Why browser certificate warnings fail

Everyone’s probably seen one. You visit some website with a URL prefixed with “https” and you get a pop-up or warning of some kind in your browser, telling you that the certificate for the site is not signed by a known authority, and warning you not to continue. You continue anyway since, surprise surprise, you [...]

Techworld.com, spreading FUD about VoIP

This article from techworld really blows tapping SIP calls out of proportion. SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organised crime, which could use such a program to steal confidential data from companies, governments and even the police. Umm, yeah. Assuming you’re not using SRTP to [...]

Schneier on Security: Idiotic Cryptography Reporting

Bruce Schneier blogged a story on a supposedly new crypto system developed by Franco-German aerospace company EADS that they claim is “hacker proof”. First of all, it’s “cracker”. Hackers are nothing to fear, despite Hollywood’s ignorance. Secondly… Gordon Duncan, the division’s government and commercial sales manager, said he was convinced that sensitive data could now [...]

Lack of privacy, data mining, and the future

I saw this while scanning my RSS feeds today. An amazing flash presentation of what ordering a pizza in the future could be like, if governments continue to erode our personal right to privacy, and force national ID cards on us. I’d laugh, but it’s a little too accurate.

Countries and crypto

Hey, this is neat. Someone on a crypto list that I’m on pointed this out yesterday. If you’re curious about countries’ rules on import/export on crypto, check out this map which shows the breakdown. When, oh when will government agencies realize that in the age of the internet, they cannot limit crypto. Not to mention [...]

Technological warfare

Bruce Scheiner’s blog points to this article on CIA operations during the Cold War to implant deliberate flaws in technology that the KGB was stealing from the West. The article points to these tactics having a large impact on the final resolution of the Cold War, with the Soviet Union basically bankrupt. As frighteningly effective [...]

Sony, bringing infected PCs to you

Presumably you’ve heard already, but if you haven’t, Sony is simply outdoing themselves by releasing CDs that install a rootkit on your Windows PC when you play them. Well, if you have autorun enabled anyway, like most people do. Yet another reason to not run Windows, or at least turn off a lot of “features” [...]

Fingerprint matches…not

This showed up on the Cryptography mailing list that I’m subscribed to. Quite troublesome, when we see casual fingerprint matches on CSI episodes all of the time, putting people in jail. The Wall Street Journal October 7, 2005 SCIENCE JOURNAL By SHARON BEGLEY Fingerprint Matches Come Under More Fire As Potentially Fallible October 7, 2005; [...]

Feeling safe is expensive

Bruce Schneier has linked to a very informative article on the Billions that the U.S. has wasted on security since 9/11. Specifically, it goes into detail on how much they’ve spent on solutions that didn’t work, or at least not as advertised. This shows how you can’t simply throw money at most problems and expect [...]

Hackers use Google to access photocopiers – ZDNet UK News

This article was a little surprising. I find it odd that they seem to be pinning the blame on Google here. They’re just indexing the web, like they promised. If idiot sysadmins leak sensitive information through an insecure web server (read: Microsoft IIS), I really don’t see how it’s Google’s fault.