InfoSec links September 4, 2014

Aaron's Law Is Doomed Leaving US Hacking Law 'Broken' - Thomas Brewster - Forbes

There are various reasons for the impasse. One is that the plans simply haven’t elicited much interest from lawmakers or the general public, said Orin Kerr, professor of law at the George Washington University Law School. “This reform only captured the attention of a small group of people. It’s not an issue that resonates with the public – at least yet,” Kerr told me.

Privacy Under Fire: Aaron Sorkin Saw It Coming In 1999 - Bill Brenner - Liquidmatrix

In the episode, Bartlet has nominated a man for the Supreme Court whose writings suggest a lack of regard for Americans’ right to privacy. During a heated Oval Office discussion, presidential advisor Sam Seaborn explains why their candidate’s views will be dangerous in the first part of the 21st century.

These 3-D Printer Skeleton Keys Can Pick High-Security Locks in Seconds - Andy Greenberg

Even so, bump keys have long been tough to create for high security locks that use obscure, complex key blanks. Many lock makers carefully trademark or patent their key blank designs and prevent them from being sold to anyone outside a small group of verified customers. But with the advent of 3D printing, those restrictions can’t stop lockpickers from 3D printing their own blanks and filing them into bump keys—or simply printing bump keys with their teeth already aligned with a lock’s pins. In this video, Holler demonstrates a 3D-printed and filed bump key for an Ikon SK6, a key that uses restricted, carefully contorted blanks that can’t even be created by many key-milling machines.

Real world links August 28, 2014

Aaron's Law Is Doomed Leaving US Hacking Law 'Broken' - Thomas Brewster - Forbes

There is a general agreement, however, that the CFAA needs an urgent update. That’s largely because CFAA is being used against those trying to fix vulnerabilities on the internet. Various members of the security community, which is descending on Las Vegas for 2014’s BlackHat conference this week, have told me they have been threatened with law enforcement action over research efforts that were supposed to shore up the web and the machines connected to it. They include Zach Lanier of Duo Security and HD Moore of Rapid7, both highly-respected security pros. Given simply scanning systems for the infamous Heartbleed bug could have been deemed a felony, it’s become apparent that even those trying to do good are considered criminals.

Police are operating with total impunity in Ferguson - Matthew Yglesias - Vox

Olson was released shortly after his arrest, as were Reilly and Lowery before him. Ryan Devereaux from The Intercept and Lukas Hermsmeier from the German tabloid Bild were likewise arrested last night and released without charges after an overnight stay in jail. In other words, they never should have been arrested in the first place. But nothing's being done to punish the mystery officers who did the arresting.

Researchers Easily Slipped Weapons Past TSA's X-Ray Body Scanners - Andy Greenberg - Wired

More importantly, the glaring vulnerabilities the researchers found in the security system demonstrate how poorly the machines were tested before they were deployed at a cost of more than $1 billion to more than 160 American airports, argues J. Alex Halderman, a University of Michigan computer science professor and one of the study’s authors. The findings should raise questions regarding the TSA’s claims about its current security measures, too.