Bruce Schneier pointed to a sneaky feature present in some color printers, like in Xerox DocuColor series. They print a code on every page, allowing the authorities to track when the document was printed and with which printer.
A little while ago, I ordered some keyrings with my company name engraved on them, to give out to customers. Just a PR gadget. Now it turns out that they’re probably close to perfect to check color printouts for those hidden codes. Some color printers include hardly visible light yellow dots in the printout that code for date and time, including the printer’s serial number. That expensive color laser you paid for with your hard earned cash is ratting on you. Check out this picture and you’ll see that they’re using blue LED flashlights very similar to the light built into the keyrings I got. How incredibly opportune.
To see how my keyrings look, see the logo at the top of my www.ssdes.com page. That “logo” is simply a photo of the keyring. The round insert on the left, with the black button at the center, is the blue LED flashlight. It’s strong enough to light your way on a dark night with. And, I’m sure, blue enough to detect those yellow dots with, even though I have no printouts here to test with.
Joel (On Software) got me into this thread of thinking. He interrupted me, while I was doing something else (I forgot) and instead of picking up what I was doing, I started writing today’s blog. And it may even get finished unless something else distracts me and I don’t return to this one. Or get a depression in the meanwhile.
Continue reading “Human Interrupt Handling”
Listening to a science program on the radio about a psychology experiment, shortly to be published in Science, I was struck by the similarity between the result of that experiment and DNS poisoning. It seems humans work in detached asynchrononous fashion, just as the DNS protocol, which certainly would help in the scalability department. Not so surprising, really, when you think of it.
Continue reading “Brunettes, DNS, and Choice Poisoning Attacks”
Banks use several systems to let their customers log into their internet banking sites. The worst (security wise) by far are the password based systems, very common in the US. Much better are (were!) the one-time password systems, based on scratch cards or electronic tokens, fairly common in Europe. However, the latest phishing expedition launched against the Nordea bank in Sweden showed how trivial it is to get users to scratch those cards and divulge the one-time passwords, making this system no better than regular password systems.
Actually, I’m convinced it’s worse. Most users will have less resistance against giving out a one-time password to a site, since they are convinced it will become unusable after the first try. That’s what the bank told them.
Yet again, bad security proves to be worse than none at all. Especially if it’s touted to be good and isn’t. (Now, I have to add that since no actual case of money being lost has been publicized, that last part is conjecture on my part.)
For more, see The Register.
The following extracts gives me goose-bumps. They mingle concepts so beautifully. If you didn’t know what Warcraft was, it reads like far-out Sci-Fi. See SecurityFocus for the original story.
Continue reading “Cool Plague, this”
Rapid Application Development systems tend to promote the writing of bad code. In what follows I’m going to use VS.NET (2003) as an example, simply because it’s probably the most used. I’m also going to take the writing of client database code as the main example, because it is so important and because it represents a large part of development time, if done the right way and hardly no development time if done the VS.NET way.
Continue reading “VS.NET promotes bad code”
There’s a relatively new site called “www.ready.gov” that the Department of Homeland Security has set up to keep the American people informed on what they do and how the people should prepare themselves for terrorist onslaughts, natural disasters and war and stuff. As with most such government initiatives, I see a lot of problems. First and foremost that they don’t really try to inform people in a useful way, they try to pacify people to keep them from becoming upset. In other words, they do their best to keep people un-informed.
Continue reading “Government info sites don’t work”
Tonight: The London police chief tonight said the order to shoot stands firm and even though they regret the mistake, more people can expect to be shot.
“It’s still happening out there, there are still officers having to make those calls as we speak, he said, adding: “Somebody else could be shot.”
I can’t believe this. Is this really happening?
2005-07-26: Bruce Schneier says about the same thing, but more.
It’s time for all good law-abiding citizens with a darkish exterior and heavy clothing to go into hiding or peroxide themselves into a more non-threatening color. Or at least avoid public transport. Or being outdoors. It’s “shoot on sight” if you *look* like a terrorist. See the quote below from the Jerusalem Post.
Continue reading “Peroxide and strip, or die”
Terrorists may talk to each other using mobile phones, just like any other people in this world. They may even use them, theoretically, to set off bombs from a distance. This has led governments to consider switching off mobile phone networks after terrorist attacks. In the same vein, allowing the use of mobile phones on airplanes in flight worries them a lot. This is nonsensical for a number of reasons.
Continue reading “Don’t switch off mobile phone networks, extend them”