Security – Bi·lak

Tony Abbott and Tap Water

What could go wrong if-as a joke-your being asked if you could hack the former prime minister of Australia Tony Abbott? Well Alex Hope has documented it. Finding pictures of boarding pass he could log into the booking system of the airline (without additional authentication). Then he found out that the systems leaked sensitive information (passport number, telephone number, airline-internal comments about the passenger). He then went through the whole charade of finding someone in government responsible for concrete data security issues. 😵

There’s even an interesting section on when he finally gets through to Tony Abbot and they talk on a very personal level. Given the reason they were talking in the first place it also revolved about how complicated technology seems to be and how you learn how it works.

This lead Alex to reflect about how he started learning things and how you have to change your thinking when you are “hacking.” He gives a great example which he summarizes with:

In conclusion, to be a hacker u ask for tap water.

😂

ECCploiting with Rowhammer

Certain types of ECC RAM can also be exploited with Rowhammer. ?

In Support of Strong Encryption

Yes!

IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as “backdoors” or “key escrow schemes” in order to facilitate government access to encrypted data. Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes – no matter how well intentioned – does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences.
— IEEE Position Statement

Why hardware + software is cheaper than hardware alone

Thomas Dullien of Google’s Project Zero on why security suffers because it’s actually cheaper to build more complex things (i.e. ship some piece of hardware with a general purpose processor and define features in software instead of using a purpose-built chip).

Aktivieren Sie JavaScript um das Video zu sehen.
https://www.youtube.com/watch?v=q98foLaAfX8

WhatsApp just announced they enabled end-to-end encryption for all their users … this is huge news. They have put a white paper up describing their implementation. Good news: it’s based on the Signal protocol and first tests seem to suggest they did it properly. ?

TSA’s Random Lane Picker

This is so moronic I almost fell off my chair laughing: it seems like the TSA spent $47,000 on a “random lane picker.” Please, you be the judge whether it was worth it:

Aktivieren Sie JavaScript um das Video zu sehen.
https://www.youtube.com/watch?v=P_KmFJ2gGzw

It needs to be operated manually … with hygienic gloves! ?

Data Is A Toxic Asset

Bruce Schneier also finds data is actually a toxic asset. ?

Ramen Code

The plaintiffs in Toyota’s Unintended Acceleration lawsuit had someone with knowledge in building embedded software had a look at Toyota’s source code:

possible bit flips, task deaths that would disable the failsafes, memory corruption, single-point failures, inadequate protections against stack overflow and buffer overflow, single-fault containment regions, thousands of global variables. The list of deficiencies in process and product was lengthy.

Tag: Security