| |
| Current Topic: Computer Security |
|
All Your ABS Are Belong To Us |
|
|
|---|
| Topic: Computer Security |
10:35 pm EST, Mar 14, 2005 |
Coming soon to a dashboard near you ... |
|
Web Surfers Crack GM's Mystery Ad |
|
|
|---|
| Topic: Computer Security |
8:28 am EST, Jan 26, 2005 |
Web surfers spoiled a national promotion by General Motors that was intended to gradually reveal a secret message. Under the campaign, which is about half completed, each day a billboard in a different part of the country divulges a word (or a punctuation mark) in a message. A billboard in Arlington, Tex., for example, says "you." One in New York City shows a period.
The billboards also promote the Web site www.findthemessage.com, on which GM explains that it created the campaign to spread "a message so important we need the whole country to tell it." But some Web visitors quickly found that most of the "secret" message is included in the site's source code. [Doh!] The message was: "This is the last time you will ever have to feel alone on our nation's roadways." "They did crack the code," said Rob Peterson, a communications manager at GM. In other news, Welcome to Database Nation. Please drive through. Feeling a sense of deja vu, but can't pinpoint the date and time you were last in this exact location? Just ask your car. Your car knows what you did last summer. Web Surfers Crack GM's Mystery Ad |
|
A Little Knowledge of Security Can Be a Dangerous Thing |
|
|
|---|
| Topic: Computer Security |
1:43 pm EST, Dec 18, 2004 |
The underlying problem here isn't operating system security or even the vendor runaround but, rather, people who just read headlines or summaries of security news and then form Opinions based on this information -- or lack thereof. And there's a very good chance that these people are making decisions based on these ill-informed Opinions. You might be thinking I'm crazy to think someone would make decisions based on story headlines. But it doesn't take a lot to influence decisions. And once these Opinions are formed, it can be hard to change them, even with clear evidence that they're misguided. Context Context Context Context Context Context Context Context Context Context Context Context Context Context Context. A Little Knowledge of Security Can Be a Dangerous Thing |
|
Keyboard Acoustic Emanations |
|
|
|---|
| Topic: Computer Security |
11:50 am EST, Dec 12, 2004 |
We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network to recognize the key being pressed. We also investigate why different keys produce different sounds and provide hints for the design of homophonic keyboards that would be resistant to this type of attack. Keyboard Acoustic Emanations |
|
The Best Defense, Brought To You By AT&T |
|
|
|---|
| Topic: Computer Security |
9:44 am EDT, Jul 2, 2004 |
A new cyber-war is being waged and your network is on the front lines. Under the new rules of engagement, however, you should view your network not as the target, but rather your first line of defense. The network's role in protecting the security of end-points and applications is often overlooked. At AT&T, we believe that the best defense is a good offense. Following on the heels of Nortel's exit from the telecommunications industry, AT&T positions itself as a network security specialist. In the Best Network, the service provider cannot turn a profit on the network itself. Hence the migration toward "value-added" services such as "ethical hacking." Has your most intimate of private databases been penetrated as an abject demonstration of your inherent corporate weakness? You will, and AT&T will bring it to you -- for a price. The Best Defense, Brought To You By AT&T |
|
Third Annual Workshop on Economics and Information Security |
|
|
|---|
| Topic: Computer Security |
10:55 pm EDT, Jun 19, 2004 |
How much should we spend to secure our computer systems? Can we determine which investments will provide the best protection? How will we know when we've reached our goals? Can market forces ensure that firms will act to improve security? Can incentives align the goals of employees with the security goals of their employers? Papers from the workshop include: "Is finding security holes a good idea?", by Eric Rescorla
"Who Signed Up for the Do-Not-Call List?", by Hal Varian
"The Economics of Censorship Resistance", by Ross Anderson
"On dealing with adversaries fairly", by Ross Anderson
"Free-Riding and Whitewashing in Peer-to-Peer Systems", by Ion Stoica
"Towards an Economic Analysis of Trusted Systems", by Scott Shenker
"A Worst-Case Worm", by Vern Paxon Third Annual Workshop on Economics and Information Security |
|
Listen and Whisper: Security Mechanisms for BGP |
|
|
|---|
| Topic: Computer Security |
10:14 pm EDT, Jun 19, 2004 |
BGP, the current inter-domain routing protocol, assumes that the routing information propagated by authenticated routers is correct. This assumption renders the current infrastructure vulnerable to both accidental misconfigurations and deliberate attacks. To reduce this vulnerability, We present a combination of two mechanisms: Listen and Whisper. Listen passively probes the data plane and checks whether the underlying routes to different destinations work. Whisper uses cryptographic functions along with routing redundancy to detect bogus route advertisements in the control plane. These mechanisms are easily deployable, and do not rely on either a public key infrastructure or a central authority like ICANN. The combination of Listen and Whisper eliminates a large number of problems due to router misconfigurations, and restricts (though not eliminates) the damage that deliberate attackers can cause. This work received the best student paper award at the First Symposium on Networked Systems Design and Implementation. Listen and Whisper: Security Mechanisms for BGP |
|
