Easily digestible tech news... http://www.techdirt.com/ en-us http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Mon, 20 Oct 2008 15:59:00 PDT Mike Masnick http://www.techdirt.com/articles/20081020/0121182580.shtml http://www.techdirt.com/articles/20081020/0121182580.shtml monitor all communications, it appears that you may not be able to buy a mobile phone without a passport and without registering your information in a national database. The reasoning, not surprisingly, is to try to keep tabs on terrorists who have been using prepaid phones that can't be traced easily back to their owners. Of course, what this really will do is create a much bigger nuisance for most (non-terrorist) residents, opening up potential privacy breaches all while doing almost nothing to slow down terrorist activity. That's because it won't be that difficult for terrorists to find other means of communication that don't require registration. It's really a shame to see countries give up the freedoms that made them great.

Permalink | Comments | Email This Story
]]> surveillance-state http://www.techdirt.com/comment_rss.php?sid=20081020/0121182580 Thu, 7 Aug 2008 17:17:00 PDT Mike Masnick http://www.techdirt.com/articles/20080807/0131471918.shtml http://www.techdirt.com/articles/20080807/0131471918.shtml just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They're constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn't be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime -- since police have used toll crossing data to establish where someone is.

Meanwhile, over in the UK, an investigation has found that the chips in the supposedly "fakeproof" e-passports are easily cloned, manipulated and passed through the checking machine -- which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years -- even before they were put in place -- to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov't. After being presented with the fact that the chips can be changed or modified, the statement from the government was: "No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader." If you keep saying it, maybe you can pretend it's true.

In both cases, though, the striking thing is that these aren't "surprise" vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on "patches" to deal with the problems, but it's pretty difficult to completely patch a system that's so widespread -- and either way it will take some time. So why weren't these systems designed with better security in the first place?

Permalink | Comments | Email This Story
]]> security-as-an-afterthought http://www.techdirt.com/comment_rss.php?sid=20080807/0131471918 Thu, 6 Dec 2007 00:43:27 PST Mike Masnick http://www.techdirt.com/articles/20071205/190901.shtml http://www.techdirt.com/articles/20071205/190901.shtml had exactly that security vulnerability, allowing the guy who discovered it to see the passport application data of other applicants simply by adjusting the URL. It's never nice to hear about a security flaw (especially on a gov't website with all sorts of private info), but it actually induces a bit of nostalgia to hear of such a basic security flaw showing up in the wild yet again.

Permalink | Comments | Email This Story
]]> that-one-again? http://www.techdirt.com/comment_rss.php?sid=20071205/190901