security :: Dushkin.org, home of Adi Ron. Art, ramblings, ideas and designs.

Posts Tagged ‘security’

14
Dec

19:54

Hyperactive security in Israel

Tags airport, arabs, cargo, israel, maman, security, train

Horror stories of airport security aren’t uncommon. Airport security is unfortunately all about guesswork. And guesswork mostly revolves around, well, profiling. “If it quacks like a duck, it’s probably a duck terrorist.” And then the duck gets pulled aside for further questioning.

I so happened to come across this blog post about airport security. Although that story is about the passenger section, or as we cool kids in freight call it, “pax”. Pax usually have these more personal stories and it’s only one in so many who do get pulled out of the line – although, don’t get me wrong, each of them equally sad in its own way. So you guys in pax: wtf?

First, allow me to preface this and say that I personally haven’t really experienced being held up for security for very long first hand - being caucasian and having an Israeli name and passport aren’t really the types of things that get you pulled out of queues. I even had an airport access permit at one point (an “‘A’ tag”). But I do have strong opinions about this whole “security” charade in Israel regardless and thought I’d get this off my chest.

Working in airfreight export at the moment gets me face to face with airport security. Here in Israel, the terminals (Maman and the smaller Swissport) have security teams whose jobs are to identify bombs and so forth so they don’t blow up airplanes. Fair enough, except there’s one tiny problem…

They’re completely, way, way way off. Waaaay off. Customs rarely ever hold shipments for more than an hour or two, and rarely request physical examinations of outbound cargo. But then… there’s security.

If you’re a more casual type of exporter, your shipments are likely to be delayed for about 24 hours on “security status 3″ (can’t fly until further notice). Eventually, they’ll be released (“security status 1″) and hopefully in time for the flight, though you might just find yourself missing a few just because security decided holding your shipment for 24 hours is like, a wise choice somehow and will save planet earth from its demise or heaven knows what.

But here’s what really, really ticks me off. For instance there is one Arab exporter I work with. Based in Ramallah, arab name and all. It’s unmistakable. Their shipments always get held up for security. And we’re talking days here. And then when those shipments are released they enter “security status 7″ which means they can only be flown on freighters (cargo only aircrafts) and that the decision is not negotiable unlike “security status 2″ which will eventually be released. It can make the whole thing much more expensive for the exporter and sometimes means you have to book new flights if you don’t know it in advance.

Seriously? Seriously, guys?

While I’m at it, here’s another story. I take the train to work. Upon entering the station, I have to put my bags through an X-ray machine. In addition to the X-ray machine I have to go through a metal detector in gate configuration to make sure I’m not carrying any weapons. Strangely enough it never goes off even though I have a belt with a metallic buckle and my house keys on me and that usually triggers them at the airport. Then when the train arrives, you can’t board it until the “security examination” (a 23 year old running back and forth, that is) is over.

Oh and did I mention they have 1-2 large dogs they keep around and that all train personnel including drivers are armed with real live pistols?

But the best art is: soldiers carrying M-16s are free to walk in unchecked if they present a slip of paper showing that they’re allowed to carry weapons.

Wonderful…

Comments (2)

21
Jul

10:19

Technology scares me, let me stay backwards!

Tags biometrics, blogs, israel, security, stupidity

Edit: YHBT ;>

This one came to me via a web2.0 service. It’s not very relevant to my interests usually, no, but here’s something that just made me think twice. Apparently there is someone out there on the blogosphere who’s wrong. Surprising! Wrong information, on MY intertubes?

No, of course, even with Israel’s underdeveloped blogosphere and web services in general – even there, some jerk could come in and pour their verbal manure on to a page. It only takes one. This time, it was about Israel’s oh no revolutionary biometrics act.

Turns out somebody’s quite scared, and has been watching a lot of cheap sci-fi to base their fears, too. So apparently the government will start a database with the fingerprints and “facial features” of citizens.

But here’s the thing, unless somebody screws up royally, there’s no reason for this to fail too hard at all.

So I’ll go one by one and debunk a few of the post’s misinformed ramblings.

There will still be other records that will be more meaningful.
Do you honestly think that any government will suddenly start relying solely on this system? Now, that would be stupid, wouldn’t it?

I can assure you, even though I haven’t read about this too thoroughly, that there will be other records, which will hold more credibility over this one.

We have checksums, and they only work one ~~day~~ way
We have this thing called checksums. Algorithms used to generate checksums generate a one way checksum. The only two ways you can find it out are either:

Brute forcing the data yourself
Find someone who already bruteforced a lot of data and use their DB (rainbow tables)

This is most likely how logging into your bank account works.

It’s possible to verify the authenticity of data with a public key
We have the technology right here and now, and it goes one way. This is how it works, roughly. I have a private key and a public key. The private key, combined with a password, applied to data, can sign the data.

Say you have 3 agencies sign the biometric data in that manner and each put it in their respective database. Let’s say the databases are all in separate places in Israel, connected using the government’s internal network (it exists, and it’s not a part of the internet) – how am I supposed to make sure they all agree for my evil “leet hacker” methods to work?

It’s not impossible to crack any (most) systems, but it’s not impossible to abuse others’ stupidity.
So called identity theft can be done using the following method.

Call unsuspecting victim, pretend to be calling from one of the following: the bank, their cell phone carrier, landlines carrier, some charity organization
Ask for unsuspecting victim’s personal information. For instance: credit card number, phone number, some ID number (its local variant), bank account number.
Wait a few days
Call again as someone else! (Go back to 1)

This is real. These things actually happen. And you want to tell me that the weakest link is… an electronic system? Them evil machines! It’s humans, with their utmost intelligent that provide a system of ultimate fortitude! Well, turns out that’s not the case.

I’ll go a step further and say that, no, physical storage of data is not all that safe either. Houses are broken into on a daily basis. As are shops. Sometimes, no matter how difficult it’s supposed to be to get out or in of some place, it happens all the time.

I have a lot more to say, but maybe I’ll just quit. It’s been fun, but it has to end. So there, I presented strong arguments why the fact that it’s a computerized database doesn’t honestly matter.

Comments (8)