Sorry for the late post. Here is the code we were playing around with in class:
xordemo.c
xordemo2.cpp
Friday Squid Blogging: Two-Man Giant Squid
2 days ago
Sunday, November 30, 2008
A Sixty-Eight Year Old Code
Since we were talking about cyphers and such, I thought you might like this blogpost about WWII German espionage code (with pics).
Monday, November 24, 2008
Monday, November 17, 2008
Saturday, November 15, 2008
Tuesday, November 11, 2008
Renderlab
Sorry, I almost forgot to post Renderman's website. Don't forget to scroll all the way down for content. Enjoy!
Friday, November 7, 2008
Related to an earlier post, here is an interesting article questioning Google's data mining capabilities:
Does Google Know Too Much?
Does Google Know Too Much?
Google's gathering of information and making it available online is provoking outrage in Germany, triggered by such things as its Street View service to capture and post images of streets all over the world using car-mounted cameras. "These pictures, which are available for retrieval worldwide over the Internet, could easily be linked to satellite photos, address databanks, and other personal data," says Germany's federal commissioner for data protection Peter Schaar, who suggests that such information could be tapped for shady activities. The aggregate data Google has compiled makes many intelligence agencies seem "like child protection services" in comparison, says Hendrik Speck of the applied sciences university in Kaiserslautern. Peter Fleischer, whose job as Google's head of data protection is to defuse such concerns by shielding users' information, insists that nothing Google collects identifies any particular individual. Opponents such as author Gerald Reischl counter that Google cannot validate such assurances, and he warns that the free Google Analytics program that Web site owners use to keep tabs on usage patterns can be used for surveillance. Thilo Weichert, who heads Schleswig-Holstein's Independent State Agency for Data Protection, writes that most Google Analytics users do not realize that the service routes data to the United States. "This violates the data privacy laws protecting those who use the Web sites," he says. Weichert also complains of Google's non-transparent operation, and its refusal to disclose anything about its data management strategy except "what is absolutely necessary ... and then only under pressure."
Obama/McCain Hack
As you may or may not know, the U.S. campains were compromised by a foreign source. Information was taken and an investigation is still ongoing. Here are three thoughts on the incident:
Why the Obama-McCain Hack may be bigger than you think
Oh Noes! Obama and McCain’s Campaigns Were PWND
US Government Detects Attacks on Obama and McCain Computers
Why the Obama-McCain Hack may be bigger than you think
Oh Noes! Obama and McCain’s Campaigns Were PWND
US Government Detects Attacks on Obama and McCain Computers
Defaults and weaknesses
Unfortunately there are too many real world examples where default passwords, weak passwords or test accounts are left on a system begging to be exploited.
Here are a two recent examples:
A Security Lesson From the Joe the Plumber Snooper
Prisoner PWNS Correctional System - Security Admins Out to Lunch
Here are a two recent examples:
A Security Lesson From the Joe the Plumber Snooper
Prisoner PWNS Correctional System - Security Admins Out to Lunch
Thursday, November 6, 2008
Doppelganger effect
So after some discussion about how an online presence can cause security issues, can a lack of an online presence be as bad? Imagine the target is a fairly well-known individual. S/he stays off of social networking sites to avoid the potential security and privacy issues we mentioned before. What could possibly happen to this person when they have exercised such caution?
Since anyone can sign up for Facebook, Myspace, Twitter, LinkedIn etc and can use fake information, what is preventing someone from creating a fake profile or Doppelgänger of the target? If the target person is really well known then the Doppelgänger will have no problem collecting lots of friends under false pretenses. The possibilities are endless for what the Doppelgänger could do in this position now.
The above scenario was tested when Shawn Moyer created a fake twitter profile for Gadi Evron, a security specialist. A fake profile on LinkedIn was also created for Marcus Ranum the CTO of Tenable Security. The potential for abuse is clear. From the article:
So perhaps some online presence is better than none. What do you think?
Since anyone can sign up for Facebook, Myspace, Twitter, LinkedIn etc and can use fake information, what is preventing someone from creating a fake profile or Doppelgänger of the target? If the target person is really well known then the Doppelgänger will have no problem collecting lots of friends under false pretenses. The possibilities are endless for what the Doppelgänger could do in this position now.
The above scenario was tested when Shawn Moyer created a fake twitter profile for Gadi Evron, a security specialist. A fake profile on LinkedIn was also created for Marcus Ranum the CTO of Tenable Security. The potential for abuse is clear. From the article:
Moyer noted that on any given social network there are what he called, "linkwhores." These are people that will accept friend connections from anyone else. So the researchers sent out friend requests to people based on a Google search for people that had security in their profiles. Moyer claimed they had more than 50 connections within 24 hours. They also got invites from other people, among them was Ranum's sister who was also fooled by the bogus profile.
The security researcher did the same trick on Twitter for noted security researcher Gadi Evron. Moyer claimed that the bogus Twitter profile actually received an interview request from a journalist who was looking for a source to talk about the Kaminsky DNS flaw.
So perhaps some online presence is better than none. What do you think?
CBS Early Show
This might be interesting to some of you:
Daniel Sieberg explains how millions of people are socializing via internet and mobile sites without meeting each other, sometimes with life-altering consequences.
Daniel Sieberg explains how millions of people are socializing via internet and mobile sites without meeting each other, sometimes with life-altering consequences.
Disobeying Corporate Rules
Read this blog post for the next class. It has some interesting points that fall into our recent discussions.
Monday, November 3, 2008
Data loss in the age of information
Information is power. This is so true in today's society. We had a great discussion today about ways of obtaining information. Here are a few articles/links that were mentioned:
Bugtraq
Partial Disclosure
The Web Hacking Incidents Database
Privacy Rights Clearing House
Data Loss Database (more information here)
How Can Government Improve Cyber-Security? (I)
How Government Can Improve Cyber-Security (II)
Laptop/Border Control
FISA and Border Searches of Laptops
Laptop searches at the border: No reason? No problem
When Will Social Networking Cripple Corporate Network Security
Videos
CNBC "Big Brother, Big Business"
Privacy is Dead Get Over It (I)
Privacy is Dead Get Over It (II)
Bugtraq
Partial Disclosure
The Web Hacking Incidents Database
Privacy Rights Clearing House
Data Loss Database (more information here)
How Can Government Improve Cyber-Security? (I)
How Government Can Improve Cyber-Security (II)
Laptop/Border Control
FISA and Border Searches of Laptops
Laptop searches at the border: No reason? No problem
When Will Social Networking Cripple Corporate Network Security
Videos
CNBC "Big Brother, Big Business"
Privacy is Dead Get Over It (I)
Privacy is Dead Get Over It (II)
Sunday, November 2, 2008
Capturing Keyboard Strokes
In the last class we talked about different ways of passively capturing information. Check out these videos on keyboard capture
Subscribe to:
Posts (Atom)
