Posts from — September 2005

Some interesting research by a team at the University of California, Berkeley was reported recently, demonstrating yet another means of exploiting password-based security protection.
Li Zhuang, Feng Zhou and J. D. Tygar have been eavesdropping–using simple recording equipment–on the sounds produced by regular keyboard typing, and using the sounds to generate transcripts that are surprisingly accurate. Each key, it appears, has a unique sonic signature when it is pressed, meaning that users must now add audio-based hacking attacks to an ever-growing list of threats…

Original post by blog@rsa.com (Burt Kaliski) and software by Elliott

My colleague Stan Swiniarski discussed the impact of Hurricane Katrina in his Speaking of Security posting on September 6th and how important it is to do our part to help the victims of that terrible disaster. I was reminded, during a presentation by Red Cross CIO Steve Cooper earlier this week, just how much help is still needed for the hurricane victims. The number of Red Cross cases for relief aid alone is staggering – in the hundreds of thousands – and the reality is that billions of dollars in financial assistance is needed for Katrina victims. Now, with Hurricane Rita threatening the Gulf coast again – it looks like this new storm is headed toward Texas – additional resources for response and recovery will be required…

Original post by blog@rsa.com (Shannon Kellogg ) and plugin by Elliott Back

I am already impressed by this new glossary which has just appeared on our corporate web site. It is a neat resource and, along with the likes of TechTarget’s WhatIs.com, helps me to navigate all the jargon and various acronyms that define our industry. It will be edited, expanded and updated on a regular basis – I recommend it to you.

Original post by blog@rsa.com (Slava Kavsan) and software by Elliott Back

For several years, the U.S. State Department has vigorously pursued plans for RFID enhancement of passports–both for U.S. citizens and visiting nationals. The initial ePassport designs, as described in State Department memoranda, lacked basic privacy protection features, like encryption of information transmitted between the passport and reading devices. This was a problem: Passports carry sensitive information, of course, like birth dates, place of birth, and so forth–precisely the type of information that identity thieves prize…

Original post by blog@rsa.com (Burt Kaliski) and plugin by Elliott Back

There is a great article over at ranum.com discussing what the author views as the six dumbest ideas in computer security. Many of the ideas are ones others have brought up in the past but cost or reduction of usability seem to win over security. A quick but educational read.

Original post by Kevin Blanchard and software by Elliott Back

It’s not often that I point the public to a competitor’s web site, but I had to share this amusing marketing campaign from Entrust with you.
TokenRevolt.com leads with the assertion that “we don’t need tokens anymore” and shows a number of alternative uses for this ‘redundant’ form of network security. Check it out – they have put some real time into this! There are photos, video-clips and even a competition where $5000 is up for grabs. Disused tokens star as fishing bait; poker chips; even tap-dancing aids…

Original post by blog@rsa.com (Shannon Kellogg ) and software by Elliott Back

I was thinking about what to blog today. I’ve been phished a lot lately (I’m amazed at how many of my bank and Paypal accounts keep expiring. I also never knew there were so many different little nations in Africa with exiled princes who could make me rich beyond my wildest dreams if I help them out). But, maybe I’ll do that next time.
What I thought I’d talk about today are the Hurricane Katrina victims, because that’s what’s on my mind. It always amazes me how powerful we think we are, how much technology horsepower we possess, how superior we think that makes us in the world. Yet, a storm blows through the Gulf, (albeit a huge one), and we have people under our noses who are starving, dying and have nowhere to go - just like the instant devastation caused by the […]

Original post by blog@rsa.com (Stan Swiniarski) and a wordpress plugin by Elliott