MetaFilter posts tagged with security

Freedom Flies

dejah420 — Sat, 12 Jul 2008 10:35:45 -0800

The Department of Homeland Security has expressed interest [PDFs] in forcing all commercial airline passengers to wear a taser bracelet that can be used to incapacitate anyone on an airline. This video, from the company that will produce the bracelets, explains how the bracelet would be put on the passenger at the point that they clear security, and would not be removed until they leave secure areas. It would take the place of boarding passes, carry personal and biometric information about the passengers, track and monitor every passenger via GPS and shock the wearer on command, immobilizing him or her for several minutes. DHS official, Paul S. Ruwaldt of the Science and Technology Directorate, office of Research and Development is also excited about the possiblility of using it as an interrogation tool at airports. Ah freedom, who knew it smelled like burning flesh?

TSA gets Xray goggles. No, seriously.

allkindsoftime — Fri, 13 Jun 2008 13:27:54 -0800

Scanners that see through clothing installed in US airports. Good news! No more testing. Time to roll these puppies out. It's OK though, seriously guys. See we're gonna blur the faces when we look at their sexual organs, so everything's cool. K? Prev.

How to steal priceless jewelry: prank call

figTree — Wed, 04 Jun 2008 13:30:20 -0800

Theives bypassed all security systems by simply posing as the security company on the phone These days as a robber dealing with high-tech security systems it seems that it's not about being a hacker or having loads of money to pull off a heist, its about making a phone call, having bear spray, and waiting for a guard to go on smoke break. How UBC jewelry was stolen from the Museum of Anthropology : Thieves make one call essentially saying "Oh ya, we are the company in charge of your security systems, tonight we are doing some tests, so when alarms go off, its just tests, so don't worry about it". Security's reply "OK." The UBC gold jewelry: still missing... Simplicity pays off.

It doesn't matter how much security you put on the box. Humans are not secure.

desjardins — Wed, 21 May 2008 15:12:47 -0800

The AI-Box Experiments. The hypothesis: "A transhuman can take over a human mind through a text-only terminal." Does Artifical Intelligence create moral monsters (PDF) ? Can we create friendly AI?

15 bits of crypto should be enough for anybody

finite — Fri, 16 May 2008 22:01:42 -0800

On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] How bad is it? It's pretty bad. Understand that these keys are used not only for encryption, but also for authentication. The keyspace has been reduced to a mere 32,768 possibilities, and you can already download them all, along with tools to use them. Worse still, in the days before the issue became publicly known, there was a noticeable spike in the number of brute-force attacks on SSH servers, indicating that there has already been significant exploitation of this vulnerability. Partial timeline of events: In May 2006, a bug led to a question which led to the fateful patch being applied to md_rand.c (in Debian's "unstable" development branch). In April 2007, Debian 4.0 "etch" and Ubuntu 7.04 were both released, which was the beginning of the inclusion of the buggy version of OpenSSL in officially-released distributions. The bug remained unfixed through the releases of Ubuntu 7.10 and 8.04. On May 7, 2008, the patch to fix the problem was committed to Debian's source repository, and on May 13 the issue was officially disclosed and updated packages were made available to users. (The patch's availability days before public disclosure of the bug appears to be a violation of Debian's policy.) Here are some responses from Debian blogs, and two from an OpenSSL developer.

Bin Laden Determined To Strike In U.S. Part 2

homunculus — Wed, 30 Apr 2008 18:45:43 -0800

"The United States Lacks a Comprehensive Plan to Destroy the Terrorist Threat and Close the Safe Haven in Pakistan's Federally Administered Tribal Areas" (PDF). A recent GAO report claims that the Bush administration has failed to prevent Al Qaeda's reemergence in Pakistan, and that we're basically right back where we started in 2001.

Bovine terrorism is a bomb in a bull.

Afroblanco — Sat, 29 Mar 2008 12:02:29 -0800

Slate asks, "What's behind the boom in homeland-security and emergency-management majors?"

outsourcing the country

mustcatchmooseandsquirrel — Thu, 27 Mar 2008 06:47:05 -0800

The Governmental Printing Office prints all United States passports but they decided that it was time to outsource part of the work. They claim it is secure [pdf].

NECs new biometric security cam will guess your age, gender, (and it would be nice if it could size you up according to how you dress).

celerystick — Sun, 23 Mar 2008 22:46:52 -0800

NEC plans to market a system later this year that can derive someone's gender and age from images captured with a camera "The system compares the photo against a database of several thousand faces to figure gender and age based on such factors as facial shape and wrinkles. " According to Nikkei Weekly 01/28/2008 Edition. Link goes to Ubergizmo. "It's called FieldAnalyst and it's from NEC. The system homes in on faces of people who pass by the video camera. It then rapidly compares the image against samples in a database. It then spits out what it believes is your approximate age is and your gender." .."NEC scientists may next try to add clothing as a characteristic and classify people by whether they wear a suit or a T-shirt." more here

what did we tell you

Armitage Shanks — Wed, 19 Mar 2008 13:46:38 -0800

The owners of the domain donotreply.com get a lot of mail. [via]