Is there such a thing as a computer that CAN'T be hacked, or

an ID card that CAN'T be forged?

I ask this because of Shrub's idea of getting some biometric ID card for foreign workers.

I realize some security measures are harder to break than others, BUT as far as I know, any can be breached if someone has strong enough intent.

Edited for use of a wrong term.

and any computer that is not hooked into a network is secure, without physical access.

Security is an illusion that only works as long as the "bad guys" believe in it.

it's the most expensive/advanced piece of plastic I've ever seen

You'd need a mole working on the inside in order to get anything remotely like it

My 78-year-old mom is still using the same comp I bought for her birthday ages ago. It runs Windows 98 (first edition), has a 10 Gig hard drive, and is slow as mud. She has dialup through AT&T and goes online many times per day to check email, online banking, googling, etc. She has never had any virus protection of any kind on that heap. It's never had a single problem.

It's not that the old bird's computer is bullet proof -- it's below the radar. Who'd bother?

I'm guessing that Bush's solution to the immigration problems will not be so lucky. It will be abused before it's officially in place and will never work.

...viruses, adware and spyware, not to mention that it's unlikely that the hard drive has ever been defragmented, a task that may take over a day at this point.

Here's a link - http://the.jhu.edu/upe/websites/Jon_Grover/page2.htm
detailing the possibility of hacking into your machine without a connection to a network.

They're powered down and sitting in my closet. As long as it's on and physically connected to a network, security is a question of mitigating risk not eliminating it.

fall into the same catagory. If they become widly used, someone will make fraudulent ones.

Sure, there is no such a thing as a computer that can't be hacked. However, there is such a thing as a computer that cannot be hacked for less than a certain amount of time, money and effort. This is the reality of computer security today: you don't try to create a system that is hack proof, you just create a system that costs more to hack than what you are trying to secure is worth.

that Shrub seems to think CAN'T be forged. I used the computer comparisson just to demonstrate my thought.

I realize biometrics would be more difficult to forge than a picture ID, but if it became the technology of the "time" someone would find a way!

It's still a question of time, money, and physical access.

It is likely that a card can be designed which will be "sufficiently
secure" against an external attack. That is, a card could be designed
with strong-enough encryption that it is extremely unlikely that a
person sitting there with a card reader and a PC could hack into
the card in a useful amount of time. (That is, hacking into the
card after 1,000,000 years of computer effort probably won't be
worth your while, right?)

On the other hand, a sufficiently well-funded group might find that
they could de-encapsulate the microprocessor, use their scanning
electron microscope to read out the circuit (possibly while it is
still operating), and feed the circuit design into a sufficiently-
powerful computer (or network of computers) to come up with the
necessary codes to break into the cards.

Or maybe they'd only discover how to break into their one sample
of a card, but still not have access to some necessary per-card
secret key data only available elsewhere? Depending on what their
sample card stored or allowed them access to, that might or might
not have been worth their while. If it was someone ATM card, probably
not worth their time. But if it was a card that enabled use of the
nuclear football, well, that might be a different story.

Tesha

There are computer systems that certainly seem to be "sufficiently
secure", but they are not running software that has anything to do
with the software that most PCs are running. Instead, they were
designed from the ground up with security deeply in mind and they
take great pains to provide multiple levels of "non-discretionary
containment" around each user, each dataset, etc. And they often
are hosted on hardware that has had the same tender loving care
exerted on its design.

They probably still contain holes, but unless you are either
exceptionally lucky or exceptionally well-funded, you won't
find the holes before men armed with powerful assault weapons
find you first.

Tesha

Here's my take on the sanctity and utility of technology-based solutions:

If there is a great incentive to hack a computer, then a lot of money spent can do wonders. For example, a corporation that saves 100's of millions on wages might look at the cost-benefit analysis and if say $10 million fell into a shady republican developer's hands (or china's!) and all their workers with names like "Miguel" suddenly had fully legit biometric ID's and names like "Steve", would they really care, if they thought they wouldn't get caught? In this political environment the morality is really "DON'T GET CAUGHT".

On the other hand all computer-based technology keeps moving at a pace that essentially doubles the overall complexity every 18 to 24 months. This effect has been called "Moore's Law" and hasn't stopped or slowed since it was first observed by one of the founder's of Intel (they make the Pentium) in 1965 Wikipedia link here. In a nutshell, the complexity can be seen like an investment that accrues with time: 10 years = 100x improvement; 20 years = 10,000 improvement; and 30 years is (ready for this) 1,000,000 times improvement. So any technology based "solution" gets old REAL fast! A paper driver's license, without doing anything, after 30 years is still just as sound as it was in 1976, but a "biometric" ID, based on all kinds of technology hoohaw would be one million times out of date in 2036! If your government keepers don't keep up with the Moore's, then eventually, every kid could hack whatever biometric this or that, in their diapers!

Computer solutions are typically only best for the sales of computer solutions, not for the people buying into the latest line of Gee-whiz-bang. This kind of ID idea we're being sold is really the same kind of bullshit that brought us those REALLY GOOD COMPUTERS from HAVA.

As with voting, ID is best left as much as possible to local people to deal with in their communities.

In the case of employment, local enforcement of local businesses would keep the employers honest, which would keep the employees honest, or without the lure of jobs-that-americans-wont-do, OUT OF OUR COUNTRY!

In the case of voting, hand-marked, paper ballots counted locally BY HAND, are cheap as paper, extremely difficult to "hack" en mass, and actually doesn't take that much time to count when set up right. Jeez, in Canada they have roughly the same population density as the states, and they have no trouble having enough polls and workers to conduct any election: ALL PAPER, and ALL HAND COUNTED, without any "glitches" at all.

Cheap, accurate, safe. Wouldn't it be nice if that was our goal too?

{B^> FMH

removed.

Or didn't numb nuts and his advisors think of that.

It's only been in several popular movies so they probably
haven't thought of that, just like they never considered
that anyone would fly fully-loaded planes into buildings
(as in, +/-, several other movies).

Tesha

By 10/06 all Federal Agencies will have to be able to issue biometric ID cards to employees and contractors. The method that will most likely be used is to have the fingerprint and/or iris data stored on the card. The user swipes the card and then presses their finger on a touchpad or looks into an iris scanner. If the two match up the user is authenticated. To hack the system you would have to be able to create a card with your biometric along with the other data that is stored in a central database. All the technical info on what the standards will be are on the NIST website.

Iterability is the minimum condition of any sign, as Derrida argues persuasively. Which is to say, any signature that serves as a signature can be forged.

...you don't really understand cryptography. Yes, anything can be forged, but digital signatures of any reasonable size can take trillions of years to crack. Not exactly worth your time, is it? No, the real weakness of any security system is not the technology, it's the people. Always has been, always will be.

Any sign is iterable.

I made no claims about the difficulty of cracking any particular code, or where the weaknesses might be located in any particular security system.

All I'm saying is that for a code to be a code, its elements must be iterable. That's all. What I do or do not understand about cryptography is beside the point and beyond the scope. To be clear, however, I agree with you here, and never implied otherwise.

Does anyone remember the Barbie Liberation Organization?

It seems that in 2003, a group of leftists on the Lower East Side in NYC wanted to alter some gender stereotypes. They bought a Talking GI Joe and a Talking Barbie, dismantled the two, and discovered that the voice synthesizer boards of the two toys were practically identical...so they figured out how to switch the boards between the two dolls (this required modifying the cards because it's not an exact fit), raised $10,000, bought 300 copies of each doll, swapped the cards, returned the dolls to the stores, then made headlines when all these Barbies started talking about blowing shit up and the GI Joes started talking about shopping.

The point is, if you can hack a fucking DOLL for no other reason than to screw with someone's head, you can hack a whole ID card system especially if there's money involved.

You have to program it first to do what you want it to do. That's the same thing as "desirable hacking."

The real question lies in security, as in what is the best way we can come up with to keep people from subverting the system.

Putting a cookie jar on top the fridge may be sufficient security against a two year-old, but our real question is how to secure the whole voting process. Supposing we could come up with an ID that can't be forged still wouldn't fix the problem of not enough voting machines in primarily Democratic districts or the hacking of the central tabulators themselves, or secret Republican recounts in the middle of the night.

It's a complex question.

Voila!

Is there a such thing as a USEFUL computer that can't be hacked? Hell no.

I think of it like speedbumps. Someone who REALLY wants to get into your (useful, networked) computer can. All of the various security measures serve to put up speedbumps in the way of the hacker, which has the VERY useful effect of encouraging the hacker to go to the "NEXT" computer, which doesn't put so many speedbumps in his way.

Similar to car security.