Mapping License Plate Scanners in the US
DeFlock is a crowd-sourced project to map license plate scanners.
It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.
Entries Tagged "scanners"
Page 1 of 3
Are Automatic License Plate Scanners Constitutional?
An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers.
“The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program,” the lawsuit notes. “In Norfolk, no one can escape the government’s 172 unblinking eyes,” it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk’s installation violates that.”
Andrew Appel on New Hampshire’s Election Audit
Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire.
Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can cause paper-fold lines in absentee ballots to be interpreted as votes… New Hampshire (and other states) may need to maintain the accuracy of their optical-scan voting machines by paying attention to three issues:
- Routine risk-limiting audits to detect inaccuracies if/when they occur.
- Clean the dust out of optical-scan read heads regularly; pay attention to the calibration of the optical-scan machines.
- Make sure that the machines that automatically fold absentee ballots (before mailing them to voters) don’t put the fold lines over vote-target ovals. (Same for election workers who fold ballots by hand.)
Websites Conducting Port Scans
Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors.
Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with):
- 5900: VNC
- 5901: VNC port 2
- 5902: VNC port 3
- 5903: VNC port 4
- 5279:
- 3389: Windows remote desktop / RDP
- 5931: Ammy Admin remote desktop
- 5939:
- 5944:
- 5950: WinVNC
- 6039: X window system
- 6040: X window system
- 63333: TrippLite power alert UPS
- 7070: RealAudio
No one seems to know why:
I could not believe my eyes, but it was quickly reproduced by me (see below for my observation).
I surfed around to several sites, and found one more that does this (the citibank site, see below for my observation)
I further see, at least across ebay.com and citibank.com the same ports, in the same sequence getting scanned. That implies there may be a library in use across both sites that is doing this. (I have not debugged into the matter so far.)
The questions:
- Is this port scanning “a thing” built into some standard fingerprinting or security library? (if so, which?)
- Is there a plugin for firefox that can block such behavior? (or can such blocking be added to an existing plugin)?
I’m curious, too.
Terahertz Millimeter-Wave Scanners
Interesting article on terahertz millimeter-wave scanners and their uses to detect terrorist bombers.
The heart of the device is a block of electronics about the size of a 1990s tower personal computer. It comes housed in a musician’s black case, akin to the one Spinal Tap might use on tour. At the front: a large, square white plate, the terahertz camera and, just above it, an ordinary closed-circuit television (CCTV) camera. Mounted on a shelf inside the case is a laptop that displays the CCTV image and the blobby terahertz image side by side.
An operator compares the two images as people flow past, looking for unexplained dark areas that could represent firearms or suicide vests. Most images that might be mistaken for a weapon—backpacks or a big patch of sweat on the back of a person’s shirt—are easily evaluated by observing the terahertz image alongside an unaltered video picture of the passenger.
It is up to the operator—in LA’s case, presumably a transport police officer—to query people when dark areas on the terahertz image suggest concealed large weapons or suicide vests. The device cannot see inside bodies, backpacks or shoes. “If you look at previous incidents on public transit systems, this technology would have detected those,” Sotero says, noting LA Metro worked “closely” with the TSA for over a year to test this and other technologies. “It definitely has the backing of TSA.”
How the technology works in practice depends heavily on the operator’s training. According to Evans, “A lot of tradecraft goes into understanding where the threat item is likely to be on the body.” He sees the crucial role played by the operator as giving back control to security guards and allowing them to use their common sense.
I am quoted in the article as being skeptical of the technology, particularly how its deployed.
Google Login Security for High-Risk Users
Google has a new login service for high-risk users. It’s good, but unforgiving.
Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google’s malware scanners will use a more intensive process to quarantine and analyze incoming documents. And if you forget your password, or lose your hardware login keys, you’ll have to jump through more hoops than ever to regain access, the better to foil any intruders who would abuse that process to circumvent all of Google’s other safeguards.
It’s called Advanced Protection.
Information in Your Boarding Pass's Bar Code
There’s a lot of information, including the ability to get even more information.
AVA: A Social Engineering Vulnerability Scanner
This is interesting:
First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts. Bell calls this the “real org chart.” Hackers can use such information to choose people they ought to impersonate while trying to scam employees.
From there, AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. Finally, and most importantly, it helps organizations track the results of these campaigns. You could use AVA to evaluate the effectiveness of two different security training programs, see which employees need more training, or find places where additional security is needed.
Of course, the problem is that both good guys and bad guys can use this tool. Which makes it like pretty much every other vulnerability scanner.
License Plate Scanners Hidden in Fake Cactus
The city of Paradise Valley, AZ, is hiding license plate scanners in fake cactus plants.
Rapiscan Full-Body Scanner for Sale
Government surplus. Only $8,000 on eBay. Note that this device has been analyzed before.
Sidebar photo of Bruce Schneier by Joe MacInnis.