Apple has released 10.6.7 and its first security patch of the year, 2011-001, fixing a large number of bugs and vulnerabilities. In particular it fixes a known graphics bug in the 2011 MacBook Pros. It also improves Back To My Mac connectivity and SMB (windows file sharing). From a security perspective it fixes issues in a number of components including the Kernel, Airport, ImageIO, and QuickTime, many of which potentially lead to remote code execution. This update also adds detection for the OSX.OpinionSpy spyware to Mac OS X’s built-in file quarantine.
It’s a fairly big update, so users are naturally advised to patch soon. Hit the jump for the full list of security issues fixed. Read more
In November 2009, Phil Mocek (@pmocek) was arrested by Albuquerque Police at Albuquerque Airport for not providing a piece of identification, and recording the TSA process on camera (video below). In the US, one’s right to fly is guaranteed by Federal Laws and the Constitution, and as long as you do not break any other laws, local or state police cannot legally prevent you from flying.
Mocek was charged with things like criminal trespass, refusing to obey an officer, concealing his identity, and disorderly conduct. On 21 January 2011, he was acquitted on all charges by a jury without the defense having to call any witnesses or provide any evidence. The prosecution’s case simply did not stand up.
In a previous court case against another man who refused to show ID, the TSA admitted that there is actually no law that requires travelers to present ID in order to be able to fly. In the US, it is also perfectly legal to record video in public areas of the airport, despite what signs, staff or police may claim.
This case is reminiscent of John Tyner, who was thrown out of San Diego Airport for refusing the new TSA (grope) patdown. Note that you may want to familiarise yourself with the relevant laws regarding ID and recording in your own country.
Full details are available here. Well done to Phil for protecting his rights, and in the process, all of ours as well. Speaking of TSA security measures, I thought this recent Dilbert comic was particularly fitting.
I’ve always thought that terrorists must find some of the attempts to thwart attacks quite amusing, Nudiescanners and TSA groping included. I recently stumbled across this picture and thought “this is probably not far from the truth”.
Either way, I found it funny so thought I’d share.
The backlash against the use of body scanner technology, that I reported on recently, rages on. Following an investigation into the use of body scanners, Gizmodo found that US Marshals saved 35,000 scans, and have leaked some of the images they were able to obtain. The image below is one of those images.
The resolution of these images, taken with a Gen 2 millimeter wave scanner, is extremely low compared to the more advanced (and potentially harmful) ‘naked’ x-ray backscatter technology. The point being highlighted by Gizmodo is not the privacy-invading nature of body scanners, but instead they reveal how images are being stored on the machines despite the TSA assuring everyone that body scanners “cannot store, print, transmit or save the image, and the image is automatically deleted from the system after it is cleared by the remotely located security officer.” Clearly isn’t entirely true (surprised?).
I think it points out the particular flaw with blindly allowing governments to implement these and other kinds of surveillance, tracking, and monitoring mechanisms. It’s fine when you trust the government to abide by a set of acceptable rules, and most people say they have nothing to hide (which I agree with in most cases). The issue is that the way those monitoring mechanisms, and personal (borderline private) information about you, are used can be changed at any time, regardless of what the ‘rules’ are meant to be (and laws can be changed – consider post 9/11). If, for whatever reason, a government somewhere down the line decides they want to exert more control over its citizens, the internet, etc, they will just have to turn to the plethora of technologies that are currently in the process of being implemented.
As travelers we’re being treated with more and more suspicion, and people are now starting to put their foot down. Too little too late? Just recently, John Tyner was thrown out of an airport for opting-out of a body scan, and then refusing to the new TSA ‘groin-touching’ pat-down.
The difficult question is how do we allow governments to implement essential and appropriate security mechanisms, in such a way that does not impede the freedom and civil liberties of individuals? In my opinion, non-invasive passive scanning and detection methods would be one way to go, such as more chemical/explosive detection technology. Ultimately if someone wants to get something on board, it is much easier to get it through security in your carry-on than on your person. Obfuscating dangerous items such as non-obvious blades or even explosives into already complex elements such as laptops would probably pass security checks if done properly. And don’t forget that there are many plastic or ceramic-based tools and weapons that can be just as dangerous as knives. At this point I should probably point out that I’m particularly resentful of the pitiful little knives they give us on flights nowadays.
The security of the internet is a similar story. Mechanisms that give governments exclusive control, such as the proposed Internet kill-switch and blacklist, are not the answer, and somewhere down the line will probably be used for more harm than good.
Note: The image of the lady above is not an actual body scan, and is simply there for illustrative purposes to (aesthetically) demonstrate where we’re headed. ;)
The idea of naked images of children aside, something about this picture is particularly disturbing to me. I don’t know if it’s the criminal-esque ‘hands-up’ pose the kids are forced to adopt, the big yellow radiation warning sign, the fact that anyone on the other side of the machine has a clear view of the screen, or that the kid in front appears to have taken a bit too much radiation to the head. Ok, I jest with that last one, but there is something inherently wrong with this image. Read more