Skip to main content

Posts

Showing posts from July, 2010

Bogus Drivers Licenses, Fake Passports

The State of Minnesota is running a facial recognition algorithm on Minnesota drivers licenses and state ID’s.Partial results:Ran the algorithm on 11 million license photosFlagged 1 million for manual reviewOf the 100,000 reviewed so far, 1200 licenses were cancelledBy simple extrapolation of the numbers, there could be as many as 10,000 bogus state issued ID’s or licenses out of the pool of 11 million. There isn’t enough data in the media to know if a simple extrapolation is valid, so the number could be less.Meanwhile, Government Accounting Office investigators were able to obtain US passports with fake identification in three out of seven attempts.I think there is a house of cards here somewhere.

Just another day in Internet-land

So I’m goofing off at work, gambling with other peoples money using my fully patched but rootable browser, running on a fully patched but rootable operating system, occasionally downloading digitally signed malware while I contemplate the possibility that my medical records are on a P2P network somewhere, knowing that I really should be patching the remotely exploitable database that I just installed on my shiny new sever that was thoughtfully preloaded with malware, and I’m thinking to myself: “What’s new and interesting today?”Nothing. Just another day in Internet-land.

Oracle Continues to Write Defective Software, Customers Continue to Buy it

What’s worse:Oracle continues to write and ship pathetically insecure software. Or:Customers continue to pay for it. From the July 2010 Oracle CPU pre release announcement:Oracle ProductVulnerabilityRatingLicense Cost/ServerDatabase ServerRemote, No Auth[1]7.8/10$167,000[2]Awesome. For a mere $167,000[2] I get the privilege of installing poorly written, remotely exploitable, defective database software on a $5,000 2-socket Intel server.Impressive, isn’t it. I’m not sure what a ‘Times-Ten’ server is – but I’m glad we don’t have it installed. The good news is that it’s only half the price of an Enterprise Edition install. The bad news is that it is trivially exploitable (score of 10 on a scale of 1-10).Oracle ProductVulnerabilityRatingLicense Cost/ServerTimes-Ten ServerRemote, No Auth[1]10/10$83,000[3]From what I can see from the July 2010 pre-release announcement, their entire product catalog is probably defective. Fortunately I only need to be interested in the products that we have i…