Cryptosmith

Cousin Jon emailed me David Pogues’ recent blog on copyright, with an observation on digital libraries.

The science and technology world has an interesting analog to the paper vs electronic print music debate. In our world, the problem crops up with professional papers. My own attitude is clear: if I have the choice between downloading a free copy of someone’s paper I find on-line, or purchasing a copy from the professional society, I grab the free copy.

Partly this is because the original author doesn’t get a penny from publication sales. In many cases the author is lucky if the association prints the paper for free, without requiring “page charges.” Another reason is that, in most cases, the paper is actually made available on-line by one or more of its authors.

Continue Reading »

Posted under History of Technology & Household Tech & Security | No Comments »

‘Way, ‘way back in the 1960s, computer designers tried out different techniques to limit how a computer executed its programs. Some should be pretty well known, like storage protection and the distinction between “kernel mode” for the operating system and “user mode” for applications. Another was data execution prevention (aka “DEP”), where the computer distinguishes between RAM that stores instructions and RAM that stores data. If the program tries to jump into instructions stored in data RAM, the CPU aborts the program.

Fast forward to 2010. Most microprocessors were supporting DEP in the mid 1990s; a few supported it before that. OS support came more slowly. Windows as been using one form or another of this since 2004 in XP Service Pack 2. However, it doesn’t matter for most major applications, because they didn’t fix their code to take advantage of it. So, if they suffer a buffer overflow, there’s nothing to prevent the computer from trundling off to la-la land.

Continue Reading »

Posted under History of Technology & Security | No Comments »

A wise note written by Johannes Ulrich of SANS Institute outlines cyber security lessons from the recent russian spy arrests. Clearly, information security tradecraft has not made its way into spy schools, at least not in Russia.

A lot of their failures trace back to a stealth search warrant a few years back that netted an encrypted drive. One of the agents fortunately noticed the slip of paper with an obscure set of letters and numbers: the written password. So it was a crackproof password, but they didn’t take the trouble to memorize it.

Posted under Security | No Comments »

A reader pointed me to an apparently dull collection of NSA documents recently posted by that useful source, GovernmentAttic.org. One of the hidden gems is a “CMI Newsletter” containing a eight pages of crypto puzzles.

I’ve taken the liberty of posting the CMI Newsletter separately (PDF, click this link), but kudos go to GovernmentAttic for dredging up this diamond in the rough. If you work out answers, feel free to post them here, or at least provide a pingback so interested people can find them.

Continue Reading »

Posted under Security | No Comments »