Uh Oh: TSA Can Search Laptops

A US Ninth Circuit court ruling this week has asserted that computers are like luggage and are therefore subject to searches at borders and airports. This is a scary revelation for anyone in the computer industry who is practically inseparable from their laptop.

Unlike luggage, a laptop is a vessel for storing sensitive corporate data, personal financial information, and in many cases, just about everything a person has ever done (I, for example, have email archives dating back to 1996).

This is yet another reason to start protecting your data using applications like PGP Whole Disk Encryption (for whom I used to work), or Open Source alternatives like TrueCrypt. However, given that a state court has already ruled that the TSA can’t force you to divulge your passphrase, I have to wonder how long it is before the TSA lobbies for a software equivalent to the ominous TSA travel locks?

Vista Speech Recognition Exploit

I saw that George Ou is reporting a remote exploit in Vista based on it Speech Control functionality, wherein a malicious sound file (for example, on a web page) can trigger arbitrary commands.

For a second, I couldn’t believe no one had thought of this exploit before – and then I remembered this old chestnut dating back to at least 1997:

At a recent Sacramento PC User’s Group meeting, a company was demonstrating its latest speech-recognition software. A representative from the company was just about ready to start the demonstration and asked everyone in the room to quiet down.

Just then someone in the back of the room yelled, “Format C: Return.”

Someone else chimed in: “Yes, Return!”

Unfortunately, the software worked.