Tag: computer security

Categories
Reviews TV

24 Day 8: 8pm – 9pm

Not much security related in this episode but still lots of ridiculousness and illogical situations.

The Russian mobster’s son is dying of radiation sickness but he refuses to allows his other son to take him to the doctor. Really not much a doctor could do anyway as there is no cure a doctor can only alleviate the symptoms with anaesthetics (to relieve the pain) and antibiotics (to prevent infections due to the compromised immune system). If he is dying why not put him out of his misery?

Of course number one son ignores his father’s sage advice and not only takes his brother to a doctor but then tells the doctor it’s due to weapons grade uranium. I could be wrong but I’m pretty sure that it is not medically relevant to know what isotope it was that caused the radiation sickness.

I love Jack’s hypocrisy, Renee is no more unstable and brutal than he’s ever been. Even her death wish is not that far removed from some of his behaviour in previous seasons.

The subplot regarding Dana’s mysterious past stands out so far as the most stupid element of this season so far. Would CTU agents be allowed unsecured cell phones at work? Apparently her past involves being an ex-con, as an accessory to murder! Then her ex-boyfriend seems to be succeeding in his plan to blackmail her into violating CTU security to give him classified documents that he can sell. I think that for any sane person that the risk of being caught and tried as a traitor would be a far worse scenario than merely losing one’s job.

How did the nuclear material get smuggled into the US and how do they propose to smuggle it out again? Since 9/11 there have been great strides in outfitting US and borders with radiation detection equipment and under the Container Security Initiative foreign ports that are shipping containers into the US, so this would appear to be a nigh on impossible proposition in the real world. Ironically the CSI according to Misha Glenny in his book McMafia has created a situation where it is now easier to smuggle goods into the US because foreign officials can be bribed to overlook what a container might have in it as long as it does not have nuclear material.

Categories
TV

Passwords in House M.D.

In Episode 17 (Season 5): “The Social Contract” of House M.D. there is a throwaway line about how Wilson never password protects his patient files.

The context is that House has sent Taub to discover what Wilson is up to behind his back instead of going to the Monster Truck Rally with him. Taub brings back a bunch of print outs of deleted emails including one exchange between Wilson and a fellow oncologist from another hospital which included a patient file that couldn’t be printed out because it was password protected.

I’d be very worried if doctors were not routinely encrypting files let alone merely password protecting them if they are sending them via email.

Categories
Terrorism

Nigerian man attempts to blow up Detroit flight

Nigerian Umar Farouk Abdulmutallab who is thought to have been a student in the UK is accused of trying to blow up a flight to Detroit.

Sources say a man burnt his leg trying to ignite explosives on the jet, which had 278 passengers and 11 crew aboard, but nobody else was seriously hurt.

In custody, the Nigerian suspect said he had been acting on behalf of al-Qaeda, a police source said.

Passengers from the flight describe what they saw during the incident

The police conducted a search of a London flat as part of the enquiry into the failed bombing attempt. Abdulmutallab was believed to have been a mechanical engineering student at UCL between September 2005 and June 2008 but a UCL spokesman has been unable to confirm whether it is the same individual as the man detained in the US.

Most intriguingly a Nigerian banker Alhaji Umaru Mutallab has said his 23-year-old son may be the man connected with the failed incident.

Mr Mutallab, the former minister and chairman of First Bank in Nigeria said his son left London where he was a student to travel “I believe he might have been to Yemen, but we are investigating to determine that.”

Categories
Computing

Creating secure passwords

CyberNet News have a clever solution to the age old problem of how to create and remember strong passwords that are extremely resistant to brute force attacks. [via]

Their method seems to be just for the creation of a single password, but I’ve adapted it below for use as a secure generator of unique passwords for websites.

1. Choose a master password, go for something memorable because this will form the basis of every password you’ll generate. e.g. sherlock

2. Get the URL of the website for which you wish to create a secure password. Attention: use just the domain name part to avoid confusion later! You’ll thank me for that, trust me. Valid examples are facebook.com and google.com Bad: http://www.facebook.com and https://mail.google.com/mail/.

3. Go to http://www.onlinefunctions.com/. Enter your master password and the domain name in the “Input” field. e.g. sherlockgoogle.com

4. What we’re going to do is convert this input into an md5 hash. All we need to know about the md5 algorithm is that it’s commonly used to encrypt data.

5. Hit the “Create MD5″ button.

6. Take the first eight characters from the “MD5 hash” field and use it as your new secure password.

The SuperGenPass bookmarklet automates this process if you wish to trust a third party and there is no reason not to given that the source code is available to scrutinise.

Categories
Computing Security

Jailed hacker gained control over prison computer

The Mirror reports that a jailed hacker was allowed to gain control over the prison computer hard drive. [via]

Slashdot says prison computer network was in the control of this hacker but the Mirror states that he had control of the hard drive and managed to lock everyone else out by password protecting it.

That’s two quite different things, but regardless it sounds like he didn’t do much harm. I’d be more concerned about the inmate that at the same jail managed to get a key cut that opened every door.

Categories
Computing

A Stick Figure Guide to the Advanced Encryption Standard (AES)

A Stick Figure Guide to the Advanced Encryption Standard (AES) [via Schneier]

This is simply brilliant as is AES/Rijndael which when explained like this seems amazing that in its simplicity it is also so powerful.

Categories
Computing

The security of GSM is broken

The encryption system used for GSM mobile phones has been demonstrated to be fundamentally flawed and is crackable. But to be honest what is most surprising is that it has taken until now for the security of the 20-something years old encryption system to be broken.

At the recent Hacking at Random (HAR) conference, held from 13-16 August, Karsten Nohl detailed plans for cracking standard GSM cell phone encryption, known as A5/1, and making the results available for anyone to use. You can see a PDF of his presentation here.

This issue was covered by Steve Gibson and Leo Laporte in the latest episode of the podcast Security Now, transcript here.

Categories
Computing

Identity Theft Manifesto – Protect yourself

Identity Theft Manifesto
Protect yourself. Protect your family. Protect your identity.

Very comprehensive website about all aspects of identity theft. How to prevent it happening to you and what to do if you do become a victim of identity theft.

Categories
Computing Security

Repressive regimes, airport security and PC tips

BoingBoing: HOWTO communicate in repressive regimes

Schneier: Fixing Airport Security

Maximum PC: 21 Essential Steps to Make Your PC Better/Faster/Stronger

Categories
Computing

The Cuckoo’s Egg mark II – Ghostnet and the researchers that uncovered it

John Markoff for the New York times writes about Ghostnet which is thought to be a Chinese state-sponsored cyber-spying operation and the computer security investigators based at the University of Toronto that uncovered it. Tracking Cyberspies Through the Web Wilderness

It’s like The Cuckoo’s Egg mark II although everyone is taking this discovery a lot more seriously than they did Clifford Stoll’s 20 years ago.