Advertisements

Security

RFID Passports, Credit cards, and work badges
Friday January 31, 2009

I have had two conversations in the last two days that reminded me of the world that I live in. The world of the security informed and therefore the slightly paranoid, so may I offer some of my paranoia to you…

I received my new US Passport yesterday. There are no more choices with the US Passport; they all now come with a RFID chip embedded inside of them. So today I ordered a new wallet to go along with my new passport. Those two conversations were on this topic. So here is the scoop…

Many of our credit cards and our new passports have RFID chips embedded in them. The amount of information contained on these chips dose vary but what does not vary is the fact that it is information that we do not want to leave the safety of our wallets. These chips likely contain your name, your address, your account number or passport number and so on. There is both good and bad news with these wondrous new chips.

The good news: It is possible to move forward with technology in our daily lives. You can purchase tasty treats from a vending machine by waving your credit card in front of it instead of fighting with the machine to get it to accept that last dollar bill in your wallet that is crumpled and torn. Or pay for your groceries at the store by waving your credit card in front of the machine instead of dealing with the magnetic strip that just can’t be read today. (Have you ever had a store clerk place your credit card inside of a plastic bag and then run it through the reader – in the plastic bag?) These problems go away when you introduce theRFID chips. It is easier for Immigrations and Customs to spot faked passports now, shoot it is even harder for the bad guys to fake passports for that matter.

As with all good news, there is a flip side, the bad news. Some of the companies producing cards with RFID chips have acted responsibly by trying to protect our information with encryption, while some have not. Unfortunately even those companies that have tried to do good are up against some bad guys out there, the bad guys that try just a little harder, the bad guys that crack the encryption.

So what are we to do? We can debate whether these RFID chips should be used or not but unfortunately that will not help us protect ourselves in the here and now. So let’s work on that instead.

There are plenty of instructions available to the hackers of the world, so let’s protect ourselves! The attack against these are now being referred to as the Johnny Carson attack http://www.theregister.co.uk/2006/10/24/rfid_credit_card_hack/

The first step is to figure out if you have any of these chips in your wallet. You can usually see them when you look at your cards (to include your badges to get into the office as well). They are usually gold or silver in color and only a few centimeters square, about half the size of a dime. For the US passport, you can’t see the chip, but when you received your passport they told you that it contained sensitive electronics. If you don’t remember that paperwork it might be a time issue, these passport were issued within the last 2 or so years. The other option with the passport is the weight and thickness of the cover. The old passports were bendable, the new ones are not so.

The second step is to find out if there is a way to disable these chips. If you are not in need of the convenience of flashing your credit card in front of a reader rather than through a reader I would suggest disabling. One company that definitely allows you to disable these chips is American Express. I would recommend checking your banks website or simply giving them a call for assistance.

The third step is to protect your information on these chips. If it is a work badge, a Visa card, a Master card or your passport you may not have the choice of disabling them. So the next step is to carry them in a secure wallet or holder. There are many on the market now and they come in a variety of shapes, colors and styles. I would highly recommend looking for a vendor that says that their wallet/holder isFIPS-201 compliant, otherwise you may only think you are protected.

Some of the options that I would recommend looking at are the following. If these do not suit your style or need then I would recommendgoogling “RFID blocking FIPS wallet” or something to that effect.

For your work badge holder my recommendation would be http://www.idstronghold.com/content/products.

For your passport or credit cards there are two basic options. The first option is a sleeve that the card/passport slides into and then you can place it in your regular wallet. The second basic option is a new wallet.

The sleeves are generally cheaper than a whole new wallet, but which will work best for you is up to you.

For a sleeve you can look at http://www.idstronghold.com/content/products

If you are looking for a wallet the expensive, but nice looking wallets (men and women’s) can be found at www.kenakai.com or check our http://www.difrwear.com/products.shtml (men’s only)

Be safe

Passwords
Jan 10, 2009

Lets start with Passwords… we all have ’em… we all need ’em… and they are out of control!  My preference for storing all of those passwords is a free little program from CounterPane called Password Safe.  It allows you to store all of your passwords in one safe, encrypted, location.  You must remember one password in order to access the safe, but once you are in you have all of your passwords nicely listed and arranged.  It also has the very nice feature of creating random passwords for you to increase the general strength of your passwords.

When you need to log into something simply open password safe, scroll down until you locate the one you need, double click on it and now you can simply paste it into the password box in your application.  Memory is cleared so it will not remain there for some nefarious thief to steal later.

Very very useful!  Cudos to CounterPane for making this and making it available to the general public for free.

You can download from here: http://passwordsafe.sourceforge.net/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: