3D-Print Your Own TSA Master Keys

In a not too distant future your average person will be able to print their own door keys thanks to the technique of 3D printing. Which is great news for those who have lost there’s, not so good if some bright spark has created and uploaded the plans so that you can print your very own TSA Master Keys.

These keys were designed by the Transportation Security Administration following the 9/11 attacks to ensure the safety of travellers into and around the US by requiring any lock on bags to be branded as “travel sentry approved”. This is to enable airport security staff to carry out searches without having to break the lock or bag. These keys are meant to be kept secret; this was up until an article by The Washington Post which was uploaded in 2014 and conveyed a photograph of seven master keys. The respected news source finally took the pictures down in August 2015, but not before a security researcher by the username “Xyl2k” managed to both create and post 3D printing files of all seven master keys to code site Github.

Do they work? Yep, others have test printed them and it turns out you really can open other people’s luggage, sorry, I meant your own. below is a video which has been uploaded to Twitter concerning this.  This might be going off topic, but the source for this story is The Guardian, who decided to place an image to illustrate the story, what did they go for? see for yourself, the link is at the end of the article, let’s just say it looks to be potentially painful to a poor flyer.

“Xyl2k” has stated that the reason the plans were uploaded was to warn against the security flaws in “master keys” and the potential for them to be exploited as in this case. The laughable aspect concerns The Washington Post and their willingness to exist in a parallel universe, a month before the photos were published, the news source rallied for a so-called “Golden Key” which could be used by tech companies, this theoretical key would be then only used with a court order. The big glaring elephant in the room lies with the very fact that it could be copied and then misused by a wide variety of individuals, organisations and groups.

I do wish people would stop simplifying tech to the point of stupidity, for example, the general consensus from powerful officials is that encryption is bad, so why not simplify it and remove it. There is a philosophy term for this and it is called Occam’s Razor, the principle states that among competing hypotheses that predict equally well, the one with the fewest assumptions should be selected. Therefore, The Washington Post has simplified the many outcomes by suggesting a “Golden Key” to be stored by various tech companies. The only problem with that is the many hackers which include state sponsored virtual safe crackers are smarter than your average David Cameron.

This article has been written on September 11th 2015 but would be published on the 12th, this may seem a bit late when reading this, but I would just like to take a minute to pay respects to the near 3000 people who tragically lost their lives on that day 14 years ago to the most brutal of acts.

“I learned that courage was not the absence of fear, but the triumph over it. The brave man is not he who does not feel afraid, but he who conquers that fear.” –Nelson Mandela

Thank you The Guardian and Github for providing us with this information.

Syrian Electronic Army Hacks UK Newspapers

 

The websites of UK newspapers the Independent, the Telegraph, and the Evening Standard, as well as a handful of other high-profile sites, have been hacked by the Syrian Electronic Army. Other victims include OK magazine and the official National Hockey League website. Some visitors to these sites were presented with a pop-up, saying, “you have been hacked by the Syrian Electronic Army”. It is thought that they exploited a flaw in the sites’ ad delivery network.

A security consultant at Kroll Cyber, Ernest Hilbert, is familiar with the exploit used, saying, “it was Gigya.” Gigya is a tech company that offers customer identity management for websites. The Syrian Electronic Army exploited a vulnerability with the Gigya CDN that allowed it to change the DNS entry. Hilbert continues, “It is a DNS takeover, and this is what the Syrian Electronic Army does. Normally, you type in a URL, it goes to a domain name server, and it says ‘those words equal this website”.

The attack fits the pattern of past Syrian Electronic Army hacks; news and entertainment outlets compromised, but with no particular political agenda at play. Past targets include BBC News, Al Jazeera, The Washington Post, and The Onion.

Source: The Guardian

Hackers Hit The Washington Post’s Severs

For the second time in three years The Washington Post’s servers have been hacked, with hackers gaining access to employee usernames and passwords. The Washington Post suspects that the hacker or hackers may be from anywhere in Asia but suspect that Chinese hackers were behind this intrusion as well as an attack in 2011 on the newspapers job-seeker database, as well as month long breaches at The New York Times and The Wall Street Journal. The reason for this suspicion being that the latest intrusion started from a sever used by the newspaper’s foreign staff. Although The Washington Post and all it’s employees use encrypted passwords, the company has recommended to all it’s employees to change their usernames and passwords straight away.

Washington Post spokeswoman Kris Coratti had this to say;

“This is an ongoing investigation, but we believe the attack lasted no longer than a few days at the most”

As stated before, this isn’t the first time The Washington Post has found itself vulnerable to cyber attacks. With the attack in June 2011 securing hackers about 1.27 million usernames and e-mail addresses belonging to those people who were registered and looking for employment on The Washington Post Jobs Website at the time of the attack. However like in the most recent case no personal information was taken or affected.  We will post more information as it becomes available.

Thank you CNET for providing us with this information.

Image courtesy of youtwitface.