Tuesday, January 30, 2007

Pentagon, CIA check U.S. suspects' bank records

Gov't continues to use national security letters to investigate people thought to be terrorist supsects. Letters have been used in up to 500 investigations according to a recent CNN story.


Saturday, October 28, 2006

Phone locks if owner gets to far away

An interesting new security feature is available in a Japanese phone, it locks if the owner gets too far away. Facial recognition can also be used as additional security:

Here's how that works. Owners must first take at least three photos of themselves with the phone's camera. Up to 10 can be shot, in various situations — with and without glasses, with and without makeup, indoors and outdoors. Then, if the facial-recognition feature is turned on, before accessing the handset a user has to take a picture of himself with the camera. The phone analyzes features such as distance between the eyes and unlocks if the image matches the stored data. A separate function recognizes whether the eyes are blinking — in case someone tries to show the owner's photo to gain fraudulent entry. Not only that, a four-letter password can be added to this process, to guard against an identical twin getting unauthorized access.

The phone can be tracked via sattelite if lost. The security is a good idea since this phone, like other Japanese phones, can be used as credit cards or prepaid cash.

Monday, October 23, 2006

Credit cards & RFID

Credit card companies are now experimenting with RFID. What sounded like a dubious idea to me in passports, now sounds almost ridiculous. Quoting from the Engadget blog:

"Our latest security problem du jour is that credit card companies are apparently issuing plastic that relays your digits wirelessly; as you might have guessed, security researchers are checking into this, and in a demonstration for The New York Times, easily hacked a University of Massachusetts computer science professor's newfangled RFID credit card. In short order (and with his permission), a researcher working with RSA Labs was able to steal the professor's name and credit card number that was being transmitted in cleartext -- thereby poking massive holes in Visa, MasterCard and American Express' claims that these card include "the highest level of encryption allowed by the U.S. government." Predictably, the credit card companies have already dismissed claims that the populus will be greatly affected by this hack. Brian Triplett, senior vice president for emerging-product development for Visa, told the Gray Lady: "This is an interesting technical exercise, but as a real threat to a consumer - that threat really doesn't exist."

Check out the tech report, from the NYTimes. It details the supposed RFID credit card vulnerabilities.

Thanks to a Stanford colleague for pointing out the credit card RFID story that appeared in the NY Times.

Makes you think again about what's in your wallet, doesn't it?

Web www.npr.org
www.cnn.com www.nytimes.com