* Posts by aliceklaar?

12 posts • joined 26 Jan 2018

That microchipped e-passport you've got? US border cops still can't verify the data in it



Quote from Virus Bulletin's Martijn Grooten today -

"Researchers note that even without signature validation ensuring data integrity, it would still take technical skill to manipulate the information on an e-Passport's RFID chip "

Yeah Right. Using Linux is like so difficult dude it needs actual technical skills :p

Back in 2007 Adam Laurie was doing research into RFID cards and did the whole Shmoocon / DEFCON / Blackhat tours with RFidiots & hacking an ePassport. He even told the Daily Mail.

However, the U.K. Home Office defended the passports, asserting the hack doesn't make them less secure.

"The key point ... is that the information on the chip cannot by changed, rendering the procedure described by Adam Laurie pretty pointless," wrote Peter Wilson, senior press officer.

Further, a cloned chip would have to be inserted into a forged passport, and new security measures in the passports make that "virtually impossible," the Home Office said, quoting a report released by the National Audit Office.

So here's a link to the pretty pointless procedure of changing your photo "Hackers expose security flaws with 'Elvis Presley' (e)passport" from CNN


Terror law expert to UK.gov: Why backdoors when there's so much other data to slurp?

Black Helicopters

Re: I like this guy

>"So I fully expect uk.gov to try and discredit him and ignore every word he says."

or find him inside a padlocked sports bag in a bath.

Q: is there anyone apart from Metropolitan Police who does not know how to open a locked suitcase / holdall with plastic zip using a biro?

Been bugging the boss for a raise? Now's the time to go into infosec


This, Totally This

>>"Infosec guys (good ones) that I've run into tend to be pretty earthy, down in the trenches, blunt sort of people. That doesn't go down well with execs who just want pictures of rainbows and unicorn shit."

Some of us infosec gals have poor people skillz too



Yes I was lucky.

In the right time and place as an Infosec contractor to pick up the scraps when a major EU project was canned during commissioning. Sold my shoebox in the City and moved into a broom cupboard in Paris. It wasn't easy, but I'm much better with computers than people. I love the job, but there are things you can't unsee. Snowboarding is the cure :)

Thumb Up

> > despite being fucking brilliant at everything ive been asked to do, and doing far more.

>I've met lots of techies who think that about themselves.

I'm just dead good at what I do.

I trade on my reputation, so if I don't have da skillz personally or inhouse then I hire in an appropriate contractor for that job. Now that skills deficit may indicate a training gap and a need for CPD, or perhaps we shouldn't take on jobs outside of the scope of our current abilities.

As has been mentioned elsewhere in this thread, the continuous training and endless certification requirements are a significant and ongoing cost in personnel time and money.


"They also expect you to be no older than 22 or thereabouts..."

I was when I started 18 years ago. Now I'm the boss and most of my teams are 20 - 35ish

To hack Australia and learn its secrets, buy second-hand furniture

Thumb Up

Forget the Leopard - Watch out for the Red Back etc

For a sing along guide to the those dangerous beasties you may encounter

"Come To Australia" by Scared Weird Little Guys


When you play this song backwards, you can hear Satan. Play it forwards, and it hijacks Siri, Alexa


Meanwhile, back in 1994, Dilbert http://dilbert.com/strip/1994-04-24

You publish 20,000 clean patches, but one goes wrong and you're a PC-crippler forever


Re: @foxyshadis

Absolutely totally what @rmason says

"They copped to it, and fixed it. There aren't many better alternatives out there."

MBAM always works for me and the other techs over at the TechNibble fora.

(Hi Nige, Julian, Rob etc)

HitMan Pro gets my worthy mention.

User stepped on mouse, complained pedal wasn’t making PC go faster


Re: Old age + Experience != transferable skills

That's the kind of response that makes me wonder if them "Assisted Living Gated Communities" are to keeps the residents IN or keep the rest of us OUT.

I'm based in the Netherlands at the moment so pack some lunch and FYI don't bring a bat to a CCW :)


Old age + Experience != transferable skills

One of my neighbors is an old dear in mid 60s. She said the Airmail from her new laptop would not work. Email to UK addresses was fine


You see, when she wrote a letter to people overseas she always attached those blue " ->- Airmail / par avion" stickers, so naturally when wanting to email overseas she would turn on the Airmail to make sure it got there faster.


Yes. That blue button with the big white airplane on it.


Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors


Finger etc on the button

It is fairly easy to put somebody's finger / iris on a scanner. Even if they have become recently deceased in custody etc

If I have memorized my encryption passphrase then its going to need a $5 wrench ( https://xkcd.com/538/ )

or Regulation of Investigatory Powers Act 2000 .c 23 Part III Power to require disclosure Section 49

or an orange jump suit with a towel & some water.

As for backdoors - I once wrote an simple program that embedded the password into the header of the file that was encrypted. Obvs this was so we could recover the file when the user forgot his the super sekrit password.

As for metadata... Maltego is still my professional friend

From Register archives - FUD flies as Raytheon reveals social media analysis tool

My comment still applies re "privacy" - Its only a Secret if you don't tell anyone https://forums.theregister.co.uk/forum/1/2013/02/11/raytheon_riot_privacy_hyepgasm/#c_1725101


Biting the hand that feeds IT © 1998–2020