lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <49EF3DC9.1000206@csuohio.edu>
Date: Wed, 22 Apr 2009 11:54:49 -0400
From: Michael Holstein <michael.holstein@...ohio.edu>
To: "M.B.Jr." <marcio.barbado@...il.com>
Cc: "Pruett, Mike" <mpruett@...avision.com>,
	Full-Disclosure mailing list <full-disclosure@...ts.grok.org.uk>,
	schneier@...neier.com
Subject: Re: THC releases video and tool to
	create	fakeePassports


> Incredibly, last week, after performing a series of security tests on
> the passport application process and discovering some failures, the US
> GAO still state they don't know much about the fraudulent methods:
> http://www.gao.gov/new.items/d09583r.pdf
>   

Ironically, all their fancy methods for "detecting fraud" discuss 
cross-checking the SSN of the applicant, when in fact, the SSN isn't 
even required to process a passport application (although the IRS can 
technically fine you $500 if you don't).

Ever actually READ the back of the passport application? The relevant 
information is at the top of page 3
http://www.state.gov/documents/organization/100004.pdf

Heck .. you can get a passport without any ID *at all* if you bring a 
"family bible record of your birth" and somebody that can vouch for your 
identity (see page 2 of the above application).

Oh .. and the funniest thing of all on the application .. bottom of page 4 :

"The electronic chip must be read using specially formatted readers, 
which protects the data on the chip
from unauthorized reading."
 
"specially formatted" .. meaning anything from this list? : 
http://rfidiot.org/index.html#Hardware

Regards,

Michael Holstein
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ