Our Transportation Facilities Are Being Watched

Yet another "photographers are considered terrorists by default" story. This time from the blog of the Spokane County Transportation Department.

I was out taking pictures this morning of sites of transportation projects to be completed over the next twenty years. One of those projects is to move of the weigh station near Stateline further east along I-90. I stopped at the pretty much deserted weigh station and took a couple pictures, then drove off. About 10 minutes later I received a call on my cell phone from Washington State Patrol asking why I had been taking pictures of the weigh station!

The blogger's final comment is the most interesting:

I guess it makes me feel a little better to know that someone is watching the people who are watching our infrastructure. On the other hand, it kind of scares me that they could track me down that fast.

Read the whole story on the SRTC Transportation Blog.

More BS involving photography in public places

Wow, three stories in one day. The first from a professional photographer taking photos of the Port of Los Angeles. Seems the FBI paid him a visit.

So I inform them that I was under the impression that everything I was doing was legal. Security guards can't chase you off of public streets, and that I'm free to shoot whatever I want in public view. I inform them that my rationalization was that anything you can see from a public street isn't private (if they're trying to protect some secret, they shouldn't put it there), and if I really wanted to canvas the place, Google Maps' satellite view is a much better place to start. They confirm that yes, what I was doing was completely legal, but they're just doing their jobs, that it doesn't make sense, and that the "heightened security alert"... "will change soon". They informed me that most of their job lately has been following up with photographers who take photos in the port complex. They also informed me that they try their best to inform private security guards how to deal with confrontations with photographers, and that most of the guards have a bit of a skewed view on what's legal (oh my god this is true), and they're trying to correct that. They have had to correct guards who have insisted that photos be erased, or worse, have confiscated equipment in the name of homeland security. This doesn't help anybody, and makes their jobs harder.

Read the full story on the iStockPhoto forums.

Next from someone taking photos of the Red Line, amazingly enough, also in Los Angels.

Well last week here in Los Angeles, I was waiting to board the redline (subway) and snapped a picture with my cell phone camera. Not the best picture in the world, but I was just putzing around, waiting for the train, holding a quizno's to-go bag. Almost immediately, a vest wearing man with METRO emblazoned on his back who had been mopping the area nearby rushed up to me and the exchange went something like this:
Him: Hey! It's against the 9-11 Law to take pictures down hear man!
Me: You mean the Patriot Act?
Him: No pictures.
Me: Could you explain? What law do you mean?
Him: You are lawyer?
Me: No.
Him: No pictures. You could be a terrorist. Very strict!
Me: How about I take a picture of you?
Him: F**k you...(I couldn't believe it either)

Read the full story on Keith's MySpace blog.

Almost Arrested for Taking Photos at Union Station

Don't try to take hi-res photos at Union Station, even if you do work for NPR.

Then the security guard returned. She informed us that we would have to cease taking pictures immediately and leave. I asked what the problem was, and she said that this is a private space, and we didn't have permission from management to take pictures. I told her that we were testing equipment for potential use by NPR, showed them our press passes, and noted there were plenty of other people walking around with cameras. She seemed sympathetic to our position, but said she was relaying orders she'd received from someone higher up. I asked if we could speak with them, then twittered it:

Just got told by security to leave. Asked to speak with a supervisor to explain why we can't take pictures at union station.

Then it gets more bizarre.

Throughout the conversation, which I should point out was conducted in a cordial, but firm tone, we received mixed messages from the security guards. One told us the problem was that we were using a tripod, while another insisted it was because we had "that thing" on top of our tripod. They then changed the story again, and said that journalists couldn't take pictures without permission from management, and that Union Station is a private space run by a private company, not a public space. They never gave us an answer as to why we were first allowed to take photos in the first location, but could not do the same here.

Read the full story on Andy Carvin's Waste of Bandwidth.

Millimeter Wave

Here's the next stage in airport security:

According to the TSA:

I venture to say, Mikhail Baryshnikov may have exposed more in his ballet costume than this robotic images portrays. Why did we decide to put there up now? Because you've asked for it...Hopefully the editors of Reader's Digest will consider these for their next cover.

Read more at the Evolution of Security blog.

Security: Unclear on the Concept

I recently accepted SallieMae's constant suggestions that I should switch to receiving all of their communications via e-mail instead of paper mail. (I was holding out for a small decrease in my outstanding debt since I'd be saving them a lot in postage over the next 15 years, but we never did see eye to eye on that one.) Anyway, today I received my first "official" e-communication from them. It was a simple e-mail telling me that my account had been updated and my new bill was available for viewing on their Web site. So far, so good.

Attached was a 48k PDF file. Using Outlook 2007 I clicked on the attachment to preview it. This failed for an unspecified reason. So, I double-clicked the attached file to open it in Adobe Reader. At this point I was prompted for a password. I drew a blank. But then something made me try my Social Security Number as the password and viola, the document opened. It was the exact same text that was in the body of the e-mail message but this one was on SallieMae letterhead.

WTF? Either send me something that deserves to be behind a password or don't. Don't send me text "protected" by a password that's also being sent in the clear in a standard unsecured e-mail message.

SallieMae, just what point are you trying to make here?

The unintended consequences of large-scale storage

Jeff Atwood over at Coding Horror has posted about something called Rainbow Tables. Now, I don't want to turn this blog into a discussion of encryption so let me boil it down for you.

Windows passwords are stored in an encrypted format known as "hashes". When you enter your password, Windows encrypts it for you and compares it to the stored hashed version. If it matches, you're let in. If it doesn't you're not. There's no way to decrypt the hashed version of your password in any reasonable amount of time, if at all, and is therefore considered a secure method of storage.

The problem now is that you can get a database of pre-hashed content. Known as rainbow tables, these are basically a table with just two columns, first column, a word (or other combination of letters) and in the second, the matching hash. Now, if you have a hash, you can look it up in the table and see what the original password is. In other words, it's not decrypting the hash, its hashing all possible passwords in advance.

This is such a simple hack. So, why is it coming to light now. Well, the problem is large-scale portable storage. In the past, tables such as these were considered to big to bring to the computer you're trying to hack. But these days, a 1GB flash drive would allow you to carry a rainbow table that covered all conceivable passwords between one an 14 characters in length, containing just English letters. Here's Jeff's chart showing example storage requirements:

If you're suddenly not worried about a Rainbow Table measuring 64BG I've got a 500GB portable USB hard drive I'd like to show you.

Here's the bottom line, in Jeff's example, the password "Fgpyyih804423" (one that's probably a hell of a lot stronger than any password you use) was broken in just 160 seconds using a rainbow table.