thewayne: (Cyranose)
Your tax dollars at work. Russia warned the US about Tsarnaev going to Dagestan for training as a terrorist, and the TSA put a flag that he was to be detained immediately upon his return. But they spelled his name differently, entering it in to their database as Tsaernayev.

Since it didn't hit, he wasn't detained when he returned. And because he wasn't detained, the Boston Marathon bombing happened.

There's an algorithm that's been around for about a century called Soundex. It has been implemented in every major database system and most programming languages. It takes any word and translates it in to a four-character code, the first letter being the first letter of the word followed by three numbers. Tsarnaev is T265. Tsarnayev is also T265.

Granted, similar names will generate more false positives. But delaying someone for a few minutes to rectify a false positive is a lot better than letting a known terrorist through due to a false negative. The Watch and No Fly lists have been a horrible implementation since day 1: when you stop four year-olds and Senator Ted Kennedy because of these lists, there's a problem. And there's been no discussion of fixing their implementation, because that would 'leak vital information to the terrorists'.

This is the problem with large numbers. If I develop a system that is 99.9% accurate, you're going to say 'cool!' But if that is a facial recognition system, in a city the size of Phoenix (population 1,445,632 as of the 2010 census), that means that it'll incorrectly identify 1,445 people. And when you're talking about actual life and death cases, that's unacceptable. You MUST have something in place to handle out-liers to take in to account false positives and false negatives.

http://news.slashdot.org/story/14/03/26/2235230/tsa-missed-boston-bomber-because-his-name-was-misspelled-in-a-database

http://www.nbcnews.com/news/investigations/russia-warned-u-s-about-tsarnaev-spelling-issue-let-him-n60836

http://www.theverge.com/2014/3/26/5549206/us-airport-security-missed-boston-bomber-because-a-database
thewayne: (Cyranose)
Whee!

A security researcher had a thought: what could you build that would be dangerous/deadly/destructive based on materials that you could buy inside the security barrier of an airport, using a multitool that was approved by the TSA?

The results are not pleasant: a blunderbuss shotgun, nunchucks, a spiked mace, and a suitcase bomb that took one and a half fire extinguishers to put out. He notified the TSA on four occasions before publishing and was thanked, but they never said they were doing anything. He was visited by some FBI agents and had a pleasant discussion, and that was about that.

http://www.wired.com/design/2013/12/terminal-cornucopia/?viewall=true
thewayne: (Default)
Yep. It's not enough that you can't take a drink of any appreciable size through security, or that you're standing next to barrels full of 'suspected explosives', you now have a chance of having your drink inspected after you pay an exorbitant markup inside the terminal.

OBL is laughing with the fishes.

http://www.wired.com/threatlevel/2012/09/tsa-moves-on-from-your-underwear-to-your-starbucks/

http://www.ibtimes.com/articles/380953/20120905/tsa-testing-drinks-purchased-inside-airport-terminal.htm

http://it.slashdot.org/story/12/09/06/005228/tsa-says-screening-drinks-purchased-inside-airport-terminal-is-nothing-new
thewayne: (Default)
It all came apart when a drug smuggler, who was supposed to go to checkpoint 6 to go through security, went to checkpoint 5 which was the terminal that his plane was departing from. People at 6 would have passed him through a secure tunnel and taken him to 5 for his plane.

"A 22-count indictment outlined five incidents where the TSA employees took payments of up to $2,400 to provide drug couriers unfettered access at LAX over a six-month period last year. In all, seven people are facing charges, including Eleby." (Eleby was the smuggler)

The former TSA employees face a minimum of 10 years in prison if convicted.

http://www.cbsnews.com/8301-201_162-57421663/transportation-security-administration-drug-smuggling-case-stems-from-airport-mix-up/

http://yro.slashdot.org/story/12/04/26/2124232/terminal-mixup-implicates-tsa-agents-in-lax-smuggling-plot


In other joyous TSA news, the TSA did a pat-down on a 4-y/o girl who was crying and screaming and clinging to her grandmother while TSA agents called her an uncooperative suspect.

http://politics.slashdot.org/story/12/04/26/0352242/tsa-defends-pat-down-of-4-year-old-girl
thewayne: (Default)
He says five things can be done to improve airport security:

1. No more banned items
2. Allow all liquids
3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable
4. Eliminate baggage fees
5. Randomize security

Obviously these are broad statements with lots of details behind them, but the objective is to move people through security screening more quickly, which also reduces the vulnerability of lots of people being queued up to go through screening.

It's a very difficult job for TSA screeners, but it has got to be improved.

http://online.wsj.com/article/SB10001424052702303815404577335783535660546.html

http://tech.slashdot.org/story/12/04/14/1244209/former-tsa-administrator-speaks


Kip recently participated in a series of debates with Bruce Schneier at the Economist.

"A nice summary at TechDirt brings word that Bruce Schneier has been debating Kip Hawley, former boss of the TSA, over at the Economist. Bruce has been providing facts, analysis and some amazing statistics throughout the debate, and it makes for very educational reading. Because of the format, the former TSA administrator is compelled to respond. Quoting: 'He wants us to trust that a 400-ml bottle of liquid is dangerous, but transferring it to four 100-ml bottles magically makes it safe. He wants us to trust that the butter knives given to first-class passengers are nevertheless too dangerous to be taken through a security checkpoint. He wants us to trust that there's a reason to confiscate a cupcake (Las Vegas), a 3-inch plastic toy gun (London Gatwick), a purse with an embroidered gun on it (Norfolk, VA), a T-shirt with a picture of a gun on it (London Heathrow) and a plastic lightsaber that's really a flashlight with a long cone on top (Dallas/Fort Worth).""

http://tech.slashdot.org/story/12/03/30/2144233/aviation-security-debate-bruce-schneier-v-kip-hawley-former-tsa-boss
thewayne: (Default)
In case you're not up on this, a gentleman who is apparently a self-proclaimed anti-TSA activist decided to run an experiment. He bought a small sewing kit, some cloth, and basically created a sort of shoulder holster that would hold a small metal object against the side of his body. He was confident that said metal object would set off airport checkpoint alarms. He went through an airport x-ray machine, and the machine did not blink an eye.

He did this not only once, but twice. And he caught it on video. And he's challenged media to do the same thing.

Apparently the TSA isn't very happy about this. Disregard that previous stories have talked about this weakness, among others, for ages.

http://yro.slashdot.org/story/12/03/08/2241229/tsa-warning-media-about-reporting-on-body-scanner-failures
thewayne: (Default)
TSA agents in Dallas singled out female passengers to undergo screening in a body scanner, according to complaints filed by several women who said they felt the screeners intentionally targeted them to view their bodies. Allegedly, women with 'cute bodies' were directed through the body scanners up to three times over by female agents, who appeared to be acting on a request from male agents viewing the scans in a separate room. Apparently this was done because the scans were 'blurry,' possibly due to autofocus problems with agents' smartphone cameras." After hearing the claims, Senator Charles Schumer (D-NY) announced plans to introduce legislation that would require the presence of "passenger advocates" at airports to deal with complaints like these.

I'm shocked to find out gambling is going on at Rick's!

http://yro.slashdot.org/story/12/02/15/0315214/female-passengers-say-they-were-targeted-for-tsa-body-scanners

"Besides having to remove our shoes, the volume limitations regarding liquids and gels in carry-on baggage has become a major hassle in the world of post 9-11 airport security. Hopefully, however, we may soon be able to once again bring our big bottles of water and tubes of toothpaste aboard airliners in our overnight bags. Britain's Cobalt Light Systems has developed a scanner called the INSIGHT100, that uses laser light to assess the liquid contents of containers, even if those containers are opaque."

I don't get this ability to scan through an opaque container. They claim a false positive rate of 0.5%, which I'd love to see field tested. It would also probably bottleneck security checkpoints even more since everyone would now be bringing liquids rather than most people being smart enough to dump their bottle of water before going through and buying even more expensive water on the other side of the checkpoint.

http://www.gizmag.com/insight100-liquid-container-laser-scanner/21443/

http://tech.slashdot.org/story/12/02/14/1315255/laser-scanner-may-allow-passengers-to-take-bottled-drinks-on-planes-again
thewayne: (Cyranose)
I think this is a good idea.

http://politics.slashdot.org/story/12/01/30/1519223/maine-senator-wants-independent-study-of-tsas-body-scanners


Then, as I was skimming the Slashdot comments, I came across one that pointed me to this page on the TSA's web site titled "U.S. Army Public Health Command surveys of backscatter imaging technology and cabinet X-ray systems". The Army has surveyed at least 13 airports, looking at all body scanners and some security portal baggage scanners. The page states "In the spirit of transparency, TSA has posted results of radiation surveys conducted on every piece of X-ray based technology in U.S. airports as the reports were completed. Following are surveys of checked and carry-on baggage screening equipment". So presumably all airports will be tested and eventually posted, my preferred airports, El Paso and Phoenix, are not yet on the list. The first study was done April 2010 at Boston, the most recent November 2011.

I downlaoded and read the report for Seattle/Tacoma, one of the most recent. There were no radiation issues, the dose to workers were well below FDA standards, so presumably they are safe for would-be passenders to be scanned. The Seattle report did note some problems, but they were maintenance and procedural and probably not safety issues.

So do I feel better about these things? Well, I suppose. They would appear safe. I'm still uncomfortable with being x-rayed in order to fly. I live at high altitude, which is an increased radiation exposure, and I get annual CT scans, which, again, increases my radiation exposure. So I'd prefer to not have yet another increase on my body.

I will be happier if they ever complete a dosimeter study of the TSA security portal workers. I also plan on reading the Boston report as Logan reportedly had a cancer cluster among workers of one of its baggage scanners.

http://www.tsa.gov/research/reading/xray_screening_technology_safety_reports_jan_2012.shtm


In other joyous TSA news, Senator Rand Paul was detained by security when they saw something on the x-ray scan and he refused a pat-down.

http://politics.slashdot.org/story/12/01/23/1645201/senator-rand-paul-detained-by-the-tsa
thewayne: (Default)
First the director says they are, then he says the TSA Inspector General says they're safe, so he isn't. The problem is that these machines are not regulated by the FDA since they're not used in medical treatment. There are a huge number of unanswered questions, and unless the TSA is forced to answer them, they probably never will be.

The backscatter x-ray device is the two monoliths that you stand between. A pencil beam of x-rays scans your body up and down, back and forth. It uses ionizing radiation, which is known to cause damage to DNA. And DNA, to a degree, can repair itself. But there is a huge disagreement between how the manufacturers and TSA calculate the actual radiation amount received and how scientists calculate it.

(the other scanning device, millimeter radar, looks like a glass-sided cube and is not known to damage DNA)

And then there's the shielding. It's probable that the TSA workers around the machine are receiving some pretty impressive alleged at Boston's Logan airport earlier this year.

http://www.propublica.org/article/tsa-puts-off-safety-study-of-x-ray-body-scanners

http://news.slashdot.org/story/11/11/16/2051233/tsa-puts-off-safety-study-of-x-ray-body-scanners
thewayne: (Default)
"TSA's VIPR program may be expanding. According to the Washington Times, 'TSA has always intended to expand beyond the confines of airport terminals. Its agents have been conducting more and more surprise groping sessions for women, children and the elderly in locations that have nothing to do with aviation.' In Tennessee earlier this month, bus passengers in Nashville and Knoxville were searched in addition to the truck searches discussed here previously. Earlier this year in Savannah, Georgia, TSA forced a group of train travelers, including young children, to be patted down. (They were getting off the train, not on.) Ferry passengers have also been targeted. According to TSA Administrator John Pistole's testimony before the Senate last June, 'TSA conducted more than 8,000 VIPR operations in the [previous] 12 months, including more than 3,700 operations in mass-transit and passenger-railroad venues.' He wants a 50% budget increase for VIPR for 2012. Imagine what TSA would do with the extra funding." (emphasis mine)

The TSA: coming soon to a street corner near you!

I drive through Border Patrol check points a few times a month since I live less than a hundred miles from the border with Mexico. A few years ago they installed what I have been told are radiation detectors and they probably have optical cameras with crazy bright lights, I have to hold my hand up to screen my eyes when driving through them at night or it would be totally blinding. The station closest to my house reduces traffic to a single lane, so naturally they install a second, identical set of radiation detectors. Fortunately they're spaced far enough apart that I can change which hand is screening my eyes safely. Now they've added a backscatter x-ray van at the station just outside of White Sands National Monument, I asked them and they don't use it all the time, which makes me wonder just how useful it actually is. But the check point west of Las Cruces doesn't merit a backscatter van and they actually wave traffic through without asking the perfunctory question of "Are you a U.S. citizen?" They do normally have a K-9 and handler and apparently they intercept a lot of drug shipments at that site.

http://news.slashdot.org/story/11/10/28/1921254/tsas-vipr-bites-rail-bus-and-ferry-passengers
thewayne: (Default)
False positives 70% of the time and they can be tricked up by sweaty people? One of the Slashdot comments said he was flagged by the scanner for wearing loose cargo pocket pants and had to have the grope.

A few weeks ago I flew to Washington DC for my annual NIH visit. Got selected for the scanner in El Paso, told them no, so we all had to wait for an agent to be freed up so he could grope me. DC, waltzed right through coming home.

http://www.google.com/hostednews/afp/article/ALeqM5jGUyRTjF-WA40GLjIMEo6dFgSxlw?docId=CNG.d76d1890df3edca8dd08181cb6808c7f.881

http://www.news.com.au/travel/news/sweating-over-scan-new-airport-body-scanner-doesnt-like-perspiration/story-e6frfq80-1226106381522

http://tech.slashdot.org/story/11/08/06/0113259/In-German-Trials-Airport-Body-Scanners-Easily-Confused
thewayne: (Default)
I'm not entirely clear why they think this. There's a huge number of problems involved in the concept of surgically-implanting a bomb inside a person: surgeon skill, infection issues, toxicity of explosives, how to detonate, the dampening effect of water mass on explosives, etc. So from the top, the difficulties of doing this in a third-world country would be very difficult to overcome.

Aircraft defense still boils down to: x-ray everything that goes on to the plane to prevent Locherbie attacks and lock the cockpit door. Everyone knows that a hijacked plane now represent potential mass death, so there's nothing to lose to attack a hijacker. DHS still constantly talks about the terrorist attacks that they've stopped that they can't talk about, yet you never hear about the TSA stopping mad bombers at the security checkpoints.

http://www.wired.com/dangerroom/2011/07/body-bombs-are-a-good-sign-dhs-insider-claims/
thewayne: (Default)
Yup. Bitch about airport security in line, and you might be pulled aside for "additional screening."

http://www.cnn.com/2011/TRAVEL/04/15/tsa.screeners.complain/


And if you're interested in a little light reading, how about a copy of the Al Qaeda training manual, courtesy of PBS' Frontline. The reason why it's included is it says that agents should remain calm and don't raise a ruckus, therefor an AQ agent is more likely to easily get through screening.

http://www.pbs.org/wgbh/pages/frontline/shows/network/alqaeda/manual.html


http://tech.slashdot.org/story/11/04/15/2051220/TSA-Investigates-People-Who-Complain-About-TSA
thewayne: (Default)
Design proposals are being accepted for devices that would scan your shoes while you wear them. Remember the fluoroscopes in shoe stores in years gone by? Lots of shoe store employees got cancer.

When is DHS/TSA going to figure out that a device/protocol that addresses Threat X is invariably worthless against Threat Y?

http://www.wired.com/dangerroom/2011/03/next-step-for-airport-security-scanners-for-your-shoes/
thewayne: (Default)
Someone posted the Screening Management Standard Operating Procedures manual of the TSA on a pubic web server last week. It was a PDF, and whoever made the PDF thought they had redacted it, but they screwed up: they pasted black rectangles over sensitive text instead of deleting it, and as MANY organizations such as AT&T have learned, that conceals but does not remove information. All you have to do to recover the info is basically copy and paste into another document.

Thus, all the hidden information was revealed!

This document details everything about how airport security checkpoints are to be operated, including operating the x-ray machine, calibrating said machine, which countries receive automatic additional screenings, etc.

Several stories have come out about this, so here's a few:

Here's the original story on Wired: http://www.wired.com/threatlevel/2009/12/tsa-leak/

Here's the original story on Slashdot, along with a link to a zip of the file with the redactions recovered: http://news.slashdot.org/story/09/12/08/0057253/TSAs-Sloppy-Redacting-Reveals-All?art_pos=15

Apparently five people have been suspended pending further investigation in to the leak. Amongst the interesting attempts at butt-covering as the statement that this version of the manual was from May/June 2008 and has been superseded.

Well, if it's been superseded, why are three Congresscritters asking for explanations from the TSA as to how this happened, and can they sue web sites to get it off the intertubes? As it turns out, it's been released to Cryptome and Wikileaks, and is thus now all over the world. And yes, I have a copy, and it's moderately interesting reading.

Now, here's the beauty of the Congresscritters request: the document was posted on a web site in MARCH. It was discovered LAST SUNDAY. Which means it's been indexed/captured/cached by every search engine in existence.

Well, here's the Congresscritters pleas: http://www.wired.com/threatlevel/2009/12/tsa-leak-2

And here's Slashdot's thread on the Congresscritters pleas: http://politics.slashdot.org/story/09/12/11/1351208/Three-Lawmakers-Ask-For-Enforcement-Against-Leak-Sites?art_pos=4


I think that's enough silliness for now. I have some more silliness to post later, but it can wait.


Oh, I forgot. I meant to post a link to Cryptome: http://www.cryptome.org/. Some VERY interesting stuff on it! I've been reading a series posted by a former spy, neat stuff.
thewayne: (Default)
Yep, your tax dollars hard at work.

First, TSA employee caught hording with $200,000 worth of stolen goods to be sold on eBay. And as of right now, you can't even demand a receipt if they seize your laptop at the border, but there is a possibility of a new bill forcing DHS to receipt seized equipment and return them in a reasonable time frame. I can find the links if anyone is interested.

"... a search of his house found a great deal of property pilfered from the un-witnessed searches that occurred after luggage had been checked, where the rightful owner was not allowed. 'Among the items seized were 66 cameras, 31 laptop computers, 20 cell phones, 17 sets of electronic games, 13 pieces of jewelry, 12 GPS devices, 11 MP3 players, eight camera lenses, six video cameras and two DVD players, the affidavit said.'"

So if you've flown through Newark in the last year or so and lost something electronic...

http://www.nj.com/news/index.ssf/2008/10/airport_screener_charged_with.html

http://news.slashdot.org/article.pl?sid=08/10/19/1618259


Second, Bruce Schneier and a reporter play games with airport security, including wearing Osama Bin Laden t-shirts, carrying books on jihad, not carrying ID, and splashing water on their face to make it look like they're sweating. TSA security's response? "Don't let it happen again."

http://www.theatlantic.com/doc/200811/airport-security

http://tech.slashdot.org/article.pl?sid=08/10/17/2212203


Now don't you feel much safer?
thewayne: (Default)
It is a system where you can pay money to be investigated and get a pass to let you skip the inspection lines at airports. You submit fingerprints, the FBI does checks, etc. 33,000 people have enrolled.

Well, a couple of weeks ago a laptop that contained the detailed information of everyone who has signed up for the program was stolen from a locked office at San Francisco airport. The server that the data is stored upon is encrypted.

The laptop wasn't.

But everything is OK -- the laptop was found again! In the same office that it was stolen from. In a different place in the office. Behind a locked door.

But don't worry -- "they" have determined that the data was not accessed.

The same people who didn't encrypt the laptop? And we're supposed to take their word that someone who can go into a secure area, through locked doors, and steal a laptop, and then replace a laptop in the same office, again, through locked doors and in a secure area, can't remove the drive from the laptop and clone it?

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/08/05/BU2V125HTF.DTL&tsp=1

http://yro.slashdot.org/article.pl?sid=08/08/06/1021225
thewayne: (Default)
After 9/11, if you were going to fly and didn't have ID or didn't want to present it, you could submit to a more detailed search and you would still be allowed to fly. Or at least you could do that at airports where the TSA people actually knew the rules rather than made them up on the spot. Well, that's now a thing of the past. Now if you don't have identification, you don't fly. Apparently it's part of a new program to try to profile dangerous people rather than dangerous items, because, after all, terrorists would have such difficulty getting identification.

Don't you feel safer already? I know I do. [/sarcasm]

http://blog.wired.com/27bstroke6/2008/06/tsa-nixes-flyin.html

http://news.cnet.com/8301-13739_3-9962760-46.html?tag=nefd.top

http://yro.slashdot.org/article.pl?sid=08/06/10/0057202
thewayne: (Default)
I was going to ask when the lunacy will end, but it won't, so no point in asking the question. Let's just hope it doesn't spread to nation-wide.

http://blog.wired.com/gadgets/2008/02/new-airport-sec.html

It just occurred to me what the TSA is doing, and why they will succeed. They will make efficient travel so inconvenient that no one will use it, thus travel will be safe! Except for the airlines dying, the interstates getting clogged with more accidents resulting, etc.

September 2017

S M T W T F S
     12
3 4 5678 9
101112 1314 15 16
1718 19 20212223
24252627282930

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 22nd, 2017 01:20 pm
Powered by Dreamwidth Studios