Sunday, 24 July 2011

Biometrics and parts from the dead

Reading through my New Scientist this week I see that there has been concern about dead parts being used to spoof fingerprint scanners. Severed fingers and fingers removed corpses can be used to enter secure facilities, steal cars or log on to computers.


I did mention this in the book Cold Suspenders, and alluded to the first reported case in March 2005, when thieves stole a biometrics-activated Mercedes in Kuala Lumpur, Malaysia. Attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.  But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they could not bypass the immobiliser, which needed the owner's fingerprint to disarm it. They cut off the end of his index finger with a machete, stripped Mr Kumaran naked and left him by the side of the road.

The New Scientist reports that researchers at Dermalog Identification Systems in Hamburg, Germany, have developed a way for a fingerprint scanner to differentiate between live and dead tissue. It is based on the way living tissue "blanches" - or changes colour - when blood is squeezed out of capillaries, for example as a fingertip is pressed against a reading machine.
Fake fingerprints can be also created by imprinting copies in rubbery gels or silicone plastic. There is a suggestion that a valid user can leave an greasy print on a reader, thereby allowing a subsequent user to gain access by putting his finger near enough to the reader to activate it. That may have been one of the problems at Glenochil Prison.

See: 

Can any system ever be totally secure?
Does more technology actually create more problems?

Sunday, 17 July 2011

New and old Media control

The New Scientist this week talks about how the internet is different in North Korea. The nation puts heavy restrictions on net access. It wants to control what its people learn about rest of the country and world.
Have you ever thought about out how you see the internet? Allow Google to personalise your search results, they will be skewed towards what it thinks you would like to find.

This “personalisation” can be found in other sites such as Facebook and Yahoo.
The New Scientist warns that we could “create digital dictators in our own image”.

Our MP Dr Phillip Lee picked up on this in the recent discussion about News International.
Part of what he said:
 “…discuss media plurality in reality, as it is now in this world. The way in which individuals search for news, and indeed share news, is changing and has changed. As for the idea that the ownership of one news channel watched by a relatively small number of people should concern us greatly, I suggest that the ownership of search engines and social media should concern us more.”
http://www.theyworkforyou.com/debates/?id=2011-07-13a.390.1&s=phillip+lee#g414.2

This was picked up in a Lib Dem Blog.
“The algorithms the search engines use to generate their results are commercially secret and how would we know that they haven’t been tweaked so that news sites favourable to the engine’s owner don’t get weighted higher than those unfavourable? How often when searching does on go past the first page of results?”
This blogger goes on to quote an example from Belgium, where some newspapers disliked Google indexing their pages and pictures. The same papers are now annoyed that people cannot find the newspapers’ stories because Goggle no longer creates an index to them.

Have you checked your settings recently?

Friday, 15 July 2011

Computer scams

I have recently had some of my Ask Alvin customers phoned up by a company purporting to be working in association with Microsoft. They normally get you to look at an internal computer log, and then claim that there are a lot of errors (there are often warnings in these files, but usually nothing to worry about).

Sometimes they tell you that your computer is sending out error reports. They encourage people to download a small application that enables them to take control of a computer. Having spent several minutes doing things on your computer they may at best ask you for money to fix a problem, or maybe worse that will install a “fake” anti-virus program that will not let you use your computer until you pay over money. The perpetrator may ask you for money to fix the computer, or ask you to buy a licence.

I have also had them call myself. I did play along with them for a while just to see where the scam would lead.

The scams are further explained in the following links.

Please be careful! 

Friday, 1 July 2011

What if GPS went out?

A recent edition of the IET Magazine picked up some interesting issues with the GPS system.
In January 2007 the Commander of the US NAVCEN, reported the loss of GPS signals. Navigation equipment for general aviation stopped, cellular phone operations were disrupted, and the hospital's mobile paging system went down.
It took three days to pinpoint the source – a two-hour US Navy training exercise in communications jamming between two ships in the area. They stopped the exercise but didn't report the incident beyond their usual channels because the jamming was not meant to be in the GPS L-band.
A GPS jamming attack on the ship THV Galatea two years later off Newcastle-upon-Tyne showed some of the more subtle effects of jamming. Under low-power jamming, at about the same level as the real GPS signal, the ship's GPS-driven bridge instruments showed plausible but wrong positions and velocities.

Earlier this year in the New Scientist reported on a device that is illegal to use in the US, UK and many other countries. The low-tech devices can be bought on the internet for $30. Sellers claim they're for protecting privacy. Since they can block devices that record a vehicle's movements, they're popular with truck drivers who don't want an electronic spy in their cabs. They can also block GPS-based road tolls that are levied via an on-board receiver. Some criminals use them to beat trackers inside stolen cargo.

Power distribution networks, banking and financial trading systems, broadcasting and industrial-control networks all use GPS timing making them  vulnerable to unintentional or deliberate (the civilian equivalent of navigational warfare) interference.

There is available a backup.
The 100kHz terrestrial radio navigation system eLoran  is a strong contender in the UK and Europe as a systemic timing back-up, according to Dr Sally Basker, president of the International Loran Association. 'GPS is low-power, high-frequency, whereas eLoran is the reverse, which means you get very different failure mechanisms.

I was interested to read about the Loran system, as I wrote interfaces to use these systems many years ago. The Loran system was used alongside, Decca, and Omega systems. One small bit of coding I performed during the late 1970’s was to provide an “autofix” feature for the navigation system for a cable repair ship. The “autofix” would automatically reset the ships position to that given by the satellite system, as long as it was within a set distance of the currently calculated location.

America has just closed down its Loran-C network, which had been used for marine navigation, with no published plans to upgrade it to eLoran

In the closing of its article the IET E&T says - Of course, until there is a major GPS outage, we may not know the extent of our dependency on GPS. Space weather events such as sunspots and solar flares may do the job for us, says Bob Cockshott, location and timing programme director of the UK Technology Strategy Board's Digital Systems Knowledge Transfer Network. 'In 1859 a solar flare known as the Carrington Event electrified transmission cables and set fire to telegraph offices,' he explains. 'That was the limit of the technology then. We don't know enough to be able to predict such events or their effects now.'

There is nothing much to find out about “Hydroplot” on the web. There is an article that I have found:
Later this month Cable Ship Mercury arrives at Immingham dock to be fitted with a new navigation system, Hydroplot, that was developed for the Royal Navy's hydrographers. Widely recognised as one of the most accurate commercial systems available, Hydroplot uses an Elliot 905 computer and signals from US Navy space satellites to pinpoint the ship's position to within 300ft. The £100 000 system, supplied by Marconi Space Systems and International Marine Radio, integrates all the ship's other navigational aids and is able to produce an accurate plot of the route the cable is laid over. This will be a vital aid to any repair operations the cable may require.”

http://vads.ahds.ac.uk/diad/article.php?title=3&year=1966&article=d.288.38

There is also a small mention of the Royal Navy Hydrographic ships here:
http://www.btinternet.com/~warship/Today/hecla.htm
http://en.wikipedia.org/wiki/HMS_Herald_(H138)

An awful lot of natter going on here, but it is interesting how the past may come and help with the present.