Page 5 of 5
This computerized servomotor opens combination locks by brute forcing all the combinations. This isn’t particular surprising, but it is nice to see some actually build one.
What’s more interesting is the link describing how to open a common Master brand lock in about 10 minutes. The design makes those 403 possible combinations collapse to 121. It’s a physical metaphor for bad cryptography.
Members of Cornell’s Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe’s first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices—including handheld receivers and systems installed in vehicles—that need PRNs to listen to satellites.
Security by obscurity: it doesn’t work, and it’s a royal pain to recover when it fails.
From a list of 100,000 passwords for a German dating site, we learn that 123456 works 1.4% of the time and that 2.5% of all passwords begin with 1234.
Interesting.
There’s a new cryptographic result against Bluetooth. Yaniv Shaked and Avishai Wool of Tel Aviv University in Israel have figured out how to recover the PIN by eavesdropping on the pairing process.
Pairing is an important part of Bluetooth. It’s how two devices—a phone and a headset, for example—associate themselves with one another. They generate a shared secret that they use for all future communication. Pairing is why, when on a crowded subway, your Bluetooth devices don’t link up with all the other Bluetooth devices carried by everyone else.
According to the Bluetooth specification, PINs can be 8-128 bits long. Unfortunately, most manufacturers have standardized on a four decimal-digit PIN. This attack can crack that 4-digit PIN in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer.
At first glance, this attack isn’t a big deal. It only works if you can eavesdrop on the pairing process. Pairing is something that occurs rarely, and generally in the safety of your home or office. But the authors have figured out how to force a pair of Bluetooth devices to repeat the pairing process, allowing them to eavesdrop on it. They pretend to be one of the two devices, and send a message to the other claiming to have forgotten the link key. This prompts the other device to discard the key, and the two then begin a new pairing session.
Taken together, this is an impressive result. I can’t be sure, but I believe it would allow an attacker to take control of someone’s Bluetooth devices. Certainly it allows an attacker to eavesdrop on someone’s Bluetooth network.
News story here.
Two nights ago, my encryption algorithm Blowfish was mentioned on the Fox show “24.” An alleged computer expert from the fictional anti-terror agency CTU was trying to retrieve some files from a terrorist’s laptop. This is the exchange between the agent and the terrorist’s girlfriend:
They used Blowfish algorithm.
How can you tell?
By the tab on the file headers.
Can you decrypt it?
CTU has a proprietary algorithm. It shouldn’t take that long. We’ll start by trying to hack the password. Let’s start with the basics. Write down nicknames, birthdays, pets—anything you think he might have used.
From Adam Fields weblog:
Some guy tore apart his PS2 controller, connected it to the parallel port on his computer, and wrote a script to press a large number of button combinations. He used it to figure out all of the cheat codes for GTA San Andreas (including some not released by Rockstar, apparently).
http://games.slashdot.org/article.pl?sid=05/01/17/1411251
This is a great example of a “class break” in systems security—the creation of a tool means that this same technique can be easily used on all games, and game developers can no longer rely (if they did before) on the codes being secret because it’s hard to try them all.
Sidebar photo of Bruce Schneier by Joe MacInnis.