Cryptosmith

Saul Hansell of the Washington Post has posted an article about real time attacks on one-time password tokens like SecurID and SafeWord. The strategy is to steal a user’s one-time password after it is typed in and redirect it to a hacker to exploit immediately. The attack relies on Trojan software that has installed itself in the victim’s computer.

One time passwords were not designed to protect against this type of thing. Once you have that sort of trojan, there’s no way to use your computer reliably. Attackers can intercept what you’re doing, change it to benefit them, and you won’t know what happened until you look at your bank statement.

The only way to protect against such things is to ensure that your computer has not been hacked. This is hard, since there are lots of ways to attack a computer and not nearly as many ways to protect it.

Continue Reading »

Posted under Security | 1 Comment »

Here’s a recent posting on password problems that suggests 10 hard-to-follow rules.

The author highlights an important problem: attackers can do systematic trial-and-error guessing attacks against on-line sites. She focuses on a Google Gmail problem recently reported on Full Disclosure.

Here’s the point: use strong protection on high-value targets. Take the time to protect your major e-mail account, your financial resources, and anything else you really value. If you’re going to slack off, do it when registering to post a one-off blog comment.

Let me take a stab at my own list of recommendations.

Continue Reading »

Posted under Security | No Comments »

I first learned about computer architecture back in the 1970s. Much of what I learned came from a set of  block diagrams for the old Whirlwind computer built at MIT.  A few years back I had the document scanned in.

Yes, it’s built out of vacuum tubes. But it is also the complete design of a stored program digital computer in about 200 pages.

Continue Reading »

Posted under History of Technology & Tech Teaching | No Comments »

I admit I’m jaded by social web sites. It seems like today’s hot business plan is always for something that’s “better than Facebook” or more focused on one thing or another. Most of these sites just try to capture personal things and broadcast them: short textual bursts (Twitter), photos (Flikr), video (YouTube), school ties (Facebook), professional relationships (LinkedIn).

Can anything be left?

Plaxo helps solve a long running personal problem of mine: how do I keep my contact list up to date?

Some of these sites more-or-less help you find recent e-mail addresses. Only Plaxo synchronizes this information with your desktop contact list. It synchronizes mailing addresses and phone numbers, too. This is terrific. This is practical. And it links in to other social web sites, like Facebook.

Continue Reading »

Posted under Household Tech | No Comments »