Entries Tagged "spoofing"

Page 6 of 6

White Powder Anthrax Hoaxes

Earlier this month, there was an anthrax scare at the Indonesian embassy in Australia. Someone sent them some white powder in an envelope, which was scary enough. Then it tested positive for bacillus. The building was decontaminated, and the staff was quarantined for twelve hours. By then, tests came back negative for anthrax.

A lot of thought went into this false alarm. The attackers obviously knew that their white powder would be quickly tested for the presence of a bacterium of the bacillus family (of which anthrax is a member), but that the bacillus would have to be cultured for a couple of days before a more exact identification could be made. So even without any anthrax, they managed to cause two days of terror.

At a guess, this incident had something to do with Schapelle Corby (yet another security related story). Corby was arrested in Bali for smuggling drugs into the country. Her defense, widely believed in Australia, was that she was an unwitting dupe of the real drug smugglers. Supposedly, the smugglers work as airport baggage handlers and slip packages into checked baggage and remove them at the far end before reclaim. In any case, Bali has very strict drug laws and Corby was recently convicted in what Australians consider a miscarriage of justice. There have been news reports saying that there is no connection, but it just seems too obvious.

In an interesting side note, the media have revealed for the first time that 360 “white powder” incidents have taken place since 11 September 2001. This news had been suppressed by the government, which had issued D notices to the media for all such incidents. So there has been one such incident approximately every four days — an astonishing number, given Australia’s otherwise low crime rate.

Posted on June 14, 2005 at 2:41 PMView Comments

Unicode URL Hack

A long time ago I wrote about the security risks of Unicode. This is an example of the problem.

Here’s a demo: it’s a Web page that appears to be www.paypal.com but is not PayPal. Everything from the address bar to the hover-over status on the link says www.paypal.com.

It works by substituting a Unicode character for the second “a” in PayPal. That Unicode character happens to look like an English “a,” but it’s not an “a.” The attack works even under SSL.

Here’s the source code of the link: http://www.p&amp#1072;ypal.com/

Secuna has some information on how to fix this vulnerability. So does BoingBoing.

Posted on February 16, 2005 at 9:17 AMView Comments

Smart Water

No, really. It’s liquid with a unique identifier that is linked to a particular owner.

Forensic Coding combined with microdot technology.

SmartWater has been designed to protect household property and motor vehicles. Each bottle of SmartWater solution contains a unique forensic code, which is assigned to a household or vehicle.

An additional feature of SmartWater Instant is the inclusion tiny micro-dot particles which enable Police to quickly identify the true owner of the property.

The idea is for me to paint this stuff on my valuables as proof of ownership. I think a better idea would be for me to paint it on your valuables, and then call the police.

Posted on February 10, 2005 at 9:20 AMView Comments

1 4 5 6

Sidebar photo of Bruce Schneier by Joe MacInnis.