> Incredibly, last week, after performing a series of security tests on > the passport application process and discovering some failures, the US > GAO still state they don't know much about the fraudulent methods: > http://www.gao.gov/new.items/d09583r.pdf >
Ironically, all their fancy methods for "detecting fraud" discuss cross-checking the SSN of the applicant, when in fact, the SSN isn't even required to process a passport application (although the IRS can technically fine you $500 if you don't). Ever actually READ the back of the passport application? The relevant information is at the top of page 3 http://www.state.gov/documents/organization/100004.pdf Heck .. you can get a passport without any ID *at all* if you bring a "family bible record of your birth" and somebody that can vouch for your identity (see page 2 of the above application). Oh .. and the funniest thing of all on the application .. bottom of page 4 : "The electronic chip must be read using specially formatted readers, which protects the data on the chip from unauthorized reading." "specially formatted" .. meaning anything from this list? : http://rfidiot.org/index.html#Hardware Regards, Michael Holstein Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
