 |  |  |  |  |
 |  | |  | |
 | |  | |  |
 |  |  |  | |
| |  |  |  |  |
 | |  | |  |
 |  | |  |  |
 |  |  |  |  |
| |  |  |  |  |
 |  |  |  |  |
 | |  |  |  |
| |  |  |  |  |
Thursday, July 2, 2009
How is WEP hacking not a national security issue?
Lifehacker today (and 1000's of others) posted how to break into my house???
While I appreciate them giving me job security in the IT front .... I do not know why posting these kinds of threats are not a national security issue?
Yes we should report it and discuss, but giving 'how to' editorials is a threat.
From Lifehacker How to Crack a Wi-Fi Network's WEP Password
You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.
Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.
Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.
Attacks always get better, they never get worse.
New cryptanalytic attack on AES that is better than brute force:
Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphersboomerang switching techniques to gain free rounds in the middle. and enhanced with the
In an e-mail, the authors wrote: We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2119 to about 2110.5 data and time.
We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES.
Agreed. While this attack is better than brute force -- and some cryptographers will describe the algorithm as "broken" because of it -- it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse. Others will continue to improve on these numbers. While there's no reason to panic, no reason to stop using AES, no reason to insist that NIST choose another encryption standard, this will certainly be a problem for some of the AES-based SHA-3 candidate hash functions.
Read more from Bruce:
Tuesday, June 9, 2009
China Dominates NSA-Backed Computer Coding Contest
"With about 4,200 people participating in a US National Security Agency-supported international competition on everything from writing algorithms to designing components, 20 of the 70 finalists were from China, 10 from Russia, and 2 from the US. China's showing in the finals was helped by its large number of entrants, 894. India followed at 705, but none of its programmers was a finalist. Russia had 380 participants; the United States, 234; Poland, 214; Egypt, 145; and Ukraine, 128. Participants in the TopCoder Open was open to anyone, from student to professional; the contest proceeded through rounds of elimination that finished this month in Las Vegas. Rob Hughes, president and COO of TopCoder, says the strong finish by programmers from China, Russia, Eastern Europe and elsewhere is indicative of the importance those countries put on mathematics and science education. '
"We do the same thing with athletics here that they do with mathematics and science there..."
Read more of this story at Slashdot
"We do the same thing with athletics here that they do with mathematics and science there..."
Read more of this story at Slashdot
Monday, June 8, 2009
95 percent of blogs being abandoned...
"Douglas Quenqua reports in the NY Times that according to a 2008 survey only 7.4 million out of the 133 million blogs the company tracks had been updated in the past 120 days meaning that "95 percent of blogs being essentially abandoned, left to lie fallow on the Web, where they become public remnants of a dream — or at least an ambition — unfulfilled." Richard Jalichandra, chief executive of Technorati, said that at any given time there are 7 million to 10 million active blogs on the Internet, but it's probably between 50,000 and 100,000 blogs that are generating most of the page views. "There's a joke within the blogging community that most blogs have an audience of one." Many people who think blogging is a fast path to financial independence also find themselves discouraged. "I did some Craigslist postings to advertise it, and I very quickly got an audience of about 50,000 viewers a month," says Matt Goodman, an advertising executive in Atlanta who had no trouble attracting an audience to his site, Things My Dog Ate, leading to some small advertising deals. "I think I made about $20 from readers clicking on the ads."
Read more at slashdot
Read more at slashdot
Sunday, June 7, 2009
Thursday, June 4, 2009
Bruce Schneier - cloud computing is nothing new
IT is because Bruce 'knows' IT
...cloud computing is nothing new . It's the modern version of the timesharing model from the 1960s, which was eventually killed by the rise of the personal computer. It's what Hotmail and Gmail have been doing all these years, and it's social networking sites, remote backup companies, and remote email filtering companies such as MessageLabs. Any IT outsourcing -- network infrastructure, security monitoring, remote hosting -- is a form of cloud computing.
...cloud computing is nothing new . It's the modern version of the timesharing model from the 1960s, which was eventually killed by the rise of the personal computer. It's what Hotmail and Gmail have been doing all these years, and it's social networking sites, remote backup companies, and remote email filtering companies such as MessageLabs. Any IT outsourcing -- network infrastructure, security monitoring, remote hosting -- is a form of cloud computing.
The old timesharing model arose because computers were expensive and hard to maintain. Modern computers and networks are drastically cheaper, but they're still hard to maintain. As networks have become faster, it is again easier to have someone else do the hard work. Computing has become more of a utility; users are more concerned with results than technical details, so the tech fades into the background.
You don't want your critical data to be on some cloud computer that abruptly disappears because its owner goes bankrupt . You don't want the company you're using to be sold to your direct competitor. You don't want the company to cut corners, without warning, because times are tight. Or raise its prices and then refuse to let you have your data back. These things can happen with software vendors, but the results aren't as drastic.Trust is a concept as old as humanity, and the solutions are the same as they have always been. Be careful who you trust, be careful what you trust them with, and be careful how much you trust them. Outsourcing is the future of computing. Eventually we'll get this right, but you don't want to be a casualty along the way.
This essay originally appeared in The Guardian.
Tuesday, June 2, 2009
FBI - CAN YOU CRACK A CODE?
From www.fbi.gov
Try Your Hand at Cryptanalysis... to unravel a code and reveal its secret message, just like the “cryptanalysts” in our FBI Laboratory.
This time we've used a different set of characters entirely—ancient runes that are sometimes used by criminals to code their communications. Give it a try!
Good luck!
Note: sorry, but cracking this code doesn't guarantee you a job with the FBI! But do check out careers with us at FBIJobs.gov.
Try Your Hand at Cryptanalysis... to unravel a code and reveal its secret message, just like the “cryptanalysts” in our FBI Laboratory.
This time we've used a different set of characters entirely—ancient runes that are sometimes used by criminals to code their communications. Give it a try!
Good luck!
Note: sorry, but cracking this code doesn't guarantee you a job with the FBI! But do check out careers with us at FBIJobs.gov.
Monday, June 1, 2009
'crack cocaine of the gaming world'
"My name is Ian, and I am a recovering MMO addict."
The entire experience feels not too different from wasting away in front of a big screen TV for 16 hours a day with your shirt stained orange with cheetos as your body curses you for treating it so poorly.
It's no big secret that MMORPGs are intensely addictive. MMORPGs have been called the 'crack cocaine of the gaming world' by report in Sweden backed by the Swedish National Institute of Public Health after a 15-year old boy collapsed and went into convulsions after playing World of Warcraft, an MMORPG, for a 24-hour stretch of time.
With regards to MMORPGs, the organization added, "There is no known medical diagnosis of conditions brought on by excessive game-playing, but it is clear they have a very powerful addictive hold over many people who use them."
It was a terrible realization that besides the addictive gameplay mechanics, the one other thing that was keeping me from leaving was my guild, or the fellows with whom I enjoyed playing. It was simple: I had managed to become hooked by the game's subtle and sinister social mechanics.
Being not a slave to anything or anyone but myself, I took a step back and decided there and then to stop playing. It was an easy decision to make, but it was one which took me way longer than it should have to discover.
All in all, you'd be better off doing something else than playing an MMORPG.
Read full From The Human Cost of MMORPGs
A darker view of technology's future
Yesterday's Tomorrows: Past Visions of the American Future
"There are so many things you can't anticipate when you create a new technology," he says. "Who would have predicted that the Internet would be taking down shopping malls and wiping out newspapers?''
"Even then, people had a misplaced faith in the power of inventions to make life easier, Americans' faith in the power of technology to reshape the future is due in part to their history. Americans have never accepted a radical political transformation that would change their future. They prefer technology, not radical politics, to propel social change."
"At some point, you can't expect a miracle to come in the form of technology to save us, the miracle has to come from a change in attitude and a new outlook."
Thursday, May 28, 2009
Secrets in the TCP - code, messages and more...
Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a 'got it' message. If no such acknowledgment arrives (on average 1 in 1000 packets gets lost or corrupted), the sender's computer sends the packet again in a system known as TCP's retransmission mechanism. The new steganographic system, dubbed retransmission steganography (RSTEG), relies on the sender and receiver using software that deliberately asks for retransmission even when email data packets are received successfully (PDF). 'The receiver intentionally signals that a loss has occurred,' 'The sender then retransmits the packet but with some secret data inserted in it.' Could a careful eavesdropper spot that RSTEG is being used because the first sent packet is different from the one containing the secret message?
As long as the system is not over-used, apparently not, because if a packet is corrupted, the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG." It's out there... now read more at slashdot
As long as the system is not over-used, apparently not, because if a packet is corrupted, the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG." It's out there... now read more at slashdot
Wednesday, May 27, 2009
Stats on the MAlWar
The May edition of the MessageLabs Intelligence monthly provided this information regarding the ongoing fight against viruses, spam and other unwelcome content.
Report Highlights:
* Spam - 90.4% in May (an increase of 5.1% since April)
* Viruses - One in 317.8 emails in May contained malware (a decrease of 0.01% since April)
* Phishing - One in 404.7 emails comprised a phishing attack (an increase of 0.11% since April)
* Malicious websites - 1,149 new sites blocked per day (a decrease of 67.7% since April)
* Spammers continue to abuse reputable domains and web-based malware more likely to be found on older domains
* Geographic location determines at what time of day you receive spam
* “Russian” spam squarely rooted in Cutwail botnet
Read full paper from source: Symantec
Report Highlights:
* Spam - 90.4% in May (an increase of 5.1% since April)
* Viruses - One in 317.8 emails in May contained malware (a decrease of 0.01% since April)
* Phishing - One in 404.7 emails comprised a phishing attack (an increase of 0.11% since April)
* Malicious websites - 1,149 new sites blocked per day (a decrease of 67.7% since April)
* Spammers continue to abuse reputable domains and web-based malware more likely to be found on older domains
* Geographic location determines at what time of day you receive spam
* “Russian” spam squarely rooted in Cutwail botnet
Read full paper from source: Symantec
Tuesday, May 19, 2009
Why we are technically discontent and disconnected...
Technology is 'The knack of so arranging a world that we need not
experience it' - Max Frisch
experience it' - Max Frisch
Saturday, May 16, 2009
Sony CEO: "Nothing good from the Internet, period."
From the boingboing visionary statement from one of our would-be masters of technology:
"I'm a guy who doesn't see anything good having come from the Internet," said Sony Pictures Entertainment chief executive officer Michael Lynton. "Period." , Lynton wasn't just trying for a laugh: He complained the Internet has "created this notion that anyone can have whatever they want at any given time. It's as if the stores on Madison Avenue were open 24 hours a day. They feel entitled. They say, 'Give it to me now,' and if you don't give it to them for free, they'll steal it." – Read more here
Tuesday, May 12, 2009
The rise of American Idiot...
What we have created with our advanced IT systems cold fusion, stopped hunger, cured cancer?
Nope we twitter away our day to expand the new idiots.
Charles Pierce - The rise of Idiot America, though, is essentially a war on expertise.
It's not so much antimodernism or the distrust of the intellectual elites that Richard Hofstader teased out of the national DNA, although both of these things are part of it. The rise of Idiot America today reflects — for profit, mainly, but also and more cynically, for political advantage and in the pursuit of power — the breakdown of the consensus that the pursuit of knowledge is a good. It also represents the ascendancy of the notion that the people we should trust the least are the people who know the best what they're talking about. In the new media age, everybody is a historian, or a scientist, or a preacher, or a sage. And if everyone is an expert, then nobody is, and the worst thing you can be in a society where everybody is an expert is, well, an actual expert.
This is how Idiot America engages itself. It decides, en masse, with a million keystrokes and clicks of the remote control, that because there are two sides to every question, they both must be right, or at least not wrong. And the words of an obscure biologist carry no more weight on the subject of biology than do the thunderations of some turkeyneck preacher out of Christ's Own Parking Structure in DeLand, Florida. Less weight, in fact, because our scientist is an "expert" and therefore, an "elitist." Nobody buys his books. Nobody puts him on cable.
He's brilliant, surely, but no different from the rest of us, poor fool...
Nope we twitter away our day to expand the new idiots.
Charles Pierce - The rise of Idiot America, though, is essentially a war on expertise.
It's not so much antimodernism or the distrust of the intellectual elites that Richard Hofstader teased out of the national DNA, although both of these things are part of it. The rise of Idiot America today reflects — for profit, mainly, but also and more cynically, for political advantage and in the pursuit of power — the breakdown of the consensus that the pursuit of knowledge is a good. It also represents the ascendancy of the notion that the people we should trust the least are the people who know the best what they're talking about. In the new media age, everybody is a historian, or a scientist, or a preacher, or a sage. And if everyone is an expert, then nobody is, and the worst thing you can be in a society where everybody is an expert is, well, an actual expert.
This is how Idiot America engages itself. It decides, en masse, with a million keystrokes and clicks of the remote control, that because there are two sides to every question, they both must be right, or at least not wrong. And the words of an obscure biologist carry no more weight on the subject of biology than do the thunderations of some turkeyneck preacher out of Christ's Own Parking Structure in DeLand, Florida. Less weight, in fact, because our scientist is an "expert" and therefore, an "elitist." Nobody buys his books. Nobody puts him on cable.
He's brilliant, surely, but no different from the rest of us, poor fool...
Monday, May 11, 2009
Hidden valuable natural resource is being exploited...
A post on Google's policy blog lauds a bill being introduced to Congress that would require the Federal Communications Commission to "take a full inventory of our nation's spectrum resources between the 300 MHz and 3.5 GHz bands."
You can already see a representation of how the spectrum is divided in the graphic above, or in pdf form here. But the bill would make available full details of who is using which chunks of spectrum for what, and how efficiently. As the Google post puts it, "is a sizable portion of useful spectrum simply lying fallow?"
The internet giant was one of many that lobbied sucessfully to get spectrum freed up by the demise of analogue TV signals allocated to new kinds of mobile devices. That will supposedly allow the development of technology dubbed "Wi-Fi on steroids" by its proponents, and shape our technological future - allowing faster portable connections and high-speed broadband in remote areas, for example.
Similarly, making it publicly known how the rest of the radio spectrum is being used, and what is left, could change how we communicate for years to come.
Warrantless Tracking Is Legal, Says Wisconsin Court
Slashdot - A Wisconsin appeals court ruled Thursday that police can attach GPS trackers to cars to secretly track anybody's movements without obtaining search warrants. As the law currently stands, the court said police can mount GPS on cars to track people without violating their constitutional rights — even if the drivers aren't suspects. Officers do not need to get warrants beforehand because GPS tracking does not involve a search or a seizure, wrote Madison Judge Paul Lundsten."
Sunday, May 10, 2009
Tuesday, May 5, 2009
Mathematical Illiteracy
This may be the stupidest example of risk assessment I've ever seen. It's a video clip from a recent Daily Show, about he dangers of the Large Hadron Collider. The segment starts off slow, but then there's an exchange with high school science teacher Walter L. Wagner, who insists the device has a 50-50 chance of destroying the world:
"If you have something that can happen, and something that won't necessarily happen, it's going to either happen or it's going to not happen, and so the best guess is 1 in 2.""I'm not sure that's how probability works, Walter."
This is followed by clips of news shows taking the guy seriously.
Read full by schneier
Tuesday, March 10, 2009
Subscribe to:
Posts (Atom)