Fingerprinting Computers – Part I – Your browser.

Authentication is about the only big open problem in the practice of internet security. The existing encryption and hashing algorithms as well as the key generation/management protocols offer a high degree of security, barring programming/implementation errors.
Authentication technologies face serious challenges mainly because identity is difficult to establish with a 100% certainty even using physical characteristics, i.e., signatures and credentials can be forged, the physical appearance of people can be manipulated, etc.
Read more of this post

Page on authentication added

I’ve added a page on authentication that sums up several posts and put them in one place.
Check it out on the right side under “Look Inside”

It didn’t take very long… [UPDATED]

for my prediction to become a reality.
PC world reported on Feb 18 that a bunch of websites, only 84,000, were taken down “accidentally” by the ICE.
I have zero sympathy for people who uses the web to steal or commit morally reprehensible acts, however, if I can anticipate the heavy damage that a government agency with the power to shut down internet domains can unleash on hardworking and honest people,you cannot convince me that the legislators cannot figure this was bound to happen. Obviously they don’t care about the consequences of their grandstanding have for the rest of us mortals. And at the end of the day, shutting down websites doesn’t stop the traffic of child pornography or stolen intellectual property, it is just a nuisance for the bad guys that now need to go and setup another channel.
The danger for the rest of us is this, if we trust the government, any government, with the switch to the Internet, how long before the shutting down of domains is used as a way to silence dissent?
Oh wait! It did already happened? That was another prediction that turned to be right!


Check this Hall of Shame page at the EFF

from Backdoor to Backdoor

While the FBI was accused to set a backdoor to OpenBSD, the NSA clears the record on DES.
There are many stories about sneaking sophisticated chunks of code that make perfectly good encryption system to leak information. Something like this is extremely difficult to do without nobody noticing it and I think that it must be considered as a lot of unnecessary trouble for the guys that rather will nicely ask for the keys to your front door.

The End Of IP As We Know It (from SANS website)

SANS Institute has the best article I’ve seen on the issue of IPv4 address space exhaustion. A good read, including the comments.

Today, IANA announced that it had handed out two more /8 IPv4 assignments to APNIC. As a result, IANA is down to 5 /8s, triggering its special policy to hand out one address to each regional registrar (RIR). The 5 RIRs are AFRNIC (Africa), APNIC (Asia Pacific), ARIN (North America), LACNIC (Latin

via The End Of IP As We Know It.

The Stuxnet Encyclopedia

Symantec published the most comprehensive and detailed analysis of the Stuxnet virus to date.

Cyber war or hacking as usual?

The Government of Canada was hit by a phishing attack from servers outside the country.
This attack follows the trend described here by RSA.
Was it in retaliation for this?

2011 at its Prime

The fact that 2011 is a prime number didn’t escape the mathematical inclined minds. Moreover, as tweeted @mathematicsprof 2011 can be expressed as the sum of the 11 consecutive primes 157+163+167+173+179+181+191+193+197+199+211.

This already sets the stage for a year that, I will dare to predict, will not be easily forgotten. A confluence of processes already in motion may result in drastic changes for the world and in particular the Internet. To wit:

  • Cyber-attacks can get ‘physical’ as the stuxnet virus proved,
  • There is a struggle to control the internet at all levels,
  • Privacy and mobile computers have compatiblility issues,
  • All this against the backdrop of economical and political turmoil.


As the Chinese say “May you live in interesting times” ….


Check the strength of passwords

A cool application for checking the strength of passwords Tags: ,

Stuxnet virus demonstration

Symantec released a video showing how the Stuxnet infect a PLC module attached to an air pump. See the Stuxnet virus in action