BrainWave Technology Tidbits

Information Leakage from Keypads

2009-07-02T17:09:30Z

Can anyone guess the entry codes for these door locks? There are 10,000 possible four-digit codes, but you only have to try 24 on these keypads. The second is almost certainly guessable in one.... Share Post: Read More......(read more)

More Security Countermeasures from the Natural World

2009-07-02T11:11:41Z

The plant caladium steudneriifolium pretends to be ill so mining moths won't eat it. She believes that the plant essentially fakes being ill, producing variegated leaves that mimic those that have already been damaged by mining moth larvae. That deters the moths from laying any further larvae on the leaves, as the insects assume the previous caterpillars have already eaten... Share Post: Read More......(read more)

MD6 Withdrawn from SHA-3 Competition

2009-07-01T19:27:35Z

In other SHA-3 news, Ron Rivest seems to have withdrawn MD6 from the SHA-3 competition. From an e-mail to a NIST mailing list: We suggest that MD6 is not yet ready for the next SHA-3 round, and we also provide some suggestions for NIST as the contest moves forward. Basically, the issue is that in order for MD6 to be... Share Post: Read More......(read more)

New Attack on AES

2009-07-01T16:49:18Z

There's a new cryptanalytic attack on AES that is better than brute force: Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher... Share Post: Read More......(read more)

Security, Group Size, and the Human Brain

2009-07-01T11:51:56Z

If the size of your company grows past 150 people, it's time to get name badges. It's not that larger groups are somehow less secure, it's just that 150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationship with. Primatologist Robin Dunbar derived this number by comparing neocortex -- the "thinking"... Share Post: Read More......(read more)

Cryptography Spam

2009-06-30T18:36:42Z

I think this is a first. Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can... Share Post: Read More......(read more)

Growth of the CSE

2009-06-30T11:32:53Z

The Communication Security Establishment (CSE, basically Canada's NSA) is growing so fast they're running out of room and building new office buildings.... Share Post: Read More......(read more)

Anti-Stab Knife

2009-06-29T19:18:22Z

I've already written about the risks of pointy knives. This no-stabbing knife is the solution, and seems not to be a joke.... Share Post: Read More......(read more)

Protecting Against the Snatched Laptop Data Theft

2009-06-29T11:51:02Z

Almost two years ago, I wrote about my strategy for encrypting my laptop. One of the things I said was: There are still two scenarios you aren't secure against, though. You're not secure against someone snatching your laptop out of your hands as you're typing away at the local coffee shop. And you're not secure against the authorities telling you... Share Post: Read More......(read more)

Friday Squid Blogging: 8 Gig USB Squid Flash Drive

2009-06-26T21:52:39Z

Cute.... Share Post: Read More......(read more)

Fake Receipts

2009-06-26T18:16:12Z

For all of you who want to scam your company's expense reimbursement system. I've heard of sites where you give them a range of dates and a city, and they give you a full set of receipts for a trip to that city: airfare, hotel, meals, everything -- but I can't find a website.... Share Post: Read More......(read more)

The Problem with Password Masking

2009-06-26T11:17:52Z

I agree with this: It's time to show most passwords in clear text as users type them. Providing feedback and visualizing the system's status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply. Most websites (and many other applications) mask passwords as users type them, and thereby theoretically... Read More......(read more)

Clear Shuts Down Operation

2009-06-25T17:36:40Z

Clear, the company that sped people through airport security, has ceased operations. My first question: what happened to all that personal information it collected on its members? An answer appeared on its website: Applicant and Member data is currently secured in accordance with the Transportation Security Administration's Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will Read More......(read more)

Authenticating Paperwork

2009-06-25T11:11:32Z

It's a sad, horrific story. Homeowner returns to find his house demolished. The demolition company was hired legitimately but there was a mistake and it demolished the wrong house. The demolition company relied on GPS co-ordinates, but requiring street addresses isn't a solution. A typo in the address is just as likely, and it would have demolished the house just... Share Post: Read More......(read more)

Workshop on Economics of Information Security

2009-06-24T11:45:06Z

I'm at the 8th Workshop on Economics and Information Security at University College London (field trip to see Jeremy Bentham). Ross Anderson liveblogged the event. I wrote about WEIS 2006 back in 2006.... Share Post: Read More......(read more)