Security is mostly theater: you are forced to take off your shoes or surrender your shampoo, but random testing of airport security checkpoints reveal that their highly trained personnel routinely miss test bombs which are placed in luggage to test the effectiveness of screeners. An alert comes in, and we are supposed to “achieve a state of higher awareness”, which usually means glaring angrily at those people who look Arabic. Or Muslim, whatever muslims are supposed to look like. It would be hilarious if it weren’t serious.
Over at Boing Boing, Cory posted a brief message about wiretapping, and supposedly gave you an mp3 that you could play to disable remote wiretapped recordings.
Boing Boing: HOWTO trick wiretaps into thinking you’ve hung up
Like most things, there is a grain of truth in this: but Cory didn’t tell you enough about what you needed to know to determine what was real about this and what was not. Luckily, I know where this idea came from. If you are interested in why playing this tone might actually defeat a wiretap, and how it actually works, check out the papers by Matt Blaze et. al here. I’ve attended a number of talks and demonstrations from Matt, and he’s one of the cleverest individuals I’ve ever met, with a special talent for matters relating to security. All that I know about safe cracking can be safely attributed to his influence.
Take that however you like.
[tags]Security, Wiretapping[/tags]
This is history,as you will see if you do the links. Wired posted this in Dec 06. The paper it is based on was written in 06. It was about security and included recommendations to fix the bugs in the technology. Its nearly June in 07. Surely with all the money being spent on cops in the name of fighting terrorism they have fixed that, but even if not, the article states that this only applies to certain technologies. Other common technologies are OK. In any event the feds all know about this because it was written for them and circulated to police agencies. So hang up the phone already if you are paranoid. Or use your computer and do voice encryption.
You’d think that it would be history, but as we all know, many security exploits in software take a long time to propagate even when fixes are available, because not everyone performs security updates. In this case, there are all sorts of actual physical devices in the field which have this kind of exploitable vulnerability, and it is unlikely that this equipment has all been replaced, no matter what funding level and priority you think government officials would place on this issue. I recall that Matt reported that the newest generation of devices were being created with “compatibility” modes which duplicated this vulnerability.