1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Passport Security (or lack thereof)

Discussion in 'General Security' started by lotuseclat79, Aug 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. lotuseclat79

    lotuseclat79 Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    20,583
  2. lotuseclat79

    lotuseclat79 Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    E-Passports Signed, Sealed, Delivered -- But Not Like You May Think.

    ... van Beek showed how he can disable active authentication in passports that use it. Van Beek says the index file in passport chips isn't protected with a hash and signature and can, therefore, be changed. He simply rewrites the index file to skip active authentication.

    Because not every passport uses active authentication at the moment, passport readers have to be backward compatible and accept passports without it as well. When a reader encounters a passport chip with a re-written index file, it reads it as it would any other passport without active authentication.

    Van Beek says this can be fixed by hashing the index file but that would require replacing thousands of e-passport chips already in the field. Alternatively, he says, passport readers could be updated with a patch, which he's currently discussing with authorities in The Netherlands.

    -- Tom
     
  3. lotuseclat79

    lotuseclat79 Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Here is a recent security related RFID story: How (Not) to Fix a Flaw. (2 web pages)

    Experts say disclosing bugs prevents security flaws from festering.

    -- Tom

    P.S. In this case, it is in the best security interests of the companies using the "Charlie Card" scheme to drop the law suit, and hire MIT to help fix the problem!
     
  4. 1002richards

    1002richards Retired Trusted Advisor

    Joined:
    Jan 29, 2006
    Messages:
    5,333
    UK Immigration swipe everyone's passport on entry - but none on departure as there no are staff at embarkation. So what's the point!! Also, they pretend swipe passports even when the system is down, just to make it look OK.
    They are given just 7 seconds to clear each UK passport holder, very thorough I don't think!!
     
  5. lotuseclat79

    lotuseclat79 Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Here is a followup article on the Boston Carlie Card from Bruce Schneier (Wired article):
    Boston Court's Meddling With 'Full Disclosure' Is Unwelcome.

    -- Tom

    P.S. Schneier is a widely respected security consultant.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/739318

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice