Month: December 2017

As If Flying Didn’t Suck Enough Already

If you thought flying already sucked due to the Transportation Security Administration’s (TSA) security theater, get ready for things to become even worse as the various TSA security bypass packages lead to an ever increasing number of security lines:

But as the plan moves forward, we’re seeing all sorts of new wrinkles that most observers had never even thought about. More types of vetting means more types of passenger (Global Entry passengers, No Fly List passengers, risky-but-unvetted passengers), and sorting through all of those passengers is tricky. Even if you can match all of the faces to tickets, you still have to get all of them to the right security line at the airport — so the most recent development has to do with lines. This fall, Homeland Security released two new contract solicitations focused on making airport lines smarter and more complex. One focuses on measuring how long a line is, basically a thermometer for how well all of this is working. The second one calls for “intelligent traveler wayfinding” technologies to direct people through the ever-more complex lines that are clearly on the way.

In the near future you will have to find the line that corresponds to the amount of money you gave the TSA. TSA PreCheck? Line 2. PreCheck+? Line 14. PreCheckDeluxe? Line 27. You didn’t pay the TSA any money for preferential treatment? Get over to that long line in the corner and accept that your wait time will be several hours, pleb.

Venezuela Tries Its Hand at Creating a Failed Cryptocurrency

A cryptocurrency managed by the same regime that tanked the economy of a country that has vast natural resource wealth? I can’t see how this could possibly go wrong!

CARACAS (Reuters) – Venezuelan President Nicolas Maduro looked to the world of digital currency to circumvent U.S.-led financial sanctions, announcing on Sunday the launch of the “petro” backed by oil reserves to shore up a collapsed economy.

The leftist leader offered few specifics about the currency launch or how the struggling OPEC member would pull off such a feat, but he declared to cheers that “the 21st century has arrived!”

I’m doubting that we’ll see any technical white paper about the Petro since that would solidify implementation details and I’m guessing the Venezuelan government’s plan is to have a cryptocurrency it can change on a whim.

Physical Access Isn’t Necessarily Game Over

I swear Apple fanboys are some of the dumbest people on the planet. Quite a few of them have been saying, “If an attacker as physical access, it’s game over anyways,” as if that statement makes the root user exploit recently discovered in High Sierra a nonissue.

At one time that statement was true. However, today physical access is not necessarily game over. Look at all of the trouble the Federal Bureau of Investigations (FBI) has been having with accessing iOS devices. The security model of iOS actually takes physical access into account as part of its threat modeling and has mechanisms to preserve the integrity of the data contained on the device. iOS requires all code to be signed before it will install or run it, which makes it difficult, although far from impossible, to insert malicious software onto iOS devices. But more importantly iOS encrypts all of the data stored in flash memory by default. Fully encrypted disks protect against physical access by both preventing an attacker from getting any usable data from a disk and also by preventing them from altering the data on the disk (such as writing malware directly to the disk).

macOS has a boot mode called single user mode, which boots the computer to a root command prompt. However, if a firmware password is set, single user mode cannot be started without entering the firmware password. The firmware password can be reset on machines with removable RAM (resetting the password requires changing the amount of RAM connected to the mainboard) but most of Apple’s modern computers, some iMacs being the exception, have RAM modules that are soldered to the mainboard.

Physical access is especially dangerous because it allows an attacker to insert malicious hardware, such as a key logger, that would allow them to record everything you type, including your passwords. However, that kind of attack requires some amount of sophistication and time (at least if you want the malicious hardware to be difficult to detect), which is where the real problem with High Sierra’s root exploit comes in. The root exploit required no sophistication whatsoever. Gaining root access only required physical access (or remote access if certain services were enabled) to an unlocked Mac for a few seconds. So long as an attacker had enough time to open System Preferences, click one of the lock icons, and type in “root” for the user name a few times they had complete access to the machine (from there they could turn on remote access capabilities to maintain their access).

Attempting to write off this exploit as a nonissue because it requires physical access requires willful ignorance of both modern security features that defend against attackers with physical access and the concept of severity (an attack that requires no sophistication can be far more severe than a time consuming sophisticated attack under certain threat models).

Check Your Fire

Whoops:

Making an arrest can be challenging for law enforcement officers, even bordering on chaotic at times. During an attempt to arrest a suspect, one police officer misjudged the destination of the taser prongs and, instead of just hitting the suspect, ends up firing a prong into his partner. During the tasing, the officer fell, hitting his head against the pavement.

To the officer’s credit, he did hit the armed criminal.

Rookie Numbers

These are rookie numbers but at least they’re increasing:

There are nearly twice as many guns in the average gun-owning household today as there were 20 years ago, according to new Wonkblog estimates based data from surveys and the Bureau of Alcohol, Tobacco, Firearms and Explosives. In 2013, there were an estimated 8.1 firearms in the typical gun-owning household, according to these data. In 1994, the average gun-owning household owned 4.2 guns.

I wonder how much that number has increased since 2013.

Establishing gun ownership numbers in the United States, thankfully, is very difficult. For the longest time gun control advocates have been claiming that gun ownership rates are declining. When National Instant Criminal Background Check System (NICS) checks, a number that is released by the Federal Bureau of Investigations (FBI), shows record numbers the gun control advocates claim that it’s just the same gun owners buying more guns. When it’s pointed out that there is a record number of new carry permits being issued and record attendance at shooting competitions the gun control advocates cover their ears and start screaming, “I can’t hear you,” over and over again.

My point is that by almost every metric gun ownership rates in the United States are increasing. This is good for many reasons. Politically it is becoming more expensive for politicians to attack gun rights. While politicians don’t care what they’re constituents they are naturally lazy bums who would rather chase an easy victory than one that will result in them having to listen to a bunch of plebs complain to them.