Re: EZ Pass and the fast lane ....
On Sun, Jul 11, 2004 at 10:39:18AM +0200, Amir Herzberg wrote: So I think this observation about EZ Pass is probably true, but for some time ago; with current technology, reading license plates is possible (which, I guess, has some alarming privacy implications...). While Toll Collect (the german system) isn't yet operational, the license plate realtime OCR part is. It does read license plates in realtime via video from overhead bridges, no slowing down necessary. The police is very interested to keep that part of the infrastructure operational, for obvious reasons. Currently, all non-truck license plates are discarded, but it's clear enough theres demand for realtime tracing of select and movement profiles for the masses, for data mining. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgppD15jCtboO.pgp Description: PGP signature
Re: Fundraising for OpenSSL development
[ This is a reminder, prompted by the fact that two individuals dug into their wallets and made a small contribution each. I've also heard from a few people who are talking with their management, so far without too much else happening. Through this, I want to make it clear that small contributions from individuals are just as welcome. If you think about it, about 160 people sending USD 100 each would cover the needs stated in this fundraising document. -- Richard Levitte ] [ This is a short version of the full document. The full document, which was just updated with a slight change in USD - SEK currency exchange, is available at http://www.free.lp.se/OpenSSL-funding.html ] Levitte Programming: Fund raising for OpenSSL development Richard Levitte [EMAIL PROTECTED] Revision $Id: OpenSSL-funding.html,v 1.6 2004/07/12 11:41:08 levitte Exp $ Hello OpenSSL users and developers, I'm Richard Levitte, an OpenSSL developer. I've been active in many parts of OpenSSL, most notably in portability issues, ENGINE, UI, CONF, memory allocation and a number of other parts I forget, as well as general tinkering when and where needed. This letter is about raising funds for me to work on parts of OpenSSL that I initiated or have plans to initiate, more or less full time for at least three months, and possibly more. This letter will be kept up to date at http://www.free.lp.se/OpenSSL-funding.html. So, what's the deal? The deal is that I currently find myself a little short on job assignments except for some short ones, and therefore, my planning book is more or less empty for the rest of 2004. I would like to be able to use this opportunity to make a larger contribution to OpenSSL with some tasks that are bigger than those one can complete on one's spare time within a reasonable time frame. The tasks I'm planning on are: * to complete the STORE library, including the implementation of a few STORE accessing ENGINE modules (File, LDAP and a special one for the nCipher HSM store come in mind, and more may be added), and have it replace the current X509_LOOKUP mechanism. * to implement certificate path building that can handle simple PKIs, hierarchical PKIs, mesh PKIs, hybrid PKIs, using the current PKIX draft (currently draft-ietf-pkix-certpathbuild-03.txt) as basic document. * [OPTIONAL, if time permits] to make configuration easier to program, and to work toward a unification of all platforms so the building system looks the same everywhere. This email is an appeal to the OpenSSL user community to try to raise money for three or more months of my time to be able to dedicate time to work on the tasks shown above. Anyone can contribute, private persons as well as companies and insititutions. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ - A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Question on the state of the security industry
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Grigg Sent: Wednesday, June 30, 2004 6:49 AM Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? McAfee Research has proposed solutions to some of their larger customers and has an anti-phishing white paper: http://www.networkassociates.com/us/_tier2/products/_media/mcafee/wp_an tiphishing.pdf Press release: http://www.networkassociates.com/us/about/press/mcafee_enterprise/2004/ 20040315_094318.htm -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
| another purpose -- preserving the privacy of drivers by using more | complicated protocols. However, as the benefit of such systems is to | people who are unlikely to have much voice in the construction of the | system, and who are also unlikely to be willing to pay more money to | gain privacy, I think the implementation of such tags is unlikely. | | I think it would be easier to provide drivers with a simpler method of | turning off their transponder. Recently ordered FasTrak tokens come with a | mylar bag for this purpose, which is too unwieldy. A switch, however, | might be enough. | | This would not prevent an adversary from recording the IDs of cars that | pass through toll gates. It would, however, prevent reading those IDs at | other times. EZpass actually went in the opposite direction. When I got my EZpass a number of years back, they provided such a bag, along with instructions on use. These days, they no longer provide the bag, and indirectly they strongly discourage you from using any such thing: According to the rules, EZpasses must be mounted on your windshield: They provide a variant on Velcro strips, which make the box a pain to remove while driving. (For commercial vehicles, there's an external, permanently-mounted version). People used to just keep the thing loose inside the car and wave it at the sensor, which apparently caused to many misreads, leading to traffic backups. Now, if they catch you doing that, there's a substantial fine. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
| ...unless people are willing to go very hi-tech in their toll evasion | maneuvers, implementing, say, thin see-through LCD screens placed over their | license plates that turn opaque at a push of a button A local TV station here in the NY area did a show about a lower-tech version of the same thing: A plastic cover for the plate that is supposed to cause enough glare in a camera that the plate is unreadable when snapped by the various automated speed traps and red-light-running traps out there. These things are apparently advertised in all the car magazines. According to the TV show, they vary in effectiveness, from quite effective for some kinds of cameras in certain uses to pretty much ineffective. A universal feature of all such devices is that they are illegal. At least around here (and I think in most if not all states), license plates may not be covered *at all*. If any kind of device emerged that was effective at actually making plates unreadable, I can easily see municipalities make using one into a parking violation - a quick source of revenue, at least until most people figured out that it wasn't worth it to buy these things. How long before license plates have transponders built into them? After all, it's long-established law that you can be required to place an identifier on your car when it's on the public roads - why's there a difference between one that responds at optical frequencies and one that responds at a couple of gigahertz? (For that matter, even if you want to stick to optical and you can't get plate reading accurate enough, the technology for reading bar codes from moving vehicles is well-developed - it's been used for years to identify railroad cars, and many gated communities use them to open the gates for cars owned by residents.) -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
Jerrold Leichter wrote: How long before license plates have transponders built into them? After all, it's long-established law that you can be required to place an identifier on your car when it's on the public roads - why's there a difference between one that responds at optical frequencies and one that responds at a couple of gigahertz? (For that matter, even if you want to stick to optical and you can't get plate reading accurate enough, the technology for reading bar codes from moving vehicles is well-developed - it's been used for years to identify railroad cars, and many gated communities use them to open the gates for cars owned by residents.) An infrared-reflective bar code would not be visible to the naked eye. That would probably slip past the proles for a good while before the word got out. And once the infrastructure is in place, it would be hard to dislodge. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFS SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Jabber does Simple Crypto - Yoo Hoo!
(( Financial Cryptography Update: Jabber does Simple Crypto - Yoo Hoo! )) July 12, 2004 http://www.financialcryptography.com/mt/archives/000176.html Over in the Jabber community, the long awaited arisal of opportunistic, ad hoc cryptography has spawned a really simple protocol to use OpenPGP messages over chat. It's so simple, you can see everything you want in this piece of XML (click above). http://www.jabber.org/jeps/jep-0027.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]