Wednesday, August 12, 2009

Here's why I oppose Michigan's new Enhanced Drivers License

Not to mention the federal "RealID" program.

http://blogs.zdnet.com/storage/?p=565&tag=nl.e550

August 10th, 2009

Fed's RFIDiocy pwnd at DefCon

Posted by Robin Harris @ 2:17 am

Categories: Infrastructure, Public policy, Security

Tags: Federal Reserve Board, RFID, Wireless And Mobility, Security, Biometrics, Robin Harris

NSA spooks gather for a colleague’s retirement party at a bar. What they don’t know is that an RFID scanner is picking them out - and a wireless Bluetooth webcam is taking their picture.

Could that really happen? It already did.

The Feds got a taste of the real world risks of RFID passports and IDs at DefCon, the annual hacker conference. According to Wired:

. . . federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

RFIDiots
The goal at DefCon was awareness, not crime. But as organized tech mobs grow it won’t be long before crime - or terrorism - exploits the gaping security holes in RFID.

Chris Paget, the researcher who demo’d drive-by scanning early this year

. . . will be releasing a $50 kit at the end of August that will make reading 125-kHz RFID chips — the kind embedded in employee access cards — trivial. It will include open source software for reading, storing and re-transmitting card data and will also include a software tool to decode the RFID encryption used in car keys for Toyota, BMW and Lexus models. This would allow an attacker to scan an unsuspecting car-owner’s key, decrypt the data and open the car.

RFID Bad Day: you get fired because a bunch of office equipment went missing after someone with your ID entered the office at 1 AM. And when you go to your car, it isn’t there.

Cloning on the fly
Adam Laurie, another researcher and author of the RFIDiot (RFID I/O tool), an open source python library, said

It takes a few milliseconds to read [a chip] and, depending on what equipment I’ve got, doing the cloning can take a minute. I could literally do it on the fly.

Mr. Paget even demo’d a wired doorframe that collects RFID data as people walk through it. Handy, eh?

The Storage Bits take
Perhaps now that federal security gurus have been pwnd the RFID threat will get some serious attention. Like, maybe this isn’t such a great idea, attention.

Maybe that will be enough to start the wheels turning, but with hundreds of millions of dollars already spent on this stupidity, I’m afraid that someone, somewhere, will have to die before citizens figure out that this is a real, increasing and unnecessary risk.

The technology for reading, hacking and cloning RFID tags will only get better. The mass production machinery behind the tags can’t keep up with the security threats.

The time to end this nonsense is now. There are perfectly usable non-RF storage technologies - like 3D barcodes - that can safely store data in hard to crack, hard to hack formats.

The President is Lying to You

Here's why:

1. He said the "Stimulus Package" would get the economy going again. Thousands and thousands of layoffs later, national unemployment rate nearing 10% (nearing 20% here in Michigan), massive national debt (large amounts of which are held by governments who bear us no good will), and declining tax revenues at all levels (because businesses are failing and people are saving their money instead of spending it, not to mention those who are laid off and not making any money for you to tax). The only ones that really believe things are getting better are the ones who have sold their souls to Obama for their own political and personal gain.

George W. Bush screwed up the economy. Obama makes him look like a little-leaguer. Bush seemed to be out to show how many principles of sound economics he could violate and still have a viable economy. Obama is out to destroy capitalism and implement national socialism, and having a viable economy has no place in those plans.

2. Nationalization of Banking and Manufacturing. Despite his denials, Obama and his minions are pulling the strings at all of the banks and financial institutions and car companies which were bailed out of failure over the last year. If he and his "czars" are reviewing, changing, and denying compensation packages for the individuals who work there, do you really think he isn't doing the same thing with the decisions about everything else those companies do?

For the record, when I bought a car this past spring, I purposely bought a Ford because they were the only U.S. Automaker not to take a federal bailout and become a part of the Obama Borg.

3. Nationalization of Healthcare. Obama says we will be able to keep our current coverage, choose our own doctors, and our healthcare will be better and cheaper. Yet, in every other country where nationalized, government administered, government controlled healthcare has been implemented, you get long waits, substandard treatement, rationing, and less innovation, and higher taxes. Insurance companies, who must show a profit to continue to operate, cannot compete with a government-run entity that does not have to show a profit. They will go out of business, and the only option left will be the government plan, which will suck (to use a technical term). Obama can stand up in front of a million townhall meetings and lie to every one of them about how wonderful his plan is, but he can no more change the laws of economics than he can the law of gravity.

4. No middle-class tax increase. Three words: Cap. And. Trade. Your utility bills will be going up because of this plan by over a thousand dollars a year according to estimates. These increases will be necessary in order for the utility companies to implement the "green" energy mandates in this stinker of a bill. That is about $100 per month extra you and I will have to come up with just to pay our bills. So while it isn't called an income tax increase, the money goes out of your checkbook all the same. When it's because of a law passed by Congress, that's a tax increase folks.

So here's a question for you Mr. President, in my own little virtual town hall meeting: When are you going to stop lying to the world about what you are trying to do? When are you going to admit that you are trying to destroy the foundations of this nation and turn it into your own vision of a Socialist utopia? A utopia that has never, can never, and will never exist?

Saturday, August 01, 2009

"Cars for Clunkers": Warning! Do not log in to cars.gov!

I admit that I am incredibly wary of anything the government says or does. I especially believe that the bunch in charge in DC now do not consider the Constitution as binding on them or any obstacle to what they want to do to this country. They will use the Constitution when it is convenient for them or suits their purposes, but they will ignore vast sections of it when it opposes them. I offer as exhibit A their treatment of the Second Amendment. Heck, I'll even give you exhibit B with their treatment of the First Amendment free speech rights when that speech is conservative in content and nature.

This video is exhibit C today. Now, you may think Glen Beck is some far-right crackpot conspiracy theorist goofball, but in this video he quotes directly from the cars.gov website privacy notice which you have to agree to before you can use the site. Pay close attention to that part of the video:


Now do you really want to use that "Cash for Clunkers" program and give up all your computer privacy in perpetuity to the federal government and anyone they think needs what you have on your computer?

Not this little gray duck.

8/4 UPDATE: Read a note discussing this clip from a guy who is a Fedgov computer security analyst, and said this is standard for any federal computer system, and it's no big deal. No big deal. No big deal? You give the government permission to take any file they want to out of your computer, and to install any monitoring software they want to into your computer, and it's no big deal?

Sorry, I personally think it's a big deal.

8/12 UPDATE: It seems that the text of the Terms of Use have now been changed to remove the offending statements. If it was just Standard Operating Procedure, why the change? The cynic in me says "Now they'll just take it over without your permission".