Schneier in print

The Great God Schneier has released his wisdom of the ages upon us once more. This time he's giving you a withering stare on the front cover.

"The closest the security industry has to a rock star" has combined all his essays together for bedtime reading! Now if only I had £20 ($40) to get a signed copy. Does this mean the last page is a hash of the book encrypted using his private key? :)

dD

"Lloyds is Pants" no good enough PWD

This made me laugh, apparently abusing a service provider via your password is not appropriate: http://news.bbc.co.uk/1/hi/england/hereford/worcs/7585098.stm

However, what is more disconcerting is the apparent ability in some cases, for business users only, Employees of Lloyds can read your complete password. This seems somewhat ridiculous as businesses surely would have more money flowing through their accounts than an individual, so would become a richer target! IT MAKES NO SENSE (as Tim Westwood would say).

dD

P.S. Thanks to Schneier

Bad security by design/stupidity

Heads up to the great god schneier for pointing us to this one. Looks like the Tornado Plus encrypted USB drive is the perverbial pile of poo. Check out this rather scathing write up on Tech republic by Tom Olzak.

http://blogs.techrepublic.com.com/security/?p=573&tag=nl.e019

dD

my kind of captcha

if only all all captchas were this interesting! It works well though and I wonder if it has any merit. It still boils down to multiple choice.

http://www.hotcaptcha.com/

dD

Cold Hacking: what we leave behind

It seems that DRAM is not so forgetful after all! It would seem that some plucky researchers over at Princeton have demonstrated how to obtain critical cryptographic keys for disk encryption systems such as BitLocker and TrueCrypt by cold booting a system an having a look at what is left in memory.

They even have a video of the talk and a paper. This is another example of side attacks on cryptosystems which the great might big boss Bruce has been mentioning for some time now.