Security

July 23, 2008

Oh, Look... It's Me!

It's funny to accidentally run across things you wrote a long while back (8 years ago in this case). Turns out, it's still relevant!

http://rootprompt.org/article.php3?article=507

Posted at 04:46 PM in Security, Thoughts, Web/Tech | | Comments (0) | TrackBack (0)

November 27, 2006

In Futility We Trust

Local news has picked up on the stupidity that is Real ID. The worst of it, though, is exemplified by the quote from "a Texas driver" at the end:

"The standing in line part is going to be difficult but I think as long as we have secruity [sic], we can't have enough security"

Huh? Can't have enough security? Whatever happened to freedom and liberty and all that we supposedly stand for as a nation? Whatever happened to thinking?

Oh, but we do have freedom, don't we... I could watch CSI or I could watch Lost... wow... now that's freedom.

Technorati Tags:

Posted at 06:03 PM in Current Affairs, Security | | Comments (0) | TrackBack (0)

July 06, 2006

Canadian Privacy Commissioner Report

(via Bruce Schneier) Schneier on Security: Annual Report from the Privacy Commissioner of Canada

Equally (if not more) applicable in the US.

Posted at 10:44 AM in Current Affairs, Security | | Comments (0)

June 18, 2006

Lauren Weinstein's "Internet and Empires" Talk

This is a really good talk that Lauren Weinstein gave at Google about technology and privacy and so on. It's long, but very good IMO.

Posted at 06:28 AM in Current Affairs, Security | | Comments (0)

June 01, 2006

Excel Passwords... Ha!

I'm sure the world will be shocked to learn that Microsoft's implementation of protecting Excel worksheets and workbooks may be... uhh... lacking in security. I needed to make a modification to a protected workbook (for extremely practical and entirely wholesome reasons), so I figured that I would see what it would take to figure out or find the password. Well not much, it turns out. I viewed the document using "less" in a terminal and near the end (always look there first) there's a section of code-like string fragments having to do with protecting and unprotecting, and nestled nearby was a short string that didn't make sense as code, didn't make sense as any kind of Excel keyword, and was not contained in the visible Excel workbook text.

So I tried unprotecting the workbook with that string as the password. Yep, that did it. Now I'm sure it was implemented that way so that the average human who forgets a password ten minutes after thinking it up wouldn't be completely stuck. But those kinds of "failsafes" are usually just wide open back doors. Definitely the case here.

No doubt thousands of other people figured this out long ago, but it was amusing to me.

Posted at 02:47 PM in Humor, Security | | Comments (1)

May 18, 2006

Schneier on Privacy

If we're doing nothing wrong, why should we care about privacy? That's the subject of Bruce Schneier's latest Wired column.

Posted at 07:24 AM in Current Affairs, Security | | Comments (0)

May 11, 2006

Gizmo + Zfone

In light of all the "security" being implemented by the current administration, we ought to all grab Gizmo and Zfone and use them whenever possible. Gizmo is an IM-like VoIP (i.e. real VoIP using SIP, RTP, etc.) client and Zfone is Phil Zimmerman's (think PGP) contribution to VoIP security. It embeds strong crypto in the RTP stream directly, bypassing any filters or blocking at higher layers.

Gizmo: http://www.gizmoproject.com/

Zfone: http://www.philzimmermann.com/EN/zfone/index.html

Posted at 08:04 PM in Crypto, Current Affairs, Security | | Comments (2)

More NSA Domestic Spying

http://www.schneier.com/blog/archives/2006/05/nsa_creating_ma.html

Sigh. Yay Qwest.

Posted at 07:59 PM in Current Affairs, Security | | Comments (0)

April 25, 2006

A Government Of, By, and For... Whom?

Another wonderful Republican legislator from Texas: http://techdirt.com/articles/20060425/0819237.shtml

Government Worldview 101: "If we don't make more laws that restrict more freedoms, uhh... uhhh... what would we do, again?"

Posted at 01:01 PM in Absurd, Current Affairs, Security | | Comments (2)

November 02, 2005

iChat Encryption, Part Deux

So I did a little analysis of an encrypted iChat session (tcpdump is your friend). Looks to me like they're doing a public key encrypt on each message. More specifically, I think they're encrypting a random session key for each message, and then encrypting the message with the session key, using a block cipher having large-ish blocks, so I suspect it's AES. That would be both the logical, good choice and would fit my guess based on message size differences. There's a momentary lag when sending each message, which would also support the notion that they're public-key encrypting each message in some way (that and the message size and the presence of certificate-like text). Interesting stuff.

Posted at 03:15 PM in Macs, Security | | Comments (0)

Next »

The Story of Stuff

Photoblog

Photography Site

Flickr

  • jeremey. Get yours at bighugelabs.com/flickr

Houston Photobloggers

Blog powered by TypePad