RE: Government RFID busted



I appreciate your humor\sarcasm especially the clever part where you mentioned the "potato, potato" thing. Truly priceless and very original. My only take on your comment is that you need to adjust that tin foil hat before you type because it's not filtering the many alien thoughts deep inside.

A second advice, if you may, would be for you to pick up a book (or google it?) and investigate what the government has and has not done to address such security issues. If you think the RFID idea is bad, fine. Do so and do something about it. Don't follow the herd in thinking that RFID in passports is an evil idea meant to control us as a free society.


-----Original Message-----
From: Al Rivas [mailto:ARivas@xxxxxxxxxxxxxxxxxxx]
Sent: Friday, February 06, 2009 11:41 AM
To: Hleihel, Mohammed [SOS]; Prodigi Child; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Government RFID busted

Just to be clear, I didn't make such a blanket statement. I do remember reading on this thread where someone wrote something along those lines of an explosive and x number of Americans ... and I support them. They are correct. It's a possible technique. And not just against Americans but against anyone. And targetable to boot.

The ordinance can be placed in a door or hallway and set to go off when a specific RFID is detected. How's that for cheap smart weapons. A proper shape charge and you may even be able to limit collateral damage, just to show you cared.

As for the government thing, uhm, To the 2 NSA officers reading this (who'll soon be joined by the sitsup behind and to the left), let me just say that you are doing a wonderful job and that I've been under the influence of cough syrup. No need to come looking for me as I've burned my books about Nietzsche, Human Rights, and Evolution. The whole waterboarding thing, potato, potato I say (hmmm not the same when written). However, I must still mention that as it stands, this RFID thing truly reeks of world-class stupidity.


-----Original Message-----
From: Hleihel, Mohammed [SOS] [mailto:mohammed.hleihel@xxxxxxxxxxxxxxx]
Sent: Friday, February 06, 2009 10:53 AM
To: Al Rivas; Prodigi Child; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Government RFID busted

I didn't say there were no worries. All I said is that you need not give a blanket judgment as in "our government's job is to rob us of our privacy and to compromise our security."

There's a difference between listing potential threats to the passport project and what the government has NOT done to address such issues, AND to bluntly say that all terrorists have to do is to set an explosive once X number of Americans are within range.



-----Original Message-----
From: Al Rivas [mailto:ARivas@xxxxxxxxxxxxxxxxxxx]
Sent: Friday, February 06, 2009 9:49 AM
To: Hleihel, Mohammed [SOS]; Prodigi Child; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Government RFID busted

Thank you Mohammed. I didn't realize you could see "All risks and potential security threats" to study them. That's neat. So Mohammed says no worries. I feel safer already.


-----Original Message-----
From: Hleihel, Mohammed [SOS] [mailto:mohammed.hleihel@xxxxxxxxxxxxxxx]
Sent: Thursday, February 05, 2009 12:38 PM
To: Prodigi Child; Al Rivas; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Government RFID busted

Read more and investigate before making such baseless assumptions.

1- The passport covers are supposed to provide a sheet that hides the RFID signals. Only when a passport is opened would a scanner be able to read the stored data.
2- The Secretary of State is working with many agencies regarding securing this project. All risks and potential security threats are being studied. The government corporation has been satisfactory to a lot of privacy experts.



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Prodigi Child
Sent: Wednesday, February 04, 2009 1:35 AM
To: 'Al Rivas'; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Government RFID busted

I agree that having RFID chips in IDs is a bad idea (Imagine a terrorist in
Beirut checking his scanner "Hmm 5 Americans in the area.. let's go
hunting!") but is a 'war drive' to read the RFID tags from the passports
really useful? It's one of those "duh" things like a study trying to
determine if bears **** in the woods.

I mean, they are doing what they are supposed to do in the first place,
which is be read by RFID scanners, albeit from further away than what they
claimed was possible.




-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Al Rivas
Sent: Monday, February 02, 2009 10:58 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Government RFID busted

So the U.S. government has had this idea to tag our passports, drivers
licenses etc, with RFID.  Dan Goodin, has created this video showing why
this is not a good idea.  The problem is that technology is growing in
breadth and complexity faster than bureaucrats can wrap their minds around
it.  The vast majority of the decision makers on these programs can't spell
computer and have only slight exposure to . "the internets". 

Someone presents them with a technology, (I'd bet the farm that the
presenter sells that particular technology), and the bureaucratic bean
counter says "Whoopee !  And how much is my cut so I can vote for this ?"

Everyone makes money, and America is safer, they have the PowerPoint Slides
that say so.

Here's an excerpt from the article "Using inexpensive off-the-shelf
components, an information security expert has built a mobile platform that
can clone large numbers of the unique electronic identifiers used in US
passport cards and next generation drivers licenses."

Here's Dan's excellent video showing how he did it :

http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-clo
ning-rfid-passports/


Excerpt from Western Hemisphere Travel Initiative - the project injecting
RFID into government docs.
"Each day, an average of 1.1 million pedestrians and passengers enter the
United States for business or pleasure. In order to facilitate cross-border
travel for U.S. citizens while enhancing the security of our citizens and
travelers, the Department of Homeland Security (DHS) proposes to expand the
use of vicinity radio frequency identification (RFID) technology at land
border ports of entry. The use of this technology will be a key component of
the PASS System (People, Access Security Service), announced in January 2006
by Secretaries Rice and Chertoff as part of their Joint Vision -"Secure
Borders and Open Doors in the Information Age.""



Relevant Pages

  • RE: Government RFID busted
    ... I didn't say there were no worries. ... I didn't realize you could see "All risks and potential security threats" to study them. ... Only when a passport is opened would a scanner be able to read the stored data. ... Someone presents them with a technology, (I'd bet the farm that the ...
    (Pen-Test)
  • RE: Government RFID busted
    ... sniffing for a passport CARD, ... Subject: Government RFID busted ... All risks and potential security threats are being studied. ... Someone presents them with a technology, (I'd bet the farm that the ...
    (Pen-Test)
  • RE: Government RFID busted
    ... Which makes it impossible for a terrorist in Beirut to detonate a bomb once an American is in sight because passport CARDS can only be used to travel to ... The State Department has worked with security experts, and many changes have been implemented. ... Someone presents them with a technology, (I'd bet the farm that the ...
    (Pen-Test)
  • RE: Government RFID busted
    ... 1- The passport covers are supposed to provide a sheet that hides the RFID signals. ... Only when a passport is opened would a scanner be able to read the stored data. ... All risks and potential security threats are being studied. ... Someone presents them with a technology, (I'd bet the farm that the ...
    (Pen-Test)
  • Risks Digest 26.02
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Is your security policy smarter than a 3rd grader? ... Cyber Security and Beyond*, edited by Christian Probst, Jeffrey Hunker, ... every new U.S. passport has been outfitted with a computer ...
    (comp.risks)