The TSA is learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.

A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.

-http://www.wired.com/2015/09/lockpickers-3-d-print-tsa-luggage-keys-leaked-photos/

I don't think there's much of a stronger argument against intentionally putting in backdoors to any form of security--including encryption--than this. Once the master/secret key is out, it's over for everybody!

Hi folks! LD33 is next weekend.

Right now voting for a theme is taking place.

http://ludumdare.com/compo/

I won't be participating this time, since I'm heading out the door any minute to start a week-long trip. I won't be back home until partway through the game jam.

I'll update this post with more of my usual details (like links to past events and stuff) sometime after I get back.


See previous DC posts about Ludum Dare:
Ludum Dare 32 - (I made Time Bomb during LD32)
Ludum Dare 31 - (I made Worm Wars during LD31)
Ludum Dare 30 - (I made Planetary Devourers during LD30)
Ludum Dare 29 - (I made It Came From... Beneath!! during LD29)
Ludum Dare [29] topic for other games - A thread about LD29 games.
Ludum Dare 23 - (I made Be Tiny, World! during LD23, and continued to work on it and improve it for years afterward!)
Ludum Dare - Game Programming Challenges

Emphasis added:

Security researcher Chris Domas has discovered a vulnerability in the x86 architecture of Intel processors made between 1997 and 2010 (pre-Sandy Bridge) that lets an attacker install software in a chip's protected System Management Mode space, which governs firmware-level security. Yes, that's as bad as it sounds: an intruder could not only take more control than you typically see in attacks (including wiping firmware), but infect your PC even if you wipe your hard drive and reinstall your operating system. Domas has only tested against Intel-made CPUs so far, but AMD processors could be vulnerable as well.

A would-be hacker needs low-level OS access to get in, so you at least won't face a direct assault -- you need to fall prey to another attack before this becomes an option. However, this vulnerability might be difficult or impossible to fix in a timely fashion. While it's theoretically possible to patch a computer's BIOS (or on relatively recent systems, UEFI) to prevent these attacks, the chances of that happening are slim. What's the likelihood that your motherboard maker will support a product that's at least 5 years old, or that most people are both willing and able to apply firmware upgrades? Not very high, we'd reckon.

-http://www.engadget.com/2015/08/08/intel-memory-sinkhole-flaw/