Swiss Army Knife maker Victorinox is asking the best of Britain's hackers to try and beat the biometric security built into its latest USB Flash drive-fitted penknife. If you manage it, you stand to win £100,000. The company will be holding trials at its New Bond Street, London shop this coming Thursday and Friday, 25 and 26 …
..are we talking deletion of files, or are we talking a full-on EMP pulse to the electronic brain of the device? Only I can see that being a bit of a problem if you stick the thing in a computer and your webmail provider just happens to be offline at the time.
Still, could be useful for certain government employees who have a habit of leaving things on trains.
Would seem to preclude the option of holding the knife to the throat of the guy who put the file on there and demanding to know what it says...
Its official name
Comes in useful ...
Out in the wilderness or fishing exhibition.
Pass me a Leatherman!
How useful considering if you take it out of the house you get nicked for carrying an offensive weapon!
Fail at knowing the law.
You have obveously never looked into the matter.
Legally you can take a blade of up to 3.5" with you with no legal issues. I know so because I have my penknife with me pretty much everywhere I go.
Police fail an knowing the law, too.
Unless you're taking photos, or look a bit foreign, in which case it will no doubt be counted by the plod as evidence that you're planning some terrorist atrocity.
Look to yourself, before shouting 'fail'...
It's less than 3" AND non-locking. Unless you have a specific reason. (Per S.139, CJA 1989 and subsequent case law (Ignorance being no defence before the bar, and all that... (Also, IA very much NAL, but that's what it said last time I looked))
So, yes, the Swiss Army Knife is fine.
/coat. 'Yes, Officer - I do have something sharp on me'...
Gets access to the internet connection? It's a USB drive.
I bet it's using autorun and a windows.exe - trivially defeatable. Plug it into a mac, for example.
Assuming it has some kind of encrypted partition it would take some time to reverse engineer from the supplied software - maybe more than 2 hours (depending on how good it is) - but given that the both the decryption software and the key are on the drive.. not that hard.
firstly, it gets access to the net from the pc it gets plugged into.... if it's online of course.
victorinox would be utterly retarded to even consider *not* encrypting it. and even more retarded for thinking of using windows.
my bet is, they have an embedded linux kernel on it, and a most definitely encrypted partition.
so it will run itself, and determine whether or not to nuke itself without the need for a certain type of OS on the host computer. that's the only way I see it working as they claim it does.
just one thing, why would it be easy to decrypt an encrypted drive?
the software won't be able to decrypt the drive. you have to give the *device* a fingerprint reading to decrypt it, or a password, not the supplied software. again, mostly betting.
If some guy wins the hundred grand by reverse engineering victorinox's windows software in under 2 hours I'll admit youre right.
in conclusion, sir, i call bullshit.
Hmmmm - simple solution
Plug into a Linux system running a Postfix SMTP server configured to dump all e-mails into a local mailbox. Intercept the message, forge an appropriate reply and send back. Easy money!
Mine's the one with "Security Hacker" written across the back.
Ok thats step one, stop it wipeing itself, now how about the actual hacking it?
which undoubtedly will spawn advertising along the lines of "in trials, nobody was able to defeat our security". Trials being a 2 hour session of pre-selected hackers who have been carefully vetted to ensure that none who are likely to be successful make it onto the list.
No need to preselect
The terms of the competition are cunning enough that they're protected by the law of averages.
You get to keep the device whatever happens, so there is no disincentive to stop non-hackers turning up. This will effectively crowd out the hardcore crackers, who would have been hampered by the unrealistic restrictions. Real-world hackers get more than two hours, and clearly don't play within the law, after all.
term 6b again..
It also seems to prohibit offering a judge 50k to swipe his/her finger over the print.
The print reader does seem to be the standard line-scanner type, so copying finger prints seems trivial in a practical situation, seeing how many nice shiny flat surfaces are available, should you 'find' such a knife.
Give them 2 hrs + 2hrs travelling time to take the device away and hack it. 2h in a store under controlled conditions - unrealistic. 2h is artificial as well, 2 days is more realistic (i.e. time to locate and recover a stolen item).
They won't sell many - try getting on a plane with this...
Turn up, play solitaire for two hours
And go home with a knife and £200 voucher.
Just need to practice the line "my attack is so sophisticatded, you could not possibly comprehend it"
Better than a day in the office
Take some work with you. Sit there bashing out some code, tell the boss you were working from home, and tell them that is your hacking... Looks more realistic than solitare.
1. Tell the police that you think a someone in the Victorinox shop had a memory stick with some animal porn on (of it might have just been the sugar puffs honey monster, it wasn't clear)
2.Police come in and force the decryption under Part III of the Regulation of Investigatory Powers Act
Only hard part is timing it correctly so end of the maximum allowed RIPA time falls within the 2 hour window.
In all seriousness the competition is a bit of a joke, fingerprint scanners can be quite susceptible to fake fingerprints made from a print of the original fingerprint (something fairly easy to pick up in real life but there is no chance of Victorinox providing one).
Mines the one with nitric acid and a microscope in the pocket.
use the knife attached to the usb drive to hack off the finger or thumb that has the key. if you're in a rush just take both hands.
every time somebody shows me biometrics i ask them to google
malaysia machete mercedes
which leads to a grisly story of a man who can only count to nine after robbers took his 'key'.
or if you want hi tech then the german chaos computer club who copied and published Wolfgang Schauble's fingerprint. so if he ever uses his fingerprint for security again it can be accessed by anybody with a little knowhow.
knowing the law fail x2
contains all the relevant links.
on the Victorinox website Both secure flash knives (8 & 16 GB) are 5.8 cm in length (2.3" ) so i guess the blade on it is about 2 inches falling within the legal requirements of maximum of 3 or less inches (not 3.5). Location is also important concerning whether your are breaking the law regardless of the length when carrying any item that could be used as an offensive weapon.
On a distant Desert island...."No worries! i downloaded a Ray Mears survival guide to my Swiss army novelty knife..we're saved! all we need now is a laptop."
So you plug it into someone's PC forgetting about the self-destruct. But he's not got an internet connection. What now? Immediate wipe? Grace period?
The "unknown computer" thing is stupid -- if I want to restrict my data to a single "known good" computer, well I'll use the hard drive in my "known good" computer.
And if I was a data courier transferring secure data between two "known good" computers, I don't think I'd need a pen knife. No-one who genuinely needs this level of data security wants it in a penknife.
It's just cynical headline fodder.
Or a sting?
Applicants will probably be invited to a 'presentation' at which the host will announce that all the doors are locked and all the staff members of the constabulary...
emails the owner IF...
the person is stupid enough to still have autorun turned on. Turning that off is the first thing I do when setting up a new machine.
If that's the level of thinking that went into this, I expect they probably use ROT13 encryption.
I like knives from this source, and have several. Sadly they can't stay in the briefcase though, or they get confiscated at airports. I do not need a 'stick', however secure, which is bolted to an item that may be taken from me.
anyone for ka-bar?
this knife is for loosing it in a train (no protection): http://www.chinawholesalegift.com/Electric-Gifts/USB-Memory-Stick/Swiss-Series-USB-Flash-Disk/Swiss-Army-Knife-USB-Flash-Drive-23162482.htm ;
and this one is either for the complete pacifists or for the province of Cognac' occupational forces: http://www.ahajokes.com/crt919.html .
Machetes, RIPA induced profit and more point's of law than I can shake a stone-from-a-horses-hoof-tool-thing at.
And there was me just thinking it looked quite pretty !
You travel to a country like the States, they take the drive away from you to inspect it, but of course, you are not given access to a computer, so can't reply to the e-mail, and your data is wiped. Never mind that the computer that the drive is inspected on may block unauthorized e-mails or in fact not even be connected to the Internet in the first place. How clever.
OK, OK, I'm leaving now.
What the fuck?
Why?? I mean, seriously, WHY.
Its a knife, a tool to remove stones from horses hooves, to trim my nails, tighten the screws on my glasses, why in the name of all thats holy do i want a usb drive on it??? A torch, now thats a useful addition, a compass, pen, tooth pick, saw, tweezers (see the pattern?) a usb drive???? eh???? Swiss are fucked......
So what happened?
I'd love to know what happened at the hack-o-rama.