Welcome!
If you have an account, please:
Log in

Researchers Steal Cars With Wireless Ignition

Remote Car
(Image is used under the Pixabay license)

If you read this site much, you probably know I have a "guilty till proven innocent" attitude when it comes to new technology, particularly wireless technology. That's why it's no surprise to me (and hopefully no surprise to you), that they've discovered they can break into and steal cars that use wireless entry and ignition.

The researchers tested a few scenarios. An attacker could watch a parking lot and have an accomplice watch as car owners as entered a nearby store. The accomplice would only need to be within eight meters of the targeted owner's key fob, making it easy to avoid arousing suspicion. In another scenario, a car owner might leave a car key on a table near a window. An antenna placed outside the house was able to communicate with the key, allowing the researchers then to start the car parked out front and drive away.

Companies need to stop with this high-tech gadgetry until they commit to hiring brilliant security experts to design these systems for them. Even then, using simple wireless radio transmissions that any regular joe can produce with less than $500 of equipment is just a bad idea.

Tags: , , ,

Israel Airport Security is Good Because of Profiling

You know a good way to spot a terrorist? Look for someone who looks and acts like one (like they do in Israel)!

I know this ridiculous concept of banning profiling came out of the dark days of racism where people were profiles on things that didn't matter like the color of your skin. But that doesn't mean that profiling is wrong.

People profile all the time and they should. If you walk out to your car late at night and there's younger male with ratty clothes staring you down while sharpening a machete, should you keep walking since you "don't want to offend him by running the hell away"?

Give it a rest folks. If the TSA didn't have to give kids and the elderly the same attention as someone who's actually likely to be a terrorist, imagine how much smoother and simpler flying would be.

Tags: , , , ,

TSA Scanner Political Cartoons

Tsa Groping
(Image is in the Public Domain)

Check these out 🙂

Also a series of current articles and links about the issue here.

And finally a story of a pat down that's been resurrected from 2002 by Penn of Penn and Teller.

Tags: , ,

Nude Scan Photos Weren’t Supposed to be Stored – They Were

The TSA has constantly said that photos from the nudie scanners wouldn't be stored so how did we get : this story of nudie scanners where over 35000 photos were stored. Whoops.

To be fair, this wasn't the TSA, but US Marshalls in an Orlando courthouse, but the technology makes it possible. If the only thing that stops someone from recording a pic is a setting on the machine, I don't feel very safe.

Tags: , ,

Skip the Nudie Scanner, Get Extra Frisking as Punishment

There are some people who have reported extra screening and scrutiny of their person and personal belongings when they refuse to engage in the TSA nudie scanner fiasco.

I went over to the TSA blog to see what the climate was and the responses are overwhelmingly against the technology.

From the complaints that have been coming in, it seems to be common practice for TSA to send people through the machines without telling them what they do or offering them a choice. How does anyone think that this is OK?

And

Bob, why would the TSA use backscatter at all when MMW is much less risky in terms of exposure to harmwave wavelengths.

There were other issues listed such as the scanning of children nude and the right to ask that your belongings always remain in your sight while they're being analyzed (which is only useful if you know about that right).

I once met the head of privacy for the TSA, Peter P., and got his contact information. I just sent him an e-mail suggesting that the only way that it would be ethical to use these machines is to:

  1. Post on the machine actual, unedited, unblurred photos of real people being scanned.
  2. Verbally tell each person to be scanned that they may opt-out every time

I don't know if he'll respond or what he'll say, but expect they won't do either of these because if they did, people would probably never use them at all. But that's the point isn't it? We should know exactly what's going to happen and be able to make an informed choice.

Anyway, if he does respond, I'll post it here.

Update

It's really quite surprising how quickly he responded. Not more than 2 hours after my e-mail, I received a phone call where he answered my questions.

He says there are already images on all machines that are exactly what the operators see, just not life sized though he didn't know why that matters to people. In fact, some people have complained about the nudity on the signs (which I expected would happen, but we don't care about them do we :)).

There are also indications that you can choose to have a pat down in the largest font of all text on the machine. I can't really say if that's sufficient considering I haven't seen the machines personally, though I doubt a simple sign is enough unless it's a pretty big font.

He says a verbal notice would add too much time and present it more as a negative thing when it wasn't (a matter of opinion) and he's right about that so I didn't expect much. The main thing is how the operators act in practice. If someone seems hesitant, they should immediately offer the pat-down instead, but do they?

On the subject of how people are treated when refusing the scan, he said that it's impossible to monitor that process, but they are trained not to do extra screening just because someone opted-out. He also pointed out that at last year's CFP Conference a woman who claimed to have been subjected to nearly 20 minutes of screening was actually only there for less than 3 (they checked the video). He said perception plays a large part and I can't disagree with that.

What is fact is that people are frustrated and angry. We don't trust that the machines won't be misused and there's at least one case where they already were. Is there anything the TSA could do to win our trust? Who' knows, but here's the page where they have all the information about the machines and how they're used.

Tags: , , ,

TSA Nudie Scanners May Violate Child Porn Laws

EPIC has been fighting what they call Whole Body Imaging for a while now, but this is an interesting new twist. I never thought about this before, but taking a nude scan of a minor is a violation of child pornography laws.

So if this is really the case, and the TSA doesn't get some kind of exception they will be barred from scanning anyone under 18 at which point the terrorists get an advantage by sending through young recruits (or ones young enough to plausibly lie about it).

The really sad thing about all this is that the technology is very good. It's less invasive than a strip search or pat down and it's extremely fast and easy for the traveler. If it were possible to trust that the TSA could keep the images from being stored and distributed, maybe even I could support it.

Tags: , , , ,

GPS Tracking Watch for Parents

Track your kids in real-time online with GPS

Here's a tool for you ultra-paranoid: a GPS watch you can make your kids wear.

Parents can see the location of their child on Google maps by clicking 'where r you' on a secure website or texting 'wru' to a special number. Safe zones can also be programmed with parents being alerted if their child strays outside this zone.

The watch, which is designed in bright colours to appeal to children, can be tightly fastened to a child's wrist and sends an alert if forcibly removed.

Two things to keep in mind before doing this:

  1. If you tag kids with monitoring devices, we will be raising a generation of people who don't see a problem with being tagged and tracked. This sets a very dangerous precedent for the future if we are to retain our personal liberties.
  2. The company that supplies the information also gets to see where your kid is which creates a new set of questions. What does the company do with all that data? Would they possibly share or sell it? Could they lose it in a data breach?
Tags: , , , , , , , , ,

Man Robbed Because Hoax Craigslist Ad Said Everything Was Free

Who knows you're out of town and what will they do with the information?
(Image is in the Public Domain)

Here's a great example of how knowing something as simple as where someone lives along with when they're out of town is enough to make their life hell. While this poor guy was minding his business fishing on a lake somewhere, someone called to ask about the free stuff at his house. The thing is, he wasn't giving anything away at all.

Someone posted an ad on Craigslist.com stating that everything on his property was free and people came to rob the place blind.

Tags: , , ,

The British RFID passports have had their encryption broken already

If you spend millions to deploy an encryption system, maybe you should make sure it's robust first?
(Image used under: Creative Commons 2.0 [SRC])

New RFID passports are supposed to make identity theft more difficult and to make it easier to spot fake passports like the ones used by the perpetrators of the 9/11 attacks.

First, making the data remotely secretly readable without every possessing or otherwise coming into contact with the passport hardly makes it more secure against identity theft. Second, it's hard to make fake documents, but easy to fake 1's and 0's. Last I checked your electrons look just like mine.

Besides the very obvious flaws in this idea, all it would take for the "secure passports" to turn into a nightmare of unprecedented proportions would be for the encryption to be broken. Oops, it's been done… and in under 48 hours of effort.

In the article, they mostly talk about the dangers of cloning passports, but I submit that the real danger is being easily, quickly, and remotely identified as a foreigner while you travel. Either way, they said it best in their final paragraph:

It may be that at some point in the future the government will accept that putting RFID chips in to passports is ill-conceived and unnecessary. Until then, the only people likely to embrace this kind of technology are those with mischief in mind.
Tags: , , , ,

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog