http://www.enrupt.com/index.php?disp=comments en-AU http://backend.userland.com/rss 60 Thu, 18 Sep 2008 13:57:01 +0000 Mike Ahmadi [Visitor] c59@http://www.enrupt.com/ The fundamental problem going on here is that nobody is building a threat model when they choose to implement these new technologies. Decision makers listen to marketing hype put out by RFID vendors who claim that magstripe or bar coded driver's licenses are not secure, and fail to point out that they cannot be read from or written to without PHYSICALLY HAVING THE CARD IN YOUR HAND. This, of course, is not an issue for RFID based ID Cards. Given the right tools, one can covertly read from and write to RFID Driver Licenses without detection. The claim that the RFID card simply contains a meningless number is insanity at its finest. Is my Social Security Number also meaningless? Would anyone like someone to be able to read your Social Security Number and write it to their own card?<br /> <br /> Honestly, I cannot imagine that these people are truly this clueless about the issues here.
Honestly, I cannot imagine that these people are truly this clueless about the issues here.]]> http://www.enrupt.com/index.php/2008/09/18/forget_encryption#c59 Thu, 18 Sep 2008 09:13:02 +0000 Karsten Nohl [Member] c58@http://www.enrupt.com/ Let's not forget that the chips in the &#8220;passcard&#8221; and the enhanced drivers licenses were never meant to be used to identify people, but rather to replace barcodes on chewing gum and other items. While the passports can only be read from a few centimetres and only when the passport is open, the UHF chips on these new drivers licenses can be read from many metres away without any user&#8217;s consent.<br /> <br /> The introduction of UHF chips on identification documents escalates the privacy and security discussion to a whole new level. So far we have been debating whether systems provided the level of protection intended by their designers. Some systems like passports stood up to this scrutiny better than others such as subway passes. But at least some level of security was intended.<br /> <br /> Now we are looking at a system where apparently no thought was given to security whatsoever, and where people are tagged like chewing gum, just so they can be easily recognized, sorted, and processed faster at the border or anywhere else.<br />
The introduction of UHF chips on identification documents escalates the privacy and security discussion to a whole new level. So far we have been debating whether systems provided the level of protection intended by their designers. Some systems like passports stood up to this scrutiny better than others such as subway passes. But at least some level of security was intended.

Now we are looking at a system where apparently no thought was given to security whatsoever, and where people are tagged like chewing gum, just so they can be easily recognized, sorted, and processed faster at the border or anywhere else.
]]> http://www.enrupt.com/index.php/2008/09/18/forget_encryption#c58