Ramblings & ephemera

Grab what others type through an electrical socket

Image by Dim Sum! via Flickr From Tim Greene’s “Black Hat set to expose new attacks” (Network World: 27 July 2009): Black Hat USA 2009, considered a premier venue for publicizing new exploits with an eye toward neutralizing them, is expected to draw thousands to hear presentations from academics, vendors and private crackers. For instance, […]

Warnings about invalid security certs are ignored by users

Image by rustybrick via Flickr From Robert McMillan’s “Security certificate warnings don’t work, researchers say” (IDG News Service: 27 July 2009): In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their […]

RFID dust

From David Becker’s “Hitachi Develops RFID Powder” (Wired: 15 February 2007): [Hitachi] recently showed a prototype of an RFID chip measuring a .05 millimeters square and 5 microns thick, about the size of a grain of sand. They expect to have ‘em on the market in two or three years. The chips are packed with […]

RFID security problems

photo credit: sleepymyf 2005 From Brian Krebs’ “Leaving Las Vegas: So Long DefCon and Blackhat” (The Washington Post: 1 August 2005): DefCon 13 also was notable for being the location where two new world records were set — both involved shooting certain electronic signals unprecedented distances. Los Angeles-based Flexilis set the world record for transmitting […]

Cell phone viruses

From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009): Earlier this year, smartphone users in China started to get messages promising a “sexy view” if they clicked on a link. The link led to a download. That download was a spam generator which, once installed, sent identical “sexy view” […]

How security experts defended against Conficker

From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009): 23 October 2008 … The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to […]

Stolen credit card data is cheaper than ever in the Underground

From Brian Krebs’ “Glut of Stolen Banking Data Trims Profits for Thieves” (The Washington Post: 15 April 2009): A massive glut in the number of credit and debit cards stolen in data breaches at financial institutions last year has flooded criminal underground markets that trade in this material, driving prices for the illicit goods to […]

80% of all spam from botnets

From Jacqui Cheng’s “Report: botnets sent over 80% of all June spam” (Ars Technica: 29 June 2009): A new report (PDF) from Symantec’s MessageLabs says that more than 80 percent of all spam sent today comes from botnets, despite several recent shut-downs. According to MessageLabs’ June report, spam accounted for 90.4 percent of all e-mail […]

Storm made $7000 each day from spam

From Bruce Schneier’s “The Economics of Spam” (Crypto-Gram: 15 November 2008): Researchers infiltrated the Storm worm and monitored its doings. “After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price […]

Quanta Crypto: cool but useless

From Bruce Schneier’s “Quantum Cryptography” (Crypto-Gram: 15 November 2008): Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life. The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping. Heisenberg’s […]

What it takes to get people to comply with security policies

From Bruce Schneier’s “Second SHB Workshop Liveblogging (5)” (Schneier on Security: 11 June 2009): Angela Sasse, University College London …, has been working on usable security for over a dozen years. As part of a project called “Trust Economics,” she looked at whether people comply with security policies and why they either do or do […]

Small charges on your credit card – why?

photo credit: Andres Rueda From Brian Kreb’s “An Odyssey of Fraud” (The Washington Post: 17 June 2009): Andy Kordopatis is the proprietor of Odyssey Bar, a modest watering hole in Pocatello, Idaho, a few blocks away from Idaho State University. Most of his customers pay for their drinks with cash, but about three times a […]

How to deal with the fact that users can’t learn much about security

From Bruce Schneier’s “Second SHB Workshop Liveblogging (4)” (Schneier on Security: 11 June 2009): Diana Smetters, Palo Alto Research Center …, started with these premises: you can teach users, but you can’t teach them very much, so you’d better carefully design systems so that you 1) minimize what they have to learn, 2) make it […]

Could Green Dam lead to the largest botnet in history?

From Rob Cottingham’s “From blocking to botnet: Censorship isn’t the only problem with China’s new Internet blocking software” (Social Signal: 10 June 2009): Any blocking software needs to update itself from time to time: at the very least to freshen its database of forbidden content, and more than likely to fix bugs, add features and […]

Green Dam is easily exploitable

From Scott Wolchok, Randy Yao, and J. Alex Halderman’s “Analysis of the Green Dam Censorware System” (The University of Michigan: 11 June 2009): We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC. According […]

Al Qaeda’s use of social networking sites

From Brian Prince’s “How Terrorism Touches the ‘Cloud’ at RSA” (eWeek: 23 April 2009): When it comes to the war on terrorism, not all battles, intelligence gathering and recruitment happen in the street. Some of it occurs in the more elusive world of the Internet, where supporters of terrorist networks build social networking sites to recruit […]

The watchclock knows where your night watchman is

photo credit: 917press From Christopher Fahey’s “Who Watches the Watchman?” (GraphPaper: 2 May 2009): The Detex Newman watchclock was first introduced in 1927 and is still in wide use today. &hellip What could you possibly do in 1900 to be absolutely sure a night watchman was making his full patrol? An elegant solution, designed and […]

A better alternative to text CAPTCHAs

From Rich Gossweiler, Maryam Kamvar, & Shumeet Baluja’s “What’s Up CAPTCHA?: A CAPTCHA Based On Image Orientation” (Google: 20-24 April 2009): There are several classes of images which can be successfully oriented by computers. Some objects, such as faces, cars, pedestrians, sky, grass etc. … Many images, however, are difficult for computers to orient. For […]

A story of failed biometrics at a gym

photo credit: kevindooley From Jake Vinson’s “Cracking your Fingers” (The Daily WTF: 28 April 2009): A few days later, Ross stood proudly in the reception area, hands on his hips. A high-tech fingerprint scanner sat at the reception area near the turnstile and register, as the same scanner would be used for each, though the […]

Interviewed for an article about mis-uses of Twitter

The Saint Louis Beacon published an article on 27 April 2009 titled “Tweets from the jury box aren’t amusing“, about legal “cases across the country where jurors have used cell phones, BlackBerrys and other devices to comment – sometimes minute by minute or second by second on Twitter, for instance – on what they are […]