Thread: OT ... ID cards
View Single Post
  #309   Report Post  
John Rumm
 
Posts: n/a
Default
Mary Fisher wrote:

While I have it stored, no one is going to mine it... ;-)


Are you absolutely 100% copper-bottomed certain of that?

Depends on the resources and determination of the attacker! ;-)

Where on Earth have you put it?

Nice try ;-)

(do I get my Easter egg now?)

Build a shed. A concrete one with steel doors and properly alarmed.

Got one of them ;-) guess what....


er - no?

Its full....!

Friends of mine seem concerned that if fraud is carried out on their cards
they (the friends) won't have the protection they used to have. I'm not an

I think the basic foundation of joint and several liability remains the
same.

expert on this, I had changes to conditions this morning and am still wading
through them. We seem to get changes with every statement, it's not easy to
keep up with them.

They will update them to include extra information on not writing your
PIN is "plain text" and keeping it with your card, and on not disclosing
your pin etc. As you say, paying attention to the detail is the only way
to be sure).

Probably a good move to practice typing your pin in such a way as to
avoid people "shoulder surfing" it though if you are going to use it.

The tender process brings its own problems ... less involvement from
parties with vested interests.


Such as?

There are a surprising number of ex Anderson's/Accenture, and EDS staff
in key places in government... (the PMG for starters) Also (as with all
governments) there is a high level of lobbying and inducements from key
IT suppliers.

Many of the main weaknesses of the current proposed system (from an
engineering point of view) are that it has fundamental conflicts of
interest built into it. To give an example, for good security of access to
database it is better to centralise access to it, but for any practical
use in an ID system it needs to be vastly distributed.


Yes. are you saying that security can be compromised by that?

Yup...

That may be true, but it makes two assumptions. Firstly that the holders
of the information are benign,


There is no proof that they are not.

Can you substantiate that statement?


Of course not.

You can't prove that anyone is benign either.

No but I can find you plenty of examples of situation where peoples
personal data have been given up by those who should have been taking
better care of it.

Nice recent example for you:

http://www.theregister.co.uk/2005/05...security_flap/

I live under a stone, obviously. It's very nice though, a happy stone with
lots of other happy people. The only sad thing is that so many others
aren't, presumably for the reasons in your last paragraph.

Put yourself in the position of a former special ops soldier returning
from a tour of Northern Ireland on anti terrorism duty. How do you
suppose he would feel knowing that there is a database that tracks his
address (and all former addresses), plus all the day to day habits,
movements, transactions and patterns of his life. Extreme example I
know, but there are many reasons that someone law abiding with "nothing
to hide" may in fact have very good reasons to hide some things.

It's sad.

Indeed....

Night night,

Sleep tight!


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote