Ramblings & ephemera
Image by Dim Sum! via Flickr From Tim Greene’s “Black Hat set to expose new attacks” (Network World: 27 July 2009): Black Hat USA 2009, considered a premier venue for publicizing new exploits with an eye toward neutralizing them, is expected to draw thousands to hear presentations from academics, vendors and private crackers. For instance, […]
Posted on August 3rd, 2009 by Scott Granneman
Filed under: security | Comments Off on Grab what others type through an electrical socket
Image by rustybrick via Flickr From Robert McMillan’s “Security certificate warnings don’t work, researchers say” (IDG News Service: 27 July 2009): In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their […]
Posted on July 27th, 2009 by Scott Granneman
Filed under: business, language & literature, security | Comments Off on Warnings about invalid security certs are ignored by users
From David Becker’s “Hitachi Develops RFID Powder” (Wired: 15 February 2007): [Hitachi] recently showed a prototype of an RFID chip measuring a .05 millimeters square and 5 microns thick, about the size of a grain of sand. They expect to have ‘em on the market in two or three years. The chips are packed with […]
Posted on July 7th, 2009 by Scott Granneman
Filed under: business, science, security, tech in changing society | Comments Off on RFID dust
photo credit: sleepymyf 2005 From Brian Krebs’ “Leaving Las Vegas: So Long DefCon and Blackhat” (The Washington Post: 1 August 2005): DefCon 13 also was notable for being the location where two new world records were set — both involved shooting certain electronic signals unprecedented distances. Los Angeles-based Flexilis set the world record for transmitting […]
Posted on July 7th, 2009 by Scott Granneman
Filed under: business, politics, science, security, tech in changing society | Comments Off on RFID security problems
From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009): Earlier this year, smartphone users in China started to get messages promising a “sexy view” if they clicked on a link. The link led to a download. That download was a spam generator which, once installed, sent identical “sexy view” […]
Posted on July 5th, 2009 by Scott Granneman
Filed under: business, security, tech in changing society | Comments Off on Cell phone viruses
From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009): 23 October 2008 … The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to […]
Posted on July 5th, 2009 by Scott Granneman
Filed under: business, history, security, tech in changing society | Comments Off on How security experts defended against Conficker
From Brian Krebs’ “Glut of Stolen Banking Data Trims Profits for Thieves” (The Washington Post: 15 April 2009): A massive glut in the number of credit and debit cards stolen in data breaches at financial institutions last year has flooded criminal underground markets that trade in this material, driving prices for the illicit goods to […]
Posted on June 30th, 2009 by Scott Granneman
Filed under: business, law, security, tech in changing society | Comments Off on Stolen credit card data is cheaper than ever in the Underground
From Jacqui Cheng’s “Report: botnets sent over 80% of all June spam” (Ars Technica: 29 June 2009): A new report (PDF) from Symantec’s MessageLabs says that more than 80 percent of all spam sent today comes from botnets, despite several recent shut-downs. According to MessageLabs’ June report, spam accounted for 90.4 percent of all e-mail […]
Posted on June 30th, 2009 by Scott Granneman
Filed under: business, security | Comments Off on 80% of all spam from botnets
From Bruce Schneier’s “The Economics of Spam” (Crypto-Gram: 15 November 2008): Researchers infiltrated the Storm worm and monitored its doings. “After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price […]
Posted on June 27th, 2009 by Scott Granneman
Filed under: business, law, security | Comments Off on Storm made $7000 each day from spam
From Bruce Schneier’s “Quantum Cryptography” (Crypto-Gram: 15 November 2008): Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life. The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping. Heisenberg’s […]
Posted on June 27th, 2009 by Scott Granneman
Filed under: business, security | Comments Off on Quanta Crypto: cool but useless
From Bruce Schneier’s “Second SHB Workshop Liveblogging (5)” (Schneier on Security: 11 June 2009): Angela Sasse, University College London …, has been working on usable security for over a dozen years. As part of a project called “Trust Economics,” she looked at whether people comply with security policies and why they either do or do […]
Posted on June 20th, 2009 by Scott Granneman
Filed under: security | Comments Off on What it takes to get people to comply with security policies
photo credit: Andres Rueda From Brian Kreb’s “An Odyssey of Fraud” (The Washington Post: 17 June 2009): Andy Kordopatis is the proprietor of Odyssey Bar, a modest watering hole in Pocatello, Idaho, a few blocks away from Idaho State University. Most of his customers pay for their drinks with cash, but about three times a […]
Posted on June 20th, 2009 by Scott Granneman
Filed under: business, law, security | Comments Off on Small charges on your credit card – why?
From Bruce Schneier’s “Second SHB Workshop Liveblogging (4)” (Schneier on Security: 11 June 2009): Diana Smetters, Palo Alto Research Center …, started with these premises: you can teach users, but you can’t teach them very much, so you’d better carefully design systems so that you 1) minimize what they have to learn, 2) make it […]
Posted on June 13th, 2009 by Scott Granneman
Filed under: security | Comments Off on How to deal with the fact that users can’t learn much about security
From Rob Cottingham’s “From blocking to botnet: Censorship isn’t the only problem with China’s new Internet blocking software” (Social Signal: 10 June 2009): Any blocking software needs to update itself from time to time: at the very least to freshen its database of forbidden content, and more than likely to fix bugs, add features and […]
Posted on June 13th, 2009 by Scott Granneman
Filed under: business, law, politics, security | Comments Off on Could Green Dam lead to the largest botnet in history?
From Scott Wolchok, Randy Yao, and J. Alex Halderman’s “Analysis of the Green Dam Censorware System” (The University of Michigan: 11 June 2009): We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC. According […]
Posted on June 13th, 2009 by Scott Granneman
Filed under: business, law, security, tech in changing society | Comments Off on Green Dam is easily exploitable
From Brian Prince’s “How Terrorism Touches the ‘Cloud’ at RSA” (eWeek: 23 April 2009): When it comes to the war on terrorism, not all battles, intelligence gathering and recruitment happen in the street. Some of it occurs in the more elusive world of the Internet, where supporters of terrorist networks build social networking sites to recruit […]
Posted on May 19th, 2009 by Scott Granneman
Filed under: business, politics, security, social software, tech in changing society | Comments Off on Al Qaeda’s use of social networking sites
photo credit: 917press From Christopher Fahey’s “Who Watches the Watchman?” (GraphPaper: 2 May 2009): The Detex Newman watchclock was first introduced in 1927 and is still in wide use today. &hellip What could you possibly do in 1900 to be absolutely sure a night watchman was making his full patrol? An elegant solution, designed and […]
Posted on May 19th, 2009 by Scott Granneman
Filed under: business, security | Comments Off on The watchclock knows where your night watchman is
From Rich Gossweiler, Maryam Kamvar, & Shumeet Baluja’s “What’s Up CAPTCHA?: A CAPTCHA Based On Image Orientation” (Google: 20-24 April 2009): There are several classes of images which can be successfully oriented by computers. Some objects, such as faces, cars, pedestrians, sky, grass etc. … Many images, however, are difficult for computers to orient. For […]
Posted on May 19th, 2009 by Scott Granneman
Filed under: business, science, security, technology | Comments Off on A better alternative to text CAPTCHAs
photo credit: kevindooley From Jake Vinson’s “Cracking your Fingers” (The Daily WTF: 28 April 2009): A few days later, Ross stood proudly in the reception area, hands on his hips. A high-tech fingerprint scanner sat at the reception area near the turnstile and register, as the same scanner would be used for each, though the […]
Posted on May 15th, 2009 by Scott Granneman
Filed under: business, security, tech in changing society | Comments Off on A story of failed biometrics at a gym
The Saint Louis Beacon published an article on 27 April 2009 titled “Tweets from the jury box aren’t amusing“, about legal “cases across the country where jurors have used cell phones, BlackBerrys and other devices to comment – sometimes minute by minute or second by second on Twitter, for instance – on what they are […]
Posted on May 3rd, 2009 by Scott Granneman
Filed under: business, law, personal, social software, tech in changing society | Comments Off on Interviewed for an article about mis-uses of Twitter