I haven’t read the paper yet, but Schneier has a post up which points to a paper “Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow,” by Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang.about a new side-channel attack which allows an eavesdropper to infer information about the contents of an SSL [...]
Where there’s smoke, there’s fire, goes the adage. And in the case of an allegedly-theoretical exploit outlined in a new paper by Chris Soghoian and Sid Stamm (the compelled certificate creation attack), the presence of a product whose only use it to exploit it probably indicates that there’s more going on than one would like [...]
The Guardian has reported the first official incident of misuse of full-body scanner information The police have issued a warning for harassment against an airport worker after he allegedly took a photo of a female colleague as she went through a full-body scanner at Heathrow airport. The incident, which occurred at terminal 5 on 10 [...]
Schneier points me to lightbluetouchpaper, who note a paper analyzing the potential strength of name-based account security questions, even ignoring research-based attacks, and the findings are good: Analysing our data for security, though, shows that essentially all human-generated names provide poor resistance to guessing. For an attacker looking to make three guesses per personal knowledge [...]
As something of a follow-up to my last post on Aviation Safety, I heard this story about Toyota’s now very public quality concerns on NPR while driving my not-Prius to work last week. Driving a Toyota may seem like a pretty risky idea these days. For weeks now, weve been hearing scary stories about sudden [...]
In his ongoing role of “person who finds things that I will find interesting,” Adam recently sent me a link to a paper titled “THE HUMAN FACTORS ANALYSIS AND CLASSIFICATION SYSTEM–HFACS,” which discusses the role of people in aviation accidents. From the abstract: Human error has been implicated in 70 to 80% of all civil [...]
Metrics seem to be yet another way in which Angry Bear noticed that the V-22 Osprey program has hidden from its failure to deliver on its promises: Generally, mission capability runs 20% higher than availability, but availability is hidden on new stuff, while shouted about on older stuff, because there would be severe embarrassment if you [...]
This is probably considered to be “old news” by many, but I’m high-latency in my news at the moment. Much was made of the fact that the US Military’s enemies are now eavesdropping on the video feeds from US Drones on the battlefield using cheaply available commercial technology. But it’s OK, because according to the [...]
I’m just off a flight from London back to the United States and I’m hesitant to attempt to think while jet-lagged. I’ll have some more thoughts and first-hand observations once my head clears, however. In the meantime, Nate Silver has broken down the risk of terror attacks on airplanes so I don’t have to. Summarizing [...]
America’s Finest News Source teaches an excellent lesson on how to spin data: Labor Dept: Available Labor Rate Increases To 10.2% WASHINGTON—In what is being touted by the Labor Department as extremely positive news, the nation’s available labor rate has reached double digits for the first time in 26 years, bringing the total number of [...]