Tuesday, June 25, 2013

Countdown - the end of a (Google) reader

   The clock is ticking.  On July 1, Google will remove support for the RSS aggregator tool, Google Reader.

   In the past I've talked about how I keep up with the vast amount of information and changes in the security and IT fields.  That article focused on podcasts.  Another key tool I use is an RSS aggregator.

   An RSS aggregator is a program used to collect information from online sources.  You "subscribe" to a site (such as this blog), and then notices of new articles are automatically brought into the aggregator.  The power of the tool is that you can organize your subscriptions by categories you choose.  You can then quickly browse new articles by category.

Tuesday, June 18, 2013

One if by Land, Two if by Prism

   Last week I avoided talking about Prism, the supposed NSA wiretapping issue that has been all over the news.

   However, in the past week I've read or heard 3 different highly insightful analyses and I'd like to comment on them.

   First, on the possible techniques used.  Major data collection organizations including Facebook and Google have denied providing any information to the US Feds as has been alleged.  But the NSA is getting information.

Tuesday, June 11, 2013

Light and Sound - the next mobile malware vector?

   With all the talk about Prism in the security news, we didn't hear about much else.

   But here's an interesting story... Researchers at University of Alabama, Birmingham verified that malware, or other actions, can be triggered on a mobile device by sounds, music or light!

   From the article:
   "In one instance, the researchers used music in a crowded hallway to launch an attack on an off-the-shelf Android phone. In others, the malicious code was activated by a song with a particular pattern or the ambient light from a TV, computer monitor or overhead light bulb."

   For most of their experiments, the source of the sound or light needed be very close to the target device.

   Right now this is only experimental.  However, we know that well over 50% of mobile phone users in the US have smartphones.  And these phones have input sensors for light, sound and motion.  Essentially, we are all carrying devices that not only track our location and movements, but can record, and be influenced by, the environment around us.

   It will be interesting to track this research and see the ongoing new ways in which these ubiquitous devices can be exploited.

Tuesday, June 4, 2013

How crackers ransack passwords - Sort of...

   I am not trying to make this the password rant blog.  But we just can't go a full week without more news about password problems!

   Last week the excellent tech new site, Ars Technica, did a feature article in which they had first a journalist, then three different password hacking experts, try to decrypt passwords from an encrypted password file.  They were all quite successful... frighteningly so.
   Steve Gibson discussed this for a bit in Security Now episode 406.

   But, I think there were some critical flaws in the test.  And there were also some excellent lessons.

   I'll comment on the article using the sandwich method, starting with what was good...