SecurityRatty: Light Blue Touchpaper

Security psychology

2008-06-30 15:32:24 by Ross Anderson in Light Blue Touchpaper

...security and human behaviour ; at MIT, which brings together security engineers, psychologists and others interested in topics raanging from deception through usability to fearmongering. Heres the agenda and here are the workshop papers The first session, on deception, was fascinating. It emphasised the huge range of problems, from detecting...

Tags: security, security psychology, security engineers, live blog posts, live blog, workshop papers, workshop, security economics, deception

An improved clock-skew measurement technique for revealing hidden services

2008-06-26 05:12:21 by Steven J. Murdoch in Light Blue Touchpaper

...Security Symposium , San Jose, CA, US, 28 July 1 August 2008

Tags: clock-skew measurement technique, clock, clock-skew, clock transition, clock source, clock skew, magnitude lower noise, tcp, tcp timestamps

Operational security failure

2008-06-17 11:29:01 by Ross Anderson in Light Blue Touchpaper

...information about 51 patients. In only one case were they asked to verify their identity; the attack succeeded against the other 50 patients This is an old problem. In 1996, when I was advising the BMA on clinical system safety and privacy, we trained the staff at one health authority to detect false-pretext phone calls, and they found 30 a...

Tags: health authority, health, department, privacy, nhs chief executive, patient privacy, clinical system safety, costs lives, patients

Slow removal of child sexual abuse image websites

2008-06-11 14:02:32 by Richard Clayton in Light Blue Touchpaper

On Friday last week The Guardian ran a story on an upcoming research paper by Tyler Moore and myself which will be presented at the WEIS conference later this month. We had determined that child sexual abuse image websites were removed from the Internet far slower than any other category of content we looked at, excepting illegal pharmacies...

Tags: image, image websites, websites, child sexual, child, image newsgroups, sites, illegal sites, fake escrow sites

Covert channel vulnerabilities in anonymity systems wins best thesis award

2008-06-03 09:57:41 by Steven J. Murdoch in Light Blue Touchpaper

My PhD thesis Covert channel vulnerabilities in anonymity systems has been awarded this years best thesis prize by the ERCIM security and trust management working group. The announcement can be found on the working group homepage and Ive been invited to give a talk at their upcoming workshop, STM 08 , Trondheim, Norway, 1617 June 2008

Tags: anonymity systems, thesis, ercim security, trust management, norway, workshop, homepage, june, talk

J-PAKE: From Dining Cryptographers to Jugglers

2008-05-29 20:31:05 by Feng Hao in Light Blue Touchpaper

...security problem: how to establish secure communication between two parties solely based on their shared password without requiring a Public Key Infrastructure (PKI The solution to the above problem is very useful in practice in fact, so useful that it spawns a lot fights over patents. Many techniques were patented, including the well-known...

Tags: pake, past pake solutions, pake research, j-pake protocol, j-pake, protocol, protocol design inherits, security, practical security

PED vulnerability paper receives Most Practical Paper award at Oakland

2008-05-21 09:56:48 by Saar Drimer in Light Blue Touchpaper

...Security and Privacy ( slides We are very pleased that we are the recipients of the new Most Practical Paper award of the conference, given to the paper most likely to immediately improve the security of current environments and systems. Thanks to everyone who supported this work

Tags: paper, practical paper award, pin entry devices, ieee symposium, ped, ross anderson, immediately improve, current environments, pin scheme

Twisty little passages, all alike

2008-05-18 19:29:56 by Richard Clayton in Light Blue Touchpaper

...information would be available to accompany FIPRs press release and paper on the various laws that the Phorm system breaks. However, there was one final thing that wasnt dealt with by press time, and thats now been explained to me The Phorm system does some of its tracking magic by redirecting browser requests using HTTP 307 responses. When...

Tags: cookie, phorm identifier cookie, identifier, phorm identifier, phorm, phorm fools, phorm unique identifier, phorm system redirects, phorm system breaks

Hardened stateless session cookies

2008-05-16 12:40:30 by Steven J. Murdoch in Light Blue Touchpaper

...information to create a fake cookie. Thus an attacker with read-access to the database still needs to know the users password to log in, and that isnt stored. There are some additional subtleties to resist different attacks, and those are described in the paper I hope this proposal will trigger discussion over this important problem and lead...

Tags: scheme, cookie generation scheme, cookie, cookie authentication schemes, cookies, stateless session cookies, fake cookie, cookie authentication key, authentication database

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo