Feds At DefCon Alarmed After RFIDs Scanned 509
FourthAge writes "Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"
What do you bet... (Score:5, Insightful)
Re:bar-codes (Score:5, Insightful)
Cops (Score:3, Insightful)
So these sloppy mofos are the ones that are supposed to be "protecting" us? Laughable.
Surprising? (Score:2, Insightful)
Re:bar-codes (Score:5, Insightful)
There is no bar code on my passport, credit card or driver's license. Even if there was, it's unlikely that person sitting at the next table with a portable bar code reader could read the bar code off my Visa card while it's in my wallet.
Re:What do you bet... (Score:5, Insightful)
It's easier to outlaw gadgets than to admit you're wrong.
That's why, thanks to recent laws, only criminals carry guns. Pretty soon only criminals will have webcameras or RFID sniffers.
Re:bar-codes (Score:5, Insightful)
Right, but they sure can read whatever your RFID has to say. The problem is twofold:
1) Ignorant implementers put sensitive data on RFID's in plaintext.
2) Users are unaware of what data is actually *in* their RFID items.
RFID tags are dumb, low powered, even passive devices. If you can't afford active RFID's with public key encryption, don't put sensitive data on the damn things!
Re:What do you bet... (Score:3, Insightful)
Re:What do you bet... (Score:5, Insightful)
I found this part really interesting:
Nice to see that - after they made their point - the organizers and attendees at "one of the most hostile hacker environments in the country" did the right thing and destroyed the data. I'm sure we could count on law enforcement, our employers and credit card companies to show the same moral character.
Re:duh? (Score:4, Insightful)
They're faithfully participating in a system which is intentionally insane. It's not that hard to understand...
If they have done nothing wrong... (Score:5, Insightful)
...they have nothing to fear. Let's see how they like that argument used against _them_!
Missing the point. (Score:5, Insightful)
I'm sure some people are pushing for RFID for the wrong reasons, but I'm all for it as a replacement for barcodes as far as keeping stock goes. Imagine going to Walmart, and your shopping buggy automatically tells the clerk how much money you owe! Well, that might be a ways off, but it's possible.
I think RFID is an awesome tech, it just has a risk for being abused. Just like barcodes are awesome, but we don't want them on our forehead (unless we're playing shadow run, then it's 'cool.)
Re:What do you bet... (Score:4, Insightful)
I'm sure we could count on law enforcement, our employers and credit card companies to show the same moral character.
Ha ha very good! The sad thing is they would keep the data while telling the media they didn't, then justify keeping it when there lies are exposed, then mock outrage when it gets stolen, then bungled legislation when the peasants revolt. It's written in my tea leaves - which at least will be destroyed on MY say so!
Re:Silly Feds (Score:2, Insightful)
So they give you something that they want to read wirelessly, then give you something to keep it from being read wirelessly? Ah, government thought in action.
Re:bar-codes (Score:3, Insightful)
That's scary!
Re:What do you bet... (Score:3, Insightful)
Re:What do you bet... (Score:5, Insightful)
You can microwave it. The RFID antenna collects to much power and fries the circuit. Should take a second or two.
While an inoperative RFID may not invalidate your passport, I suspect a big honking scorch mark in the middle of the thing just might.
Re:Silly Feds (Score:4, Insightful)
I don't know about the new passports, but RFID-enabled New York State Enhanced Driver Licenses come with a foil sleeve and a recommendation to keep the license in the protective sleeve when not in use.
That's right - the government is providing tinfoil hats for your RFIDs already.
As asinine as possible. The advantage of RFID is convenience. Let's use it and then make it less convenient to use.
General lesson: Convenient or secure. That's an XOR.
Re:What do you bet... (Score:4, Insightful)
Blatantly true, at least in parts of the United States
Fixed that for you. If you think you can get a carry permit in New York City/San Francisco/Chicago as a law abiding American citizen think again. The only way that happens is if you are rich and have political connections. The rest of us poor slobs don't have the right to defend ourselves if we are unlucky enough to live in a part of the country run by the anti-gun zealots.
This will eventually change when the 2nd amendment is incorporated against the states but it doesn't change the fact that right now you effectively have no right to keep and bear arms if you live in the wrong part of the country.
Re:What do you bet... (Score:5, Insightful)
Not quite as satisfying however.
Re:bar-codes (Score:5, Insightful)
Re:What do you bet... (Score:5, Insightful)
Sad but true. My favorite is the Hollywood types that rant about the evils of firearm ownership while being protected by armed bodyguards. Fucking hypocrites.
All animals are equal but some are more equal than others.
Re:The Federal Agents weren't Pwnd (Score:5, Insightful)
There's nothing particularly special on the RFID chip. A parking facility card and a passport generate the same amount of interesting information. A unique ID. Whew!
The problem is when you have another government computer that is counting on the Unique ID to be a UNIQUE ID, and using ONLY THAT parameter (plus other info also on the card) to identify someone - congratulations, you have just stolen someone else's identity.
Re:What do you bet... (Score:1, Insightful)
I doubt replacing any part of your passport didn't void it.
Re:Missing the point. (Score:5, Insightful)
RFID tracking people = NOT OK
Re:bar-codes (Score:2, Insightful)
RFID is a slightly-longer-range bar-code that doesn't require line-of-sight. But it would certainly be possible to use a digital camera or scanning lasers to do this same sort of thing to any visible bar-codes.
Exactly! My passport has all my information printed on it in plain text - anyone could just walk up to me, grab my passport, and read the information on it - so really, being able to read the same information, at a distance, without my knowledege or consent, is exactly the same thing!
In other words, you're an idiot.
Re:Missing the point. (Score:2, Insightful)
Other applications would be sending an email to your fridge to ask how much milk you have got left when you are in the supermarket, etc.
RFID has some really cool applications, as well as some really scary ones
Re:What do you bet... (Score:1, Insightful)
Finding this Slashdot article in your browser cache, and you being in possession of a disabled RFID passport might be enough probable cause to dig deeper and find more. And more.
They check your passport at the border, and at the border they don't need probable cause to search you.
Re:What do you bet... (Score:3, Insightful)
Um no... the gun totin trigger happy people aren't the problem...
do you think criminals CARE if they are breaking the law? Do you think having a nationwide concealed carry law would make all gang members and others suddenly stop carrying until they got a permit?
If you do you are sadly mistaken... the ones who are regulated and don't carry are the law abiding people... Typically not the people you need to be worrying about. Typically.
Re:What do you bet... (Score:2, Insightful)
The criminals are the ones who will carry WITHOUT the permit...
Your friend's dad was obviously trying to follow the law by not carrying, and the guys upset with him have no concern about the law... which goes back to the whole idea that banning these readers makes no sense, because if a criminal is trying to steal your ID, they know that is already illegal, so why not just throw an illegal reader and an illegal gun on top of it?
Re:What do you bet... (Score:4, Insightful)
If they weren't out there publicly trying to get our rights taken away, they wouldn't attract crazy people, therefore they wouldn't need the armed security.
Until then keep your deadly weapons and wild west "justice" out of my community.
So, move to LA, San Francisco, New York City, Chicago, etc. and the terrible worry about peacefully minded citizens taking legal means to protect themselves from assault, rape, robbery, etc. will never again burden you.
Re:What do you bet... (Score:3, Insightful)
Re:What do you bet... (Score:3, Insightful)
If politicians are that gullible, and stupid enough to take everything said by people with vested interests at face value, then they shouldn't even have the authority to run their own life, forget the country.
The Billon dollar solution is only $20. (Score:3, Insightful)
Um, hello? They were selling nice (and very effective) RFID blocking wallets and passport holders there for $20. If you're flying Feds halfway across the country to attend DEFCON, I'm pretty sure you can afford 20 fucking dollars to give yourself some peace of mind.
Of course, some idiot in Gov will propose a 3 billion dollar project called Protect-A-Fed that will invest thousands of man-hours to devise such a device that could prevent RFID tags from being captured...and 4-billion dollars later you'll have a "new and improved" Government-issue $20 RFID wallet.
Re:What do you bet... (Score:3, Insightful)
Re:What do you bet... (Score:4, Insightful)
Re:What do you bet... (Score:5, Insightful)
The government has done its best for decades to convince the people that militias are full of homicidal maniacs. And no, the National Guard is not a militia. It is a standing army under the control of the FEDERAL government-- and it has to be, because states are forbidden from having standing armies in the Constitution.
Compared with... what? "Putting up your dukes," as one ignoramus once snorted on slashdot? Would you ask your 80 year-old grandma to "put up her dukes"? I bet she could handle a small pistol, though.
Thanks to the 10th Amendment, we do have the right to use hunting rifles. However, the general right to KEEP AND BEAR ARMS is EXPLICITLY mentioned in the 2nd. The "militia" part is not a condition of that.
Re:What do you bet... (Score:4, Insightful)
It's one thing to expose a security flaw, quite a different thing to exploit it. You're right, the Feds shoulda oughta known better; I'm sure the security issues with RFID are being given a closer look at several alphabet agencies as I write this.
You seem to be advocating some sort of vigilante action on the part of the people doing the demonstration, but I think that is exactly the wrong approach if your goal is to raise public awareness. If the people doing the demonstration had dug their heals in and kept the information they harvested, the likely result would have been arrests and confiscation of the information and headlines reading "Hackers Steal Identities of Federal Agents." This would have been wrong as well, and cause for much bitching on Slashdot, but would have done exactly nothing to address the insecurity of RFID.
By volunteering to destroy the data collected, Priest got the best of all worlds - the dangers of RFID were exposed,
as was the ignorance of the general public to these dangers (including the people who oughta know better) and he left them with no opportunity to spin this as a story of Hackers Out Of Control.
Sometimes it's better to go after the big fish, rather than eat your bait.
Re:What do you bet... (Score:4, Insightful)
In fact, I'd say gun ownership does more to prevent crime than it does to encourage it. If I'm a big guy and I figure that I could throttle you pretty easily, but I know that you carry a gun, that may dissuade me from assaulting you. I'm not going to say with 100% certainty that it will - that would be hyperbole. I will, however, assert that it would change a lot of people's minds.
Re:What do you bet... (Score:2, Insightful)
I suppose I should expect to hear something like, "that's different!" Okay, why? What "condition" precludes them?
Re:What do you bet... (Score:3, Insightful)
- Just, merely state that as a Danish citizen I'm happy with the strict gun policy and never regardless of the arguments you may bring up going to find nonrestrictive gun policies sane.
And I am even happier to live in a part of the USA where they don't have to keep guns away from people to keep them from killing each other. I feel very sorry that at some point, your society reached a low point that it was no longer safe to trust fellow citizens with a otherwise useful tool, because they cant be trusted to have sufficient self control over their own actions. (I am not saying gun violence doesn't happen here, I am just saying removing guns would make a insignificant or even negative change)
Where I live, no permit is need to purchase and or carry a gun in public, in your car, or even in 90% of stores (as long as it is not concealed, or $45 class for concealed.) The fact that I am safe with, or without a gun gives me confidence in the people around me. I agree in places where society has broke down, and people can't control themselves may need Gun control if the true causes can't be addressed first. I wouldn't advise giving out guns to people in many areas, I also don't care to live or even visit any of those places.
But also everyone in the US are trusted with access, and many have sufficient skill at machinery/lathes/chemistry/education. With access to those, it is impossible to prevent rapid fire weapons from being brought into existence anyway. So we might as well allow those with safety mechanisms be sold, so that those without don't need to be.
Even in the US it is stupid to kill someone with a gun, they leave to much of a trace, and are so accurate it is very difficult to claim it as anything but intent. It is much smarter to use something like a vehicle/poison/trap since they can then claim it was purely a accident (if caught), and less evidence (distinctive sounds/markings/powders) anyway. By allowing a simple solution, it is easier to catch/get rid of those criminals lazy/crazy enough that they used a gun anyway.
Re:What do you bet... (Score:3, Insightful)
When you join a militia and keep your guns for that, you'll have a point.
You haven't been paying attention to recent Supreme Court precedent [wikipedia.org] have you? That argument doesn't fly any longer. You'll have to find another one.
but putting up with danger from people willing to surrender their rights for the illusion of safety may just be part of the price we pay for freedom
Fixed that for you :)
True, there are other countries that provide freedom (sometimes beyond what's offered here in the US) without the epidemic of gun violence we face because guns
We do have a violence problem in this country. Why are you trying to link it to firearms? Shouldn't the fact that some criminal scumbag is willing to use deadly force upon another human being be more indicative of a problem with him and not with the tool he is using for his dastardly deed? I don't think you make a connection between violence and firearm ownership. There are countries that virtually outlaw civilian firearm ownership that have much higher violent crime rates than the US does. Likewise, there are also countries that have comparatively lax firearm ownership laws that have much less violence than we do.
You can see the same trend replicated right here in the states too. Chicago has strict gun laws and lots of violent crime. Vermont has few gun laws (any non-felon can buy a handgun and carry it openly or concealed without needing a permit) and almost no gun violence. Doesn't that suggest to you that there are other factors driving criminal violence than the availability of firearms?
And I do completely support the right to have hunting rifles.
You do realize that hunting rifles are usually much more powerful than the "assault rifles" that get the gun control crowd all worked up, right? Most common hunting calibers will go through police body armor like a hot knife through butter. Most handgun rounds are easily stopped by the same body armor. Perhaps we need to outlaw hunting rifles and give everybody a handgun?
Re:What do you bet... (Score:3, Insightful)
Re:What do you bet... (Score:4, Insightful)
I am so reminded of a line from The Chronicle [wikipedia.org] along the lines of "How very twentieth century of you", as the character whips out a taser and stuns the miscreant.
There are nonlethal means of defending one's self, these days. While most may only work at arm's reach, that's also the range you're most likely to be at, in a situation you'd want to use a gun defensively. ... and have any realistic chance of it being effective, anyway.
If they weren't out there publicly trying to get our rights taken away, they wouldn't attract crazy people, therefore they wouldn't need the armed security.
Y'know, I wouldn't take that bet. Crazy people are considered crazy in no small part because they use skewed logic, or no logic at all. And "taking away our rights" doesn't really top the agenda of people who need bodyguards. Nor, I expect, the rationale for most assaults upon people who feel a need for bodyguards.
Re:Missing the point. (Score:3, Insightful)
Great, so now Walmart can simply tie my purchases to my credit card and know who I am as I walk in the door on subsequent visits, or walk in the door of any other store they share data with, as long as anything on my person has an RFID tag I wasn't able to find and destroy.
Oh, and anyone else with an RFID scanner who can match it to my face can make the same connection, no credit card required.
Wow, you've actually just made it sound even worse than it was.
Re:What do you bet... (Score:3, Insightful)
If guns are more prevalent, then chances are that you're more likely to have one yourself, so if you fly off the handle, you can use your own in the committing of the crime.
This is such a tired old argument that I'm growing weary of dispelling it. Repeat after me: Normal human beings do not "fly off the handle" and murder other human beings. If they did then we'd also have to outlaw cars (hint: it's much easier to kill someone by running them over than by shooting them), kitchen knives, etc.
We've all been angry at one point in our lifetimes or another. How many of us have allowed the situation to escalate to physical violence? Of those that do how many have allowed it to escalate further to deadly physical violence? Most people are capable of walking away without throwing punches. Most of the ones who aren't are capable of throwing a punch without picking up a rock/knife/gun. The percentage of people who "fly off the handle" and resort to murder is so exceedingly small that I'd worry more about being struck by lightning than running across someone who is going to murder me because I cut him off in traffic.
Have you ever taken a self-defense class? Ever talked to anybody that has a concealed carry permit? Most self-defense classes spend at least as much time on deescalation techniques as they do on fighting techniques. Most concealed carry holders would tell you that having that firearm on their waist makes them less likely to pick fights over trivial bullshit.
I know it's changed my attitude and outlook on life. I don't flip people off on the roadways when they cut me off/tailgate me any longer -- it's simply not worth provoking a situation that may escalate to violence. As far as I'm concerned everybody should carry a firearm. The vast majority of us would be a lot more polite towards each other and the small minority of psychopaths would have to face the fact that their next victim is going to have the ability to fight back.
And yes, while people did bad things before there were guns, it's easier to use a gun than be skilled with a knife or have the brute strength to use a club (e.g. baseball bad, tire iron, etc.)
No, actually it's not "easier" to use a gun to take a human life than any other instrument. Have you ever fired a gun? Ever fired one under a stressful situation when the adrenaline is pumping? Ever fired one at someone who is trying to take it away from you and/or run away? Here's one hint: If your normal group is 2" across when standing at the range shooting at paper targets it's going to be 12" across when the adrenaline is pumping and you are fighting for your life.
Here's another hint: A normal human being does not have the capacity to point a gun at another and pull the trigger unless his or her life is in mortal danger. The small minority of people that can commit murder are so fucked up in the head that I doubt they'd have any issue with using a knife, baseball bat or even their bare hands to do the job instead.
But the Philippines and Poland (and others after them) have shown you can win independence without the necessity of resorting to violence (force?).
How amazingly naive you are. If it wasn't for violence the Polish people wouldn't even exist today. Go read about Generalplan Ost [wikipedia.org] and tell me how you can defeat such evil without resorting to violence.
Re:What do you bet... (Score:2, Insightful)
If you are being robbed at gunpoint on the street, unless you plan to strap a quick draw holster to your leg you will never even have a chance to use your weapon
Ever taken a self-defense class? Go take one and educate yourself. There are lots of things you can do when faced with an armed robber -- chief among them would have been to pay attention to your surroundings so your first indication of the robbery wasn't the gun in your face.
There is NO REASON for the average person to carry a concealed weapon (trained and monitored security personnel excepted of course). In fact it creates an even more dangerous environment.
Who the hell are you to tell someone else that they have NO REASON to do anything or everything? And I like how you qualify that with "average person". You don't get to play that game -- either everybody has the right to carry a firearm or nobody does (and this would include off-duty police officers too). Ever heard of equal protection? We don't have a class system in this country wherein certain people get rights not afforded to the remaining population.
Plaxico Burris (the football player who shot himself in the leg at a nightclub last year), had a license to carry his gun in Florida. What if he shot someone else's leg? Or their head?
Plaxico Burris was a fucking moron who carried his handgun in the waistband of his sweatpants while drinking. He deserves to be punished as harshly as possible for his stupidity but holding him up as an argument for why the rest of us shouldn't be able to carry firearms is absurd. If he's your standard bearer then the rest of us shouldn't be allowed to have drivers licenses or checking accounts either.
Please understand that I am not against guns, I am just against non-law enforcement/security personnel carrying handguns (or assault rifles for that matter), around in public.
No, your just against people being able to use them for their intended purpose. That's so much better.
Re:bar-codes (Score:3, Insightful)
Again, RFID is a great technology for inventory, NOT access control or data storage! It was designed to be the update to barcodes for stores and warehouses to allow computer systems to keep track of the products, maybe include how old they are as well for things that have sell-by dates. Basically to better, more easily manage a warehouse full of stuff without needing an army of people running around with barcode scanners, scanning everything all the time...But it was not designed with security in mind, which is why all these companies and policies that are being pushed to use it in places which have security concerns should get smacks on the side of the head until they realise that this is NOT the product to do it with.
Sounds like a very American perspective... (Score:1, Insightful)
With all due respect I don't think you've considered your argument particularly well.
The trouble with guns is that the actual time it takes to fatally wound someone is effectively instantaneous. From the point of view of someone in a rage it probably takes less than a few seconds to grab a gun, aim and pull the trigger. This can all be done while the shooter is a safe distance from the victim (so they're not in any particular danger themselves).
If you think that is even remotely similar to strangling, drowning, beating or bludgeoning someone to death then I'd love to hear your argument as to why. For one, any of these would take a good minute or more of sustained rage against the victim to actually result in a death. It would be unusual for someone to take out that level of aggression for such a sustained period of time without at least questioning why they're doing it. Secondly the attacker would also be putting themselves in a lot of danger (It's unlikely I'm going to just let someone beat me to a pulp without trying to retaliate).
Stabbing is different obviously, but I consider someone carrying a concealed knife to be just as crazy as someone carrying a gun.
Re:What do you bet... (Score:1, Insightful)
Maybe, but then how do you account for the differences in places with the gun laws - for instance, France has over 400% the number of murders as Saudi Arabia, yet just under 50% less than the US? That tells me there is more to those numbers than meets the eye.
Lies, Damn Lies, and Statistics...
Re:What do you bet... (Score:4, Insightful)
I believe in the 2nd amendment
Make the gun exam hard. Make it so difficult only a few people in a thousand can pass. And make it so that only those people would be allowed to carry guns, law enforcement, military, or otherwise.
Hmm, let's see here. You believe in the amendment that says the right to keep and bear arms shall not be infringed yet you want to set up a system that would only allow 1% or 2% of the population to exercise that right? I hope you can see how those two statements are at odds with one another.
BTW, if you made the test that hard the vast majority of law enforcement would flunk it.......