The portal is the place where Australian citizens can use and manage a number of governmental services, including health insurance, tax payments, and child support. In case of myGov, two-factor authentication is implemented by sending users text messages that contain one-time codes to complement their usual passwords.
Now, Craig Wright has been raided by Australian police. Curiously, a statement from the Australian federal police said that the raids were not related to the recent Bitcoin revelation. "The AFP can confirm it has conducted search warrants to assist the Australian Taxation Office at a residence in Gordon and a business premises in Ryde, Sydney. This matter is unrelated to recent media reporting regarding the digital currency bitcoin." Supposedly not related, but interesting nonetheless.
Reuters adds,"At Wright's rented home, a modest brick house in the leafy middle class suburb of Gordon, three police workers wearing white gloves could be seen searching the garage, which contained gym equipment. A man who identified himself as the owner of the house, Garry Hayres, told Reuters that Wright and his family had lived there for a year, and were due to move out on Dec. 22 to move to Britain. Hayres said that Wright had a 'substantial computer system set-up' and had attached a 'three-phase' power system to the back of the house for extra power."
For more than three decades, Marshallese have moved in the thousands to the landlocked Ozark Mountains for better education, jobs and health care, thanks to an agreement that lets them live and work in the US.. This historical connection makes it an obvious destination for those facing a new threat: global warming. Marshallese Foreign Minister Tony de Brum says even a small rise in global temperatures would spell the demise of his country. While many world leaders in Paris want to curb emissions enough to cap Earth's warming at 3.6 degrees Fahrenheit (2 degrees Celsius), de Brum is pushing for a target that's 25 percent lower. "The thought of evacuation is repulsive to us," says de Brum. "We think that the more reasonable thing to do is to seek to end this madness, this climate madness, where people think that smaller, vulnerable countries are expendable and therefore they can continue to do business as usual." Meanwhile residents jokingly call their new home "Springdale Atoll," and there's even a Marshallese consulate in Springdale, the only one on the mainland US. "Its not our fault that the tide is getting higher," says Carlon Zedkaia,. "Just somebody else in this world that wants to get rich."
Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on 'home' hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and... German tanks. See this entry on Matt Green's crypto blog for a pleasant-to-read explanation.
But the story behind PLAID's standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called "fast track" procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored. We contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID's project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.
The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.
On a related note, the enthusiastic comments to PLAID's design made by a few readers in the old Slashdot story reminds us as a cautionary tale that you need cryptographers to assess the security of cryptography. Quoting Bruce Schneier: amateurs produce amateur cryptography.