StumbleUpon | smugllama's blog posts

http://smugllama.stumbleupon.com/review/14645610/

Sun, 25 Nov 2007 12:05:22 -0800

Why I'm more than a little hesitant about PayPass

A couple of years ago, my bank, Key Bank, sent me a new debit/atm card, completely unsolicited. My previous card wasn't going to expire for some time, but they were anxious enough to ignore that and send me new cards anyways. Well, after reading through everything that Key sent with the card, it was clear that this new PayPass system comes embedded with an RFID chip, but it never came right out and used those four magic letters, R-F-I-D.

I decided I wasn't going to accept their new cards, and decided to destroy them. I cut up the first card, and noticed what appeared to be a very thin copper wire running through the card in several concentric loops around the outside edge of the card. Yep, RFID, I was sure now. I microwaved the other card and found the actual chip itself somewhere approximately near the middle. Stupid RFID cards, I thought. And that was the last I heard of it. ... for quite a while.

Well, now my card really has expired again, and Key sent the replacement cards with the embedded PayPass systems. I don't have an easy option for declining these ones short of calling my bank and trying to argue with their customer service reps about why I don't want an RFID-enabled bank card.

As I sat thinking about how much trouble I was willing to go through, and just how paranoid I was for even thinking about trying to avoid this, I noticed some small print on the back of a card with a company name, "Axalto", and the trademark symbol.

A little research on Axalto left me more paranoid than when I started. Damn.

Axalto was previously a department of Schlumberger.� Schlumberger bought Sema and the department became part of SchlumbergerSema. When the department was sold to Atos Origin it was then named Axalto.� Axalto has since gone public, merged with it's main competitor, Gemplus, and is now called Gemalto.� It is when I look at Gemalto's leadership that my concerns are driven home:

Alex J. Mandl, is my primary concern.� http://en.wikipedia.org/wiki/Alex_J._Mandl

From 1999 to 2002, he served on the Board of Directors at In-Q-Tel. In-Q-Tel is, of course, the "venture capital firm that invests in high-tech companies for the sole purpose of keeping the Central Intelligence Agency equipped with the latest in information technology in support of United States intelligence capability. ... In-Q-Tel's mission is to identify and invest in companies developing cutting-edge technologies that serve United States national security interests." - http://en.wikipedia.org/wiki/In-Q-Tel

Mandl resigned his In-Q-Tel job to become the CEO of Gemplus International, the company that merged with Axalto to form Gemalto. He now serves as Executive Chairman of Gemalto.

I found another Gemalto executive, Olivier Piou, who lacks Mandl's colorful background, but makes up for with some very colorful remarks given at the United Nations World Summit on Information Society in Geneva on December 12, 2003:

"But biometrics can also turn into the most dangerous for the civil society if such identification technologies are deployed without a smart card. I.e. if they are used without asking citizens to keep with them their identity card, and without asking them for a voluntary action to be authenticated: software and global digital networks would then be able to permanently track citizens activities, without them knowing."

"Wireless technologies also present a similar threat to privacy: while it is relatively easy to turn off a cellular phone (because all of them have an ON/OFF button!), radio-frequency identification systems - also known as RFID or contactless systems - are activated from a distance. It becomes so very easy to install a reading antenna, in the subway or in any place like in this conference room, to detect who is there without awareness and consent."

Olivier Piou was the CEO of Axalto and is the current CEO of Gemalto. His entire speech is worth a read (Word .doc format) http://www.itu.int/wsis/geneva/coverage/statements/axalto/b16.doc

http://smugllama.stumbleupon.com/review/4486887/

Wed, 14 Jun 2006 21:06:18 -0700

Too many stories to do full posts about:

Russell Tice spills his guts; hints that some of the NSA spying may have involved the illegal use of space-based satellites and systems to spy on U.S. citizens: http://govexec.com/story_page.cfm?articleid=34075&dcn=todaysnews

UPI says that the Iranian Oil Bourse is getting ready to open on Kish Island: http://www.upi.com/Energy/view.php?StoryID=20060605-121956-6188r

The Abramoff / Kidan / SunCruz scandal is playing out like a real life Godfather story.

The Christian Science Monitor repprts that "the FBI has acknowledged that it was seeking reporters' phone records to investigate leaks about secret prisons in Europe and warrantless wiretapping."
http://www.csmonitor.com/2006/0516/dailyUpdate.html

And finally, Information Week discusses details of a recent Yahoo Mail Ajax/Javascript worm. http://www.informationweek.com/security/showArticle.jhtml?articleID=189400799

http://smugllama.stumbleupon.com/review/3655427/

Tue, 21 Mar 2006 17:39:18 -0800

So if the Executive Order calling for for the establishment of a Center for Faith-Based Initiatives at the Department of Homeland Security wasn't enough for you, apparently they've also established a "National Intellectual Property Rights Coordination Center" as well... A co-worker of mine recently returned from a conference with a complimentary tin of mints from this organization. (image coming soon.)

http://smugllama.stumbleupon.com/review/3397641/

Fri, 24 Feb 2006 12:59:10 -0800

An update to a previous story:

February 22rd Update:
I've had more than a couple of people ask me how I know the IP address of who visits my stumble page, so I figured an explanation was due.

Sadly, its a trick I learned from spammers and marketing departments. They call them "web bugs".

Spammers use them to confirm which email addresses are read by real human beings. I merely use them to monitor some basic information about who's reading my stumbleupon web page, since I don't have direct access to their logfiles.

As evil as "web bugs" may sound, its something as harmless as an image embedded in HTML content when rendered by most web browsers and email clients. Said image is hosted on a web server that you control, or at the very least, have direct access to the web server's log files.

When someone views the web page, their web browser loads the image directly from the server in which you monitor the logfiles, leaving behind a few key bits of information about the visitor.

The time and date of the visit is recorded, what web browser software the client claims to be using, and most importantly, the IP address. The "whois" service, makes it particularly easy to identify which organization is registered for any given block of IP addresses.

Fear not, this doesn't identify you personally. Most of the time this registration record is in your Internet Service Provider's name. Sometimes this information may reveal what company you work for if you're browsing from work, but usually just your ISP. Though, if push comes to shove, and they really want to know, your ISP can be subpoenaed and be compelled to turn over information on who you are.

If you happen to be using a government supplied connection, the registration records clearly state which particular branch of the government you work for.

This highlights some very important privacy concerns. It shows how easy it is to unknowingly leak information about ourselves and our activities.

Update: Its been pointed out that there are free 3rd party services to do this for you, if you don't have access to your own webserver. StatCounter.com was recommended (thanks to i-am-wolfman.)

http://smugllama.stumbleupon.com/review/3383700/

Tue, 21 Feb 2006 14:53:51 -0800

My current favorite drum and bass mix, done by a friend of mine in Puerto Rico. Some truely devastating beats. Check it out!

MP3 mix (right click, save as)

http://smugllama.stumbleupon.com/review/2119593/

Wed, 21 Sep 2005 17:41:53 -0700

Into the Dark: The Pentagon Plan to Provoke Terrorist Attacks
Sorry for the long quote, but it's incredibly important:
"This column stands foursquare with the Honorable Donald H. Rumsfeld, U.S. Secretary of Defense, when he warns that there will be more terrorist attacks against the American people and civilization at large. We know, as does the Honorable Donald H. Rumsfeld, U.S. Secretary of Defense, that this statement is an incontrovertible fact, a matter of scientific certainty. And how can we and the Honorable Donald H. Rumsfeld, U.S. Secretary of Defense, be so sure that there will be more terrorist attacks against the American people and civilization at large? Because these attacks will be instigated at the order of the Honorable Donald H. Rumsfeld, U.S. Secretary of Defense. This astonishing admission was buried deep in a story which was itself submerged by mounds of gray newsprint and glossy underwear ads in last Sunday's Los Angeles Times. There--in an article by military analyst William Arkin, detailing the vast expansion of the secret armies being massed by the former Nixon bureaucrat now lording it over the Pentagon--came the revelation of Rumsfeld's plan to create "a super-Intelligence Support Activity" that will "bring together CIA and military covert action, information warfare, intelligence, and cover and deception." According to a classified document prepared for Rumsfeld by his Defense Science Board, the new organization--the "Proactive, Preemptive Operations Group (P2OG)"--will carry out secret missions designed to "stimulate reactions" among terrorist groups, provoking them into committing violent acts which would then expose them to "counterattack" by U.S. forces. In other words--and let's say this plainly, clearly and soberly, so that no one can mistake the intention of Rumsfeld's plan--the United States government is planning to use "cover and deception" and secret military operations to provoke murderous terrorist attacks on innocent people. Let's say it again: Donald Rumsfeld, Dick Cheney, George W. Bush and the other members of the unelected regime in Washington plan to deliberately foment the murder of innocent people--your family, your friends, your lovers, you--in order to further their geopolitical ambitions."

http://smugllama.stumbleupon.com/review/1214558/

Mon, 09 May 2005 14:40:46 -0700

Today's food for thought:
1) "Now that food has replaced sex in my life, I can't even get into my own pants."

2) "Marriage changes passion. Suddenly you're in bed with a relative."

3)"How come we choose from just two people to run for president and 50 for Miss America?"

4)"Wouldn't it be nice if whenever we messed up our life we could simply press 'Ctrl Alt Delete' and start all over?" (and enter init level 6?)

5) "Why do I have to swear on the Bible in court when the Ten Commandments cannot be displayed in a federal building?"

http://smugllama.stumbleupon.com/review/1181053/

Wed, 04 May 2005 11:28:34 -0700

"When the people fear their government, there is tyranny; when the government fears the people, there is liberty."

-Thomas Jefferson, third US president

http://smugllama.stumbleupon.com/review/1168916/

Mon, 02 May 2005 17:24:21 -0700

So, since Bush has so valiantly reformed our personal bankruptcy laws, and Chapter 11 bankruptcy (businesses) was so conspicuously absent from the first bill, congress is now drafting legislation to make it more difficult for corporations to declare moral bankruptcy. Now, before they can declare chapter 7 moral bankrupcty, they have to first go through a 3-year program of restructuring, ignoring the public, extensive lobbying, and heavy PR campaigns. (ha-ha)

http://smugllama.stumbleupon.com/review/1168857/

Mon, 02 May 2005 17:11:15 -0700

So my company is trying to get me a sign a photo release form for a picture taken of me to be used for marketing purposes....

can you sign that?
reading it first
barry typed it up...if you don't like he can change it
basicly signing away my rights to have throw me a bone for this? ...and that if i somehow sustain permanant bodily injury over 's use of this photo, that I'm absolutely screwed?
... this sucks.
ha ha! bodily injury? doing what?
oh, say... getting lynched.
not terribly excited about signing this... let me mull this over for a bit.
ok, basically - we just don't want you getting mad for using this pic
throw me a frickin' bone... give me some motiviation to sign my soul away to the devil.
haahahahaha! what do you want? a cookie?
haha... lets see. I'll start with my own office. A raise. A bonus. A getaway. An escape. A showcase. A shortcut.
I think you should settle on a cookie. I will get you a whole package...just tell me what kind you like
get that cookie into the contract, and I'll re-consider.
I will hand you the cookies when I sign as your witness...how's that?
... not to be difficult, but i was really hoping to have the cookie IN the contract.
hahahahaa! you are cracking me up
* smugllama prepares a cookie release form
you, the undersigned, release all responsibility and claim of ownership of this cookie, with the express purposes of meager compensation, with the understanding that this cookie will be immediately, and irreversibly consumed upon receipt.
OMG! When does the cookie need to appear on your desk?
not that important... Just so long as its in the contract. I need legal rights to back that cookie.
i can't have you coming back on me in six months, suing for compensations for lost cookies.
OMG and I would DO something like that
and I'd do ALL of the things I'm about to waive my rights to...
fine... I'll add the cookie to the contract myself.
good thing I can edit this.

... And i did edit it.
... And I did sign it.

Upon recounting this story to some friends on IRC, I learned:

dude net-30 cookies
you didnt even specify what kind of cookie
your legal skills are lacking
shitty negotiation
I would like to be your cookie agent for any and all further cookie negotiations
a cookie credit check would have ruled too
I the undersigned duly appointed representative of do hereby state that we have the purchasing power and ability to repay any and all cookie debts incurred with .

... Our company lawyer didn't even balk at my edits. (guess I showed them.)