Saturday, October 27, 2012

South Carolina Government Cracked -- SSN's and Credit Cards Stolen

This type of thing is becoming all too common: some entity (whether it be corporate or government) does a lousy job of securing its machines, ends up getting cracked, and then complains about how unfair it all is.  This is what is happening now in South Carolina after it was discovered earlier this week that a state agency was hacked.  It turns out that millions of South Carolina's residents have had their SSN's and credit card numbers stolen.

Thursday, October 18, 2012

Air-Gap Critical Machines Already

We often hear about the prospects of "cyber-Pearl Harbor."  In such a scenario a malicious actor would attack the power grid or the financial markets and bring America to a halt.  Now a new study shows that hospital computers, even those used in patient monitoring equipment, are ridden with malware.  There's a simple solution to all of these problems: air-gap the critical machines!

Saturday, October 6, 2012

Anti-Virus Software is Snake-Oil

Something that irritates me to no end in the computer age are snake-oil hucksters who produce software that provides almost no value to the customer and does nothing but to line the pockets of the entity producing the software. AV software is probably the most salient example of this.

Thursday, October 4, 2012

More AppArmor Profiles For Ubuntu 12.04

Following up on my previous two posts where I provided complete profiles for Firefox and Google Chrome (as well as peripheral things like totem, transmission, mplayer, and the OpenJDK plugin), in this post I want to provide profiles for both pidgin and xchat.

Wednesday, October 3, 2012

Schneier's Skein Loses out at SHA-3

The SHA-3 winner has been announced by NIST.  It appears Bruce Schneier (and his team's) entry of Skein did not win.  Instead the winner is Keccak.

Many people thought Skein might be a lock this time because of some of it's interesting design features, as well as the fact that it included it's own block cipher (Threefish) along with it.  On the other hand, Schneier himself said just a few days ago on his blog that he didn't think Skein would win (though he didn't give a reason).  He also said he doesn't think we actually need a new hashing standard because SHA-2 has held up much better than people thought it would back when the SHA-3 competition started.  Contrast this with DES, which was utterly broken (due to a small key) when the AES competition started back in the late 90's.  AES was a necessity, SHA-3 is not, according to Schneier.