Re: I guess you could call this Not Good News

[David Farber <dave () farber net>]

________________________________________
From: Peter Wayner [pcw () flyzone com]
Sent: Saturday, March 08, 2008 7:12 AM
To: David Farber; ross () stapleton-gray com
Cc: Kevin Poulsen
Subject: Re: [IP] I guess you could call this Not Good News

It's even worse than this. Do you know what an FBI badge looks like?
I was rather surprised that it didn't look like the one in the
beginning of the "X-Files". Of course, it makes sense that the "X-
Files" wouldn't use anything close to the real thing, but the fake
version starts to eat into your brain.  After a few episodes, the
real one starts to look a bit odd.

Then it gets more complicated. The FBI agents aren't issued business
cards by the government. They have to buy their own. And so they buy
them from different print shops that use different master files and
so they all have slightly different business cards. The naive
assumption is that they're all consistent and so the real agents
actually look like they've been faking the business cards, which they
are in a way because there's no real certificate authority for
business cards.

Now, let's mix in another layer of imprecision, the law. The warrants
or subpoenas themselves, if they even exist, may or may not be real.
In one case in my home town, Colonie, one of the town's lawyers
started issuing "criminal subpoenas" to Time-Warner cable to
investigate a whistleblower. Let's give her the benefit of the doubt
and assume she really believed she had the authority to type
"criminal subpoena" on the top of a piece of paper. She didn't and
the town had to pay about $225,000+. (See Albany Times-Union: "Misuse
of criminal warrants to silence critics ", Jan 19 2007)

Then there are sketchy agencies that may or may not be real, like the
LA bus company that had it's own police force and "anti-terrorism
unit.' If the terrorists start hitting buses, it will sound like good
preparation. But given that one guy tried to use his anti-terrorism
credentials to deal with the crash of a Ferrari, it makes everyone
wonder what other things the guy would do with his badge that may or
may not look like a badge from the beginning of the "X-Files."

So let's say you're a network administrator confronted by someone
with a badge that doesn't look real, some business cards that look
like they came from a print shop and a piece of paper that says it's
a warrant. Do you comply? Or do you just give them a fat pipe to
their headquarters and let them sort it out?

http://www.latimes.com/news/local/la-me-ferrari3mar03,0,1423392.story

http://www.cbsnews.com/stories/2006/03/03/national/main1364895.shtml


On Mar 8, 2008, at 3:37 AM, David Farber wrote:

> ________________________________________
> From: Ross Stapleton-Gray [ross () stapleton-gray com]
> Sent: Friday, March 07, 2008 11:17 PM
> To: David Farber
> Subject: Re: [IP] : I guess you could call this Not Good News
>
> At 06:04 PM 3/7/2008, David Farber passed along the bad news that:
> > Denny Kelly says "a guy walks up with that and says 'hey I'm FAA,
> > here's
> > my badge' there is nothing they can do about it, 'ok go through'."
> >
> > More then 100 FAA credentials are now floating around unaccounted
> > leaving
> > travelers unsettled and uneasy.
>
> I'm sure that many others will weigh in, but seriously, FAA, get
> real.  The
> problem is far worse than that 100 or so *real* badges/credentials are
> floating around, it's that all of these airline employees are
> conditioned
> to admit someone on the basis of a single, readily-forged token.
> (Since
> you've got, what, a hundred thousand plus people who've been
> trained to
> recognize and pass someone bearing such a thing, you've got that many
> people who know enough to tell you what a real one needs to look
> like, when
> you're cobbling up your fake one.)


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com