Adam's Blogroll: click through to the author's blog
Quantum computing promises a higher level of processing power over current computers, but it comes with its own challenges with implementation. When it comes to fruition, it’ll also break current privacy measures like your banking password. Financial Times explains how this works with a fine set of animations and illustrations.
Tags: Financial Times, quantum computing, security
Posted by in Financial Times, Infographics, quantum computing, security
Researchers from the National University of Singapore found a way to infer key shape based on the sound the lock makes when you insert the key.
First they capture a sound recording with a standard microphone. Then they run the audio file through software to filter out the metallic clicks. This provides a time series from which they can infer likely keys.
Soundarya Ramesh presented the work at HotMobile 2020 in the talk below:
Oh to be back in graduate school again. [via kottke]
Posted by in keys, security, statistics, unlock
File another one under the sounds-good-on-paper-but-really-challenging-in-practice. Kashmir Hill, for The New York Times, describes the challenges of new laws that allow users to request the data that companies collect on them:
Since then, two groups of researchers have demonstrated that it’s possible to fool the systems created to comply with G.D.P.R. to get someone else’s personal information.
One of the researchers, James Pavur, 24, a doctoral student at Oxford University, filed data requests on behalf of his research partner and wife, Casey Knerr, at 150 companies using information that was easily found for her online, such as her mailing address, email address and phone number. To make the requests, he created an email address that was a variation on Ms. Knerr’s name. A quarter of the companies sent him her file.
“I got her Social Security number, high school grades, a good chunk of information about her credit card,” Mr. Pavur said. “A threat intelligence company sent me all her user names and passwords that had been leaked.”
Yay.
I’m not saying these new laws are bad, but maybe get yourself a good password manager and change all those duplicate passwords.
Tags: New York Times, privacy, security
Posted by in New York Times, privacy, security, statistics
George Mauer highlights how a hacker might access other people’s data by putting an equal sign in a CSV file, so that an import to Microsoft or Google Sheets runs a value as a formula, even if it’s quoted as a string.
The attacker starts the cell with their trusty = symbol prefix and then points IMPORTXML to a server they control, appending as a querystring of spreadsheet data. Now they can open up their server log and bam! Data that isn’t theirs. Try it yourself with a Requestb.in.
The ultra sinister thing here? No warnings, no popups, no reason to think that anything is amiss. The attacker just enters a similarly formatted time/issue/whatever entry, eventually an administrator attempts to view a CSV export and all that limited-access data is immediately, and queitly sent away.
Oh goody.
Posted by in csv, Data Sharing, security
Norse monitors cyber attacks in real-time. This is their map of what's going on. (All I hear is pew, pew, pew when I watch it.) [via Boing Boing]
Technology continues to advance quickly, but the social questions are lagging a bit. Radiolab explores the topic of we-can-but-should-we from the perspective of a surveillance system that watches an entire city twenty-four-seven.
On the one hand, the system allows authorities to find criminals more efficiently. On the other hand, everyone is watched.
Posted by in privacy, security, statistics