Prof Avery's weblog
high-strung herald of the haphazard
Geek News
del.icio.us bookmarks
RSS
Sun, May 15, 2005
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Tue, May 10, 2005
Symantec Worm Simulator
Symantec has released a Worm Simulator. I can't tell whether this is just a sales tool ("Oooh, look at the scary worm! Buy stuff from us or the worm will get you!") or if it could be useful as a research tool.
If you're running Windows, download it and let me know.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Fri, Apr 08, 2005
Stupid Spammer Tricks
You've all seen those spam messages with subject lines like "Make $$$ Fast! libertarian expiation gonzo (xyzzy)". The spammers include nonsense words in an attempt to fool Bayesian filters. It doesn't work very well, but they still do it.
But here's a new twist. The other day I got a spam e-mail whose subject line included the word "quadric." Since we'd been talking about quadric surfaces in my graphics class just the other day, they almost got me to read their stupid advertisement.
I figured it was just a coincidence until yesterday I got one whose subject line contained "cryptanalysis." I gather they've taken to scraping web pages: when they decide to spam whomever@example.com, they first check to see if there's a www.example.com, then grab a statistically significant word from that page and use it in the subject line, hoping to fool you into opening it.
Clever, but not clever enough. Did I mention that both of the e-mails had already been automatically filed under "Spam?"
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
The DNS Poisoning Attacks
As of this post, the latest update from SANS was here.
The attacks are serious enough that the Internet Storm Center has raised their Infocon level to "Yellow." I know this because the icon in my system tray has turned yellow and started flashing.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Wed, Mar 30, 2005
SIGINT
For those of you who are interested in spy-stuff, I recommend the new book Chatter: Dispatches from the Secret World of Global Eavesdropping by Patrick Radden Keefe.
To quote Scott McNealy (CEO of Sun Microsystems): "You already have no privacy. Get over it."
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Tue, Mar 29, 2005
The Secret Service and Distributed Computing
The Washington Post has an article on the Secret Service's internal system for cracking encrypted files. Sort of their own distributed.net.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Sat, Mar 19, 2005
E-mail address encryption
Ok, this is kind of neat: a program that takes your e-mail address, encrypts it using 10-bit RSA, then generates a JavaScript program to decrypt it and generate a mailto: link in a web page. Why do such a thing? Because if you post an e-mail address as plaintext on a web page (like, say, that link to spool@kenytt.net over on the left), it'll be a matter of minutes before some lowlife scrapes it and spams you.
So I was setting up an autoresponder for homework assignments, and figured I'd give it a shot.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Sun, Mar 06, 2005
New NSA Security Standard
The National Security Agency has released a new, recommended set of cryptographic standards for securing sensitive and unclassified data. The standard, called "Suite B," specifies Elliptic-Curve algorithms for public-key cryptography along with the existing AES and SHA standards for symmetric cryptography and hashing.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Paranoia
If you're not at least a little paranoid by the time you finish this class, then I haven't been doing my job: from our friends at CAIDA comes "Remote physical device fingerprinting."
Every computer clock has a bit of skew caused by tiny differences in the hardware. This causes the clock to be slightly different from every other clock, and it could be used to uniquely indentify your computer. It turns out that you can measure this skew from almost anywhere on the Internet, even from behind a firewall. Which means that, potentially, your computer can be tracked even if connects to the Internet through different networks...
Paranoid yet?
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Wed, Feb 23, 2005
Cracking DES
For the full story on DES, see Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Wed, Feb 16, 2005
Big Crypto News
From Bruce Schneier's weblog: SHA-1 has been broken. Two weeks from now we'll be talking about hash functions. By that time it may be confirmed, and we'll talk about the implications.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Wed, Feb 09, 2005
Linear and Differential Cryptanalysis Tutorial
On Thursday, we'll be talking about cryptanalysis. I'll give you an overview of the linear and differential techniques, but if you want to know more, check out A Tutorial on Linear and Differential Cryptanalysis by Howard M. Keys.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Sun, Feb 06, 2005
Handbook of Applied Cryptography
Another reference book available free on the Internet is the Handbook of Applied Cryptography from CRC Press.
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
Sat, Feb 05, 2005
Army Cryptanalysis Field Manual
This is interesting... a copy of a
US Army Field Manual for Cryptanalysis.
(via Slashdot)
/var/spool/courses/csuf/2005/spring/cpsc433/misc #
| March 2021 | ||||||
|---|---|---|---|---|---|---|
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Topics
- administrivia (2)
- courses (138)
- . csuf (138)
- . . @2005 (103)
- . . . @spring (103)
- . . . . @cpsc423 (25)
- . . . . @cpsc433 (24)
- . . . . . @misc (14)
- . . . . @cpsc461 (20)
- . . . . @cpsc465 (26)
- . . @2006 (35)
- . . . @spring (35)
- . . . . @cpsc465 (34)
- . . . . . @misc (4)
- graphics (2)
- last (12)
- reviews (2)
- science (2)
- . math (1)
- . psychology (1)
- tools (3)
- . editors (1)
- . graphics (1)
- . security (1)
Archives
- July 2006 (1)
- June 2006 (2)
- May 2006 (7)
- April 2006 (4)
- March 2006 (9)
- February 2006 (16)
- January 2006 (2)
- July 2005 (3)
- May 2005 (15)
- April 2005 (20)
- March 2005 (31)
- February 2005 (34)
- January 2005 (4)
- June 2003 (1)
- May 2002 (3)
- April 2002 (7)
- March 2002 (2)