2006-08-28

(security) Where magic lives: Analysis of HSBC Vulnerability

http://da.vidnicholson.com/2006/08/analysis-of-hsbc-vulnerability.html

Very nice article... simple, easy to read and understand.

Most crypt-analyses is very mathematical in nature, and I can hardly
understand the individual words in it, let alone whole sentences :-(

As a result, I've always had trouble explaining to people how proper
analysis can break a system, because to the untrained mind, even XOR
would seem unbreakable!

For me, therefore, the real value of this article is that I can probably
use it to give ordinary people exactly such an insight.

2006-08-18

(criminal,malware) Windows genuine disadvantage

Windows genuine disadvantage [printer-friendly] | The Register

What would you call a computer program that surreptitiously installed itself onto your computer, collected personal information about you without your knowledge or effective consent, was difficult or impossible to remove, installed pop-up banners that constantly harassed you, and presented significant security vulnerabilities?

(FOSS,malware) LWN: Free Software Sets the Computing Agenda

LWN: Free Software Sets the Computing Agenda

Taken on their own, each of these instances of Microsoft emulating or accommodating free software might seem fairly minor. Put together, they represent a consistent pattern of loss of control that is unprecedented in the company's recent history.

2006-08-13

(security) India takes on offshoring naysayers

It's not news if the fraud is "onsite", I guess :-( Or, as the article says, our reputation is less valuable than theirs...

India takes on offshoring naysayers | The Register

In June, an Indian worker was arrested for allegedly defrauding £233,000 from the accounts of about 20 HSBC customers. However, the Royal Bank of Scotland lost nearly 100 times that amount of money (£21m) to a man working for the bank in Edinburgh.

The story of his being jailed for 10 years broke almost simultaneously with that of the comparatively minor Indian fraud. But that was not all that was overlooked.

HSBC had insisted that its Indian centres suffered less fraud than those based in the UK. The Financial Services Authority (FSA) said British banks are more reluctant to report or prosecute their inhouse fraudsters, as doing so could tarnish their reputations.

(FOSS) Intellectual property in the era of open source

Note that all this is from a VC...!

Intellectual property in the era of open source

In fact, open source can lead inventors, engineers, architects and business strategists to focus on areas where software is not a commodity.

[...]

It's as if open source applies evolutionary pressure to business plans, in the Darwinian sense. Because open source eliminates whole categories of obvious commodity software plays, we in the investment community see fewer "better mousetrap" propositions that retool commodity categories and more focused and innovative plans for unserved markets.

(security) Phishers rip 2-factor authentication

Phishers rip into two-factor authentication | The Register

The attack confirms concerns from security expert Bruce Schneier that two-factor authentication schemes have been oversold as a silver-bullet solution to online identity fraud.

2006-08-12

(funny,geek) Driftnet

Hmmm, I wonder if I should run this on the proxy server at work :-) Driftnet

Inspired by EtherPEG (though, not owning an Apple Macintosh, I've never actually seen it in operation), Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

2006-08-11

(funny) Oooops! You Broke it

Oooops! You Broke it - PierceitShop 404 ERROR! KAAABOOOOOOOOOOOOOOOOOOOM!

The page you are looking for might have been removed, had its name (or sex) changed, or badgers may have stolen it.

It's really funny -- you really must read the whole page!

(funny,security) booty call == replay attack

This is how security guys think... I don't know whether to laugh or cry!

Dean Wilson@UnixDaemon: In search of (a) life

Wikipedia's definition of Booty Call

"Booty calls can be used by one partner of an ended relationship to obtain sex from the ex-partner, due to lingering emotions and feelings of a need for continued physical connection."

Security guys analysis of the above:

"This one's pretty obvious, it's a replay attack. You've already gone through the authorisation and authentication processes and now you're reusing previously obtained credentials to obtain access to a resource."

(funny) Plagiarism Policy

Multiversity experience

Platothefish requested that it be formally minuted that the faculty's Plagiarism Policy appears to be remarkably similar to three other faculties within the university. Further that a search on google has disclosed policies with almost exactly the same wording from a number of other universities.

2006-08-03

(funny,FOSS,criminal) SCO and IBM and Linux

An excellent summary of this lawsuit that's been going on for years now. Plus it's funny too!

SCO Accuses IBM of Destruction of Evidence | Seen On Slash

2006-08-02

(funny) Linus Torvalds at his acerbic best!

Linux: Linus On The Extensible Firmware Interface

Of course, it's somewhat questionable whether people have actually gotten smarter or stupider in the last 30 years. It's not enough time for evolution to have increased our brain capacity, but it certainly is enough time for most people to no longer understand how hardware works any more.