Monthly Archives: March 2013

Your Cell Phone = Your Fingerprint

(thanks, you know who you are) The more you use your cell phone, the more it’s like a fingerprint for you. It doesn’t even matter who you call, and it matters a lot less whether or not it’s registered under your name. For most people (that follow similar routines every day) just looking at the […]

Critical flaw in BIND… and North Korea Declares War

If you run your own DNS, time to update. The Berkeley Internet Name Daemon (BIND)’s got a serious and dead-easy-to-exploit problem. For everyone else: DNS servers are a core component of the Internet, being that they’re what translates e.g into Not only is the former a lot easier to remember, but the IP […]

Placebos Becoming More Effective

People’s response to placebos has been increasing by almost 7% per decade since 1981. I’m not exactly sure what the implications are for security, but they’re probably significant. For drug companies, this is huge… to the point they’ve started specifically designing studies to reduce the placebo effect, by selecting for placebo non-responders. Rather than changing […]

Running a Honeypot (and, a quote)

First off, an (unrelated) quote, nevertheless too awesome not to lead off with: “A connection to the past frees us from its effects… while severing ourselves from the past means those effects hang around forever.” (Blick, “Neuro-Hypnose,” Ullstein, p. 139) Anyway. Reporting from a more prosaic layer of the security-news OSI model… Anyone who runs […]

Random Numbers: Too Important to be Left to Chance (and a $600 6Ghz spectrum analyzer)

Yes, I did pick this link because the headline was too awesome not to. In a nutshell, some recent versions of NetBSD (predating January of this year) have a problem in the PRNG that compromises SSH and SSL keys. Upgrade, etc. And always make sure you have equally secure and comprehensive lines of defense that […]

Defending Against Cold-Boot Attacks

“Up jumped the Swagman and sprang into the billabong You’ll never catch me alive said he…” Here’s the security take on that idea. “You’ll Never Take Me Alive!” keeps an eye on your power and ethernet connections when you lock your laptop’s screen. If either get disconnected, it hibernates the system immediately, to ensure there’s […]

Funny Steganography

It might be possible to automatically hide messages in jokes. Researchers have figured out that certain kinds of jokes are good candidates for automated word substitution, rendering them a decent carrier for very short hidden messages. The trick seems to be the advent of homophone/homograph/honomnym dictionaries, so that software can now write automated puns. The […]