Scene from an Airport
With Bruce Schneier and an unnamed TSA officer.
I've gotten to the front of the security line and handed the TSA officer my ID and ticket.
TSA Officer: (Looks at my ticket. Looks at my ID. Looks at me. Smiles.)
Me: (Smiles back.)
TSA Officer: (Looks at my ID. Looks at me. Smiles.)
Me: (Tips hat. Smiles back.)
TSA Officer: A beloved name from the blogosphere.
Me: And I always thought that I slipped through these lines anonymously.
TSA Officer: Don't worry. No one will notice. This isn't the sort of job that rewards competence, you know.
Me: Have a good day.
Google Caught Rotten in Germany
Mark Suckerberg isn't the only one that doesn't respect your privacy you know. Do No Evil my hole.
Official Google Blog: Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect.
In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.
Another Schneier Quotable Quote
He does have a talent for it...
Schneier on Security: At a security conference recently, the moderator asked the panel of distinguished cybersecurity leaders what their nightmare scenario was. The answers were the predictable array of large-scale attacks: against our communications infrastructure, against the power grid, against the financial system, in combination with a physical attack.
I didn't get to give my answer until the afternoon, which was: "My nightmare scenario is that people keep talking about their nightmare scenarios."
GameStation Owns Your Soul
Class!
Slashdot: "UK games retailer GameStation revealed that it legally owns the souls of thousands of customers, thanks to a clause it secretly added to the online terms and conditions for its website. The 'Immortal Soul Clause' was added as part of an attempt to highlight how few customers read the terms and conditions of an online sale. GameStation claims that 88 percent of customers did not read the clause, which gives legal ownership of the customer's soul over to the UK-based games retailer. The remaining 12 percent of customers however did notice the clause and clicked the relevant opt-out box, netting themselves a £5 GBP gift voucher in the process."
US Department of Security Theatre
Delighted to see the logo I voted for Bruce Schneier's TSA logo competion winning by a hair. :)
Chip & PIN Broken
ZDNet: Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.
Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards.
As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.
"Chip and PIN is fundamentally broken," Professor Ross Anderson of Cambridge University told ZDNet UK. "Banks and merchants rely on the words 'Verified by PIN' on receipts, but they don't mean anything."
(Also, see Ross's paper on 3D Secure.)
26 or younger? Temple St Hospital has your DNA.
I'm surprised I haven't seen any Facebook pwotest gwoups or Twatterfests about this subject. In a nutshell, a hospital in Dublin is storing a blood sample, name, address, date of birth, hospital of birth and test result from nearly every person born in Ireland since 1984.
That means if you're under 26, there's a good chance your DNA is in there: your health, any genetic diseases you might have, your behaviours and traits*, etc. Well, possibly. They had a couple of servers stolen in the 2007, so maybe it is there, maybe not. Sure it's not all that important anyway, it's just your entire personality*.
Is Mark Zuckerberg - the slimey douche, if you'll pardon my Klatchian - ultimately right, do people really not give a shit about privacy any more? Are are people just too thick to realise the problems - current and future - that can result from this kind of thing?
Here's two stories from Times Online with more details:
Hospital keeps secret DNA file: A DUBLIN hospital has built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws.
The Children’s University hospital in Temple Street is under investigation by the Data Protection Commissioner (DPC) since The Sunday Times discovered it has a policy of indefinitely keeping blood samples taken to screen newborn babies for diseases.
Unknown to the DPC, the hospital has amassed 1,548,300 blood samples from “heel prick tests” on newborns which are sent to it for screening, creating, in effect, a secret national DNA database. The majority of hospitals act on implied or verbal consent and do not inform parents what happens to their child’s sample.
The blood samples are stored at room temperature on cards with information including the baby’s name, address, date of birth, hospital of birth and test result. The DPC said it was shocked at the discovery.
Records stolen from hospital that held secret DNA database: Two computer servers containing the records of almost 1m patients were stolen from the Children’s University hospital in Temple Street in 2007 and have never been recovered.
The data were far more than that lost on stolen bank laptops in recent years. The theft was investigated by the data protection commissioner (DPC) and the gardai after being reported by the Dublin hospital in February 2007. The organisations had decided that there was no need to inform the public, believing there was little chance of the thief being able to access the data.
Patients’ details, including names, date of birth and reason for admission are thought to have been included.
* To keep my wife happy: strictly speaking 'behaviour' is stretching it; and DNA probably accounts for about half of your personality, the other half being learned.
This is a stupid game; we should stop playing it.
On post-underwear-bomber airport security, as ever Bruce Schneier sets the fluff aside and gets to the point:
It's magical thinking: If we defend against what the terrorists did last time, we'll somehow defend against what they do one time. Of course this doesn't work. We take away guns and bombs, so the terrorists use box cutters. We take away box cutters and corkscrews, and the terrorists hide explosives in their shoes. We screen shoes, they use liquids. We limit liquids, they sew PETN into their underwear. We implement full-body scanners, and they're going to do something else. This is a stupid game; we should stop playing it.
DNA Evidence Can Be Fabricated
This is going around the security networks, but it's kind of important to everyone else too. Note my emphasis in the quote.
New York Times: Scientists in Israel have demonstrated that it is possible to fabricate DNA evidence, undermining the credibility of what has been considered the gold standard of proof in criminal cases.
The scientists fabricated blood and saliva samples containing DNA from a person other than the donor of the blood and saliva. They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to match that profile without obtaining any tissue from that person.
“You can just engineer a crime scene,” said Dan Frumkin, lead author of the paper, which has been published online by the journal Forensic Science International: Genetics. “Any biology undergraduate could perform this.”
About
Recent Posts
- Best Action Sequence You’ll Ever See!
- Literal Overtaking
- People’s Republic of Maps
- Nissan’s Take On Sony’s Balls
- Smells Like Rockin’ Robin
- How To Entertain Golfers
- Full Body Respray
- Tiny Cannon!
- Can I have a go?
- Pencil Tip Sculptures by Dalton Ghetti
Archives
Categories
People
- AJ McKee
- Donncha O Caoimh
- Eoin O’Dell
- Fergus Cassidy
- Gaz Edmunds
- James Galvin
- John Timmons
- Justin Mason
- Mark Moloney
- Peter Flynn
- Ruairi Roddy
- Walter Wynne