 |
 |
The
weekly newsletter for the Fed II game by ibgames EARTHDATE: May 7, 2006 OFFICIAL
NEWS |
 |
 |
 WINDING DOWN An idiosyncratic look at, and comment on, the week's net and technology news by Alan Lenton Another week, another Winding Down, but this week I've introduced a new section which will go in as and when it's needed. It's called 'Personal Losses' and it's a round up of reports of losses and thefts of personal data from companies and institutions. Over the last few years I've carried a number of stories about this issue, but they are becoming so frequent now that the loss of personal data is almost not a story any more. That's unfortunate, because for those whose identity is stolen, it is frequently a personal tragedy. So I will continue to report in this section all the cases I get to hear about, which I have little doubt are only the tip of the iceberg. In the mean time, we start this week with a tale about the much hyped RFID 'revolution'.
I've mentioned Radio Frequency Identification (RFID) tags before, mostly in terms of their potential to violate people's expectations of privacy. Those concerns are about the ability of large companies, like, for instance, Wall-Mart, to track details of their customers' purchasing habits. There are, however, a whole slew of other problems with the tags - especially in the realm of the tag's security vulnerabilities. For those of you who haven't come across them before, RFID tags are tiny sensor chips that emit a burst of radio carrying information when triggered by a reader. Over the last few years the prices have dropped dramatically, making the possibility of tagging individual items a reality. The justification is that it helps shops track their inventory, especially in a situation where the shops are using just in time inventory control. What is not generally realised is that RFID tags are also being used for a variety of other things, and are starting to exhibit serious security vulnerabilities. Wired magazine recently published a piece about the RFID hacking underground, and it's well worth a look. The article looks at four or five different cases of RFID insecurity. The first is a system that uses an RFID based smart card to unlock doors as the owner approaches the door. In this case a 'hacker' was able to read out a copy of the tag's emissions and duplicate them, allowing the hacker (who was employed to test the security of the system) to enter the supposedly secure building. The process of obtaining and cloning the card took only a few minutes. Then there was the case of a library using a very common RFID chip based system to control the loans of its library books. In this case the chips had been deliberately left 'unlocked', so that extra data could be added later. The result? A system that could be completely wiped by anyone with a few hundred dollars worth of home made equipment that fits into a jacket pocket. A similar system in a hi-tech German shop called Future Store allowed anyone with similarly equipment to rewrite the prices encoded in the tags - and I doubt that anyone doing so would have made the price higher! Admittedly the shop is an experimental one to show off the possible technologies available for the future. Presumably the demonstration of futuristic shop lifting technologies wasn't intentional! Still on the data addition and changing, there is the issue of placing data - similar to browser cookies - onto RFID chips, to track the activities of users. Imagine putting a cookie onto the toll pass of someone you wanted to track, and then coming back a few days later and downloading all the information about where they had been. Scary, isn't it! Or, how about the guys who cracked the RFID encryption in Exxon Mobile's Speed Pass a few years back. Apparently it took only 30 minutes to crack with a brute force attack - something which is supposed to take several hundred years. The crack would have allowed those involved to get free gas at any Exxon gas station had they been so inclined (and who knows who else didn't reveal that they'd cracked the system and took the free gas?). Finally, of course, there are the much publicised RFID chips that some people have implanted. Yet another security silver bullet for those with more money than common sense. The intrepid Wired reporter had one implanted in his arm. It took only a few seconds for a hacker to read out the ID information and clone it. So, why bother to clone the human, when you can clone their ID? http://www.wired.com/wired/archive/14.05/rfid_pr.html
There was much panic over here in the UK earlier this week as reports emerged that personal use of company computers was going to be taxed in the same way as private use of company cars is taxed - a sort of web surfing tax... It turned out to be a storm in a teacup, caused by a lack of real news over the Easter weekend. What the panicking surfers had failed to realise, is that one of the prerequisites for taxation is that it must be possible to measure, track and collect at a reasonable cost. Otherwise it simply isn't worth it. So, beware of tabloids bearing scare stories... http://www.theregister.co.uk/2006/05/02/no_change_pc_tax/ There were a number of pieces of news on the iThingie front this week. Apple were reprieved in France as a proposal to require the makers of Digital Restriction Management (DRM) schemes to license them to other vendors failed to make it through an important committee of the parliament. Then Apple beat off an attempt by the media companies to institute differential prices for downloaded tunes (i.e. you pay more for popular tunes). Since Apple own about 80 per cent of the market, they are in strong position. It must have been an interesting experience for big media to have someone else in a semi-monopoly position screw them, instead of the other way round. And finally, if you have an iPod, take a look at http://blog.scifi.com/tech/archives/top_5_creative_uses_for_your_ipod.html to see what else you can do with your iPod, other than listen to music! http://www.theregister.co.uk/2006/05/04/french_drm_ruling/ Way back in December 2003 Philips filed an interesting (in the Chinese sense of the word) patent. The patent seeks to patent techniques for preventing skipping ads on recorded programs, not mention channel surfing during ad breaks in live broadcasts. My first reaction to the story was one of complete disbelief - what a bunch of idiots. However, on reflection, I rather like it. I think they should charge mega fees to anyone who stops people skipping ads and channel surfs. Not only that, but they should ruthlessly pursue anyone who fails to pay, and bring them to book. With any luck it will make the whole thing so expensive that the issue will never rear its ugly head again! http://www.reghardware.co.uk/2006/04/19/philips_enforced_ads_patent/ I see that our old partners, AOL, are still deep in the doldrums. Figures for the first quarter reveal that it has lost nearly a million subscribers in the first three months of the year. Subscription income dropped 13 percent (US$236 million), although advertising was up by US$81 million. They've still got 18.6 million subscribers, but at this rate of loss they won't have many more years before they become unviable. Once the subscriber base drops to a certain level they won't be able to sustain the services that do attract people, and the losses will accelerate. The real question is, how long will their parent company, Time Warner, put up with this before it finally rings down the curtain? http://www.theregister.co.uk/2006/05/04/aol_financials/ And our old friends EDS are back in the news and still raking it in. Their first quarter profits are up to US$24 million against a mere US$4 million this time last year. They signed up US$10 bn worth of new contracts in the quarter. How do they do it? Virtually every contract they've done for the government over here is reported as being completely screwed up. One of them, for the Inland Revenue, was so bad that they agreed to pay the money back. Well not exactly. It turns out that of the 71 million UK Pounds (about US$120 million) repayable, 24 million UK pounds (about US$40 million) is actually dependent on EDS being given further work by the British government! It must be fabulous working for EDS - you can write any code that will compile, secure in the knowledge that what you are writing will never go into production... http://www.channelregister.co.uk/2006/05/03/eds_results_naval_contract/ Finally, in this section, one of the most amazing stories of the week got barely a passing mention in the press. Japan's NEC discovered that the entire company had been counterfeited somewhere in China! Yes, really, not just some of its goods, but the whole company. The fake NEC seems to have been operating for several years and had a portfolio of about 50 products - including a number it had developed itself, that aren't part of the real NEC range. The fake NEC even licensed other Chinese companies to use its designs. Now that's what I call style! http://newsletter.eetimes.com/cgi-bin4/DM/y/ewIA0FypUC0FrK0EUlI0EH
Japan - 66,000
subscribers to the newspaper 'The Mainichi Shimbun'
details leaked onto the Internet.
Top ten user complaints
about IT support Computer energy use
under scrutiny Head of visitor
tracking program wants global ID system More upheaval for UK
police IT systems Congress readies broad
new digital copyright bill Congresscritter
proposes fast-tracking a bill or amendment to require
essentially permanent retention of users' Internet
activity data
Thanks to readers Barbra, Fi, and Lois for drawing my attention to material used in this issue.
Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan. Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html. |
|