Friday Squid Blogging: Hawaiian Bobtail Squid
Symbiotic relationship between the Hawaiian bobtail squid and bioluminescent bacteria, with bonus security implications.
Comments
Clive Robinson • July 18, 2010 3:44 PM
@ Bruce,
Off topic.
Not sure if this should go under Perfect Citizen. or Win7 to the Russians, it’s applicable to both…
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/#more-4045
The last couple of sentances sugest the malware is deliberatly targeting SCADA etc systems.
Clive Robinson • July 18, 2010 9:57 PM
@ Bruce,
Further to my above,
Under the title,
“Proof that foreign nations plan cyberattacks on the power grid?”
The “Skating on Stilts” site has it’s own spin on the USB based attack that appears specificaly directed at Siemens SCADA systems,
Again like many of the “Perfect Citizen” articles it appears to be more tempest in a teacup than hard fact.
Clive Robinson • July 18, 2010 11:12 PM
@ Bruce,
Off Topic
If you are at BlackHat this year you might want to pop in on a talk by Nate Lawson,
https://www.blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Lawson
From what I understand (info is limited currently) he and Taylor Nelson have a nice little side channel attack against poorly implemented password systems.
Essentialy what they have done is measure the response time across the internet of a number of authentication systems (not sure if it’s TCP time stamp or not).
Due to a failing in the software design (stops at first incorrect char in a password) it is possible to enumerate the password…
Amongst others systems claimed vulnerable are some that implement the “OAuth” and “OpenID” standards…
I love how relaxed she is – most people seem to struggle a bit once they get on the TED stage. Also watch out for the talks by Hans Rosling.
pdf23ds • July 19, 2010 6:17 PM
Hai Hai Hai everybody.
Is there a way to prove that some data hasn’t been modified since a specific date? Say I want to keep some logs that could prove me innocent on the slim chance that I ever get sued or something, but the logs are easy to fabricate so I want to easily prove they’re genuine. I could always hand over a hash of each days logs to some trusted third party, but is there some other way?
pdf23ds • July 19, 2010 6:20 PM
Some way that doesn’t involve an impartial third party, I mean.
John Hardin • July 20, 2010 12:07 PM
@pdf23ds: I sincerely doubt any method not involving an impartial third party would be accepted by anyone as “proof”.
Perhaps print out the logs and have each page notarized. A notary doesn’t need to know what they are notarizing. But, IANAL.
“Logs that prove you innocent”? Get a lawyer. Random internet strangers aren’t a good source for advice to keep you out of jail.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
altjira • July 16, 2010 8:11 PM
I thought FSB was about fun. I don’t like it when you sneak real learning in on me.