Schneier on Security
A blog covering security and security technology.
« Skype's Cryptography Reverse-Engineered |
| Embedded Code in U.S. Cyber Command Logo »
July 16, 2010
Friday Squid Blogging: Hawaiian Bobtail Squid
Symbiotic relationship between the Hawaiian bobtail squid and bioluminescent bacteria, with bonus security implications.
Posted on July 16, 2010 at 4:34 PM
• 8 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I thought FSB was about fun. I don't like it when you sneak real learning in on me.
Not sure if this should go under Perfect Citizen. or Win7 to the Russians, it's applicable to both...
The last couple of sentances sugest the malware is deliberatly targeting SCADA etc systems.
Further to my above,
Under the title,
"Proof that foreign nations plan cyberattacks on the power grid?"
The "Skating on Stilts" site has it's own spin on the USB based attack that appears specificaly directed at Siemens SCADA systems,
Again like many of the "Perfect Citizen" articles it appears to be more tempest in a teacup than hard fact.
If you are at BlackHat this year you might want to pop in on a talk by Nate Lawson,
From what I understand (info is limited currently) he and Taylor Nelson have a nice little side channel attack against poorly implemented password systems.
Essentialy what they have done is measure the response time across the internet of a number of authentication systems (not sure if it's TCP time stamp or not).
Due to a failing in the software design (stops at first incorrect char in a password) it is possible to enumerate the password...
Amongst others systems claimed vulnerable are some that implement the "OAuth" and "OpenID" standards...
I love how relaxed she is - most people seem to struggle a bit once they get on the TED stage. Also watch out for the talks by Hans Rosling.
Hai Hai Hai everybody.
Is there a way to prove that some data hasn't been modified since a specific date? Say I want to keep some logs that could prove me innocent on the slim chance that I ever get sued or something, but the logs are easy to fabricate so I want to easily prove they're genuine. I could always hand over a hash of each days logs to some trusted third party, but is there some other way?
Some way that doesn't involve an impartial third party, I mean.
@pdf23ds: I sincerely doubt any method not involving an impartial third party would be accepted by anyone as "proof".
Perhaps print out the logs and have each page notarized. A notary doesn't need to know what they are notarizing. But, IANAL.
"Logs that prove you innocent"? Get a lawyer. Random internet strangers aren't a good source for advice to keep you out of jail.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.