On our RSS feed we just posted podcast 203. Since the show notes didn’t go through, here they are. Lots of things to read if you wish.
On this podcast, we have an interesting discussion in regards to the biggest security issue I’ve seen. I also will demo L.A. Metro’s version of an app to help get around the bus and train system.
Things of interest to read
- We Take Your Privacy and Security. Seriously.
- Signature Systems Breach Expands
- Jimmy John’s Confirms Breach at 216 Stores
- Home Depot: 56M Cards Impacted, Malware Contained
- In Home Depot Breach, Investigation Focuses on Self-Checkout Lanes
App links
- Version 2 of Go Metro which has since been updated for fare increase info and other bug fixes.
The app still works the same.
We hope you enjoy the podcast, and we’ll be back on another edition very soon!
Enjoy!
This is sounding like it could be quite interesting to have all of this. I’m sure that the hackers can get fake passports and such similar to the one they want to hack, and I’m sure if they had to, they would show up. Although even if they showed up, there would be a total different picture than for example yourself. Maybe again, they wouldn’t, and it would just stall like it is designed to do. Very interesting comment here. Any other comments on security in other countries?
Hi jared.
Interestingly enough while check books are still used here, a lot of stuff is going away.
signatures are now gone as of last week though most of this is chip based.
near field up to 80 bucks with wave tech on the card is also round, though it can be abused, up to the value of 80 dollars.
Most stuff is pin based.
An interesting thing at least in new Zealand is a service called real me.
This is basically an online identity.
It has 3 parts.
1, a valid email address.2. a passport or birth certificate.
3. a password and cell phone for code verification.
4. an actual id to be verified every 5 years at an authorised post office.
At minimum you need an online id at the post service here in new Zealand before you can even get access to stuff.
This needs to be linked, and you get a master password.
in addition some services like the elections, or work and income services need either texted or printed codes that you must get read or read yourself generated by the system in order to prove it is you doing it.
Today its been announced that banks are being added to this stuff.
The system is quite secure, its got 2 step verification, you need to enter a texted code when you login to even get access.
And even if someone was able to get passed that you would need a physical id.
Fact is, before you actually can get in, you need to physically exist.
Some services here need voice, fingerprint and dna id matches so its all secured many layers, I’d say it would be hard to crack.
It was sertainly hard to create an id.
The easiest way was with a passport.
but there are other ways.
The first step is to make an account with the postal service.
Easy enough.
The next is to make an account with the real me service.
Then link both accounts.
All this is easy enough.
Once done you need to enter all birth data or passport number.
You then are sent the first of many paper codes required for activation.
From there, you are emailed a form filled out with a bar code on it that will verify your account.
You then have to show at a authorised postal service, where a photo is uploaded to the system.
At this point internal affairs needs to verify you and this can take 2 weeks and did in my case.
After you get the confirmation each service gets different procedures.
Internal services like employment just need you to log in and you are in.
More external services like the benefit service require a text code and for you to speak with an operator.
Stuff like the elections site needed me to do and print an enrolement with a box opting me in to the digital system.
This then was printed and you needed a physical signature to be sent for verification this can take another 2 weeks.
After which you get a code which can take another week or 2 to come and sometimes it doesn’t come for a bit I had to ring twice to get the right code.
Once your service is setup, you can change email, password, etc, but you need to revarify every 5 years.
Once you are in all you need is your user id and password your username is your email address.
Then you need the text verification I mentioned before.
Some services like the benefit services need voice verification which I set, and this was why I started looking into realme, I had started so why not finnish.
But it does take a couple months to setup.
I doubt a hacker would be able to get to far into the system to be honest.
I am not sure if it would be worth it.
2 step verification is hard enough but getting past all that, wouldn’t really help him much.
Even if he was able to change all info, he would still have to verify in 5 years.
Its a mixture of physical and digital security.
Its not unbreakable but if I was a hacker I wouldn’t try to break it.
there are at least 4-5 components and maybe more.
The system is monitored by someone and is linked to most of the government sites in existing and expanding to companies, banks and other places.
With that said in all things there has to be a problem.
This is sadly how much info is allowed to go out.
basic birthday, location and name at the time when I went on the system last year was the only stuff that could go out.
For such things as sencis or other stuff it may be necessary for you to dump all info and it currently can’t do it.
So even if someone was able to hack things, unless he physically got your account he wouldn’t get everything.
I am not sure what is revealed but I doubt you could just ask for everything and if you had to you would have to have sojme physical way to get whatever I’d imagine.
And you can be sure such a vital system would be heavily monitored, secured and maintained.
It would be an embarrassment if it wasn’t