There's a reason why my cat doesn't need two-factor authentication Access denied. Enter Access Code. That's a good start. Just a few moments ago I was handed a card on which is written, in blue ballpoint, a newly compiled string of alphanumerics that is supposed to identify me as a unique user. Oh well, maybe I fumbled the buttons. Let's try again. Access denied. Enter Access Code. I am …
The problem is, and always will be people. Imperfect lords of systems that require perfection to function.
And, for all we like to think it is always the user doing something wrong, anybody in the chain of managing accesses/credentials is liable to make a mistake, which then gets amplified by human nature so the rumblings of discontent among the users who just want to get on with their job.
Whoever figures this out will die so obscenely rich that they'll be able to return Magrathea to glory, and biometrics don't count.
it's not the figuring out, it's the convincing others to listen and act.
What happened to the time honoured 'guy' at a desk with an unlock button?
Once upon a time it would be someone there who might have carried a little responsibility, and hence still had a little pride and a considerable amount of gumption. And would been able to help because they weren't tied to a limited set of procedures.
The next stage will be an unmanned installation, then they'll be no one for the confused, the desperate and the annoyed to go and seek advice, reassurance or vent on. Just a phone number backed by another machine.
I worked at a site which used the guy on the desk with an unlock button approach for a while. 6 stolen exec saloons later a card reader was installed. Most of us drove a variety of older fords, vauxhalls etc and the security guards could not really be expected to know everyone so any car was let in to the car park. When the 'exec' then turned up in the top of the range merc /audi/bmw the security guard would hit the gate release. Unfortunately some local scallywags had taken to stealing local ford and vauxhalls driving in tot he car park and then parking up the stolen rust bucked and treating themselves to a 'free upgrade'.
This problem disappeared completely once a swipe in swipe out system was installed.
The problem there is not the guy with the button, it is the procedure itself.
You cannot expect to have any semblance of security if the guy who should enforce it has no way of knowing who he is supposed to let in. You say "the security guards could not really be expected to know everyone". Well, if you want security, then yes, they should. At the very least, they should have had a list of license plate numbers and checked that every car was in the list.
The fact that the problem was "corrected" with a swipe system simply means that that was the point when authorized people were known. A guard with the proper information would have been just as efficient.
When personnel stayed with a company for longer than 6 months, then yes it would be possible for the guard to know everyone. Now, not so much. Even at companies with low turnover, the guard himself is a contractor who's replaced in less than a year. Systems "Analysis" promotes efficiency, they say.
A LONGGG time ago,after a visit to Swansea University, I started to go there to use JANET and (just about) the internet.
I wasn't a student there, I'd never been a student there, I never worked there, or had any official association with the place, but I would drive in in the evenings, say to the security guard that I was "going to the computer department", and he'd raise the barrier and let me in.
After a while, they'd recognise me, and always open the barrier on my approach, with just a smile and a wave.
I'd even chat to them when they were doing their rounds.
I wasn't doing any harm, and justified it to myself that I was a deterrent to the thieves that were know to creep on campus from the nearby parks. But still...
As a former academic I can confirm JANET was wonderful. Back when dialup was the only option at home a JANET link at work meant you could just download stuff to disk instead of waiting hours for it to timeout on you at home.
Also sending what was, then, large email attachments was a synch on JANET. You got asked if you really intended to send a large file, clicked 'yes' and it went. Try that at home and you got a 'file too big' error there was no getting around.
Now with cable broadband the differences are slight. But still, a JANET and an ATHENS account would be nice again.
a card reader was installed
Access to our car park at work is controlled by a number plate reader - there's a small camera pointing at the area in front of the gate (a BIG steel one - you ain't gonna get through even if you try to ram-raid) that works about 98%[1] of the time.
When it doesn't, there's a button that connects you to reception where they have access to the camera feed as well. They ask your name and, if that name matches the car registration, they let you in.
It works pretty well for standard number plates - I have yet to try it with the old black and silver plates on my wifes' Morris Minor (which is also registered on the off-chance that my nice modern, warm car is for some reason unavailable).
[1] You have to approach at fairly low speed and following the normal angle that will take you into the gate normally. Some people try driving straight towards the camera and that's what seems to give the highest failure rate. Presumably, the software is applying motion correction to the image that expects people to be driving on the normal route in..
Access to our car park at work is controlled by a number plate reader
Here in NZ we have vanity plates. The site that sells them has software where you can put in the plate you want and see what it would look like in the various styles available.
It won't accept an existing plate, but I'm sure I can do 2 runs and get a couple of images I can then 'modify' with Gimp to get a decently printable fake plate that'd fool the camera. I doubt I'd even need the same colour of car, let alone make & model.
Hopefully your security is better than something I could fool with a couple of hours of work - and most of that is getting hold of a plate the system already knows!
(If I knew the font the plates use, I could probably even bypass using their website for it - of course I can simply do a few runs to get the full 36 characters)
A guy at a desk, as described by the poster above can be tricked.
A machine can also be tricked, just by very different methods.
The possibility for an untrickable guy exists but isn't scalable, no matter how much he eats
The possibility for an untrickable machine exists but we haven't figured it out yet.
"The possibility for an untrickable machine exists but we haven't figured it out yet."
IS it possible? Or does it become a problem of Decidability, which has been proven to not always be possible (the Halting Problem disproof is an example of a problem of Decidability that's proven to be impossible to solve).
Untrickable systems are going to be very difficult because the primary purpose of the system is to work for the user. Because it's standard is to allow access to the desired resource, the system is inherently weak. The way most technology companies have solved this is to make that point of access just an extension of a larger ecosystem which allows better control of that endpoint. For fixed hardware solutions this isn't totally effective but it's better than nothing I guess.
IS it possible? Or does it become a problem of Decidability, which has been proven to not always be possible
To answer that, we'd first need a formal definition of "untrickable", which is itself an intractable problem.
For nontrivial security systems, it's usually impossible to precisely partition behavior into valid and invalid. Given enough time to argue, system experts can usually find some edge cases for which they can't agree on validity. And if your gold-standard panel of human judges can't agree on what the system's behavior should be (or whether that behavior is correct) in a particular case, then by definition you can't say whether the system is correct - you have no rubric.
So in the general case, perfectly-secure systems are not possible, because they can't even be specified.
agree to accept them back for a sufficiently large bribe...
... and hold them enough time for the kidnappers "cross the Central, Southern and Middle Western States, and be legging it trippingly for the Canadian border."
Sorry, couldn't resist...
I used to work at a place where you had to go past a solder who had a gun. If they didn't know you, you didn't get in. Worked quite well. Obviously the first time through you had to be introduced by an already known person who had the authority to do so. I wonder how the very first person got in...
The next stage will be an unmanned installation, then they'll be no one for the confused, the desperate and the annoyed to go and seek advice, reassurance or vent on. Just a phone number backed by another machine.
Not "will be". Has already become.
Often the phone call doesn't go through, because, you know, phones.
What a time to be alive.
And those actively looking to subvert the system either go around it or use the system against itself (send in associates to stop or block the security system while they attack elsewhere)
If something needs to be done and security is in the way, security is bypassed. Something that IT security people often forget.
The fire inspectors would have something to sat about that.
There is also the question of applying sufficient force to create a new access point. Many years ago the IRA arranged the delivery of a car bomb to my place of work. I wasn't there at the time but I heard that the explosives experts, of whom wee had a few, were considering taking out a section of the back fence.
But an opposing IT pro will find a way. (as I have at work with our office 365andabit ad to get email without a browser or federated machine).
Sometimes we just want to work but that offen conflicts with being secure (after all, I've yet to see someone compromise a machine that's not working with out dismantling first)
Two sets of rechargeables. Run one set, charge the other set as soon as they come out. As it appears this is a frequent event, self-discharge is not an issue (with the batteries, I can make no assumptions about the owner, but I digress). As it turns out, the IKEA 2500mA ones are actually made by the right factory and will thus last quite a while.
"Two sets of rechargeables. Run one set, charge the other set as soon as they come out."
Except, of course, there will come a time when you need some batteries for something else. NOW! So you take the on-charge set (or some of them) and forget to replace them until it's that 3am of the night before you are due to set off on holiday.
Well, the cat flap doesn't tend to move very far away from the back door; and the back door, in its turn, doesn't tend to move very far away from the kitchen. So there is no good reason for it not to be primarily mains powered. It does have a disposable 9V battery for back-up purposes. I should probably check that, actually .....
Until there's a power cut, then the battery UPS kicks in, if only all battery UPS's could be implemented with a 9V battery... More than once my UPS has squawked in the middle of the night when there's a brief outage and the two year old 12v cell has already expired,.. Grrr, what's the point...
Now we are getting somewhere. Cartoon Authentication Technology, or DOG for short... Maybe we should investigate X-Factor Authentication where in order to get in you have to correctly identify contestants from prior series. Of course, we do all need to upgrade to BGT encryption as exports of AGT have been restricted.
Thank you, I’m here all week. :-)
Yes, Although it is far less likely your cat will be kidnapped and waved at the gate entry system
The main reason for this being that with everything from the elbow down turned into bloody shreds and ripped tendons, waving a cat at an RFID reader tends to be somewhat out of your reach.
(he Does Not Like being picked up, even by us)
(he Does Not Like being picked up, even by us)
Mine likes being picked up, especially by those he doesn't like.
Brings those juicy eyeballs closer....
(Icon coz that's what your face looks like if you piss him off - and if you're not bleeding then you're seriously pissing him off!)
These chips ... presumably they are mass-produced and if you know the right runes you can product a device that responds in the same way as the chip that was surgically embbeded in <insert victim here> and which is prohibitively difficult to change.
Thing about cats is ... no-one actually wants to impersonate a cat.
Exactly. It's a fixed code chip I can clone in a few seconds. Sadly, though, that's rarely of use if you are locked out and have called me.
If you were a target, though? It could be very useful for your attackers to have a catflap sized hole to insert things through, that was thought "rfid secured".
Security at the expense of usability, comes at the expense of security.
Make it easy to use and secure, and it'll work.
Make it easy to use, and people will at least use it, even if its only a minor security improvement
Make it secure, and people will try and work around it to make it easy to use, screwing the security. - we see this all the time: "Password1!" emergency exit doors propped open so people can come and go for a smoke etc.
I worked at one place where the security system was not just an inconvenience, and failure to prop-open the firedoors actively stopped the organisation from functioning.
Picture a secure datacentre with access via airlock/tube doors. Extra feature was a weight test to ensure you didn't walk out with kit....
The challenge, you walk in with a case full of tapes, you load them into the drives, then you cannot leave because there is too much difference between your entry and exit weight... Cue propping of firedoors to allow tape librarians to function without being imprisoned for a weekend...
That one extra control downgraded access controlled, airlock doors to propped open doors to external car park with no access controls at all. You couldn't make it up...
Secure building with access via airlock/tube doors.... In the event of a fire all the fire doors open all around the building. Once the emergency/drill/test is over all the staff have to enter one by one via the 3 tubes in the main entrance. It's a very, very long queue!
Years ago I was at a meeting in a BT building in central London. All entry was via card-operated turnstiles minded by security staff, barely enough room to squeeze through with a briefcase. Visitors were signed-in to get temporary cards.
Fire alarm went off (somebody burnt the toast in the kitchen, yes really) and we all evacuated into the street. When the alarm was over 15 minutes later we all re-entered via the firedoors helpfully held open for us. No checks, we could have been accompanied by any passer-by who joined the crowd, carrying anything.
One client I worked at had a warehouse sized building kitted out as a call centre, which had several sets of airlock/tube doors down the sides to track people in and out.
Chatting to the security manager in advance of an upgrade to the swipe card system, he told me they'd had an incident where the server had failed, the doors had failed safe, i.e. opened, in the middle of the night and a fox had wandered in setting the burglar alarm off!
This post has been deleted by its author
Either the previous set of tapes needs to stay on site for earlier backups, it is stored in a safe inside the security door perimeter, or someone else is responsible for moving it to wherever it is going. In the last case, they probably have a similar problem though there might be some administrative level key that deactivates the weight check that the previous poster did not have available.
Either the previous set of tapes needs to stay on site for earlier backups
On site, yes. Inside the computer room, no. At the very least they would need to be stored in a data-rated fireproof safe, and putting that inside the computer room itself would be monumentally stupid from a DR view and a waste of space anyway.
it is stored in a safe inside the security door perimeter
Even if they did that, there's always a moment that that safe is full and tapes have to be taken out and stored elsewhere. Or all sets of tapes can be kept in that safe, in which case you only need to replace individual tapes that show more than $somevalue media errors. Which you do per ten or so, storing the bad ones in a dedicated temporary receptacle next to the safe. Again, the same number go out as go in.
or someone else is responsible for moving it to wherever it is going.
Which again is just stupid, because you want to minimize access to restricted areas. Swapping the tapes in one go does that.
"On site, yes. Inside the computer room, no. At the very least they would need to be stored in a data-rated fireproof safe, and putting that inside the computer room itself would be monumentally stupid from a DR view and a waste of space anyway."
Why? I've seen many places where the safe was stored near the computer room, usually next door. The major reason for doing that was security--I.E. the computers and the backups were inside the same security area, and could be dealt with by the same team. The theory was that the safe would protect the tapes no matter where it was stored, and that there could be an additional security problem if tapes were stored in multiple areas and had to be moved frequently between those places.
"Even if they did that, there's always a moment that that safe is full and tapes have to be taken out and stored elsewhere. Or all sets of tapes can be kept in that safe."
This leads me to the next point, which is that this safe could be on-site storage only, with another person responsible for moving them, which brings us to:
me: "or someone else is responsible for moving it to wherever it is going."
Response: "Which again is just stupid, because you want to minimize access to restricted areas. Swapping the tapes in one go does that."
Yes, it does. However, there may be multiple roles. We have technician guy, whose job it is to move tapes around and ensure the systems have media to write the new backup to. We also have information security guy, whose job it is to make sure the tapes are brought to off-site storage or a separate on-site location securely. New tapes are brought to the technician to load into the machines as required, and the security guy comes when needed to remove the tapes after stuff has been written to them, possibly several hours or even days after they've been written. Technician guy is not allowed to leave with a potentially heavy box of tapes, because they could use that vulnerability to leave with something heavy that is not a box of tapes. Security guy is allowed to do this, because they installed or are trusted by whoever installed the security system. Technician guy could remove a box of tapes to make the weight the same, but they are not supposed to do that and could face penalties if they did, hence the problem mentioned in the post.
I see a couple of problems with that, real back-up security requires a double set of tapes with one set to be removed to off-site secure storage asap after being written in case of a serious disruption on-site, so business can restart in a DR center. Luckily, with modern technology, we now can have mirroring systems that are sufficiently far apart to survive most disasters.
"Security at the expense of usability, comes at the expense of security."
So what happens when usability DIRECTLY opposes security AND there must be a minimum standard of BOTH for it to be usable? Does that mean practical security cannot be made for this situation?
what happens when usability DIRECTLY opposes security AND there must be a minimum standard of BOTH for it to be usable?
Security is a trade off. You secure something because it has value. If securing it to an acceptable level of risk costs more than it's worth then it's not worth securing it. Cost can be direct financial cost but also encompasses losses due to reduction in ease of use.
With regulatory requirements in business it's a little different but still pretty easy. If your business can't generate enough revenue (value) to secure it enough to meet the legislation and still make a profit then it's not a viable business case and you don't do it. But again, it's a numbers game - you secure it to the point where you think the likelyhood of prosecution is low enough.
This balancing act is no different from when costing out safety measures, by the way. ALARP is enshrined in IEC 61508 and its derived standards which are used as the basis for safety legislation in the EU and elsewhere.
That's one of the most important degrading factors in security: time. Gear wears out and isn't updated timely, software goes out of maintenance or is just never patched, people get used to processes, procedures are not kept up to date - all of these are why 3rd party audits are a good thing.
I have been in some place in the centre of [famous city] where all the Internet connections come together, and as nobody told me I needed my passport it was at the hotel. It was nice that they accepted a business card, but the one I grabbed turned out to be someone else's. I only realised it when they greeted me by the name of the client I visited the day before :). I left it at that because I didn't have the time.
Ditto in a data centre where almost all the banks run their backup systems: you had to show passport or ID, and then sign in the visitors log. As nobody checked what was written, I didn't write my name but someone else's (I notice these things :) ).
My cats teleport in and only use the cat flap to bring in mice and birds which they then play with for 5 minutes. They then release them to hide under the fridge or flap up to rest on the highest ledge. Often the victims are leaking blood and/or have broken limbs, just so that the cats can say how cruel the humans are, putting wild creatures out of their misery.
Where I used to work, you'd have to swipe into the "secure" car park, but the barrier would open itself on exiting. It was a joy to watch the bin men pull up, one would hop out, walk past the barrier and locate a large wheelie bin. He'd then push it over towards the barrier... and hey presto! Access granted.
But then security authentication is one of those functions whose philosophical concept is hampered by self-contradictory details of its own design. To pick a topical example, it is the right of European Union citizens to enjoy free movement between EU countries without being stopped by border controls. However, how can the border controls know whether you are an EU citizen or not unless they stop you to ask for your EU identification? So it's only by presenting your passport or ID card that you can exercise your right not to have to present your passport or ID card.
FoM is more about having the right to live and work on equal terms in other EU countries.
Schengen is the right to not be stopped by border controls. If you fly from a Schengen country to a Schengen country, you won't have to present your passport/ID card in the destination country. If you go by car, you won't get stopped at the border, you just pass the country's roadsign (if there is any) and be happy you've taken back control.
The counterpoint to FoM and Schengen is having to register your residency and having to possibly put up with more stop and search.
Silly rEU countries, if they didn't have FoM (the UK is about to get rid of it) and didn't have Schengen they could have intra-EU border controls and stop and search just like the UK... all the responsibilities, none of the rights. Who'd vote for that? Oh.
I happen to live near the eastermost side of the Spanish-French border, which have crossed plenty of times, and so I'm quite experienced on how things actually work.
First of all, the theory behind the freedom of movement relies in that once you're inside the Schengen Area you can move freely even when this implies crossing internal borders. If you're a legally EU citizen, well, you're already inside; while if you come from outside you would have had your papers checked at the point of entry so, if allowed entry, you have the same freedom of movement, only restricted by the visa expiration or the 90/180 rule.
Of course, things don't work like this at all: there are plenty of people who are inside the Schengen Area but don't have the legal right to be, but once they're inside, they would actually enjoy the freedom of movement if border controls were non-existant as required by the Schengen treaty. The problem arises for two reasons: first, no country wants these people in their national grounds, so they are quite happy to let them leave, while at the same time they don't want even more people to enter. Also, when a person without right to stay is detected, the country who found him is the one who have to repatriate, and this costs money.
So the game on this border is an agreement between the national police forces on each side consisting in "if I found someone coming from your contry to mine without right to stay, I'll return back him to you". While this is explicitly forbidden by the Schengen agreeement, both countries have found excuses to keep these controls up and running: France with its eternal almost but not quite entirely red Vigipirate alert level, Spain with his "I can require your compulsory ID anywhere on the country for no reason at all" law. Of course, once such person is returned back the other state just leaves him alone knowing that, sooner or later, he'll manage to cross the border.
Meanwhile the EU legal citizens are constanty pestered by these pantomime controls.
Extra fun fact: when I went on holiday near the westernmost frontier, I managed to cross many times without any control at all. Which was surprising given the (fortunately past but then still dormant) ETA terrorism issue there. However, if you notice that the Africa-Europe migration axis through Spain runs on the eastermost side...
When I lived in Belgium I theoretically had the right to passportless travel around the Schengen area. Except my national ID card had "foreigner" stamped across my face and according to the rules was not valid as an ID document for me to travel - and therefore I had to carry my passport anyway.
But in theory airports are designed so that people flying within Schengen don't have to pass through checks, and there are none on the internal borders. Which is a bit less true since the Paris attacks and the migrant crisis - where some of the (illegal if more than 6 month long) "temporary" measures are still in force a few years since.
The Schengen area does not allow passportless (or ID-less) travel, it's borderless travel, there's a difference.
Residency cards aren't valid for travel in other EU countries, you need your own ID for identifying yourself, although residency cards help explain extended stays in the Schengen area or why you're bringing other non-EU family members with you.
I don't think anything I said about Schengen and FoM contradict anything you said about the games French and Spanish police play 1km from the border. In fact I did mention more stop and search within countries.
I've never been stopped and asked for ID anywhere in the Schengen area, and I live within it. I guess I must look too inoffensive.
I haven't been stopped or searched anywhere either. I must look inoffensive and white enough, and don't wear a beard you can hide a chicken in. The white bit can be disturbingly important. I remember travelling back from a conference in Istanbul with a Ugandan PhD student. We both had only carry-on luggage, and I noticed we would land on Schiphol airport early, so we might be able to catch an earlier train, but my student was rather pessimistic about our chances, given that he always had to open EVERYTHING and have everything inspected closely by the customs officers, despite having all valid paperwork (passport, residence permit). He was also the nicest, most inoffensive, and good-natured person you could ever meet. He was, however, in possession of just about the darkest skin you could have.
I suggested he walked just about half a step behind and to the left of me, and kept his mouth shut, as we passed the "nothing to declare" customs gate. I strolled past with an "I-am-far-to-important-to-be-stopped" air worthy of Moist von Lipwig, which meant the officer duly ignored me. He was about to stop my student, when I turned round and said "He's with me" fairly sharply, whereupon the officer duly waved him through. This sudden change had an element of "if the black boy is with the white massa it's OK" to it that I found disturbing, but I decided not to raise that issue.
My wife has similar experiences when arriving at Schiphol, even though by now she has a Dutch passport. To balance things out, I (a rather melanin deficient blue eyed male) experience about the same when arriving at Noi Bai ;) It gets slightly better when our two sons are with us as they also have Vietnamese passports and a distinctly not Vietnamese family name (mine).
This is the fun bit of a UK resident, EU citizen married to a non UK/EU national: the moment they marry, the non-EU party inherits the EU residency/work rights, and after a few years they can apply for their own passport. It's even more fun for the kids: if born in the UK, they are entitled to 3 separate passports: 2 of each nationality, and a UK one on account of having been born there..
unless one of your parents was born here too!
It isn't quite that strict:
If your parents were not British, Irish, EU or EEA citizens when you were born
You’re automatically a British citizen if when you were born at least one of your parents was living in the UK and had any of the following:
indefinite leave to remain (ILR)
right to re-admission
right of abode
If the parent that meets these conditions is your father and you were born before 1 July 2006, he must have been married to your mother when you were born.
You’re also automatically a British citizen if at least one of your parents was in the UK armed forces and you were born after 12 January 2010.
See here.
The rules for Dutch citizenship upon birth are stricter.
OTOH
A few years back we were meant to be travelling by train from King Cross to Brugges for a short family holiday. But that was the weekend of a major catastrophe North of Paris ( or thereabouts) so rather than taking the information provided at Kings Cross ( "Go home") I reasoned that the old routes must still work and, eventually, got the station staff to admit this and sell us the tickets we needed.
It was much more fun going that way ( even with two young kids) but crossing the border was really disappointing. I'd secretly dreamt that the train would have to stop at a check point and wait for the uniformed border guards to come marching down the train checking our "papers" before we could continue. Not a bit of it. Nothing. The only way we knew we'd gone from France to Belgium was the station names stopped being French.
The only way we knew we'd gone from France to Belgium was the station names stopped being French.
The first couple of station names in Belgium were in French as well. Depending on the route, the first non-French station name you encountered may have been in Brussels, where there are both Dutch and French station names.
and this differs from external borders, how?
It's the "weakest link" problem, it requires all Schengen members to trust the border controls for all externally-facing members. Needless to say, they don't, but dislike saying so quite so bluntly. Instead they come up with various reasons why they, exceptionally, have to maintain their own checks.
Then imagine the fun you can have, being a citizen of a non-EU non-Schengen country whose government had in place visa waiver agreements with most Western European countries before Schengen came into force. These agreements are still in force. The Schengen countries are obliged to respect them, regardless of the 90/180 limitations and regardless of time already spent in other Schengen countries. And there's a convenient chain of nations, from Scandinavia down to Spain, every one of which says they'll grant you a 60-90 day visa on arrival.
If you can prove you were legally in each one of that chain of countries, and in the country you're in at the moment, it's possible for such a non-EU citizen to stay in the Schengen area for nearly two and a half years. Legally. Visit the UK somewhere in there, however briefly, and with the right timing you can reset the clock entirely.
And then try explaining that to the NESB plod who asks to see your passport.
Might be like our new-build office in France. The security post at the entrance was designed to comply with the standard company rules, which were managed from the central facilities site. In the UK. When drawing up the site plans, someone forgot that the French drive on the other side of the road, so the whole entry/exit layout is a mirror image of how it should be. It was only noticed after construction was complete, so they just swapped the In and Out signs...
Many years ago I had one of those four way locking cat flaps and a local cat used to come in and eat my cats food. I set it one day so that the poor thing couldn't get out and it got quite a fright, it never came back. Maybe this could be applied to humans, I would love to see some naughty thieves get stuck in buildings.
Security always seems to exemplify an invalid syllogism: secure systems are inconvenient, therefore inconvenient systems are secure.
It follows that a keypad at an inconvenient height is more secure than a normal one. When it starts to rain, it becomes even more secure. Presumably somebody thinks that criminals are deterred by minor inconveniences - "I was going to rob the bank, but the queues were too long, so I couldn't be bothered."
If you draw attention to the difficulties of using most systems, you will get a sympathetic hearing. If you do the same with a security system, you're treated like the sort of feckless moron who leaves a key under the mat.
"Security always seems to exemplify an invalid syllogism: secure systems are inconvenient, therefore inconvenient systems are secure."
I can see where you're going, but can you provide a solid example of a system that is BOTH highly secure AND dead easy to use. The problem being ease of use tends to eat into that security by becoming a weak link.
We have automatic cat flap for the upstairs part of the house, it indeed eats batteries but two cats found a way to pass it without a chip. They just lift the flap towards them with their nails. Well the smartest one found out how her sister just learned how to do it.
I think the point was that anyone that works in IT security, and then posts all kinds of information about themselves on social media, shows a sincere lack of discretion. Someone that really is an expert in IT security should know better than to give people like Mark Fuckerburg any of their information.
'So you think Facebook & Google haven't correlated your burner email to your real one?'
Ah yes, this is obviously to be expected, but that's why there's (burner)² and (burner)³ email accounts...the trick is in the juggling, making sure the various accounts never cross-talk, When using (burner)² and (burner)³ accounts I use different local machine login accounts than my normal one and never use the same IP number as my main connection to check them from..
Google most definitely know about one of my burner email accounts (I made the mistake of sending my sister@gmail an email from it..analysis would match it as being very similar in character to the ones she has from my.account@gmail to her), as to Facebook, never had a real FB profile, I had a fake one for 'research' associated with one of the (burner)² level email accounts, always checked from a vpn or tor connection, never posted anything, never fiended(sic) anyone etc. etc., it took them over 8 years to figure out that there was something a bit 'wrong' about it...they then wanted a scan of a passport/ID card to keep it active... for gits and shiggles I was going to fake an ID card scan (It's amazing what fun high-res resources you can find lurking out there amongst torrents) but decided I'd had my fun, and scratched that (burner)² account from my lists.
Now, I wonder how long VK will take to spot the one lurking there?
But the statement was about blogs. Those methods of releasing information that are often entirely self-hosted, require little in the way of data release, and can be done anonymously. I think security blogs are useful; they alert people who are not security focused about important things they should consider, while the more technical ones allow security focused people to obtain more information about specific events or research they haven't studied exhaustively. This without requiring the editing. that would be needed if these posts were to be published on a news site. I fail to see the security vulnerability here.
Employees working in security-critical environments have been known to get chipped in the fleshy bit between thumb and forefinger, allowing them to open electronically locked doors by gesturing an Air Wank.
So contractors or employees in high turnover companies end up with many chips? Something wrong about this....
I think they end up with a nice scar on that part of their hand after their chips have been repeatedly inserted and removed. Either that, or they end up willing to demonstrate their appreciation for the external access token by using their previous chip and its container to smash the hand-slicer.
And then there is the border crossing between California and Oregon, two states in the USA. You have to stop and declare what type of vegetation you are bringing into the State of Oregon in order to lessen the risk of transporting pests from California that might harm Oregon's pristine (snicker) agriculture and forests. Oh, and heaven forbid they catch you with a trunk load of alcoholic products purchased in a California or Nevada grocery store - in Oregon they have state regulated liquor stores with high taxes and well, they likes their taxes.
There are restrictions on carrying dairy and meat products in and out of N. Ireland (no foot & mouth in NI), and there used to be a ban on condom sales in the Republic (they could be imported for personal use). My father tells stories of sales conventions with secret meetings in Dublin hotel rooms where suitcases of "samples" would be opened and packets of Durex swapped for Hafner's sausages...
"However, how can the border controls know whether you are an EU citizen or not unless they stop you to ask for your EU identification? So it's only by presenting your passport or ID card that you can exercise your right not to have to present your passport or ID card."
You are wrong there. The idea is that checks are performed at the EU's exterior borders.
Once you're in, you're free to go.
And as with most things EU, the idea is great, the execution horrible.
"The system also allows my cat to entertain himself by sitting indoors, looking though the clear plastic flap and waiting for other cats to come near. When they do, he leans forward so that the electronic detector unclicks the flap, daring the other cat to enter, then chuckles to himself as the potential intruder bashes its head on the door just as it locks itself again automatically."
I'd love to believe that actually happens, and isn't just artistic license!
I'd love to believe that actually happens, and isn't just artistic license!
I'm pretty sure it's realistic and not artistic license. I've seen my cat do some really intelligent
QUICK! He's not watching for the moment. Someone call the police! This moggy is freaking dangerous and.. OH SHIT HE"S SEEN ME TYPING! CALL SWAT HELP! Nice kitty, nicepaosiudrfvvvv 7-
" it is the right of European Union citizens to enjoy free movement between EU countries without being stopped by border controls. However, how can the border controls know whether you are an EU citizen or not unless they stop you to ask for your EU identification? So it's only by presenting your passport or ID card that you can exercise your right not to have to present your passport or ID card."
Well no, that is not how it works: within the core "Schengen" area, there is freedom of movement, passport is only shown when you enter that zone from outside. Inside it you are free to cross the border between Spain and Portugal etc as often as you like with no passport.
Within that, countries have the right to reimpose a border in certain emergency conditions, or indeed to not join the Schengen zone at all as per the case of the UK which had already opted out of a number of major initiatives such as this.
NHS Numbers were at one time only given after you registered the baby, sometimes weeks later. So they set up a system to give your baby an NHS Number at birth in the maternity unit. I had literature about this on my desk at my GP clinic, when a farmer came in and saw it and proclaimed "so they are now chipping babies at birth!
The article read to me in favour of that approach. Its easier for the cat. So we should be chipped a birth with a place on an immutable block chain, until quantum computers....
The trouble is we only get criticised if something goes wrong, more then me jobs worth. So the default is to overdo it. Its easier to measure security breaches and failure than it is to measure ergonomics and human happiness. That threat of being sued, reprimanded, is also that which is driving the NHS to the wall. Since this default now requires us to over diagnoses, over treat, go for screening turning the nation into the worried well. The Daily Mail will only go for the missed diagnosis, not the "human interest" story the the millions of over-treated, scared populace we have harmed, even killed. Most of those over-treated will believe they are cured of cancer they were never going to die of. So you can never have too much health care, never have too much security, even when it is harmful.
The cat analogy is not always true. I took over looking after my ex's cat who was chipped when she was a young. My ex had bought a chip id cat flap which was fine at first. However, after a couple of years it stopped working but was quite happy to let her other cat in. A trip to the vet discovered that the chip had migrated under her skin to her rear right leg which meant if she learned to reverse into the house then all would be fine. She now has two chips and depending which one is picked up by the vet, she'll either be returned to me, or to my ex if she goes missing.
“talking about security in public is likely to make yourself a target and therefore less secure“
And the thought I was having at the very moment I read this was, I wonder if anyone would go to the trouble of tracking down and borrowing the cat to clone it’s microchip and send an animal of their choice into the house.
(Pets may not have programming skills but their humans might...)
This post has been deleted by its author
your cat almost certainly got cancer now....tends to occur roughly two years after 'injection' on average, nothing for him to be chuckling about....
Pats elderly moggy quietly snoozing on lap Thinks [CITATION NEEDED]
(Spent some time searching for this myself - 2 cats out of a mere 3.7 MILLION - wow, that's a really scary high incidence!)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
