Prof Avery's weblog
creme filling for hollow victories


CSU Fullerton Perl Powered Python vi Hacker

Geek News

del.icio.us bookmarks


Sun, May 15, 2005

Full-Disclosure Weekend

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Tue, May 10, 2005

Symantec Worm Simulator
Symantec has released a Worm Simulator. I can't tell whether this is just a sales tool ("Oooh, look at the scary worm! Buy stuff from us or the worm will get you!") or if it could be useful as a research tool.

If you're running Windows, download it and let me know.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Fri, Apr 08, 2005

Stupid Spammer Tricks
You've all seen those spam messages with subject lines like "Make $$$ Fast! libertarian expiation gonzo (xyzzy)". The spammers include nonsense words in an attempt to fool Bayesian filters. It doesn't work very well, but they still do it.

But here's a new twist. The other day I got a spam e-mail whose subject line included the word "quadric." Since we'd been talking about quadric surfaces in my graphics class just the other day, they almost got me to read their stupid advertisement.

I figured it was just a coincidence until yesterday I got one whose subject line contained "cryptanalysis." I gather they've taken to scraping web pages: when they decide to spam whomever@example.com, they first check to see if there's a www.example.com, then grab a statistically significant word from that page and use it in the subject line, hoping to fool you into opening it.

Clever, but not clever enough. Did I mention that both of the e-mails had already been automatically filed under "Spam?"

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

The DNS Poisoning Attacks
As of this post, the latest update from SANS was here.

The attacks are serious enough that the Internet Storm Center has raised their Infocon level to "Yellow." I know this because the icon in my system tray has turned yellow and started flashing.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Wed, Mar 30, 2005

For those of you who are interested in spy-stuff, I recommend the new book Chatter: Dispatches from the Secret World of Global Eavesdropping by Patrick Radden Keefe.

To quote Scott McNealy (CEO of Sun Microsystems): "You already have no privacy. Get over it."

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Tue, Mar 29, 2005

The Secret Service and Distributed Computing
The Washington Post has an article on the Secret Service's internal system for cracking encrypted files. Sort of their own distributed.net.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Sat, Mar 19, 2005

E-mail address encryption
Ok, this is kind of neat: a program that takes your e-mail address, encrypts it using 10-bit RSA, then generates a JavaScript program to decrypt it and generate a mailto: link in a web page. Why do such a thing? Because if you post an e-mail address as plaintext on a web page (like, say, that link to spool@kenytt.net over on the left), it'll be a matter of minutes before some lowlife scrapes it and spams you.

So I was setting up an autoresponder for homework assignments, and figured I'd give it a shot.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Sun, Mar 06, 2005

New NSA Security Standard
The National Security Agency has released a new, recommended set of cryptographic standards for securing sensitive and unclassified data. The standard, called "Suite B," specifies Elliptic-Curve algorithms for public-key cryptography along with the existing AES and SHA standards for symmetric cryptography and hashing.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

If you're not at least a little paranoid by the time you finish this class, then I haven't been doing my job: from our friends at CAIDA comes "Remote physical device fingerprinting."

Every computer clock has a bit of skew caused by tiny differences in the hardware. This causes the clock to be slightly different from every other clock, and it could be used to uniquely indentify your computer. It turns out that you can measure this skew from almost anywhere on the Internet, even from behind a firewall. Which means that, potentially, your computer can be tracked even if connects to the Internet through different networks...

Paranoid yet?

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Wed, Feb 23, 2005

Cracking DES
For the full story on DES, see Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Wed, Feb 16, 2005

Big Crypto News
From Bruce Schneier's weblog: SHA-1 has been broken. Two weeks from now we'll be talking about hash functions. By that time it may be confirmed, and we'll talk about the implications.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Wed, Feb 09, 2005

Linear and Differential Cryptanalysis Tutorial
On Thursday, we'll be talking about cryptanalysis. I'll give you an overview of the linear and differential techniques, but if you want to know more, check out A Tutorial on Linear and Differential Cryptanalysis by Howard M. Keys.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Sun, Feb 06, 2005

Handbook of Applied Cryptography
Another reference book available free on the Internet is the Handbook of Applied Cryptography from CRC Press.

/var/spool/courses/csuf/2005/spring/cpsc433/misc #

Sat, Feb 05, 2005

Army Cryptanalysis Field Manual
This is interesting... a copy of a US Army Field Manual for Cryptanalysis. (via Slashdot)

/var/spool/courses/csuf/2005/spring/cpsc433/misc #



December 2017
Sun Mon Tue Wed Thu Fri Sat