Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Political/War Lounge > FBI raids Indiana University grad student's apartment

FBI raids Indiana University grad student's apartment (Page 2)
Thread Tools
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 04:22 PM
 
Originally Posted by besson3c View Post
Marden, I think I can safely say that I'm not the only one that has a hard time understanding many of the things you say the way you say them, and I think it can also be safely said that these misunderstanding occur frequently enough by non-partisans and partisans to make dumb generalizations like you are doing here (ironically likely based on your own emotions).

So... whatever.


I'm also not an idiot, perhaps you should keep this in mind the next time you might be wondering why your antics aren't particularly popular around here the next time you feel compelled to carry on one of these bizarre and obscure experiments of yours.

I could have told you the results of your experiment even before carrying it out: making emotional statements is not a partisan trait.

Really dude, you need a swift kick of humility in your ass... You don't have all of the "facts" straight anymore than any of us here, you have your perceptions and opinions, just like any of us here. It's really that simple.
Originally Posted by besson3c View Post
To whom, and why would anybody listen? They didn't listen to a US senator after all...
I'll break it down for you so you'll get a different way of processing this exchange.

[liberal type of rant that happens when they aren't told what to think]
First clue that the post was a parody.

It is proof positive that Democrats can't be trusted with national security.
(BTW, note the italics)

An obvious republican talking point. And despite the fact that some of us may propound G.O.P. talking points in our posts there are times when your side accurately recognizes that we don't really believe those points. This is one of those instances where I am relying on the reader to make not only THAT assessment but in so doing also recognize that I am parodying my own side, if not MYSELF. Although Dems certainly give every indication they shouldn't be trusted with national security, I really don't believe it is because they are Democrats. It's likely there are many who became Democratic politicians because the G.O.P. didn't want them or they couldn't cut it with Republican voters. But there are some Democrats that could do a good job of defending America. I can't think of any but that's just because I haven't put my mind to it.

Here the Senator had this info and he did nothing about it at all because he didn't think it was important.
Anyone familiar with the posting styles of personal members here as well as the liberal and conservatives should have spotted this right off the bat. It's not my style, nor is it generally the style of conservative posters to jump to such fantastical conclusions, and highly emotional ones, at that!

He just sat on it and tried to ignore it. That's what Clinton did and that's what ALL Democracks do!
Here, I continue the over the top highly knee-jerkish parody, making assumptions with absolutely NO foundation for doing so. And then the dead giveaway should have been the use of the word ALL (in CAPS no less!) and the use of "democracks" for democrats. I thought I gave you every indication that I was doing over the top humor.

In short, I was acting like a rabid left wing poster.

I guess if I was parodying conservatives or republicans you'd have gotten it the first time around, huh?

( Last edited by marden; Oct 31, 2006 at 04:31 PM. )
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 31, 2006, 04:48 PM
 
Where is the line drawn between parodying and outright trolling?
     
Addicted to MacNN
Join Date: Aug 2006
Location: The Annals of MacNN History
Status: Offline
Reply With Quote
Oct 31, 2006, 04:51 PM
 
Only one way to find out.
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 05:55 PM
 
Originally Posted by Dakar² View Post
Only one way to find out.
Would that be by watching "The Daily Show?"
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 07:23 PM
 
Originally Posted by ThinkInsane View Post
Here's what I don't understand. As of late, I've been seeing Chris Soghoian referred to as a "security researcher" and someone that only made the fake boarding pass generator as a way to expose a security flaw in the system. Yet his blog post from October 25th offers three suggestions for using the generator:



Now, I don't think this guy should go to jail or anything, but I think he did something really stupid and is now trying to pull his own ass out of the fire. And I really can't blame him for that. But come on, I think it's rather naive to think he ONLY did this as a way to show a security weakness, when sending this information to the NY Times would have been just as effective when it hit the front page.

It seems to me that all these people rallying around him really don't care what his intentions were (which seem to me were probably more along the lines of looking to make a name or himself) and are taking up his banner as political point. And 'm really getting sick of it. If this guy didn't expect there to be repercussions for creating this, he's an idiot. And I also think anyone who thinks he wouldn't of gotten a visit from the F.B.I. regardless of who or what party controlled the whitehouse is an idiot. Not everything is a nefarious plan to limit rights. Not everything needs to be made a political point. And sometimes a guy coming up with a really stupid idea is just that and nothing more.

His own words show that exposing a flaw in the system wasn't the highest priority and I call BS on all this revisionism going on in regards to it. I can't help but notice committing fraud was suggested before alerting the TSA to a problem. Speaking of which, how exactly was using these passes going to alert TSA to anything? Were people expected to go back and tell them afterwards? Might have been, since he seems so surprised that he got a visit from the feds...
Funny you say this.

Isn't there a guy, from counterpane, who published a book on security and providing lots and lots of examples on how to bypass various security aspect related to Internet and company?

Somehow, the information has been made public. Had it been hidden, I would feel that the Feds were more justified to intervene.

I have to admit I have not read that website, so of course, if the intent was to encourage a felony...
( Last edited by Pendergast; Oct 31, 2006 at 07:41 PM. )
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 07:26 PM
 
I also remember this article where a man was explaining that with a budget of $20 and gummy bears, you could create a clone of a finger print, and that way, cheat those finger scanning devices. (Some IEEE journal).
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 31, 2006, 07:31 PM
 
Originally Posted by marden View Post
Would that be by watching "The Daily Show?"


So how come you aren't at all concerned about this security hole? Don't you think it is a pretty big one?

Your lack of concern makes me think that maybe you are a foreign agent?
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 31, 2006, 07:32 PM
 
Originally Posted by Pendergast View Post
I also remember this article where a man was explaining that with a budget of $20 and gummy bears, you could create a clone of a finger print, and that way, cheat those finger scanning devices. (Some IEEE journal).

gummy bears?
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 07:37 PM
 
Originally Posted by besson3c View Post
gummy bears?
Now if I start explaining that, I am afraid the RCMP will come pay me a visit.

Seriously, the jelly used to make gummy bears (a type of candy) could, iirc, be melted and mixed with another substance, which, when warmed up, could be spread on some celloid, and using a black light, and a pressure of your finger tip, impress an image of the finger print, which could then be used on a finger print scanner. The trick was working 80% of the time, as per the engineer.

The whole article was available on the Internet. That was around 2002. there were pictures and the whole shebang too. IAll could be done over a kitchen stove.

Here is one reference over the topic.

Here is a more recent one.

But I cannot find the original article.
( Last edited by Pendergast; Oct 31, 2006 at 07:45 PM. )
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 31, 2006, 07:40 PM
 
Originally Posted by Pendergast View Post
Now if I start explaining that, I am afraid the RCMP will come pay me a visit.

Seriously, the jelly used to make gummy bears (a type of candy) could, iirc, be leted and mixed with another substance, which, when warmed up, could be spread on some celloid, and using a black light, and a pressure of your finger tip, impress an image of the finger print, which could then be used on a finger print scanner. The trick was working 80% of the time, as per the engineer.

The whole article was available on the Internet. That was around 2002.


Makes sense. We should ban the sale of gummy bears to anybody who looks like a terrorist.
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 07:49 PM
 
Originally Posted by besson3c View Post
Makes sense. We should ban the sale of gummy bears to anybody who looks like a terrorist.
You silly. Gummy bears, like cars, are not dangerous.

Find the gummy bear, then you'll find the terrorist.
     
Professional Poster
Join Date: Sep 2005
Location: Rochester, NY
Status: Offline
Reply With Quote
Oct 31, 2006, 09:13 PM
 
Originally Posted by Pendergast View Post
I also remember this article where a man was explaining that with a budget of $20 and gummy bears, you could create a clone of a finger print, and that way, cheat those finger scanning devices. (Some IEEE journal).
IEEE? That's the sound that terrorists make when they die. What kind of terrorist journals are you reading, exactly?
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 09:23 PM
 
Originally Posted by Pendergast View Post
Now if I start explaining that, I am afraid the RCMP will come pay me a visit.
Originally Posted by Pendergast
Had it been hidden, I would feel that the Feds were more justified to intervene.
Using your twisted, tortured (and perhaps insincere) reasoning the RCMP should be MORE justified in visiting you because you keep it quiet!

     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 09:25 PM
 
Originally Posted by besson3c View Post
So how come you aren't at all concerned about this security hole? Don't you think it is a pretty big one?

Your lack of concern makes me think that maybe you are a foreign agent?
The website is closed down. Next?
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 10:54 PM
 
Originally Posted by Dork. View Post
IEEE? That's the sound that terrorists make when they die. What kind of terrorist journals are you reading, exactly?
Naaah. Something along the ;lines of Interbation Engineering something...

I knew I would never be taken seriously!

Curse you, gummy bears! Curse you all!
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 10:56 PM
 
Originally Posted by marden View Post
Using your twisted, tortured (and perhaps insincere) reasoning the RCMP should be MORE justified in visiting you because you keep it quiet!

Are you a gummy bear?

Tgen fear not: only gummy bear users are a threath to national security. I thought I made that point clear already.

marden, pay attention, or the world might bite you in the softest part of your body!
     
Professional Poster
Join Date: Sep 2005
Location: Rochester, NY
Status: Offline
Reply With Quote
Oct 31, 2006, 11:07 PM
 
Originally Posted by Pendergast View Post
Naaah. Something along the ;lines of Interbation Engineering something...
I've never heard of interbation engineering. Do engineers really interbate often enough to dedicate a journal to it?
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Oct 31, 2006, 11:30 PM
 
Originally Posted by Pendergast View Post
Are you a gummy bear?

Tgen fear not: only gummy bear users are a threath to national security. I thought I made that point clear already.

marden, pay attention, or the world might bite you in the softest part of your body!
My heart?
     
Posting Junkie
Join Date: Oct 2001
Location: South of the Mason-Dixon line
Status: Offline
Reply With Quote
Nov 1, 2006, 12:16 AM
 
There's more than enough evidence in this thread to have the lot of you incarcerated for the better part of your lives.

I'd just like to go on record as saying I fully support the NSA, our president, our troops, and all departments of our wonderful federal government.

Do you guys think I'm safe if I overwrite all this data 11 times with random gibberish? Should I disassemble the hard drives and rub the platters with a fine grit sandpaper?
     
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Nov 1, 2006, 12:19 AM
 
Originally Posted by Spliffdaddy View Post
There's more than enough evidence in this thread to have the lot of you incarcerated for the better part of your lives.

I'd just like to go on record as saying I fully support the NSA, our president, our troops, and all departments of our wonderful federal government.

Do you guys think I'm safe if I overwrite all this data 11 times with random gibberish? Should I disassemble the hard drives and rub the platters with a fine grit sandpaper?
Sandpaper won't help you.

If the platters are metal, you need to weld them together.

If they're glass, you need to grind them to fine dust and them use a bulk eraser magnet on the dust.
     
Addicted to MacNN
Join Date: May 2001
Location: Cupertino, CA
Status: Offline
Reply With Quote
Nov 1, 2006, 12:22 AM
 
Sounds like a big security hole and glad he raised awareness of it, but I think a better approach would've been to send his script and info to a major newspaper like NYT or WaPo.
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Nov 1, 2006, 01:10 AM
 
Originally Posted by itai195 View Post
Sounds like a big security hole and glad he raised awareness of it, but I think a better approach would've been to send his script and info to a major newspaper like NYT or WaPo.


     
Moderator Emeritus
Join Date: Feb 2000
Location: Night's Plutonian shore...
Status: Offline
Reply With Quote
Nov 1, 2006, 01:33 AM
 
Originally Posted by Pendergast View Post
Funny you say this.

Isn't there a guy, from counterpane, who published a book on security and providing lots and lots of examples on how to bypass various security aspect related to Internet and company?

Somehow, the information has been made public. Had it been hidden, I would feel that the Feds were more justified to intervene.

I have to admit I have not read that website, so of course, if the intent was to encourage a felony...
I'm not familiar with the guy or book that your referring to, I'll have to look it up. But exposing holes in security is not what I am opposed to, not in the least. What I have a problem with is when someone does something like this boarding pass generator, and then has to face the repercussions of those actions, it suddenly gets reinvented as something that clearly, by the creators own words, was not the intent. And I really don't have much of a problem with him trying to cover his own ass either, because I really don't believe he was trying to do anything nefarious at all. I think he just all the sudden realized that what he had done was stupid. Unfortunately for him, I think he realized this about the same time that a federal lawmaker called for his arrest the F.B.I. showed up to investigate.

And what I have a real problem with is all the people that blindly rally around him because it fits into a political agenda. That is exactly what happened in this case. Most of these people couldn't care less what happens to this guy outside of the fact that it makes for yet another headline and more blog-fodder to support their cause.

Instead of focusing on the real problems in our government, they scramble for anything that can be twisted to fit an agenda, and I think that's counterproductive to fixing what are real, valid issues. I have little doubt that many of the people foaming at the mouth about the injustice of this guy getting investigated over this incident would be delighted to see him sentenced to prison so they can hold him up as a martyr for their cause. In terms of political use, he's more useful in jail and having his life ruined, and that's just fine by them. I think it's disgusting.
Nemo me impune lacesset
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 1, 2006, 01:57 AM
 
Originally Posted by marden View Post
The website is closed down. Next?


It was widely publicized (on Slashdot and elsewhere), the information is already out there, and Google may have cached it.


Have any of you noticed this story mentioned on any mainstream media sources?
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 1, 2006, 02:00 AM
 
Originally Posted by itai195 View Post
Sounds like a big security hole and glad he raised awareness of it, but I think a better approach would've been to send his script and info to a major newspaper like NYT or WaPo.

Some people thought that the NYTimes reporting on the wiretapping was out-of-line, so why would this be any better?
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Nov 1, 2006, 03:12 AM
 
Originally Posted by besson3c View Post
Some people thought that the NYTimes reporting on the wiretapping was out-of-line, so why would this be any better?
You really can't see the difference? It's all the same to you? If you don't see the difference just say so and I'll explain it to you and won't belittle you. I swear.
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 1, 2006, 03:46 PM
 
Okay, I guess you guys have managed to change my thinking... It was probably worth investigating, worth acting on, the kid should have been far more careful, etc.

I just get irritated when I hear well-intentioned people being stomped on by bully-type figures in the name of terrorism, which has become this vague and never-ending thing lacking any real oversight or checks and balances.

I also certainly hope that they drop the charges.
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Nov 1, 2006, 06:37 PM
 
Originally Posted by Pendergast View Post
Naaah. Something along the ;lines of Interbation Engineering something...

I knew I would never be taken seriously!

Curse you, gummy bears! Curse you all!
Can you tell I sit 6 feet from the screen and I have myopia?

Shame on me.

I menat International Engineering Journal of something.

Man, I am blushing. Real sorry about that/ But I understand Dork's post elsewhere now...

     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Nov 1, 2006, 06:39 PM
 
Originally Posted by Pendergast View Post
Naaah. Something along the ;lines of Interbation Engineering something...

I knew I would never be taken seriously!

Curse you, gummy bears! Curse you all!
Can you tell I sit 6 feet from the screen and I have myopia?

Shame on me.

I meant International Engineering Journal of something.

Man, I am blushing. Real sorry about that. But I understand Dork's post elsewhere now...



Last week I dropped a bucket of soya sauce on my keyboard. I am afraid of what's coming next...
     
Clinically Insane
Join Date: Dec 1999
Status: Offline
Reply With Quote
Nov 1, 2006, 11:07 PM
 
Originally Posted by Big Mac View Post
By contacting relevant government agencies (FAA, FBI, etc.) first?
I really doubt that works. Probably the only reason this guy got noticed in the first place is because some FBI guy reads Slashdot.
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
     
Mac Elite
Join Date: Mar 2006
Location: Here
Status: Offline
Reply With Quote
Nov 2, 2006, 12:14 AM
 
I think that sometimes, people need to be beat over the head with information. I think he could have done a better job at presenting it. Making something like this public runs the risk of putting tools in the hands of terrorists. Personally, I hold a bit of reverence for those who put the spotlight on security by breaching it. But, this particular person could have done a more careful job at it.
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Nov 2, 2006, 12:28 AM
 
Originally Posted by besson3c View Post
Okay, I guess you guys have managed to change my thinking... It was probably worth investigating, worth acting on, the kid should have been far more careful, etc.

I just get irritated when I hear well-intentioned people being stomped on by bully-type figures in the name of terrorism, which has become this vague and never-ending thing lacking any real oversight or checks and balances.

I also certainly hope that they drop the charges.
That is an endearingly candid admission.
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 2, 2006, 01:22 AM
 
Originally Posted by marden View Post
That is an endearingly candid admission.


inappropriate.
( Last edited by vmarks; Nov 2, 2006 at 09:10 AM. Reason: personal attacks rules violation)
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Nov 15, 2006, 09:12 PM
 
Here is an another take on the ussue.

As I wrote in 2005: "The vulnerability is obvious, but the general concepts are subtle. There are three things to authenticate: the identity of the traveler, the boarding pass and the computer record. Think of them as three points on the triangle. Under the current system, the boarding pass is compared to the traveler's identity document, and then the boarding pass is compared with the computer record. But because the identity document is never compared with the computer record -- the third leg of the triangle -- it's possible to create two different boarding passes and have no one notice. That's why the attack works."
The way to fix it is equally obvious: Verify the accuracy of the boarding passes at the security checkpoints. If passengers had to scan their boarding passes as they went through screening, the computer could verify that the boarding pass already matched to the photo ID also matched the data in the computer. Close the authentication triangle and the vulnerability disappears.
But before we start spending time and money and Transportation Security Administration agents, let's be honest with ourselves: The photo ID requirement is no more than security theater. Its only security purpose is to check names against the no-fly list, which would still be a joke even if it weren't so easy to circumvent. Identification is not a useful security measure here.
Interestingly enough, while the photo ID requirement is presented as an antiterrorism security measure, it is really an airline-business security measure. It was first implemented after the explosion of TWA Flight 800 over the Atlantic in 1996. The government originally thought a terrorist bomb was responsible, but the explosion was later shown to be an accident.
Unlike every other airplane security measure -- including reinforcing cockpit doors, which could have prevented 9/11 -- the airlines didn't resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: "Round trip, New York to Los Angeles, 11/21-30, male, $100." Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.
So business is why we have the photo ID requirement in the first place, and business is why it's so easy to circumvent it. Instead of going after someone who demonstrates an obvious flaw that is already public, let's focus on the organizations that are actually responsible for this security failure and have failed to do anything about it for all these years. Where's the TSA's response to all this?
The problem is real, and the Department of Homeland Security and TSA should either fix the security or scrap the system. What we've got now is the worst security system of all: one that annoys everyone who is innocent while failing to catch the guilty.
From Cryptogram of 2006/11/15
     
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status: Offline
Reply With Quote
Nov 15, 2006, 09:21 PM
 
There's a large difference between Bruce Schneier talking about the vulnerabilities and a young man making the vulnerability practicable and repeatable by all.

As I said, the young man should have had them print VOID over the printed versions.
     
Professional Poster
Join Date: Apr 2002
Location: Smallish town in Ohio
Status: Offline
Reply With Quote
Nov 15, 2006, 09:54 PM
 
Originally Posted by Big Mac View Post
By contacting relevant government agencies (FAA, FBI, etc.) first?
Good luck getting anything done with those power-tripping DC bureacrats
( Last edited by macintologist; Nov 19, 2006 at 12:38 AM. )
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 29, 2006, 11:44 PM
 
     
Baninated
Join Date: Sep 2005
Status: Offline
Reply With Quote
Nov 29, 2006, 11:51 PM
 
Originally Posted by besson3c View Post
Okay, I guess you guys have managed to change my thinking... It was probably worth investigating, worth acting on, the kid should have been far more careful, etc.

I just get irritated when I hear well-intentioned people being stomped on by bully-type figures in the name of terrorism, which has become this vague and never-ending thing lacking any real oversight or checks and balances.

I also certainly hope that they drop the charges.
See, everybody's happy now!

He made the boarding passes and showed the government the gap in security.

The government determined he isn't a threat.

I'm satisfied he got the crap scared out out him, which sent a message to other smart ass types out there who might have similar ideas.

You are satisfied that the charges have been dropped.

It takes a village to raise a fuzzy.
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Reply With Quote
Dec 2, 2006, 09:54 AM
 
Originally Posted by besson3c View Post
Besides of scaring people, I think the FBI had to investigate; it is common sense. However, did that required an arrestation? I guess that in this day and age, that is what is happening in the US.
"Criticism is a misconception: we must read not to understand others but to understand ourselves.”

Emile M. Cioran
     
 
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 02:41 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2