Firearms & Freedom

OFFICIAL NAPFN NEWSLETTER

Firearms & Freedom

Those who will not be governed by God

Will be ruled by tyrants.

 

~~William Penn

Vol.11, No.1 ~~~ 9 FEBRUARY,  2008

Don’t blow a gasket over the lead quote.  It just means If ya anin’t gonna behave on yer own accord then we gonna have to get a board and administer a little red-neck training lessons.

 

 


REAL ID and RFID Technology

 

Incorporating RFID technology into national ID cards  ( known as “REAL ID “ ) is a very BAD idea:  it is TOO EASY for Hackers to steal information with proximity radio devices

 

Technology can be a good thing. But that does not mean that every bit of new technology has to be hailed as salvation and incorporated into the essence of our existance

 

Instead we need to examine the question: “What does sort of trouble does this technology enable?”

 

Incorporating the JAVA language into eMail and web documents has helped to enable hackers.  And allowing flash players of various types to launch programs has also served to help the hackers to run un-authorized programs on our systems and thus to inject their malware into our computers

 

If you have malware on your computer in the form of a “RAT” ( Remote Administrative trojan ) or “BOT” ( Robot ) then your computer can be controlled by a hacker – just as though you were at the keyboard yourself.  No form of “security” will protect you if you have a RAT or BOT running your computer for you because this kind of malware impersonates you and carries out its mischief using your identity.

 

Allowing executable code to spread over the net like that was a Bad Move to Begin With.  Kinda like giving a GTO to a teenage boy or selling dynamite to terrorists.  Anytime a powerful tool is made available to irresponsible people trouble will result.

 

Therefore, let’s park that GTO in the garrage.  Teenagers can ride the bus.  And lets have the sheriff do background checks for anyone wanting dynamite.

 

And lets DELETE various dangerous computer capabilities.

 

Now I don’t care if folks think they need JAVA and Flash Players to make fancy web pages appear.  But the capabilities of those players must be limited to the presentation only.  Nothing in the capability of the Java script, flach players etc etc etc that may be included in a document can be allowed to have the capability of updating anyone’s computer

 

If the capability is not there Hackers cannot exploit it

 

Product Liability Law needs to specify that such capability may not be included in any OEM software.  Any Corporation that sells or licenses software will be considered an OEM and will have to certify its software and stand liable for defects in regards to the exploits we are talking about here.  And this is necessary to support the anti-hacking laws discussed in the previous issue of Firearms&Freedom  ( link at the end of this page ) .

 

The Key Idea presented here is that we are going to DELETE capabilities that are exploited by hackers.  If the capability does not exist it cannot be exploited.  We take the engine out of the GTO.  After that it cannot be hot-wired and taken out for a joy ride.

 

We do NOT allow RFID technology in our national ID cards.  If the technology isn’t there it cannot be exploited. The magnetic stripe that is already in use on credit cards is adequate and if it is important to make sure the magnetic strip is not re-written a bar code containing the checksum for the data in the strip could be added to the card.  All this is existing technology that has been proven reliable over time.  And which does not expose us to a new avenue of attack by hackers.

 

We should not allow web pages, eMail messages, spread-sheets and the like to launch executable programs.  If the capability isn’t there it cannot be exploited.

 

Now as far as software updates go, the proper procedure is to download a package, -- such as with WinZip -- as the first step of the update.  The package must contain the update materials plus the authenticating signature(s) plus the setup script.  The setup script should begin by checking the authenticating signatures on the enclosed material.  After that the update can be loaded into the computer and registered.  The registry must be secured so that those areas that are used to register executable programs can only be updated by setup.exe and setup.exe will only register programs that have the proper authenticating signatures.

 

The days of anybody and everybody updating every computer they can find must come to an end.  For one thing it’s in the law ( see previous page ) which should be approved shortly.  Next we need to enforce it as a part of our policy, inplemented in our computers.  And back it up with some strict product liability requirements: no computer should ever execute any un-authorized program.  If it does, the mfr. Is liable for Corrective Service.

 

This represents a 4-point attack on hacking

·                    Deleting dangerous capabilities from our computers;

·                    Implementing a secure means for providing software updates;

·                    Providing product liability laws as a cause of action against vendors for non-compliance or defects;

·                    New Federal Laws providing penalties for those initiating violations.

 

End

NAPFN Homepage
Pastor Mike's LINK LIST
Firearms & Freedom: Vol.10 No.7 (Previous Issue) ~~ New Federal Laws to Control Hacking
©Nov. 25th 2007 Pastor Mike Acker. Permission is granted to All Patriots for the use of this essay provided that the original credits and copyrights are retained.   Various quote from articles under Fair Use; references to original sources provided as hyperlinks as reader courtesy.