RE: Government RFID busted

["Hleihel, Mohammed [SOS]" <mohammed.hleihel () sos state ia us>]

I appreciate your humor\sarcasm especially the clever part where you mentioned the "potato, potato" thing. Truly 
priceless and very original. My only take on your comment is that you need to adjust that tin foil hat before you type 
because it's not filtering the many alien thoughts deep inside.

A second advice, if you may, would be for you to pick up a book (or google it?) and investigate what the government has 
and has not done to address such security issues. If you think the RFID idea is bad, fine. Do so and do something about 
it. Don't follow the herd in thinking that RFID in passports is an evil idea meant to control us as a free society.


-----Original Message-----
From: Al Rivas [mailto:ARivas () hyphensolutions com] 
Sent: Friday, February 06, 2009 11:41 AM
To: Hleihel, Mohammed [SOS]; Prodigi Child; pen-test () securityfocus com
Subject: RE: Government RFID busted

Just to be clear, I didn't make such a blanket statement.  I do remember reading on this thread where someone wrote 
something along those lines of an explosive and x number of Americans ... and I support them.  They are correct.  It's 
a possible technique.  And not just against Americans but against anyone.  And targetable to boot.

The ordinance can be placed in a door or hallway and set to go off when a specific RFID is detected.  How's that for 
cheap smart weapons.  A proper shape charge and you may even be able to limit collateral damage, just to show you cared.

As for the government thing, uhm, To the 2 NSA officers reading this (who'll soon be joined by the sitsup behind and to 
the left), let me just say that you are doing a wonderful job and that I've been under the influence of cough syrup.  
No need to come looking for me as I've burned my books about Nietzsche, Human Rights, and Evolution.  The whole 
waterboarding thing, potato, potato I say (hmmm not the same when written). However, I must still mention that as it 
stands, this RFID thing truly reeks of world-class stupidity.


-----Original Message-----
From: Hleihel, Mohammed [SOS] [mailto:mohammed.hleihel () sos state ia us] 
Sent: Friday, February 06, 2009 10:53 AM
To: Al Rivas; Prodigi Child; pen-test () securityfocus com
Subject: RE: Government RFID busted

I didn't say there were no worries. All I said is that you need not give a blanket judgment as in "our government's job 
is to rob us of our privacy and to compromise our security."

There's a difference between listing potential threats to the passport project and what the government has NOT done to 
address such issues, AND to bluntly say that all terrorists have to do is to set an explosive once X number of 
Americans are within range.



-----Original Message-----
From: Al Rivas [mailto:ARivas () hyphensolutions com] 
Sent: Friday, February 06, 2009 9:49 AM
To: Hleihel, Mohammed [SOS]; Prodigi Child; pen-test () securityfocus com
Subject: RE: Government RFID busted

Thank you Mohammed.  I didn't realize you could see "All risks and potential security threats" to study them.  That's 
neat.  So Mohammed says no worries.  I feel safer already.


-----Original Message-----
From: Hleihel, Mohammed [SOS] [mailto:mohammed.hleihel () sos state ia us] 
Sent: Thursday, February 05, 2009 12:38 PM
To: Prodigi Child; Al Rivas; pen-test () securityfocus com
Subject: RE: Government RFID busted

Read more and investigate before making such baseless assumptions.

1- The passport covers are supposed to provide a sheet that hides the RFID signals. Only when a passport is opened 
would a scanner be able to read the stored data.
2- The Secretary of State is working with many agencies regarding securing this project. All risks and potential 
security threats are being studied. The government corporation has been satisfactory to a lot of privacy experts.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Prodigi Child
Sent: Wednesday, February 04, 2009 1:35 AM
To: 'Al Rivas'; pen-test () securityfocus com
Subject: RE: Government RFID busted

I agree that having RFID chips in IDs is a bad idea (Imagine a terrorist in
Beirut checking his scanner "Hmm 5 Americans in the area.. let's go
hunting!") but is a 'war drive' to read the RFID tags from the passports
really useful? It's one of those "duh" things like a study trying to
determine if bears **** in the woods.

I mean, they are doing what they are supposed to do in the first place,
which is be read by RFID scanners, albeit from further away than what they
claimed was possible.




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Al Rivas
Sent: Monday, February 02, 2009 10:58 AM
To: pen-test () securityfocus com
Subject: Government RFID busted

So the U.S. government has had this idea to tag our passports, drivers
licenses etc, with RFID.  Dan Goodin, has created this video showing why
this is not a good idea.  The problem is that technology is growing in
breadth and complexity faster than bureaucrats can wrap their minds around
it.  The vast majority of the decision makers on these programs can't spell
computer and have only slight exposure to . "the internets".  

Someone presents them with a technology, (I'd bet the farm that the
presenter sells that particular technology), and the bureaucratic bean
counter says "Whoopee !  And how much is my cut so I can vote for this ?"

Everyone makes money, and America is safer, they have the PowerPoint Slides
that say so.

Here's an excerpt from the article "Using inexpensive off-the-shelf
components, an information security expert has built a mobile platform that
can clone large numbers of the unique electronic identifiers used in US
passport cards and next generation drivers licenses."

Here's Dan's excellent video showing how he did it :

http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-clo
ning-rfid-passports/


Excerpt from Western Hemisphere Travel Initiative - the project injecting
RFID into government docs.
"Each day, an average of 1.1 million pedestrians and passengers enter the
United States for business or pleasure. In order to facilitate cross-border
travel for U.S. citizens while enhancing the security of our citizens and
travelers, the Department of Homeland Security (DHS) proposes to expand the
use of vicinity radio frequency identification (RFID) technology at land
border ports of entry. The use of this technology will be a key component of
the PASS System (People, Access Security Service), announced in January 2006
by Secretaries Rice and Chertoff as part of their Joint Vision -"Secure
Borders and Open Doors in the Information Age.""