Why not simply use explosive-sniffing dog?

In the aftermath of the failed attack on the Delta 253 flight everyone calls for new technologies which may be quite intrusive and certainly are very expensive. So, I'm wondering why don't we use explosive-sniffing dog at the airports? These animals can find even smallest quantities of explosives. Even bees can be used to search for explosives.

Legic Prime Has No Cryptography at All

This is really weird: Karsten Nohl and Hendryk Plötz have shown that the Legic Prime contactless smart cards neither a random generator nor an encryption algorithm. Users of Legic Prime are recommended to upgrade to Legic Advant which contains AES and is compliant to FIPS 201.

Heise article (german)

GSM Security Broken, Finally

It was well known for a long time that A5/1, the GSM encryption code is not secure. Now it has finally been broken. Nobody ever believed that our phone calls were safe from the secret services of this world. The issue is that now the calls and, even worse, SMSes are vulnerable to criminals, too. This is a problem M-TANs are used in online banking, for example.

But not all is lost: UMTS uses another algorithm, called MISTY or KASUMI, which is still considered safe. So, use M-TANs only if you have a 3G uplink.

Credit Card Abuse, Again

Employees of a call center in Bremen, Germany allegedly have abused the credit cards of customers of British Airways. This has been reported be the TV magazine "buten un binnen". A team manager has been arrested. Certainly this is only the tip of the iceberg.

It is well known and accepted that credit cards offer no security all. Users will reclaim their money, if they read their credit card statement. Fraud costs will be distributed to the general public via insurances and merchant fees.

However, a normal smart card won't fix this because it can't be used with a call center. The only viable options here are the internet with secure online banking and OTP. Both options require that dedicated security hardware is used by the end customer. There is no free lunch.

Phishing Damage Estimations

Trusteer operatates the anti-phishing browser plugin Rapport. Based on measurements performed by Rapport, they were able to estimate the average damage done by phishing. A succesful phishing attack is counted if the Rapport plugin detects that the user tries to enter credentials into a phishing web site.

Assuming that each successful phishing attack steals between 500$ and 2000$ they arrive at an average damage of 2$ to 9$ per online banking user per year.

This seems a lot but it also explains why banks seem to take phishing so lightly: Any kind of security token will certainly cost more per user and year.

What about Rapport itself? It seems to be well suited here if it helps against phishing and costs the bank less than the 9 Dollars mentioned above. Which is no surprise, as all the numbers come from Trusteer. I would like to know whether it also helps against trojans and man-in-the-middle attacks.