Teknovis

I read an interesting article in The Irish Times over the weekend (but I was too busy to write about it then :o ) The article reports that the head of the Irish Police (known locally as Garda) has asked Vodafone Ireland to provide the Internet browsing details of all of its customers. Furthermore, he wants all of this information in real time! The full article is Garda chief asks mobile phone firm to retain web-browsing data. Apparently, Vodafone are being asked to do this as a “good citizen”, or as a small favour!

I think that this is a typical example of how things are often done in an unofficial way in Ireland, where the rules (or laws) are not seen to have any relevance! I can imagine the reported conversation between the Garda Commissioner and the Vodafone Representative:

Garda Commissioner: “Right lads – could you do us a favour? We need all the Internet browsing details of all your users in real-time.“

Vodafone Representative: “Do you have a warrant for that?“

Garda Commissioner: “Nah – don’t worry about warrants. Sure we are the Garda! That’ll be grand.“

Although the article is not very clear, I think that the police want the full contents of every webpage that is viewed. It is a mystery why they want this information in real-time. In fact, it is a mystery to me why they want this information at all! Surely a targeted approach (with warrants) would be more efficient!

There are also so many ways of circumventing this proposal using software that is readily available in the Internet. So I do not think that it will deter serious criminals.

All of this is especially pointless when you consider that one can (and criminals do) legally buy a prepaid mobile phone without providing any identity information.

So who is this new measure really targeting?

My take on it is that it is the bright idea of somebody who wants to grab headlines with a great new security measure, but that this person has no concept of the practical use or implications of the idea. It certainly would not be the first time this ever happened!

Tags: Ireland, Mobile Phone, Police, The Irish Times, Vodafone, Warrant

RTE are reporting that Bank of Ireland has lost a memory stick that contains personal details of almost 900 customers. The full article is Bank of Ireland customer details lost.

This is just the latest incident of Bank of Ireland losing customer details! However, in this case the bank is claiming that the storage of customer details without encryption on a memory stick is a breach of its policies and procedures.

Perhaps Bank of Ireland needs to examine why employees are able to copy sensitive customer details to any memory sticks!

Tags: Bank of Ireland, Encryption, Memory Stick, RTE

Researchers in the Security and Cryptography Laboratory (LASEC) in the Swiss University Ecole Polytechnique Fédérale de Lausanne (EPFL) have developed four side channel attacks that are capable of detecting keystrokes remotely. Their attacks are based on measuring electromagnetic radiation, and they successfully attacked 11 different wired keyboards over distances up to 20 meters. The initial details of their research are available online (including two video demonstrations), and further details are contained in a paper that is currently under peer review. I am sure it will be an interesting read!

These types of side channel attacks are always very interesting, because they can often totally circumvent traditional cryptographic techniques such as application level encryption and decryption.

I wonder are there other interesting applications for these attacks. For example, the researchers mention the possible application of their research to the keyboards used in automatic teller machines.

Tags: EPFL, LASEC, Side channel attack