Dailydave mailing list archives
Re: The paradox of our security measures
From: "I)ruid" <druid () caughq org>
Date: Tue, 03 Jun 2008 22:06:11 -0500
On Fri, 2008-05-30 at 17:59 -0400, Dave Aitel wrote:
Like Anti-Virus and IDS, RFID is another cool example of how adding a security measure ends up reducing your security.
You're statement is a little misleading regarding scope. The mechanism is meant to increase security of the Olympics by (supposedly) creating a mechanism for provable identity, and I'll give them the benefit of the doubt without reviewing the overall security system that the identification mechanism is intended for that it does so, however what it does do is effectively reduce users' personal *privacy* (security://confidentiality) due to vulnerabilities of the identification mechanism itself. Adding the mechanism didn't necessarily reduce the security of the system it was intended to be used within, as the privacy of the users was probably not one of their design goals (they probably just care about identifying people traversing security checkpoints). Rather, it just had a really nasty side-effect which undermines a lot of protections and controls of different system altogether (reasonable expectation of personal privacy and the existing protections thereof). Anyhow... RF snarfing people's dox as they use their vulnerable ID to traverse a security checkpoint has a special kind of irony to it, and is funny as hell. Bonus points to whoever turns one of the jumbotrons at the games into an Olympic wall of sheep and broadcasts the snarfed info directly to it. (: BTW, is Laurie on this list? I'd really like a tour of his bunker next time I'm near London... -- I)ruid, CĀ²ISSP druid () caughq org http://druid.caughq.org
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The paradox of our security measures Dave Aitel (May 30)
- Re: The paradox of our security measures Parity (Jun 04)
- Re: The paradox of our security measures I)ruid (Jun 04)