* Posts by Anonymous Cowherd

2 posts • joined 29 Jul 2008

Apple skewered over missing DNS patch

Anonymous Cowherd Silver badge
IT Angle

Er, Ted?

You're either have one of the dryest senses of humour I've ever seen, or you're a moron. Just in case it's the latter, please consider the following steps.

1. Write simple Flash advert that will poison the DNS cache for apple.com

2. Buy a campaign on doubleclick.com, El Reg's ad supplier

3. Reroute swscan.apple.com to dodgy IP address.

4. Advertise an update for OS X. Deliver a trojan instead.

That's it. It doesn't matter if you're all patched and firewalled, if the upstream DNS isn't then the next Apple software update you install roots your box.

See that nice banner at the top of the page? Install the iDVD update that came out last Friday? Getting the picture yet?

Blank robbers swipe 3,000 'fraud-proof' UK passports

Anonymous Cowherd Silver badge
Stop

Digitally Signed

Hang on a tick. I'm a bit rusty on the passport specification but it's definitely digitally signed with a Home Office key, which have to be distributed to a Public Key directory, available to the ICAO and "member states", which is presumably anyone with an e-passport scheme themselves [1].

So although you can open a bank account, you'd be lucky to fly anywhere with this without some fairly serious questioning, no matter where you landed.

The real fun would begin if you managed to compromise one of the signing keys. They'd have to revoke it, which at a stroke would flag huge numbers of passports as potential forgeries. Cue mummy, daddy and little Timmy on their first trip to Disneyworld being hauled off to Gitmo instead.

[1] http://www.mrtd.icao.int/images/stories/Doc/ePassports/PKI_for_Machine_Readable_Travel_Documents_offering_ICC_read-only_access_v1.1.pdf

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021