Ramblings & ephemera
From Victor Bogado da Silva Lins’ letter in Bruce Schneier’s Crypto-Gram (15 May 2004):
You mentioned in your last crypto-gram newsletter about a cover that makes a license plate impossible to read from certain angles. Brazilian people have thought in another low-tech solution for the same “problem”, they simply tie some ribbons to the plate or [...]
Posted on April 20th, 2008 by Scott Granneman
Filed under: Webster U: InfoSec Management, security | No Comments »
From Bruce Schneier’s “Crypto-Gram” (15 August 2005):
At DefCon earlier this month, a group was able to set up an unamplified 802.11 network at a distance of 124.9 miles.
http://www.enterpriseitplanet.com/networking/news/…
http://pasadena.net/shootout05/
Even more important, the world record for communicating with a passive RFID device was set at 69 feet. Remember that the next time someone tells you that it’s [...]
Posted on April 15th, 2008 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | No Comments »
From Lisa Vaas’ “Are Campuses Flooded with Zombified Student PCs?” (eWeek: 22 October 2007):
Rather, bot herders have sophisticated technology in place that can detect how fast a bot’s connection is. If that connection changes over time - if, say, a student is poking around at her parent’s house with dial-up all summer and then comes [...]
Posted on March 31st, 2008 by Scott Granneman
Filed under: Webster U: InfoSec Management, education, security | No Comments »
From John D. Barrow and John K. Webb’s "Inconstant Constants: Do the inner workings of nature change with time?" (Scientific American: 23 May 2005):
One ratio of particular interest combines the velocity of light, c, the electric charge on a single electron, e, Planck’s constant, h, and the so-called vacuum permittivity, 0. [...]
Posted on March 25th, 2008 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | No Comments »
From Bruce Schneier’s “How to Crash the Oscars” (7 March 2006):
If you want to crash the glitziest party of all, the Oscars, here’s a tip from a professional: Show up at the theater, dressed as a chef carrying a live lobster, looking really concerned. …
“The most important technique is confidence,” he [...]
Posted on July 26th, 2007 by Scott Granneman
Filed under: Webster U: InfoSec Management, Writing Ideas, security | No Comments »
From Avi Rubin’s “Voting: Low-Tech Is the Answer” (Business Week: 30 October 2006):
Unfortunately, there are three problems with electronic voting that have nothing to do with whether or not the system works as intended. They are transparency, recovery, and audit. …
Electronic voting is not transparent - it is not even translucent. There is no way [...]
Posted on December 11th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, law, politics, security | Comments Off
From Stephen Ornes’s “Map: What Does the Internet Look Like?” (Discover: October 2006):
The United States owns 74 percent of the 4 billion available Internet protocol (IP) addresses. China’s stake amounts to little more than that of an American university. Not surprisingly, China is championing the next wave of the Internet, which would accommodate 340 trillion [...]
Posted on December 11th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management | Comments Off
From Scott M. Fulton, III’s “Allchin Suggests Vista Won’t Need Antivirus” (BetaNews: 9 November 2006):
During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system’s new lockdown features are so capable and thorough [...]
Posted on December 11th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | Comments Off
From Bruce Schneier’s “Hacking Computers Over USB” (Crypto-Gram: 15 June 2005):
From CSO Magazine:
“Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB’s internal storage, and hide them as “deleted” files. Alternatively, the [...]
Posted on December 10th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, security | Comments Off
From Ryan Naraine’s “‘Pump-and-Dump’ Spam Surge Linked to Russian Bot Herders” (eWeek: 16 November 2006):
The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers.
Internet security researchers and law enforcement authorities have traced the operation to [...]
Posted on December 10th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, security | Comments Off
From Christian Seifert’s “Analyzing malicious SSH login attempts” (SecurityFocus: 11 September 2006):
First, we analyzed the login names that were used on the login attempts. During the sample period, there were 2741 unique account names ranging from common first names, system account names, and common accounts to short alphabetical strings captured by the system logger. Of [...]
Posted on November 5th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | Comments Off
On Saturday 17 April 2004, I received the following email from someone I didn’t know:
> Hello,
>
> I am not sure who you are but our security detected a Netsky virus in an
> email that you sent. Whether a personal message or a spam, please make
> attention to the fact that you are spreading viruses and [...]
Posted on November 3rd, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, security | Comments Off
From Erica Goode’s “Incompetent People Really Have No Clue, Studies Find: They’re blind to own failings, others’ skills” (The New York Times: 18 January 2000):
Dunning, a professor of psychology at Cornell, worries about this because, according to his research, most incompetent people do not know that they are incompetent.
On the contrary. People who do things [...]
Posted on October 7th, 2006 by Scott Granneman
Filed under: Commonplace Book, Webster U: InfoSec Management, science | Comments Off
From Seth David Schoen’s “Wiretapping vulnerabilities” (Vitanuova: 9 March 2006):
Traditional wiretap threat model: the risks are detection of the tap, and obfuscation of content of communication. …
POTS is basically the same as it was 100 years ago — with central offices and circuit-switching. A phone from 100 years ago will pretty much still work today. [...]
Posted on August 20th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, law | Comments Off
From Bruce Schneier’s “Mitigating Identity Theft” (Crypto-Gram: 15 April 2005):
The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. …
The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, law, security | Comments Off
From Bruce Schneier’s “More on Two-Factor Authentication” (Crypto-Gram: 15 April 2005):
Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five years [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: InfoSec Management, security | Comments Off
From Bruce Schneier’s “Hollywood Sign Security” (Crypto-Gram: 15 January 2005):
In Los Angeles, the “HOLLYWOOD” sign is protected by a fence and a locked gate. Because several different agencies need access to the sign for various purposes, the chain locking the gate is formed by several locks linked together. Each of the agencies has the key [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: InfoSec Management, business, security | Comments Off
From Bruce Schneier’s “Burglars and “Feeling Secure” (Crypto-Gram: 15 January 2005):
This quote is from “Confessions of a Master Jewel Thief,” by Bill Mason (Villard, 2003): “Nothing works more in a thief’s favor than people feeling secure. That’s why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, business, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
After successful exploitation, a bot uses Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), HyperText Transfer Protocol (HTTP), or CSend (an IRC extension to send files to other users, comparable to DCC) to transfer itself to the compromised host. The [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
… some of the more widespread and well-known bots.
Agobot/Phatbot/Forbot/XtremBot
… best known bot. … more than 500 known different versions of Agobot … written in C++ with cross-platform capabilities and the source code is put under the GPL. … structured in a [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | Comments Off