May 31st 2008
While it’s interesting in theory to see the basic Electronic Crime Scene Investigation Handbook cited in Bruce Schneier’s blog, the only interesting content was in the protocols to decide whether or not to turn a computer off. Continue Reading »
May 31st 2008
Take a look at the following image. You should see two different ‘messages’ here.
 |
Two messages |
This particular mis-mash of messages reflects the failure of otherwise strong cryptography: the improper implementation of a one-time pad or a stream cipher. Continue Reading »
May 30th 2008
This is one for the books. Several OpenSSL implementations, including Denbian and its children, including Ubuntu, have been crippled since September 2006. It’s described on the metasploit web site.
The pseudo-random number generator (PRNG) was broken such that it only used the Unix process ID as the unchanging random input to the generator process. In other words, these security packages could not generate more than 32,768 different keys (since there were only 32,768 different process IDs on Unix). Continue Reading »
May 30th 2008
Ray Ozzie was talking at a conference, reported on by Mary Jo Foley in which he briefly compared the risk to Microsoft by Google and open source. The report also talks about Microsoft’s “culture of crisis.” I think the culture of crisis is the key to their success. Bill Gates was always identifying threats and demanding action: that’s how he kept the company energized even as it grew huge.
Of course, Microsoft is burning their own bed regarding open source. A lot of people stay with Windows because it is familiar and they are afraid of the alternative. They’ve learned how to use XP (which was pretty similar to 2000, and 98, and so on) and it’s easy to just keep using it. Then they arrive at Vista and everything is different! Menus hidden and holding different info. Start menu is radically different. Window frames are completely different.
In other words, at least 80% of computer users could switch from Windows XP to Ubuntu and not suffer any worse than if they’d switched to Windows Vista. Probably the same is true for the ‘upgraded’ Office product versus Open Office.