Archives > 2004

Personal Security

<< < (7/7)

More from MacInTouch.

Online Fraud

An Ounce of Prevention

Diana, like every year at this time the Barnes & Noble Plastic cards roll in.
I was wondering what new Tech Books would interest me and I think you've found one!
Thank You!

Some recent clients have made me look at security in a whole new light, and from that twinkle I suspect that I should know a bit more than I do in this matter. I feel I depend on Earthlink far too much, although I really have no reason to question their work, so far, so good! Symantec software still serves me well but stillllllllllll.....

At a Party this weekend with some folks from the St. Pete Times & Tampa Trib I was informed that they have switch their email program to Lotus Notes since they use Panther on some of their computers and have experienced problems. I know nothing of Lotus Notes but I'm paying attention since I'm going to need to move into OSX =Panther/Tiger? when I can no longer use OS 9. A friend who runs the graphics department said he will never give up the security and ease of use in OS 9, his is the only department that has never had a problem! I asked "yah but how much mail could you do, don't you guys just sit around making pictures?" He said, Nope we communicated everyday with all the seasonal Sports Teams around the world", "for an example" Who would have thunk?

Here's a book for Macs

Hi all,

This is not computer related...but it is a tech/privacy issue.

I'm posting the whole article here, but it came from The Register

US lubes passports with RFID snake oil
By Thomas C Greene
Published Thursday 20th May 2004 13:36 GMT

Opinion As we reported recently, the US State Department will conduct a trial of biometric passports this Fall, with any eye toward moving to full production in 2005.

This scheme is supposed to help officials catch evildoers who are too thick to get biometric passports issued to themselves under false identities. It will, of course, be a great obstacle to knuckleheaded exploding-sneakers types like Richard Reid and loose talkers like Jose Padilla, although even moderately slick terrorists will not be affected.

Mug me, I'm rich

One of the more dubious aspects of the new regime is the so-called "smart chip," a spectacularly dumb RFID (Radio Frequency Identification) gizmo that might very well broadcast data indiscriminately to any device designed to receive it. There are several ways to design such a chip, and the preferred design, from a security point of view, would require the document and reader to be in physical contact. A passive chip can be read at a distance by a powered reader, but it doesn't have to be. However, it is likely, given the tech industry's lust for adding 'features' whether they're needed or not, that the chips will be readable from a distance. This would make it easier to move large herds of travelers through customs gates quickly, and it is likely to be pitched successfully on this basis.

Unfortunately, this would also make it easy for street criminals to scan crowds in search of naive foreigners likely to be in possession of decent quantities of cash, like Americans and Europeans, say. The RFID lobby has consistently neglected to address issues of personal safety when sensitive, identifying information is being broadcast secretly and indiscriminately by their nifty gizmos. Such electronic documents are a boon to street thugs looking for probably-rich tourists, and, more ominously, to sophisticated criminals and kidnappers.

Arrest me, I'm naughty

It's a minor blow to one's privacy when a packet of razor blades is chipped so that anyone with a reader can learn what brand you happen to like. But chipping personal documents such as ID cards and passports is tantamount to chipping people. A document that reveals your name, age, address, and more, that can be read from a distance without your knowledge by anyone for any reason, is a clear threat to personal safety, and, obviously, any semblance of privacy.

There is nothing, beyond a few laws that get weaker every year, to prevent overzealous Feds and similar government busybodies from setting up surreptitious readers, and performing silent, automated ID stops that one knows nothing about.

In a nightmare world quite conceivable after a few more terrorist atrocities, ID readers could be integrated with subway turnstiles, metal detectors, and scores of other daily nuisances and choke points. Data scanned could be sent to a database that is searched automatically for certain triggers. It might be some time before such intrusions become routine, but it is beyond doubt that the bureaucrats currently pushing the technology know perfectly well that this potential exists, and are secretly pleased by it.
Big assumptions

Unlike the RFID aspect of the new passport scheme, which will actually bring harm to people, the biometric obsession is basically a harmless, if rather expensive, folly. Superstitious faith in biometrics is touching, but the technology is no worse than what we've got at the moment. Of course, it's also no better.

Bogus credentials are easy to come by, so if biometrics are intended as a security measure, implementation is going to trip up only the thickest and laziest of attackers.

It is quite easy to forge a birth certificate (or obtain one belonging to someone who died in infancy, approximately one's own age), and use it to establish a series of foundation documents such as a Social Security card, a driver's license, and a passport, which, in turn, can be used to register for college, get a job, establish credit, obtain licenses, housing, services and utilities, and so on. These secondary documents will be founded on a lie, all right; but they will be perfectly authentic and can be used with ease to scam the system. This is because authenticity, rather than accuracy, is the standard on which documents are accepted.

Such documents tell other people where you live, where you went to school, whether you're qualified to drive, and so on. But they don't establish who you are. Nevertheless, they are used as if they did, and adding a biometric feature only reinforces the popular illusion that they actually identify people. In fact, biometrics merely establish ownership of the document in question, regardless of whether it tells the truth or not.

For example, my picture-ID driver's license tells you that someone claiming to be named Thomas Greene is qualified to drive an automobile, and that I (whoever I might actually be) am the rightful owner of the document that proves it. Assuming that the document is authentic, when I present it to you, you can safely assume that I'm a properly licensed driver, but no more.

Mark of the Beast

At present, it's impossible for any bureau to know that one is who they claim to be. The only near-foolproof way to establish identity would be through universal DNA profiling at birth. After a few generations, virtually everyone could be identified with certainty, so long as DNA identification and verification is required, cradle to grave, for all transactions such as obtaining a birth, marriage, or death certificate, establishing credit, opening a bank account, buying, selling or leasing real property, registering to vote, obtaining a driver's license or a passport, enrolling in school, registering for military service, employment, and so on.

To be effective, the data would have to be collected without fail from everyone issued a birth certificate, and be made widely and easily available to anyone who wishes to verify it. And it would have to be verified routinely, to minimize the chance that one could obtain any useful documents without DNA identification. But since this scheme is so repulsive, and so closely resembles the mark of the Beast prophesied in Revelation, it is doubtful that it could be implemented without tremendous, and possibly violent, opposition from the public. Unless terrorists should accommodate the change by nuking a major city or something equally hideous.

But until something truly Biblical happens to break down people's resistance to being branded by their governments, we're going to have to accept the fact that motivated people can and will alter their identities, and that biometrics can do nothing to prevent it. We may accept digitized fingerprints and face scans as the new standards, but they're no more effective at identification than the analog photos and signatures we use today. The flaws in the system will remain the same.

The problem is not biometrics, which represent only a waste of money that could be better spent. The chief problem is the RFID element, which invites myriad abuses of personal data by the evil-twin forces of criminal exploitation and government paternalism. ®

Thomas C Greene is the author of Computer Security for the Home and Small Office, a complete guide to system hardening, online anonymity, encryption, and data hygiene for Windows and Linux.

This might belong here.

From MacInTouch.

"Notes and Tips

Eric Dubiel pointed out a very useful security guide, available in PDF format: Securing Mac OS X by Stephen de Vries:
Aimed at users in environments requiring stronger security controls in an operating system, making full use of the protection features offered in OS X. It would also be of use to system administrators wishing to enforce an organization wide desktop security policy for Mac OS X."

Cracking a WiFi Network

This article details just how easy it is to crack a WiFi network with some freely available tools on the internet. The author even used an iBook to do it.

I'm posting this for the sole purpose of education. If you worry about wardrivers or your neighbour stealing your internet connection, this will shed a lot of light on the situation.

WiFi Security Article



[0] Message Index

[*] Previous page

Go to full version