Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Altnet won't uninstall
Go to first new post Neighbor Piggybacking
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Tag Cloud
access acer asus bios bsod computer crash desktop drive driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory missing monitor motherboard network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Passport Security (or lack thereof)

Reply  
Thread Tools
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
  
Join Date: Sep 2003
Location: -71.45091, 42.27841
12-Aug-2008, 09:55 AM #1
Passport Security (or lack thereof)
Don’t Put Too Much Faith in High-Tech Passports.

Although this article discusses European (specifically British) passport measures (RFID), the same can be said of American passports.

-- Tom
Register for free to hide this ad!
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
  
Join Date: Sep 2003
Location: -71.45091, 42.27841
14-Aug-2008, 09:37 AM #2
E-Passports Signed, Sealed, Delivered -- But Not Like You May Think.

... van Beek showed how he can disable active authentication in passports that use it. Van Beek says the index file in passport chips isn't protected with a hash and signature and can, therefore, be changed. He simply rewrites the index file to skip active authentication.

Because not every passport uses active authentication at the moment, passport readers have to be backward compatible and accept passports without it as well. When a reader encounters a passport chip with a re-written index file, it reads it as it would any other passport without active authentication.

Van Beek says this can be fixed by hashing the index file but that would require replacing thousands of e-passport chips already in the field. Alternatively, he says, passport readers could be updated with a patch, which he's currently discussing with authorities in The Netherlands.

-- Tom
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
  
Join Date: Sep 2003
Location: -71.45091, 42.27841
14-Aug-2008, 09:52 AM #3
Here is a recent security related RFID story: How (Not) to Fix a Flaw. (2 web pages)

Experts say disclosing bugs prevents security flaws from festering.

-- Tom

P.S. In this case, it is in the best security interests of the companies using the "Charlie Card" scheme to drop the law suit, and hire MIT to help fix the problem!
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein
1002richards's Avatar
Computer Specs
Senior Member with 4,542 posts.
  
Join Date: Jan 2006
Location: Sussex, UK
Experience: Intermediate
14-Aug-2008, 12:53 PM #4
UK Immigration swipe everyone's passport on entry - but none on departure as there no are staff at embarkation. So what's the point!! Also, they pretend swipe passports even when the system is down, just to make it look OK.
They are given just 7 seconds to clear each UK passport holder, very thorough I don't think!!
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
  
Join Date: Sep 2003
Location: -71.45091, 42.27841
22-Aug-2008, 05:42 PM #5
Quote:
Originally Posted by lotuseclat79 View Post
Here is a recent security related RFID story: How (Not) to Fix a Flaw. (2 web pages)

Experts say disclosing bugs prevents security flaws from festering.

-- Tom

P.S. In this case, it is in the best security interests of the companies using the "Charlie Card" scheme to drop the law suit, and hire MIT to help fix the problem!
Here is a followup article on the Boston Carlie Card from Bruce Schneier (Wired article):
Boston Court's Meddling With 'Full Disclosure' Is Unwelcome.

-- Tom

P.S. Schneier is a widely respected security consultant.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 03:48 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.