funsec mailing list archives

Re: This is scary

From: "John C. A. Bambenek, CISSP" <bambenek.infosec () gmail com>
Date: Wed, 19 Dec 2007 12:02:21 -0600

To be fair, I'd agree with that statement.  If you take the CIA triad as
gospel for security, it *is* impossible to make wireless truly available
over RF.  I imagine it is theoretically possible to protect against MITM and
that kind of stuff, but for it to be available, especially in a combat
environment, runs into some problems with the physics.

On Dec 19, 2007 5:04 AM, Larry Seltzer <Larry () larryseltzer com> wrote:

So you're saying it's impossible to make wireless communications secure?
This is a rather bold statement. I've never heard anyone go that far
before.

And let's assume the worst, one of the boxes gets stolen and any local
security features on it fail and there's no way to remotely disable it.
What abuse can you do with a fingerprint database?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of scott
Sent: Tuesday, December 18, 2007 11:52 PM
To: funsec () linuxbox org
Subject: Re: [funsec] This is scary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Linking back to a database through a RF medium is inherently
insecure.Almost regardless of encryption or RX methods.Satellite,
notwithstanding.
MITM,possibly?Corruption of transmitted data?

Also,just getting a hold of a box or laptop could set someone up in a
bad way!Same as now,only stepped up a notch.

Any thoughts?

Larry Seltzer wrote:

Why is it scary? Police have been using fingerprint evidence for about

100 years.

Larry Seltzer eWEEK.com Security Center Editor
http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message----- From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org] On Behalf Of scott Sent:
Tuesday, December 18, 2007 8:56 PM To: funsec () linuxbox org Subject:
[funsec] This is scary

- From the Washington Post
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/30/AR2007
11
3002302_pf.html

snip

Duong's most recent innovation, the Joint Expeditionary Forensics
Facilities (JEFF) project or "lab in a box," analyzes biometrics.
It will be delivered to Iraq at the beginning of 2008, the Navy said,
to help distinguish insurgents from civilians.

"The best missile is worthless if you don't know who to shoot,"
Duong said.

Betro said the military has been scanning the irises and taking the
fingerprints of Iraqis, feeding a biometrics data base in West
Virginia
<http://www.washingtonpost.com/ac2/related/topic/West+Virginia?tid=inf
or
mline>. To date, a few ad hoc labs have processed about 85,000
pieces of evidence taken from weapons caches or roadside devices.
Duong's mobile forensic labs, with an initial budget of $34 million,
will be deployed all over Iraq.

snip

Hmmm.When is this going to be in the hands of every cop on the street?

Scott


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



- --
<b>redhowlingwolves</b>
<br>Web:<a href=http://www.hacking-passion.com/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHaKNoxajqy/aNaRsRAm0IAKCbht2jzkBKycMjlmQVntW2DvObFgCfb1p9
XU8tv7IVNJgxF9ydpcrNLVU=
=J/Zh
-----END PGP SIGNATURE-----

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

This is scary scott (Dec 18)
- RE: This is scary Larry Seltzer (Dec 18)
  - Re: This is scary scott (Dec 18)
    - RE: This is scary Larry Seltzer (Dec 19)
    - Message not available
    - RE: This is scary Larry Seltzer (Dec 19)
    - RE: This is scary Gadi Evron (Dec 19)
    - RE: This is scary Larry Seltzer (Dec 19)
    - Re: This is scary der Mouse (Dec 19)
    - Re: This is scary John C. A. Bambenek, CISSP (Dec 19)
    - RE: This is scary Larry Seltzer (Dec 19)
    - RE: This is scary Gadi Evron (Dec 19)
    - RE: This is scary Larry Seltzer (Dec 19)
    - Re: This is scary scott (Dec 19)
    - Re: This is scary coderman (Dec 19)
    - Re: This is scary coderman (Dec 19)
- Re: This is scary Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 19)
  - Re: This is scary Brian Loe (Dec 19)
    - Re: This is scary Dude VanWinkle (Dec 19)