Gradually over the year of 2007, I’ve been turning to Google to help me get through sticky problems with open-ended programming projects. As I’ve moved from Java to actual implementable languages such as Python and C#, I’ve found that more and more of my answer end up at places such as experts-exchange.com. I’m of course ecstatic that my exact problem has been found on the great big interweb; the Google summary shows me part of a solution! Of course, when I actually navigate to the site, I’m greeted with a greatly-reduced page with lots of ‘trial options’ (example). What happened to my content that I just saw highlighted on Google? It’s nowhere to be found.
User-agent-enhanced Websites
Posted in Miscellaneous, Security Reviews
Tagged , experts exchange, googlebot, user-agent
2 Comments
Windows 3.1-XP Password Hashing Review
Windows systems like many other operating systems hash passwords instead of keeping them clear text in the event an attacker ever gets a hold of authentication data. Microsoft first developed the Lanman (LM) password hashing scheme in Windows for Workgroups 3.1. In order to maintain backward compatibility Microsoft has kept this system enabled by default all the way through Windows XP (Vista still supports LM hashing but is by default disabled). Due to the design of the original LM system it is now feasible for many people to store large sets of precomputed hashes (rainbow tables) and crack complex, non-dictionary, passwords in just a few minutes.
Posted in Security Reviews
Comments Off on Windows 3.1-XP Password Hashing Review
Security Review: Deep Siren
According to Scientific American, the US Navy is considering to deploy a new technology, Deep Siren, to improve communication to and from submerged submarines. As of now, submarines have to be no deeper than 60 feet and towing a floating antenna behind them before they can communicate with the outside world. This makes the submarines far less agile and much easier to detect. The Deep Siren System will theoretically allow subs to communicate at any depth and speed.
Continue reading
Posted in Integrity, Physical Security, Privacy, Security Reviews
Tagged , Deep Siren, Navy, NSA, reverse engineering, submarines
Comments Off on Security Review: Deep Siren
Security Review: GM Onstar
GM’s OnStar service has been a sucess for several years now. It gives many services to people with GM vehicles. It provides some very powerful features such as GPS tracking, stolen vehicle slowdown, remote unlock and emergency services. However the technology imposes potential for exploitation.
Security Review: Integrated Webcams
The other night one of my friend’s asked me about the webcam in her laptop. She was concerned about people gaining access to it and spying on her. Her fears got me to thinking about this problem.
Integrated webcams are becoming the norm in most laptops. The privacy implications of unauthorized access are staggering. A lot of us take changing in the secrecy of our own room for granted, but what if that wasn’t the case? In this security review I look at the possible weaknesses and defenses this class of products has.
Continue reading
Posted in Privacy, Security Reviews
2 Comments
Security Review: TrueCrypt
Summary
TrueCrypt is a disk encryption system intended to solve the problem of people being forced to disclose encryption keys or face consequences. It allows a disk partition to be completely encrypted. The most recent version even includes a special bootloader that can be used to have a complete Windows installation inside of an encrypted volume.
One of TrueCrypt’s unique features is the ability to hide another volume inside of the same encrypted partition. The hidden volume is stored at the end of the primary volume, in what looks like random data in the free space of the primary volume.
Posted in Privacy, Security Reviews
13 Comments
Russian security research company won’t share thier exploit
http://www.daniweb.com/blogs/entry2060.html
Apparently a company in Russian named Gleg finds security holes in commonly used software and then sells information about the exploitabilities to their ‘clients’ who pay lots of money to get knowledge like this. It sounds like they publicly stated that they have a buffer overflow attack that works against the new version of RealPlayer 11. The vendor that makes RealPlayer has repeatedly asked Gleg for information about the vulnerability, but Gleg apparently refused to disclose any information about the weakness. It is disorienting for me to think of what this Gleg company does as legal, but it does not seem like they are actually breaking any laws in doing this.
Posted in Current Events
1 Comment
US Customs seizes Electronics at borders
The title says it all. According to the article linked below, Customs has been seizing electronics like cell phones and laptops on grounds of “suspected criminal activity.” Some travelers complained that their devices were taken for more than a week and copied by the agency during that time. This calls into question the jurisdiction of Customs, who said that it was similar to searching a briefcase and finding hard-copy evidence. While I understand the necessity of surprise, random searches like this, I think if notifying travelers would have been a better idea to mitigate travel stress. Many people subjected to this kind of search have complained already, and some have already gone to court in outrage. To help relieve concern and stress, I would suggest to Customs to submit a press release detailing the search procedure, as well as how the data is handled.
Posted in Current Events
1 Comment
Security Review: Access to our IMA Building
Summary:For this security review, I have chosen to evaluate our very own IMA (Intramural Activities) Building which I am a somewhat frequent visitor to. The security concepts for the IMA are rather simple: let only those who are authorized into the building since it is a members-only facility. Enrolled students, current or retired faculty, and the spouses of the members are some of the people eligible for a membership with a quarterly fee. An employee sits in the lobby and swipes cards as members walk in via a forced path. Continue reading
Posted in Security Reviews
Comments Off on Security Review: Access to our IMA Building
Security Review: Facebook Privacy Setting
Along with its popularity, Facebook has become the central of personal informations. It records users’ personal information along with their interaction and activities with other users. Privacy setting is used so users can decide who they would like give access to which part of their information.
Posted in Security Reviews
Comments Off on Security Review: Facebook Privacy Setting