From benniemilburn@minisaver.net Sun Nov 21 01:55:43 2004
Subject: Apple 17" iMac G5 Desktop!
Folder:
[!!!! Big Time Fiber] From rhettsmallwood@bigtopsavings.com Sun Nov 21 03:36:04 2004
Subject: Mortgage interest rates are at their lowest point ever.
Folder:
[!!!! Big Time Fiber] From bruce.tillery@e-goodstuff.com Sun Nov 21 05:20:55 2004
Subject: Women, something to rock your world
Folder:
[!!!! Big Time Fiber] From donovanragland@e-goodstuff.net Sun Nov 21 07:06:03 2004
Subject: Test & Keep an IBM Laptop - Product Testers Wanted
Folder:
[!!!! Big Time Fiber] From gilcolvin@bigfoodsavings.com Sun Nov 21 08:46:04 2004
Subject: You can be smart! Folder:
As you can see from the type of domain names these spams are probably from one spammer.
In the past I have received spams using the same trick from Webhostplus, Pharmakon and Aphrodite Marketing, but the spammer (now) operating from Big Time Fiber IP range appears by far the most active.
See also http://ws.arin.net/cgi-bin/whois.pl (fill in "204.9.240.164" in the search box)
No, it can't. That's why, having been dropped, they don't sell them anymore.
Electrical? If Ada Lovelace programmed anything, it would have been Charles Babbage's Analytical Machine, which was fully mechanical.
Hopefully these accounts will then be shut down before any potential victim can respond. The fact that the scammers often use a different email address in their follow-up communication indicates that these accounts are indeed often short lived.
I have thought of mail bombing these accounts until they are shut down, preferably with legit looking bogus responses that the scammers have to read one by one, wasting their time and hopefully having them pay for extra online time in their Lagos cybercafe. It would help if each of you would send a response on any scam e-mail you receive (don't use your regular email account).
Frankly I don't have the time and the talent for elaborate scambaiting (http://www.419eater.com/html/joe_eboh.htm is hilarious!), but I am interested in any other simple but efficient ideas for frustrating these scambags.
Interestingly, one of the songs is from Gilberto Gil, not only a well known artist but also the Minister of Culture in a government which has a positive attitude to Open Source software.
Of course it will be difficult to change the data and create a fake passport, but you could copy the tag from someone else's passport (without their knowledge) and use it in identity theft.
A complication would be that blank RFID tags cannot be obtained with the same serial number (current RFID tags mostly have unique serial numbers that are pre-programmed by the chip manufacturer). I would expect that the serial number is included in the signature calculation.
However, you could still build your own functionally equivalent "RFID tag chip" using off the shelf logic components and program any serial number you like. It would not be as compact as a real RFID tag, but it could be used in situations where the tag would be read without being visible.
Hmmm. On this picture there are several cars that have seriously run into each other, and at least one that swerved off the side of the road...
that should be, of course, -1 gram
Can I suggest www.ffii.org?
Who's Eddy?
I don't think that OpenOffice.org developers would see the need to look at this code. They have done pretty well without access to the MS Office sources so far...
The bar code reader uses a CCD camera to capture the image and a relatively powerful processor to decode the data from it.
It is actually not that easy to construct a reader that is able to read these bar codes, from a variety of mobile telephone displays. Especially when the backlight of the telephone is off, it is difficult to get an image with good contrast while avoiding reflections from the reader's light source.
Your memory doesn't serve you right :)
Class 1, according to the CDRH regulations (USA) and IEC825-1 (international), means that the laser product will not be harmful if used in foreseeable ways. These standards are based on extensive biophysical research to determine the allowable limits of optical energy entering the human eye. They prescribe the configuration and optical power calculations to determine the laser class of a product. In most countries, marketing of laser products is only allowed if they comply to these standards.
From the statistics on this web site it becomes clear that low-visibility landings account for far less than 80% of the crashes. So other measures are necessary as well if plane crashes are to be reduced by that factor.
During the spring, vast amounts of melt water feeding the lake will replace any water extracted for the city water supply. I don't think it will cause the lake to noticeably warm up.
Cool!!!
If it contains NO biometrics at all, it becomes very difficult to make sure the ID actually matches the person presenting it. Imagine a passport without a photo or any other biometrics...
ISP's could simply let whomever requests outbound port 25 traffic have it. People who know how to set up a mail server are probably also smart enough to keep their systems from being compromised.
From the abstract of the patent:
"One or more devise to be powered,"
I simply forward all of these (including full headers) to piracy@microsoft.com. Fighting these spammers is in the interest of MS, let them handle the problem.