Apparently Jacqui Smith said on the Today prgramme this morning whilst being interviewed about ID cards that "the database cannot be hacked". Please ezxcuse me whilst I find a corner and curl up in a ball and laugh.
It doesn't take an IT expert to realise that's a BLATANT lie. Good job she didn't say that in the House or she'd surely be in the shoite!! Does this woman have no shame?
Stupid comment, of course, but furthermore - it doesn't have to be hacked. A leak will do nicely.
The point was made on 5Live this morning that a large database will have a large user base. The larger the user base the greater the chances of a leak and comparison was made with the prosecution rate for leaks from the PNC.
We've all heard recently how leaked bank account data is worth a lot of money.
You don't need to be Einstein, you really don't. Anyone listening? Thought not.
You never know, she might be telling most of the truth, as in "The ID Cards database is unhackable" (because those morons at Crapita set up all the disks in one single RAID 0 volume, which failed completely when one disk broke).
This is exactly the sort of bloody stupid thing you'd expect them to do. Do remember that these are the same people who presumably advised the Government that existing databases could be extended to contain ten times more data without compromising their functionality, and without much downtime.
As for a nationwide roll-out of ID cards, relax, will you? The current Government are techno-fuckwits to a one; Midnight Flashers in every case. They don't understand IT. They don't understand IT projects. They don't get that meddling in running projects causes massive cost over-runs and that the companies running the projects EXPECT this to happen; even count on it for profit.
PS: a Midnight Flasher is a person in whose house EVERY appliance which has a clock will be found to have said clock flashing 00:00 constantly, because the person lacked the few meagre IQ points to even set the damn clocks.
people who don't have a grounding in science or technology can be made to believe anything. This woman is plain thick. Might be a good question for PMQs next week, 'does the PM agree with.. etc'
That woman is a menace, this scheme is a menace and the whole Government is a menace, or group of menaces.
Excuse the uncharacteristic sense of humour failure, but they are flushing this country down the toilet with all the other turds (e.g. France, Italy, Venezuela ...). So forgive me if I don't join you in the state of hilarity.
By the way, was I the only one who was inescapably reminded of a worm when I watched Jacqui Smith's statement on TV?
If that is what she said then the woman is clearly potty.
Yet even if it couldn't be hacked, the sheer number of people and agencies who will have access to it will result in leakage as a result of incompetence and/or corruption. Just as happens with the Police, NHS, DVLA, HMRC and other information systems.
But Why the flying Fook are they starting with aviation workers? They've already got ID cards.
The national ID card just explains who you are, it doesn't say you work at British airways checkin, so they'll STILL need to carry their company ID cards and pass through normal staff security. And what about all those johnny foreigner cabin crew passing through airports, they won't have UK ID cards and a profile on the national database.
Yet again this is Labour Skullduggery trying to make a case for ID cards by imposing them on a group that deal with potential terrorists everyday.
I used to work in a large company that held lots of necessary customer data on a number of databases.
The data was relatively secure from external hacking as the internal networks were all encrypted and the external networks were encrypted too.
The biggest risk was authorised workers accessing data they did not need to use in the course of their work - they could see only the type of data they needed but there was no reasonable way it could be limited to specific customers. There were cases where sensitive data was sold: people were tracked down and sacked or imprisoned, and processes changed, but after the event of course.
Similarly any big database needs a number of technical types to sort out errors and run the damn thing etc. These people could truly see everything - they had to, to do their job. I know of no cases of abuse, but as one of them I know just how easy and undetectable it would have been....
The only way to make data 100% secure is not to use it... anything else involves risk to a greater or lesser extent.
The suggestion that students won't be able to get loans without ID cards is particularly disturbing. What's next? Forcing old people to pay for an ID card if they want to collect their pensions?
I heard her on Radio 4 this morning - she said it couldn't be hacked 'cos it wouldn't be online ... cool, huh? To check my ID Card you don't need to access the database: all you need to do is hold the card tight, close your eyes, say the magic words and all is revealed (assuming, of course, that you are one of identi-faries.
The logic is simple: the database will not be hacked because it is not on-line. There will be 10K+ terminals but all of them will be on the secure govt network (so has that port to selected commercial partners been excised from the architecture diagram?). And, as Tony McN said on TV when he was in charge of something, to check an ID Card you call the call centre.
If access is only by the government network, how will the copper on the beat know that the card he is looking at and the character on it is genuine?
I assume the copper will have some sort of card reader that will transmit the details to and from the "government network" over the airwaves. Cant that be hacked or tampered with?
The logic is flawed, because, as Eugene Spafford pointed out, "the only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards. Even then I wouldn't bet on it."
1) applicant proves identity 2) biographic data, image and finger print scan captured and held on database 3) application with finfgerprint already held on database deemed to be fraudster/terrorist and taken out and shot 4) card produced showing name, picture and a chip holding all data including fingerprint scan 5) card is presented when id has to be proven (opening a bank account say), in most cases picture is compared to person standing there - no link back to id database 6) for higher level checks (entering a nuclear power station to empty the bins say) fingerprint scan is taken and card is fed into machine and comparison made - no link back to database- mismatches are deemed to be fraudster/terorist and taken out and shot 7) when card is lost, database IS accessed to produce replacement
Is this right, or can someone else explain please?
If the terminals never checked with a central database a visual check can be defeated with a fake card with the right face on it, and a fingerprint check can be defeated with a fake card with the right fingerprints stored on it.
The picture and fingerprints would only have to match the perp carrying the fake card, whereas a joined up system would require a fraudulent entry on the register as well.
Appreciate comments from Gareth, and I'm sure the flaws are as he states. I'm interested whether anyone in the know - e.g. working on the ID programme - can tell us how the ID verification will be done without accessing the id databse.
If there is no explanation, then as Garteh implies it really is all the utter bollocks that we suspect it might be.
For lunchtime anon: the copper will take you down to the station, just like he/she does now. We really have not moved on, so it ain't going to work beyond being able to use a hand-held to view the photo stored in the chip. But indeed they might try an encrypted data link. And it gets very risky if they opt to have fingerprints (2 of them) stored in the chip - the EC wants fingerprints recorded, and I might be able to find out next week if they want them stored in the chip (or perhaps someone else can tell us).
For any techies reading, would the following work ?
Any host that requires access has to apply to a security team. That team assess the security of the host and records the MAC addresses. A secure VPN is set-up between the central database and the approved MAC addresses. Once connectivity is confirmed, a Kerberos V5 srvtab is sent to the host to act as an identity key. All accounts on the host are kerberised with the KDC run by the government, and local root access is denied. Any request for information requires that the host use it's srvtab plus a service keytab to get a one-time keytab lasting 10 minutes, which is handed to the database to get the information back.
I'm not quite sure what you been by "work" as such. Certainly having limited expiry times on keytabs or tickets would reduce the time limit that someone could have access to the system at any given time. However, given the size and scale of the db we're talking about, and more so the frequency of checks that would be envisaged by the system, that's quite a significant performance hit on KDCs. I guess it would entirely depends on how many slaves there were.
The VPN link is something that I personally think is a misnomer somewhat because that just means your passing security back down to the service users at the bottom line. Remeber we're talking about things like Council offices here, or hospitals even, and, if we accept some of the things being mentioned by politicians as practical usage, possibly even shops. There have been a number examples of stores using insecure transfer methods already after all.
I'd also be a little concerned about MAC address spoofing at the entry point. If the entry point is compromised then the authorised MAC address can be known and the destination address as well. Add to that that once compromised you also have the srvtab as well along with the hostname it is not beyond the realm of possibility that someone could then create their own access point into the system.
29 comments:
Alan Turing must be turning in his grave...
Just listened to her statement on radio 5 Live and she still thinks that 60% of the public is behind her, despite high profile government data lapses!
Which planet did she land from?
It doesn't take an IT expert to realise that's a BLATANT lie. Good job she didn't say that in the House or she'd surely be in the shoite!! Does this woman have no shame?
Alan Turing, David Kelly...hmmmm.
Cannot be hacked? Do you think she would let Ross Anderson take a look at it?
She must be listening to same sales team that promises people 100% uptime.
Perhaps with all the floundering in the Lib Dem camp taking headlines, today is a good day to bury absolute nonesence
Stupid comment, of course, but furthermore - it doesn't have to be hacked. A leak will do nicely.
The point was made on 5Live this morning that a large database will have a large user base. The larger the user base the greater the chances of a leak and comparison was made with the prosecution rate for leaks from the PNC.
We've all heard recently how leaked bank account data is worth a lot of money.
You don't need to be Einstein, you really don't. Anyone listening? Thought not.
You never know, she might be telling most of the truth, as in "The ID Cards database is unhackable" (because those morons at Crapita set up all the disks in one single RAID 0 volume, which failed completely when one disk broke).
This is exactly the sort of bloody stupid thing you'd expect them to do. Do remember that these are the same people who presumably advised the Government that existing databases could be extended to contain ten times more data without compromising their functionality, and without much downtime.
As for a nationwide roll-out of ID cards, relax, will you? The current Government are techno-fuckwits to a one; Midnight Flashers in every case. They don't understand IT. They don't understand IT projects. They don't get that meddling in running projects causes massive cost over-runs and that the companies running the projects EXPECT this to happen; even count on it for profit.
PS: a Midnight Flasher is a person in whose house EVERY appliance which has a clock will be found to have said clock flashing 00:00 constantly, because the person lacked the few meagre IQ points to even set the damn clocks.
people who don't have a grounding in science or technology can be made to believe anything. This woman is plain thick. Might be a good question for PMQs next week, 'does the PM agree with.. etc'
And I'm sure her and the rest of her MP friends will show complete confidence in this statement by being the first to enter their details.
How did we come to be ruled by complete morons?
It's NOT funny, Dizzy.
That woman is a menace, this scheme is a menace and the whole Government is a menace, or group of menaces.
Excuse the uncharacteristic sense of humour failure, but they are flushing this country down the toilet with all the other turds (e.g. France, Italy, Venezuela ...). So forgive me if I don't join you in the state of hilarity.
By the way, was I the only one who was inescapably reminded of a worm when I watched Jacqui Smith's statement on TV?
If that is what she said then the woman is clearly potty.
Yet even if it couldn't be hacked, the sheer number of people and agencies who will have access to it will result in leakage as a result of incompetence and/or corruption. Just as happens with the Police, NHS, DVLA, HMRC and other information systems.
Oh and nice of Jacqui to suggest we won't all need cards - we'll use passports instead!
But Why the flying Fook are they starting with aviation workers? They've already got ID cards.
The national ID card just explains who you are, it doesn't say you work at British airways checkin, so they'll STILL need to carry their company ID cards and pass through normal staff security. And what about all those johnny foreigner cabin crew passing through airports, they won't have UK ID cards and a profile on the national database.
Yet again this is Labour Skullduggery trying to make a case for ID cards by imposing them on a group that deal with potential terrorists everyday.
I used to work in a large company that held lots of necessary customer data on a number of databases.
The data was relatively secure from external hacking as the internal networks were all encrypted and the external networks were encrypted too.
The biggest risk was authorised workers accessing data they did not need to use in the course of their work - they could see only the type of data they needed but there was no reasonable way it could be limited to specific customers. There were cases where sensitive data was sold: people were tracked down and sacked or imprisoned, and processes changed, but after the event of course.
Similarly any big database needs a number of technical types to sort out errors and run the damn thing etc. These people could truly see everything - they had to, to do their job. I know of no cases of abuse, but as one of them I know just how easy and undetectable it would have been....
The only way to make data 100% secure is not to use it... anything else involves risk to a greater or lesser extent.
Plus the fragrant one, for it is she, stated that the database would "not be on line".
So how do you check and validate. By post?
The suggestion that students won't be able to get loans without ID cards is particularly disturbing. What's next? Forcing old people to pay for an ID card if they want to collect their pensions?
I heard her on Radio 4 this morning - she said it couldn't be hacked 'cos it wouldn't be online ... cool, huh? To check my ID Card you don't need to access the database: all you need to do is hold the card tight, close your eyes, say the magic words and all is revealed (assuming, of course, that you are one of identi-faries.
She's completely OD'd the Botox. This amazingly stupid bint is suffering from total cranial paralysis. I doubt there's any known antidote.
She also said.... "the biometrics will be in a seperate database that won't be online"
So that's all right then.
The logic is simple: the database will not be hacked because it is not on-line. There will be 10K+ terminals but all of them will be on the secure govt network (so has that port to selected commercial partners been excised from the architecture diagram?). And, as Tony McN said on TV when he was in charge of something, to check an ID Card you call the call centre.
Maybe their database is actually a Rolodex
Dreamingspire
If access is only by the government network, how will the copper on the beat know that the card he is looking at and the character on it is genuine?
I assume the copper will have some sort of card reader that will transmit the details to and from the "government network" over the airwaves. Cant that be hacked or tampered with?
The logic is flawed, because, as Eugene Spafford pointed out, "the only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards. Even then I wouldn't bet on it."
I assume it will work something like this:
1) applicant proves identity
2) biographic data, image and finger print scan captured and held on database
3) application with finfgerprint already held on database deemed to be fraudster/terrorist and taken out and shot
4) card produced showing name, picture and a chip holding all data including fingerprint scan
5) card is presented when id has to be proven (opening a bank account say), in most cases picture is compared to person standing there - no link back to id database
6) for higher level checks (entering a nuclear power station to empty the bins say) fingerprint scan is taken and card is fed into machine and comparison made - no link back to database- mismatches are deemed to be fraudster/terorist and taken out and shot
7) when card is lost, database IS accessed to produce replacement
Is this right, or can someone else explain please?
If the terminals never checked with a central database a visual check can be defeated with a fake card with the right face on it, and a fingerprint check can be defeated with a fake card with the right fingerprints stored on it.
The picture and fingerprints would only have to match the perp carrying the fake card, whereas a joined up system would require a fraudulent entry on the register as well.
Anon 14:21 here
Appreciate comments from Gareth, and I'm sure the flaws are as he states. I'm interested whether anyone in the know - e.g. working on the ID programme - can tell us how the ID verification will be done without accessing the id databse.
If there is no explanation, then as Garteh implies it really is all the utter bollocks that we suspect it might be.
SP
For lunchtime anon: the copper will take you down to the station, just like he/she does now. We really have not moved on, so it ain't going to work beyond being able to use a hand-held to view the photo stored in the chip. But indeed they might try an encrypted data link. And it gets very risky if they opt to have fingerprints (2 of them) stored in the chip - the EC wants fingerprints recorded, and I might be able to find out next week if they want them stored in the chip (or perhaps someone else can tell us).
For any techies reading, would the following work ?
Any host that requires access has to apply to a security team. That team assess the security of the host and records the MAC addresses. A secure VPN is set-up between the central database and the approved MAC addresses. Once connectivity is confirmed, a Kerberos V5 srvtab is sent to the host to act as an identity key. All accounts on the host are kerberised with the KDC run by the government, and local root access is denied. Any request for information requires that the host use it's srvtab plus a service keytab to get a one-time keytab lasting 10 minutes, which is handed to the database to get the information back.
I'm not quite sure what you been by "work" as such. Certainly having limited expiry times on keytabs or tickets would reduce the time limit that someone could have access to the system at any given time. However, given the size and scale of the db we're talking about, and more so the frequency of checks that would be envisaged by the system, that's quite a significant performance hit on KDCs. I guess it would entirely depends on how many slaves there were.
The VPN link is something that I personally think is a misnomer somewhat because that just means your passing security back down to the service users at the bottom line. Remeber we're talking about things like Council offices here, or hospitals even, and, if we accept some of the things being mentioned by politicians as practical usage, possibly even shops. There have been a number examples of stores using insecure transfer methods already after all.
I'd also be a little concerned about MAC address spoofing at the entry point. If the entry point is compromised then the authorised MAC address can be known and the destination address as well. Add to that that once compromised you also have the srvtab as well along with the hostname it is not beyond the realm of possibility that someone could then create their own access point into the system.
Here's a question though, do I know you?
Post a Comment