Friday Squid Blogging: Hawaiian Bobtail Squid

Symbiotic relationship between the Hawaiian bobtail squid and bioluminescent bacteria, with bonus security implications.

Posted on July 16, 2010 at 4:34 PM • 8 Comments

Comments

altjiraJuly 16, 2010 8:11 PM

I thought FSB was about fun. I don't like it when you sneak real learning in on me.

Clive RobinsonJuly 18, 2010 3:44 PM

@ Bruce,

Off topic.

Not sure if this should go under Perfect Citizen. or Win7 to the Russians, it's applicable to both...

http://krebsonsecurity.com/2010/07/...

The last couple of sentances sugest the malware is deliberatly targeting SCADA etc systems.

Clive RobinsonJuly 18, 2010 9:57 PM

@ Bruce,

Further to my above,

Under the title,

"Proof that foreign nations plan cyberattacks on the power grid?"

The "Skating on Stilts" site has it's own spin on the USB based attack that appears specificaly directed at Siemens SCADA systems,

http://www.skatingonstilts.com/skating-on-stilts/...

Again like many of the "Perfect Citizen" articles it appears to be more tempest in a teacup than hard fact.

Clive RobinsonJuly 18, 2010 11:12 PM

@ Bruce,

Off Topic

If you are at BlackHat this year you might want to pop in on a talk by Nate Lawson,

https://www.blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Lawson

From what I understand (info is limited currently) he and Taylor Nelson have a nice little side channel attack against poorly implemented password systems.

Essentialy what they have done is measure the response time across the internet of a number of authentication systems (not sure if it's TCP time stamp or not).

Due to a failing in the software design (stops at first incorrect char in a password) it is possible to enumerate the password...

Amongst others systems claimed vulnerable are some that implement the "OAuth" and "OpenID" standards...

AJuly 19, 2010 4:54 PM

I love how relaxed she is - most people seem to struggle a bit once they get on the TED stage. Also watch out for the talks by Hans Rosling.

pdf23dsJuly 19, 2010 6:17 PM

Hai Hai Hai everybody.

Is there a way to prove that some data hasn't been modified since a specific date? Say I want to keep some logs that could prove me innocent on the slim chance that I ever get sued or something, but the logs are easy to fabricate so I want to easily prove they're genuine. I could always hand over a hash of each days logs to some trusted third party, but is there some other way?

John HardinJuly 20, 2010 12:07 PM

@pdf23ds: I sincerely doubt any method not involving an impartial third party would be accepted by anyone as "proof".

Perhaps print out the logs and have each page notarized. A notary doesn't need to know what they are notarizing. But, IANAL.

"Logs that prove you innocent"? Get a lawyer. Random internet strangers aren't a good source for advice to keep you out of jail.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..