security

This is just silly

Submitted by adam on Mon, 12/28/2009 - 18:19:10
Related Terms :

US Department of Homeland Security Aviation Security Directive.

Boarding Gate
  1. Perform thorough pat-down of all passengers at boarding gate prior to boarding, concentrating on upper legs and torso.
  2. Physically inspect 100 percent of all passenger accessible property at the boarding gate prior to boarding, with focus on syringes being transported along with powders and/or liquids.
  3. Ensure the liquids, aerosols, and gels restrictions are strictly adhered to in accordance with SD 1544-06-02E.

In Flight

  1. Passengers must remain in seats beginning 1 hour prior to arrival at destination.
  2. Passenger access to carry-on baggage is prohibited beginning 1 hour prior to arrival at destination.
  3. Disable aircraft-integrated passenger communications systems and services (phone, internet access services, live television programming, global positioning systems) prior to boarding and during all phases of flight.
  4. While over U.S. airspace, flight crew may not make any announcement to passengers concerning flight path or position over cities or landmarks.
  5. Passengers may not have any blankets, pillows, or personal belongings on the lap beginning 1 hour prior to arrival at destination.

Joel Johnson sums it up well:

I don't want to die on an airplane. I don't want to die in my home while eating an organic bagel infested with parasites that lay eggs on my liver. I don't want to die from starvation or bad water or a thousand other things that I pay our government to monitor and regulate.

But I also don't expect the government to protect from the literally endless possibilities and threats that could occur at any point to end my life or the life of the few I love.

And here is an excellent article on the numbers of terrorism by Nate Silver. Some highlights:

  • Odds of being on a plane which was the subject of a terrorist incident in the last decade: 1 in 10,408,947
  • Odds of being struck by lightning: 1 in 500,000
  • Distance traveled on commercial airlines between terrorist incidents: 11,569,297,667 miles - or 24,218 round trips to the moon - or two round trips to Neptune

Golden Tee is Reeeealy secure

Submitted by adam on Sun, 09/13/2009 - 16:22:13
Related Terms :

Speaking of encryption, I noticed this gem on Golden Tee's website today.
encryption3.png
128 BYTES! As I'm sure you all know, one byte is equal to eight bits (they meant to write bit - obviously).

I really don't want to do the math from yesterdays post to figure out how long it would take to crack 128 byte encryption. Suffice it to say that the universe would be a cold dead blob by the time it happened.

How Secure is Secure Enough?

Submitted by adam on Sat, 09/12/2009 - 22:18:40
Related Terms :

security.png
I stumbled across a picture of one of those keypads you find on some cars such as Fords and it got me thinking about how easy their code would be to break compared to SSL encryption - and why we don't seem to have a problem with that. You also sometimes see these keypads on the front doors to homes and garage doors.

Typically, these keypads have five buttons labled 1/2 3/4 5/6 7/8 and 9/0. I suppose they're labeled as such to trick us into thinking there are ten possible numbers you could press, thus doubling the possible number of permutations - but obviously this isn't the case.

Given a five digit code, with five possible characters for each digit, we see that there are only 55 or 3,125 possible permutations. In a brute force attack, the expected number of trials before the correct key is found is equal to half the size of the key space - in this case 1,563.

Figuring you can key in about one code a second, it should take you about 20 minutes to break the code using a brute force attack. (and no, most models don't have a timeout - nor do they otherwise penalize incorrect codes)

Compare this to the AES-128 standard we use as a key for credit card transactions on the internet. The key uses 128 on off bits for the key meaning there are 2128 or 340 undecillion or 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations! Using a brute force attack, one could assume they would break the code in 2127 or about 170 undecillion tries.

So why do put so much more effort into securing our online CC transactions than we do our physical belongings? Especially considering that a car or a home is a very likely place to steal physical credit cards! (Which are probably far more valuable to a petty thief - I mean, what would you do if you had just a credit card number and security code? You couldn't have anything you bought shipped to your home)

I suppose one explanation is that once a transmission of an encrypted CC number is intercepted, a hacker could take as much time as he likes cracking it in the comfort of his parents' basement. Even then, with a powerful computer program running 1,000 combinations a second, it would take on average 539,156,392,000,000,000,000,000,000,000 years to crack the code. Heh.

I think it's more likely that people are just scared of the unknown. A lot of people probably don't have a good understanding of the risk involved. And fear is good business (Credit monitoring companies, Life Lock - I'm looking at you Todd Davis)

Syndicate content