Tag Archives: Identity

Citizen Pundits

Forget citizen journalism. How about citizen punditry? An unnamed taxi driver IT specialist appeared on the BBC’s news 24 after being mistaken for his fare, technology pundit Guy Kewney. Despite the BBC’s apparent efforts to suppress the moment, the Daily Mail has recovered it, according to Guy himself, who is rightly highly amused that his face, and ethnicity, are not particularly well known to BBC staff. You can download the clip here.

As Guy says, “you can watch the classic moment, where the cab driver realises that he is on air, and being mistaken for someone else, here. It’s beyond classic: it’s priceless. Watch his incredible recovery, and his determination to show that this may be a complete surprise to him, but that he can out-Kewney any darned NewsWireless Editor if he has to.”

The Times reports that “it is not the first time that the BBC has been embarrassed by a case of mistaken identity. Last year Rhodri Morgan, the First Minister of Wales, was mistaken for a cast member of Doctor Who when he was due to appear on the BBC Wales political show Dragon’s Eye.

Unfortunately the identity of the cabbie in question has not yet been established. He deserves a medal for his performance and to have his own show. I’m all in favour of this kind of thing. If only more television networks would take a broader, more inclusive view of what it means to be an “expert” we might all benefit.

[Update (thanks, Juha, for pointing out): The cabbie has been found, and he’s not a cabbie, but a data cleansing expert. Not such a good story as the original, but nice to get it right.]

How To Infect An Airport

Could it be possible to use Radio Frequency ID tags, or RFID, to transmit viruses? Some researchers reckon so. Unstrung reports that a paper presented at the Pervasive Computing and Communications Conference in Pisa, Italy, the researchers from Vrije Universiteit in Amsterdam, led by Andrew Tanenbaum, show just how susceptible radio-frequency tags may be to malware. “Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way,” the paper’s authors write. “Unfortunately, they are wrong.”

According to The New Scientist the Vrije Universiteit team found that compact malicious code could be written to RFID tags by replacing a tag’s normal identification code with a carefully written message. This could in turn exploit bugs in a computer connected to an RFID reader. This made it possible, the magazine says, to spread a self-replicating computer worm capable of infecting other compatible, and rewritable, RFID tags.

An RFID tag is small — roughly the size of a grain of rice, the New Scientist says, and contains a tiny chip and radio transmitter capable of sending a unique identification code over a short distance to a receiver and a connected computer. They are widely used in supermarkets, warehouses, pet tracking and toll collection. But it’s still in the early stages of development. Which leaves it vulnerable. Until now, however, it was thought the small internal memory would make it impossible to infect. Not so, say the researchers.

So what would happen, exactly? RFID virus would then find its way into the backend databases used by the RFID software. The paper, Unstrung says, outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

So how likely is this? Not very, Unstrung quotes Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries, as saying. “If you’re looking at an airport baggage system, for instance, you have to know what sort of tag’s being used, the structure of the data being collected, and what the scanners are set up to gather,” he explains. Red Herring quotes Kevin Ashton, vice president of marketing for ThingMagic, a Cambridge, Massachusetts-based designer of reading devices for RFID systems, as saying the paper was highly theoretical and the theoretical RFID viruses could be damaging only to an “incredibly badly designed system.” Hey, that sounds a bit like a PC.

But he does make a good point: because RFID systems are custom designed, a hacker would have to know a lot about the system to be able to infect it. But that doesn’t mean it can’t be done, and it doesn’t mean it won’t get easier to infect. As RFID becomes more widespread, off-the-shelf solutions are going to become more common. And besides, what will stop a disgruntled worker from infecting a system he is using? Or an attacker obtaining some tags and stealing a reader, say, and then reverse engineering the RFID target?

My instinct would be to take these guys seriously. As with Bluetooth security issues such as Bluesnarfing, the tendency is for the industry itself not to take security seriously until someone smarter than them comes along and shows them why they should do.

RFID Secretly Tags The Internet Summit

The Washington Times has an interesting piece about the the Internet and technology summit in Switzerland last week. Delegates, it says, were unknowingly bugged with RFID tags, according to researchers who attended the forum.

RFID is Radio Frequency ID, which means the tags could have contained and given off all sorts of information, including the wearer’s exact location. The badges were handed out to more than 50 prime ministers, presidents and other high-level officials from 174 countries, including the United States. Researchers questioned summit officials about the use of the chips and how long information would be stored but were not given answers.

The three-day forum focused on Internet governance and access, security, intellectual-property rights and privacy.

The Blurring of Blogging: A Reply

 Further to my posting about AkibaLive, and my comments that it was a marketing tool masquerading as a blog, here’s the owner’s reply (I won’t post his earlier message, since as he says, it was “fired it off in a state of unexpected agitation”):
Your blog about AkibaLive has an evident tone that we are somehow trying to mislead, or conceal, our identity.  That is far from true, and really does reflect a lack of diligence.  “AkibaLive is a Dynamism.com blog” is right there on the home page.  At every point that we talk about a Dynamism product, for instance, the headphone review, we further state that AkibaLive is a Dynamism blog.  If you poked around a bit, these things would be evident. (Douglas Krone)
 
Now, one very well may dislike the idea of blogs being used for marketing and customer relations.  That a strong position with a strong argument to be made.  There are plenty of good and reasonable ideas that support that view, but implying we are misleading people is not one of them.  Do we really, “conceal their identities to adopt the persona of blogs to peddle their wares?”  Is that a responsible statement?  Personally, I think a clarification is in order.  Of course, it’s your blog.
And here’s something from one of the editors, Matt:
I recently read your thoughts on the creation of Akibalive.com.  As one of the editors of Akibalive I have to say that, while you are of course entitled to your own opinion, I believe you have overlooked what we are trying to accomplish/portray ourselves as.  The Akibalive.com site explicitly states that it is a Dynamism.com blog.  Also, the products currently being blogged, for the most part, are not products being sold by Dynamism, rather they are products we feel the Dynamism customer base would be interested in.  If we post information about an upcoming computer release, someone reading that information gets the facts (release date, specs, etc.). Whether or not there is a person or a company behind the site, the way factual/informative news is presented to an interested reader should not matter.  When and if we decide that we want to use Akibalive.com as more of a direct marketing tool for Dynamism?s products, we will make sure there is no confusion that Akibalive and Dynamism are one in the same.  For example if you take a look at the Noise Reduction Headset Review (http://www.akibalive.com/archives/000198.html), you will see: Sony MDR-NC20 ($149) and MDR-NC11 ($149) are available from Dynamism (www.dynamism.com). (Dynamism is the parent company of AkibaLive.com.)

Clearly there is no ?marketing gimmick? or concealed identity and by no means do we want there to be.

 

News: ID Theft Is A Problem. It’s Official

 The Federal Trade Commission is now wise to the reality: identity theft is a problem. Nearly one in eight U.S. adults has had their credit card hijacked, identity co-opted or credit rating pockmarked by identity thieves over the past five years, Reuters quoted the Federal Trade Commission as saying. The FTC surveyed some 4,000 adults this spring to come up with the most comprehensive picture yet of the fast-growing crime.
 
Amid the grim statistics, the agency found a silver lining: After nearly doubling for two to three years, new incidents of identity theft are growing more slowly and tend to involve less money. That’s because banks are wising up to the problem, making it more difficult for scam artists to set up fraudulent credit cards, and consumers are spotting suspicious activity on their accounts earlier, said Howard Beales, director of the FTC’s consumer-protection division.

Update: Gillette Said To Abandon Tag Trials

 From the This Sounds Like A Good Thing, Or Are We Being Luddites? Dept comes news that privacy protests against the trial of RFID tags by Gillette at a Tesco store in Cambridge have prodded Gillette to abandon their trial, according to Indynews. RFID (Radio Frequency ID) tags are small tags containing a microchip which can be ‘read’ by radio sensors over short distances.
 
 
Recent trials involving attaching these tags to products have raised concerns about privacy, as information on the tag could be read long after the product was purchased. Tesco is also testing RFID tags in its DVD range at the Extra store in Sandhurst, Berkshire.