Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 19 2013

Four short links: 19 December 2013

  1. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (PDF) — research uses audio from CPU to break GnuPG’s implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
  2. Bitcoin, Magic Thinking, and Political Ideology (Alex Payne) — In other words: Bitcoin represents more of the same short-sighted hypercapitalism that got us into this mess, minus the accountability. No wonder that many of the same culprits are diving eagerly into the mining pool.
  3. Why I Want Bitcoin to Die in a Fire (Charlie Stross) — Like all currency systems, Bitcoin comes with an implicit political agenda attached. Decisions we take about how to manage money, taxation, and the economy have consequences: by its consequences you may judge a finance system. Our current global system is pretty crap, but I submit that Bitcoin is worst. With a list of reasons why Bitcoin is bad, like Stolen electricity will drive out honest mining. (So the greatest benefits accrue to the most ruthless criminals.)
  4. iSeeYou: Disabling the MacBook Webcam Indicator LED — your computer is made up of many computers, each of which can be a threat. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. (via Washington Post)

December 18 2013

Four short links: 18 December 2013

  1. Cyberpunk 2013 — a roleplaying game shows a Gibsonian view of 2013 from 1988. (via Ben Hammersley)
  2. The Future Computer Utility — 1967 prediction of the current state. There are several reasons why some form of regulation may be required. Consider one of the more dramatic ones, that of privacy and freedom from tampering. Highly sensitive personal and important business information will be stored in many of the contemplated systems. Information will be exchanged over easy-to-tap telephone lines. At best, nothing more than trust—or, at best, a lack of technical sophistication—stands in the way of a would-be eavesdropper. All data flow over the lines of the commercial telephone system. Hanky-panky by an imaginative computer designer, operator, technician, communications worker, or programmer could have disastrous consequences. As time-shared computers come into wider use, and hold more sensitive information, these problems can only increase. Today we lack the mechanisms to insure adequate safeguards. Because of the difficulty in rebuilding complex systems to incorporate safeguards at a later date, it appears desirable to anticipate these problems. (via New Yorker)
  3. Lantronix XPort Pro Lx6a secure embedded device server supporting IPv6, that barely larger than an RJ45 connector. The device runs Linux or the company’s Evolution OS, and is destined to be used in wired industrial IoT / M2M applications.
  4. Pond — interesting post-NSA experiment in forward secure, asynchronous messaging for the discerning. Pond messages are asynchronous, but are not a record; they expire automatically a week after they are received. Pond seeks to prevent leaking traffic information against everyone except a global passive attacker. (via Morgan Mayhem)
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl