martin

Another Windows Rant

Since getting myself a Mac (two, by now), I’m becoming positively allergic to the incredible stupidities one encounters in Windows programs. Most of these are the result of the combined stupidity of the application programmer and the Windows designers. Now, for today’s example…
Continue reading “Another Windows Rant”

Biological comparison nonsense

To me, this business with comparing malware and anti-measures in the IT security world with biological systems and in particular immune systems is nonsense on so many levels. People draw parallels with monoculture versus diversified cultures, and immunizing systems and so on. I say: Bah!

First, biological systems have no designer or design targets, no requirements specs, no whitepapers, no nothing. The only thing it has is a testing department. It also has gobs of time and material at its disposal. The entire evolutionary thing is based on “code monkeys” hacking out random code by the ton, then throwing it out on the “market” only expecting a random small fraction to succeed.
Continue reading “Biological comparison nonsense”

Securing bank transactions

So, what’s wrong with using hardware tokens for banking? Well, by themselves, they don’t actually protect you. And this is why.
Continue reading “Securing bank transactions”

A Delphi sob

Feel with me and the other Delphi developers out there, as we mourn:

Borland Ditches Delphi, V. Stob

Give me a RAIS, anytime

There was a discussion on a forum about how to save on IT costs, and the question of consolidating servers came up. So, I had a few little somethings to say, and some of that saying I cleaned up and presented here.
Continue reading “Give me a RAIS, anytime”

The DRM Endlösung

Let me present a solution for the Digital Rights Management problem that both the music and movie industries could support and that gives consumers great advantages at the same time. All it needs is the implantation of a crypto chip on the auditory nerve very soon after birth; a minor inconvenience compared to the advantages it can bring to both parents and children.

The technology to produce a small biocompatible and implantable cryptochip is already available. There are problems in regard to supplying sufficient power, but it can probably be solved by using small storage capacitors, coupled with an inductive sling, possibly incorporated into stylish earplugs of the iPod type.
Continue reading “The DRM Endlösung”

My Keyrings and Your Color Printers, a match made in heaven

Bruce Schneier pointed to a sneaky feature present in some color printers, like in Xerox DocuColor series. They print a code on every page, allowing the authorities to track when the document was printed and with which printer.

A little while ago, I ordered some keyrings with my company name engraved on them, to give out to customers. Just a PR gadget. Now it turns out that they’re probably close to perfect to check color printouts for those hidden codes. Some color printers include hardly visible light yellow dots in the printout that code for date and time, including the printer’s serial number. That expensive color laser you paid for with your hard earned cash is ratting on you. Check out this picture and you’ll see that they’re using blue LED flashlights very similar to the light built into the keyrings I got. How incredibly opportune.

To see how my keyrings look, see the logo at the top of my www.ssdes.com page. That “logo” is simply a photo of the keyring. The round insert on the left, with the black button at the center, is the blue LED flashlight. It’s strong enough to light your way on a dark night with. And, I’m sure, blue enough to detect those yellow dots with, even though I have no printouts here to test with.

Human Interrupt Handling

Joel (On Software) got me into this thread of thinking. He interrupted me, while I was doing something else (I forgot) and instead of picking up what I was doing, I started writing today’s blog. And it may even get finished unless something else distracts me and I don’t return to this one. Or get a depression in the meanwhile.
Continue reading “Human Interrupt Handling”

Brunettes, DNS, and Choice Poisoning Attacks

Listening to a science program on the radio about a psychology experiment, shortly to be published in Science, I was struck by the similarity between the result of that experiment and DNS poisoning. It seems humans work in detached asynchrononous fashion, just as the DNS protocol, which certainly would help in the scalability department. Not so surprising, really, when you think of it.
Continue reading “Brunettes, DNS, and Choice Poisoning Attacks”

Scratchwords no better than passwords

Banks use several systems to let their customers log into their internet banking sites. The worst (security wise) by far are the password based systems, very common in the US. Much better are (were!) the one-time password systems, based on scratch cards or electronic tokens, fairly common in Europe. However, the latest phishing expedition launched against the Nordea bank in Sweden showed how trivial it is to get users to scratch those cards and divulge the one-time passwords, making this system no better than regular password systems.

Actually, I’m convinced it’s worse. Most users will have less resistance against giving out a one-time password to a site, since they are convinced it will become unusable after the first try. That’s what the bank told them.

Yet again, bad security proves to be worse than none at all. Especially if it’s touted to be good and isn’t. (Now, I have to add that since no actual case of money being lost has been publicized, that last part is conjecture on my part.)

For more, see The Register.