My name and date of birth? But you called me!

This morning, a fellow named Brad from NAB called to see how my banking was going. The call was unsolicited and the caller ID blocked. Brad was friendly and polite as he began asking a few questions about my banking habits. You can imagine though, that I wasn’t terribly inclined to answer any of his questions, considering I didn’t know him from a bar of soap.

I asked him if he could provide me with a piece of information from my account, to assure me that the call was legitimate. In order to give any information, he told me, he would need to first obtain some details from me, and began by asking for my name and date of birth. I wasn’t quite sure he was getting the point, but politely let him know that I didn’t really want to do that. We finally arrived at a compromise – I could phone him back on a number found easily on the NAB website. I did, waited on hold and was eventually transferred back to him – a process that took something like ten minutes. Not quite sure why I bothered, really.

There would be a really simple way to solve this. On opening the account (or as part of regular account maintenance), customers could be asked for an “authenticity assurance” word or phrase – a shared secret which could be quoted on an outbound call to provide peace of mind. To me, it seems like this is a total no-brainer security measure and I can’t understand why nobody does it. So I’ve sent them the suggestion, I’m curious to see the response. What am I missing? Why isn’t this done already?

won’t somebody please think of the children/terrorists!

airport_xray_scannerI’m pretty thrilled. Two of my favourite items of hysteria have collided and provided much confusing amusement – or confusement, if you like. The very people who are meant to keep us safe from the terrorists might actually be paedophiles hell bent on leering at our bald and naked children through new full-body airport scanners.

In fact, the scanner is so advanced and intrusive that under UK law the images it produces will very possibly qualify as child pornography. As a result, Manchester Airport will need to seek legal advice on whether or not it is able to allow under-18s to be scanned by the new machine when it launches next week.

I object to these new machines on the basis that they are unnecessary and invasive – especially if they are compromised by something as simple as having an under-18 be exempt. I’m also pretty sure that airport security remains incredibly easy to defeat by someone with enough motivation.

For instance, check out this article in the November 2008 edition of The Atlantic, it’s called “The Things He Carried.” Aided by Bruce Schneier, a regular and vocal critic of airport security and “security theater” in general, a journalist managed to board aircraft with fake boarding passes, wearing jihadist slogans on his clothing and on various occasions smuggling through pocket knives, toothpaste, bottles of water, nail clippers, scissors etc. etc. etc.

I think this quote does a pretty good job of summing it up:

“In some ways, if we’re relying on airport screeners to prevent terrorism, it’s already too late. After all, we can’t keep weapons out of prisons. How can we ever hope to keep them out of airports?”

It’s from Schneier himself on Airport Passenger Screening.

Meanwhile, how many times have airport screeners found that pair of scissors you forgot about in your bag – only it was on your return flight? Or your third or fourth flight? Everyone’s got a story of that sort and that’s when people have brought through prohibited items by accident.

regularly changing your password won’t change a thing

I was sitting there musing about the fact that of the 40 odd work systems with separate passwords I have access to, about half of them have to be changed regularly. A couple of them offend me particularly greatly by expiring after just 30 days. After giving it some thought, I couldn’t actually understand what additional security would be conferred by changing passwords regularly. Funnily enough, Gene Spafford from CERIAS at Purdue agrees – check out some of the myths about security and passwords these days.

lockpicking

6 different high security locks opened in under 10 minutes each. Oh, and one of them bumped open in 8 seconds. Locks certainly do make you feel safe though.