Bruce Schneier's latest blog entry mentions an as-yet uncirculated paper that claims to show how to drastically reduce the number of operations needed to find a hash collision. If I read this correctly, Schneier has read the paper himself, but has not yet been able to verify the results. But it's obvious he's taking this very seriously, and that's good enough for me.
Tuesday, February 15, 2005
Thursday, February 03, 2005
Microsoft's Michael Howard (co-author of Writing Secure Code and maintainer of a great Windows-oriented security blog has started writing a series of articles about the new security-enhanced C runtime library that will start shipping in the next beta version of Visual Studio. This won't automagically turn Windows into a security powerhouse, but this looks like a very promising step. I can't wait to hear more.
Posted by David Bianco at 7:21 PM
Among the presentations at ImmunitySec's recent Security Shindig 3 this exciting presentation about exploiting Windows Wireless Zero-Configuration behavior to an attacker's benefit. My favorite quote is "You can be 0wned while watching a DVD on a plane!"
Seriously, this is an interesting presentation. I would have loved to have been there for the demo of KARMA, the tool they wrote that automates these attacks. Don't know if it's available for download anywhere.
Posted by David Bianco at 3:10 PM
Ok, I know this isn't exactly about information security, but here's a cool article describing in some detail how major manufacturers protect themselves online black marketeers. This obviously isn't 100% effective, but it's kinda neat, in a King Canute sort of way.
Posted by David Bianco at 1:02 PM