Monthly Archives: July 2012

Storing Passwords in the Unconscious Mind (and a chip killing update)

The basic idea: it’s harder to forget a series of steps you’ve practiced, and harder still to disclose them e.g under torture.   I’m very skeptical this is “unbreakable crypto,” though. Remember how I said security took a broad knowledge base? It turns out that finding and exploiting vulnerabilities in the subconscious mind dates back […]

Defeating Keypads with an IR Thermometer

Remember the thermal-camera attack to read heat left from fingers pressing buttons on keypads? A noncontact IR thermometer for a tenth the price may do the job as well. (The link uses a $20 one, but I suspect a nicer model would get you a window of opportunity longer than the two seconds they achieved.) […]

Yahoo Fails Security 101

The Yahoo hack is old news by now, but it’s still worth pointing out how completely they failed. Not only did they not notice someone accessing this rather sensitive database, but all the user login information was stored plaintext. (Encryption in general may be a trap, but with login information it’s a no-brainer.) Apparently whoever […]

Schneier on Remote Scanning

Fascinating meta-security piece. At the heart of it is a new molecular scanner that might allow the authorities to know everything about your body and clothes from 50 meters away. The real issue is much broader, though. Surveillance technology has thoroughly eclipsed anything Orwell could have imagined. And it will only get more sophisticated. The […]

Skype Redirects Messages to Random Contacts, Skype Binaries Reversed

A horrifying Skype bug and some possibly good news for those looking to understand how it works. Despite the headlines, though, keep in mind these sorts of things are basically irrelevant from the perspective of real security. Not just because Skype had serious problems long before this. If you want real security you can safely […]

Reverse-Engineering a (Home) Alarm System (also a stun gun update)

Don’t trust things you don’t understand, indeed: guy gets a house with a pre-installed alarm system and goes through figuring out how it works. (Sadly his eventual plan is to control it from a smartphone. I guess if it works for his threat model.) Granted, this is a pretty simple alarm system. But being able […]

Detecting GPS Trackers With an AM Radio

Neat tool that could be all sorts of useful for defending yourself from illegal tracking. It turns out a (poorly-filtered) GPS receiver may emit noise at 1.023 MHz, which you can pick up with an AM radio. The link also mentions a separate document by James Atkinson of TSCM-L fame, “Detecting_Covert_GPS_Tracking_Systems.txt,” but it returns a […]