Subtle Rantings

Three workers from Hartsfield-Jackson International Airport pleaded not guilty in federal court in Atlanta on Tuesday afternoon to charges they conspired to smuggle drugs and money through airports and onto airplanes for cash.

Two of the workers, Jon Patton, 44, of Lawrenceville and Andre Mays, 24, of Atlanta are employed by the Transportation Safety Administration, the federal agency whose workers screen travelers for illegal contraband, including drugs.

I found the quote above in this old article I had saved in Google Reader. I had left it in my queue to remind myself to write a posting about it. This article piqued my interest because it brings up an important argument of why Real ID will not succeed in making the United States safer or deter illegal immigration.

You may recall my earlier post on Real ID where I explained that as long as there was a human factor in the issuance and maintenance of Real ID, it would never be successful. This incident in Atlanta, which occurred back in February, further proves my point that no security mechanism is foolproof when there is a human factor involved. People will always be corruptible.

The Real ID mandate simply does not win in a cost-benefit analysis when compared to the civil liberties and privacy invasions that are sure to plague this new National ID card. And yes, it is a National ID card regardless of what politicians may tell you.

Do some research for yourself, you’ll see what I’m talking about.

Popularity: 23% [?]

Data Lost on 650,000 Credit Card Holders

Personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing.

GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The tape was being stored at Iron Mountain, a data storage company. The tape was not checked out, but it can’t be located.

Popularity: 21% [?]

First let me say there is a TON of news that has come out over the weekend, so I think I’ve got my content for the week in just one day. This is unfortunate, as I’m sure there will be more good content coming out this week as well. You say I should just post more often right? Ha! I wish! Anyway, on to today’s posting.

No longer will you need WEP or WPA encryption schemes for your wireless networks. There is a new paint that you can paint on your walls and it will keep all wireless signals from “leaking” out to the real world. However, I hope no one will need to use a cell phone or cordless phone for that matter in this “secure” room as I’m betting most all signals at 2.4Ghz range and maybe even 5.8Ghz range will be blocked.

I see one huge problem with this that is going to be great business for pen-testers once and if this product ever gains widespread popularity.  I think it’s possible people could start using this new paint product and give them a false sense of security whereby they begin to believe they no longer need wireless encryption protection. I was joking earlier when I said WEP and WPA are no longer needed, but unfortunately, some people will believe they no longer need it. Like I said, this will be great for criminals and pen-testers alike.

The correct stance to take on this product is to regard it as an additional layer of security for wireless networks. Continue the use of normal wireless security measures as well. I personally would definitely use this product if I didn’t need to have cell phone coverage in my office. Heh, and I just thought about a great practical joke. Paint someone’s room with this stuff. Then paint over it and they’ll never know why their cell signal isn’t getting out of that room anymore. Which brings up a very good question: How do you take this stuff off if you don’t want to be “secure” anymore? Guess I need to do some more reading on the product. Anyway, check it out if you’re interested: EM-SEC Technologies

Popularity: 25% [?]

Here is another reason why I never give out my SSN if I can absolutely help it: Stolen Computer Holds Government Data on 1.4M Coloradans

The government is notorious for asking for Social Security Numbers. Some applications make a little sense while others make no sense at all. Of course, the privacte sector isn’t any better. The only difference is, at least I have better odds of suing a commercial company than I do trying to go after “the Man”. If more people would actually give a rip about privacy and identity theft and start bucking the system when everyone and their mother asks for a SSN, then things might actually change. Instead, people just accept the idea that there is nothing they can do about it, so they just buy Identify Theft insurance along with Home and Auto now.

Read the rest of this entry »

Popularity: 21% [?]

Here’s a link a coworker sent to me that confirms once more the reasons why I have taken the stance I have on RFID credit cards: Hacking contactless credit cards made easy

Popularity: 18% [?]

Actually, I don’t. I don’t hate to say I told you so. As un-Christ like as that is, I love being right. Who doesn’t? I love proving people wrong and I love proving I’m right. I’m a prideful person. There, I admit it. I know, I know, where’s the grace? Where’s the humility? Don’t I know “pride cometh before the fall?” These are all valid questions and all very accurate. It is completely wrong of me to have to have this need to always be right and it is completely wrong of me to harbor the pride that I do. But hey, sanctification is a life long process and God is working on me everyday to make me into the man He would have me to be. And before people start assuming that I’m this extremely arrogant, snooty, jerk of a person, because I’m not, let me tell you this need to be right only applies to certain subjects or even certain said statements. Either way, I’m eternally grateful He has made numerous changes in my life and saved me from who I am and I look forward to the changes He is going to be making in me over the many years to come. Moving on…

One of the subjects I am most passionate about is privacy and how we as citizens of the US and of the world can protect those rights. The whole use of the SSN by the US and every company in the country is a whole separate topic which I’ll post about soon. Today’s subtle rant is about RFID and more specifically contactless credit cards. The I told you so part is my consistent stance that RFID is inherently insecure and should NEVER be used for any identity application or any type of authentication/authorization mechanism.

Earlier this week I read this posting and was consumed by a number of emotions. First and foremost, it’s amazing to me that people are not fighting this movement of RFID credit cards more, if at all. I attribute this to two reasons. 1) Ignorance – people just don’t know and/or don’t understand the security risks. 2) Laziness – people are ultimately so lazy that they will trade personal privacy for convenience. Part of the assurance to these people is the promise by Visa, MasterCard, Chase, etc. that if a person’s card is indeed “cloned” or misused, the consumer is not liable for any charges.

While this is all a very grand and noble idea, the risks are just far to great. This is why there are the hundreds of credit monitoring services out there now. That’s why there is Identity Theft insurance (which my wife and I have). By enabling this convenience (again due to our laziness), we have enabled the proliferation of identity theft, while at the same time lining the pockets of creditors who will so graciously monitor our credit history and tell us if there is a problem for just $99 a year. Without going into more technical detail of the additional risks involved and boring the majority of you (if I haven’t done that already), I will conclude with one last thought. Privacy is far too great of a liberty and luxury for us to give it up so easily. I urge each of you to consider this the next time you choose a credit card company or your current creditor tries to send you a new “more modern” credit card. This way, you won’t become one of “those” people that do get a contactless credit card and end up getting their identity’s stolen. And, you won’t have to hear me say I told you so…

Popularity: 17% [?]