Re: EZ Pass and the fast lane ....

2004-07-10 Thread Jerrold Leichter
| No mention is made of encryption or challenge response | authentication but I guess that may or may not be part of the design | (one would think it had better be, as picking off the ESN should be duck | soup with suitable gear if not encrypted). | | From a business perspective, it makes

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Ian Grigg
John Gilmore wrote: [By the way, [EMAIL PROTECTED] is being left out of this conversation, by his own configuration, because his site censors all emails from me. --gnu] Sourceforge was doing that to me today! Well, I am presuming that ... the EZ Pass does have an account number, right? And

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Gilmore writes: If they could read the license plates reliably, then they wouldn't need the EZ Pass at all. They can't. It takes human effort, which is in short supply. There are, in fact, toll roads that try to do that; see, for example,

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Greg Rose
At 21:54 2004-07-09 +0100, Ian Grigg wrote: John Gilmore wrote: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Elliott Frank
FasTrak is a passive system relative to the transponder -- it uses the transponder ID, a vehicle sensor, and an axle counter to generate toll records. The associated license plate capture-and-decode feature is only invoked if a non-transponder-equipped or invalidated-transponder-equipped vehicle

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-10 Thread Florian Weimer
* Amir Herzberg: Florian Weimer wrote: * Amir Herzberg: # Protecting (even) Naïve Web Users, or: Preventing Spoofing and Establishing Credentials of Web Sites, at http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF The trusted credentials area is an interesting

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-10 Thread Florian Weimer
* Hal Finney: Only now are we belatedly beginning to pay the price for that decision. If anything, it's surprising that it has taken this long. If phishing scams had sprung up five years ago it's possible that SET would have had a fighting chance to survive. Wouldn't typical phishing

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Jon Snader
On Sat, Jul 10, 2004 at 10:28:49AM +1000, Greg Rose wrote: If they could do that reliably, they wouldn't need the toll thingy, nu? I have been told by someone in the photo-enforcement industry that their reliability is only around 75%, and they're very expensive, and ... anyway, not a

RE: identification + Re: authentication and authorization

2004-07-10 Thread bear
On Thu, 8 Jul 2004, Anton Stiglic wrote: The problem is not really authentication theft, its identity theft, or if you want to put it even more precisely, it's identity theft and authenticating as the individual to whom the identity belongs to. But the latte doesn't make for a good buz-word :)

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Eric Rescorla
Perry E. Metzger [EMAIL PROTECTED] writes: John Gilmore [EMAIL PROTECTED] writes: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Perry E. Metzger
Eric Rescorla [EMAIL PROTECTED] writes: All the toll lanes that accept EZ Pass that I've seen are equipped with cameras. These cameras are used to identify toll evaders already. You point out that doing this would require manual work, but in fact several systems (including the one used for