passport
Latest
Western Digital adds three new colors to Passport lineup
While we're sure some folks were just fine with WD's glossy black 250GB Passport, the firm is looking out for those who like their external drives a bit more flashy. Western Digital is now offering up its quarter-terabyte Passport in vibrant green, glossy white and metallic red, but aside from the hues, everything else looks to be staying the same. No official word on price just yet, but it should line up pretty evenly with the black iteration already out.[Via CNET]
Hackers crash e-passport readers -- stage set for exploits
Lukas Grunwald -- last seen cloning Germany's RFID passports -- is back with more "white hat" hackery on the world's new e-passport systems. This time, however, he's crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports. After all, "If you're able to crash something you are most likely able to exploit it," says Grunwald. Lukas was able to crash two passport readers made by different vendors by first cloning a passport's chip and then modding the JPEG2000 image file stored within the chip to create a buffer overflow condition -- the same vulnerabilities which make so many devices (the original Xbox, anyone?) so easily exploitable. Lukas contends that all airport readers are likely vulnerable to such an exploit as they would be using off-the-shelf libraries for decoding JPEG images. Lukas will be demonstrating his latest hack this weekend at DefCon in Vegas. Hmmm, with CES moving to RFID badges this year, we have a funny feeling that attendance is going to be way up. [Via BoingBoing]
Western Digital intros 250GB Passport hard drive
Western Digital has given a boost to its Passport line of external USB hard drives, today introducing a new 250GB model that makes the previous top-end 160GB drive look positively paltry in comparison. While the exact type of hard drive crammed in there isn't clear, like other Passport drives, it's most definitely of the 2.5-inch variety, with the entire enclosure measuring just 5.11 x 3.14 x 0.59 inches. You'll also get the usual complement of pre-loaded software, including Western Digital's WD Sync software and Google Desktop -- no Mac software here, although the drive itself will work just fine. If that'll do, you can get your drive now for an even $200.
Concerns raised over U.K. ePassport warranties
While passing on the extended warranty usually isn't that bad of an idea for most products, when it comes to something as vital as a passport, you might as well bite the bullet and spring for it, just to have that extra peace of mind. Unfortunately, according to the BBC, it seems that officials in the U.K. realized this a little too late, and they're now stuck handing out spiffy new ePassports that have only a two-year warranty on the microchips that make 'em tick, despite the fact that passports are intended to be used for a full ten years. While the U.K.'s Home Office seems confident that the passports will hold up to the rigors of travel, the National Audit Office that discovered the curious oversight is nonetheless encouraging those responsible to inquire about extending the warranty to cover any future potential problems. If that weren't enough, there's also concerns that the necessary scanners for the passports won't be in place throughout the U.K. until March of this year, likely causing delays for travelers in the meantime. Surely they won't have any more problems than that.
Cloned e-passports: your government doesn't care
How easy is it to digitally clone an electronic passport? Very. Using an RFID reader purchased on eBay, white-hat hackers from DN-Systems consulting recently demonstrated to the BBC how they can download British e-passport data to their computer and then write it to a new, blank RFID chip to create a perfect digital clone. Sure, the hack requires access to the software used by border police, but apparently, this is already out in the wilds. Astounding, huh? Yeah, but it's not new. This is the same hack we've seen repeatedly demonstrated in Germany, the US, The Netherlands, Ireland, etc. What's notable here is the lack of incredulity imparted by the spokesman for the UK Home Office who said, "It is hard to see why anyone would want to access the information on the chip." Identify theft, maybe? True, British e-passports unlike those issued by other countries, do not (currently) store fingerprint scans in the chip and the encryption is just one aspect of the passport's overall security. However, with these mechanisms also circumvented, shouldn't our government officials be just a tad concerned?
Rewind! Passport's new ad
The Passport guides are supposed to help you find the coolest things to do in major cities around the world. It hasn't gotten great reviews, but maybe this surprisingly classy (and romantic) advertisement will be able to convince the masses to pick one up. The ad sure beats the heck out of all those other European PSP ads.
Scaremongers dub RFID passports as potential bomb trigger
Sure, we have just as many concerns over RFID-related security technology as anybody, but a new report by mobile security experts Flexilis seems to take things a bit too far. In their report on the lacking shielding of the new e-passports, allowing the passport to be read by a high-powered reader if the book is slightly open, they go on to illustrate the "dangers" of such a security lapse by calling it a potential bomb trigger. Their demonstration involves a passport-toting dummy brushing by a trash can, which explodes once the dummy gets too close. The Flexilis guys even conjecture that a country ID code could eventually be identified in passports, allowing for targeted bombing of citizens from specific countries. The problem with all this, is that any radio-transmitting device could potentially trigger a bomb (phone, Bluetooth device, etc.), nobody has hacked an RFID country code yet, and the situations that would call for this sort of bomb are even more far-fetched than the concept. There's nothing much special about RFID in this regard, other than some security "experts" trying to cash in on the hysteria. Check the video after the break, and judge for yourself whether or not RFID is going to be the hip-cool new detonation system of the decade. We're thinking no.[Via textually.org]
US to launch RFID passports on Monday
Despite the various privacy concerns that have been repeatedly raised in regards to e-passports, the US is going ahead with their plans to launch the system this Monday. Not all newly-issued passports will be RFID-enabled, since mass production has been held up by the ongoing legal dispute over the technology. The first passports to be issued will be those produced during the pilot run of the project, but the full roll-out should be completed in about a year. Including the extra $12 security surcharge slapped onto passports last year, the new and "improved" models will cost $97, the same as they do currently. If you're overly concerned about the security implications or potential apocalypse causation, you might want to nab a passport now, since traditional passports will be valid until their listed expiration date. We'll manage like usual: hills, tin-foil, condensed milk, etc.
Passport to London is your somewhat dumb guide to London
Eurogamer has reviewed Sony's interesting non-game, Passport to London, which acts as a guide of sorts to one of Europe's most popular destinations. The idea of this software is pretty interesting: for example, let's say you're walking around and want to find a museum nearby. Or, how about a hotel? When the sun sets, of course you'll want to find a pub of some sort. Passport also includes pictures, videos and audio features: it has a very Talkman-like feature that gives you some popular phrases translated across multiple languages.While Passport seems to be an intriguing idea, the execution appears to be weak, at best. There is a distinct lack of information: there's only four pubs, one theatre, and even the more famous restaurants like Nobu are nowhere to be found. The review concludes that Passport is "a missed opportunity." Hopefully, future versions will allow for some more interesting features: GPS integration, internet access (so you can make hotel reservations via wi-fi), and downloadable updates are just some of the few ideas that are popping up in my head.
German hackers clone RFID e-passports
Oh snap. First the Dutch get their RFID e-passport system cracked, then VeriChip gets its "counterfeit proof" RFID implant copied by a pair of hackers in front of a live audience, and now some hackers in Germany have undermined some of the security behind the electronic passports that the United States and other countries are planning to implement this month. Lukas Grunwald did the honors this time, and says it took him about two weeks to figure out the hack, with most of his time spent reading the publicly available e-passport standards on the International Civil Aviation Organization's official website. Since all countries will be adhering to the ICAO's standard, his hack should work on other passports as well. Grunwald demonstrated for Wired the whole process of cloning a passport, and even proceeded to copy the data to a corporate smartcard, which when slipped between the normal RFID chip and the reader allows him to have a physical passport that differs from his RFID passport. All is not lost however, since most countries plan to have physical inspections to make sure everything matches up, and information cannot currently be modified on the passport -- but the security failures so far sure don't inspire a lot of confidence.
RFID Passports coming to the US in August
It has been a long and extremely troubled road for the ePassport here in the US, but it looks like they'll finally start hitting carry on bags of non-diplomats late next month. The new RFID tag-toting documents will store all of your personal data, including name, address, nationality, a picture, a digitized fingerprint and just about every other thing crooks would need to take your identity for a joyride. The government is insisting that they've taken the necessary precautions to prevent data "skimming," but that can be a lot trickier than it sounds. Just ask the Dutch. Ultimately, the technology could go either way, acting as an effective method of cross-checking people across a vast security network as they move from country to country, or evolving into an omnipresent grid of surveillance that will spread viruses and confine us all to our homes lest we feel the wrath of cyber criminals or high-tech fascists. So let us know how it turns out, we'll be in the basement with our RFID-blocking wallet and tin foil hat.
Can I have my email address back? (Xbox 360 annoyance #010)
At some point following our gala 48-hour Xbox 360 gamathon, we got the idea to check some funny gamertags to see if they were available. For the sake of this example, let's say we picked "xXDr.UweBollXx" just to have some kicks and play with the free 30-day Xbox Live Gold membership. During the signup process the system requires a Microsoft .NET Passport account to link to the gamertag. The request (though having a slightly Big Brother feel) was understandable, so I entered in my 8-year old Hotmail account (which I've had since it was called HoTMaiL). Recently I undertook the task of transferring my original Xbox gamertag, "persnfrmporlok", to the 360. Here's where it gets ugly.During the transfer process I was again required to link my gamertag to a .NET Passport account, so I naturally punched in my trusty Hotmail address. I was informed that the account already had a gamertag linked to it and only one was allowed. No red flags yet; surely this could be solved simply. I would only need to switch the .NET Passport for "Uwe Boll" to a newly created address (let's call it uweiswonderful@hotmail.com) thus freeing my original Hotmail account to be linked to "persnfrmporlok." Now if only I could figure out how to do it...Right about now you should see where this story is going: I could not change the email address and needed to open a new .NET Passport account for my "persnfrmporlok" gamertag. After several calls to 1-800-4MY-XBOX I was told by a very helpful representative that the linking was "permanent." You see, Microsoft was "cracking down" on people switching email addresses, a practice that was previously allowed on the original Xbox. Cracking down? What does that mean? How could this be abused? The functionality is for our convenience, not for billing; they already have my credit card number, address, and real name! I can assure them that's a much better way of commucating with subscribers than a easily forgotten free webmail account. The sad truth is, despite my long history with that Hotmail account, the increasingly irrelevant Hotmail service is still the slowest, ugliest, and most spammed webmail account I have. For a console that trumpets loud and wide, "It's all about choice" the decision to remove this choice is inscrutable.Xbox 360 annoyances: 001, 002, 003, 004, 005, 006, 007, 008, 009Other Xbox 360 delights: 001, 002, 003, 004
