Full Disclosure mailing list archives
Re: THC releases video and tool to create fakeePassports
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 22 Apr 2009 11:54:49 -0400
Incredibly, last week, after performing a series of security tests on the passport application process and discovering some failures, the US GAO still state they don't know much about the fraudulent methods: http://www.gao.gov/new.items/d09583r.pdf
Ironically, all their fancy methods for "detecting fraud" discuss cross-checking the SSN of the applicant, when in fact, the SSN isn't even required to process a passport application (although the IRS can technically fine you $500 if you don't). Ever actually READ the back of the passport application? The relevant information is at the top of page 3 http://www.state.gov/documents/organization/100004.pdf Heck .. you can get a passport without any ID *at all* if you bring a "family bible record of your birth" and somebody that can vouch for your identity (see page 2 of the above application). Oh .. and the funniest thing of all on the application .. bottom of page 4 : "The electronic chip must be read using specially formatted readers, which protects the data on the chip from unauthorized reading." "specially formatted" .. meaning anything from this list? : http://rfidiot.org/index.html#Hardware Regards, Michael Holstein Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: THC releases video and tool to create fakeePassports M.B.Jr. (Apr 21)
- Re: THC releases video and tool to create fakeePassports Michael Holstein (Apr 22)