kuleuven.be · Domains · Slashdot Mirror

Re:So? by AmiMoJo · 2019-04-01 03:33 · Score: 1 · on New Male Birth Control Pill Succeeds In Preliminary Testing (time.com)

A woman can have multiple partners, become pregnant, and pick which one she wishes to raise a child with.

Not sure which country you are in but in the UK that isn't the case. In the event that you are wrongly named as the parent of a child you can request a DNA test, and if the mother refuses then you are deemed not to be the father.

In order to get a DNA test you of course have to suspect that you are not the parent first. But if you do, there is pretty much nothing the mother can do to avoid the DNA test other than to accept you have no legal obligation to pay maintenance.

Having said that, I think the trust issue is mostly due to a lot of rubbish posted on the internet, not genuine concerns. This study shows that in the UK only about 2% of fathers are the victims of paternity fraud, and that's on the high end of what other studies have found.

Re:I should add by houghi · 2018-10-31 00:38 · Score: 1 · on Pentagon Wants To Predict Anti-Trump Protests Using Social Media Surveillance (vice.com)

You have to limit costs by telling doctors they are now employees of the US Government, welcome to your upper middle class salary

I know several docters, surgeons and lawyers in several countries. None of them are employees of the state. Yet we still have universal healthcare. Either absolute 100% or a really minimal payment of a few EUR.

A doctors visit costs me 25 EUR and I get 20 EUR back (Ballpark figures). I think I paid 20 EUR for a CAT scan for my backpains. Again ballpark. Could be a lot less, but certainly not much more.

Malpractice lawsuits can, should and do happen.

And let us not go offtopic by talking student loans, shall we? I live in a student city where the world largest brewery company is located and there is more stress about the price of the beer than there is about the cost of their contribution. (Yep, not free.)

Re:Ah Belgium Politcs by Anonymous Coward · 2016-01-17 20:34 · Score: 3, Informative · on Belgium's Aging Nuclear Plants Worry Neighbors (phys.org)

dissolving is met with fierce resistance from the French-speaking part of Belgium

Even in Dutch speaking Belgium, only 6% is in favour of dissolving Belgium. Source

The only ones in favour of splitting up Belgium is a minority in Belgium itself, and people from other countries who do not have a real clue about Belgium.

Old news? by amplesand · 2015-06-24 03:58 · Score: 4, Informative · on Building the Face of a Criminal From DNA

Maybe not old as in really old, but at least since 2012/2013/2014.

Even artists know about it.

2012
https://web.archive.org/web/20...
"Researchers have moved one step closer to facial reconstruction with DNA by discovering the genes that help control the width of the human face. A recent study of almost 10,000 individuals revealed five genes associated with different facial shapes – known as PRDM16, PAX3, TP63, C5orf50, and COL17A1. Manfred Kayser and his team of the Erasmus University Medical Center in Rotterdam, the Netherlands, used Magnetic Resonance Imaging (MRI) of people’s heads to map facial landmarks and estimate facial distances."

2013
http://edition.cnn.com/2013/09... "We leave genetic traces of ourselves wherever we go -- in a strand of hair left on the subway or in saliva on the side of a glass at a cafe. So you may want to think twice the next time you spit out your gum or drop a cigarette butt in public. New York artist Heather Dewey-Hagborg might pick it up, extract the DNA and create a 3-D face that could look like you. Her project, "Stranger Visions," fashions portrait sculptures from bits of genetic material collected in public places."

2014
http://www.forbes.com/sites/al...
"Sometime in the future, technicians will go over the scene of the crime. They’ll uncover some DNA evidence and take it to the lab. And when the cops need to get a picture of the suspect, they won’t have to ask eyewitnesses to give descriptions to a sketch artist – they’ll just ask the technicians to get a mugshot from the DNA. That, at least, is the potential of new research being published today in PLOS Genetics. In that paper, a team of scientists describe how they were able to produce crude 3D models of faces extrapolated from a person’s DNA."

http://www.kuleuven.be/english...
"Scientists are getting closer to constructing a likeness of a person's face using nothing but a DNA sample. Postdoctoral researcher Peter Claes and his colleagues describe the technique in a recent publication in PLOS Genetics. Their work opens a horizon of potential future applications in forensics, anthropology and medicine."

Now its 2015.

Re:How common is IR arming remotes? by chihowa · 2013-09-13 03:09 · Score: 2 · on $20 'Toy' Deactivates Cheap Home Alarms, Opens Doors

Well, according to this, it would take a small compute cluster and 2-3 days to crack after capturing 65 minutes of solid transmissions. So, not terribly secure, but good enough for a medium with such a low transmission rate. The thief would need physical access to the transmitter (and a fresh set of batteries for it) and couldn't rely on incidental intercepts.

Re:Who built SeLinux? by cold+fjord · 2013-07-07 09:11 · Score: 3, Interesting · on US Spies Have "Security Agreements" With Foreign Telecoms

It wasn't NSA, it was DARPA. And that doesn't prove anything bad was happening. Look into the history of DES encryption sometime. There was a controversy because NSA changed the S-boxes used in the encryption before the design was finalized and accepted for government use. Nobody knew why at the time, and I've never heard that the government explained why the change. Many people were suspicious, thinking that the change would create some sort of exploitable weakness. DES has been analyzed to death and when used at the designed spec in terms of number of rounds of encryption, etc., there isn't much in terms of weaknesses other than key length. The one thing that has emerged was that DES was unusually resistant to differential cryptanalysis which was discovered in the academic world many years after DES was released. (~20) It turns out that IBM was aware of it at the time they were designing DES, and NSA asked them to say nothing. So it appears that NSA knew about differential cryptanalysis 20+ years before the academic world, and specifically strengthened DES against it by altering the S-box design values.

There is some history in this paper.

Extended Analysis of DES S-boxes

Re:Stumped my ass by greg1104 · 2013-06-05 09:47 · Score: 5, Informative · on Keyless Remote Entry For Cars May Have Been Cracked

Most manufacturers outside of the German cars are using systems developed by KeeLoq, so a vulnerability in that would impact a large number of vehicles. Parts of the encryption method have been attacked by researchers, with papers like How To Steal Cars. Some of these papers point out that the exact security mechanisms used by manufacturers on top of KeyLoq's hardware are not public, so turning the theoretical hacks into a working device is still hard even with these issues identified. Based on that FAQ, KeeLoq itself seems secure against anything but very knowledgeable attackers with significant resources--they're quoting months of work to find a real-world vulnerability. However, we can't be sure that a specific implementation of the security approach wasn't weakened by a manufacturer mistake. I wouldn't place a large bet on that though. Someone like a car manufacturer wants to be able to say they passed the risk to someone expert in this area. If they start customizing things to add back doors, they're going to lose any ability to blame KeeLoq if there's a nasty vulnerability.

Re:Broken by Microsoft?? by AftanGustur · 2011-08-18 19:39 · Score: 1 · on New Research Cracks AES Keys 3-5x Faster

The original press release by KU Leuven can be found Here

Science Daily correctly summarizes the true meaning of this research: First Flaws in the Advanced Encryption Standard Used for Internet Banking Identified

To answer your question by Anonymous Coward · 2011-06-10 02:31 · Score: 0 · on Ask Slashdot: Linux Support In Universities?

Does your university/college provide support for Linux/BSD/etc users to connect to the on-campus wireless?
Yes, on both solutions:
* no security, only a web page which works on all operating systems (Campusnet)
* WPA2 (part of eduroam)

How does IT support Linux users generally?
By providing information. Students are supposed to help each other, there is always someone who is able to fix some problem.

Have IT staff ever ridiculed you for asking questions about Linux?
The technical staff of certain departments ridicule Windows users...

To answer your question by Anonymous Coward · 2011-06-10 02:31 · Score: 0 · on Ask Slashdot: Linux Support In Universities?

Does your university/college provide support for Linux/BSD/etc users to connect to the on-campus wireless?
Yes, on both solutions:
* no security, only a web page which works on all operating systems (Campusnet)
* WPA2 (part of eduroam)

How does IT support Linux users generally?
By providing information. Students are supposed to help each other, there is always someone who is able to fix some problem.

Have IT staff ever ridiculed you for asking questions about Linux?
The technical staff of certain departments ridicule Windows users...

Re:SHA-1 is fine, but go for SHA-512 by mazesc · 2011-06-05 00:06 · Score: 1 · on Ask Slashdot: Is SHA-512 the Way To Go?

The 5 remaining SHA-3 candidates, however, are new designs. The current SHA algorithms (up to SHA-512) are based on MD4 and have some operations added to incorporate the higher number of message blocks into the hash.

MD4, and MD5 have been badly broken years ago. Some collisions were even calculated by hand. SHA-1 was under heavy attack before the SHA-3 competition started, but there have not been any collisions found yet. Bart Preneel has a great slide as an overview of the state of hash functions based on MD4: http://homes.esat.kuleuven.be/~preneel/preneel_hash_icics10v1.pdf (slide 46)

It's all about freqency and encryption by Caerdwyn · 2010-08-19 09:22 · Score: 1 · on Is RFID Really That Scary?

The chief concern with RFID tags like this isn't that some passerby can trigger your RFID tag to cough up a number; that's possible but impractical. The risk is that someone can point a directional antenna at a point where the RFID tag is activated by its intended use at a predicable location, and passively collect the transaction. Examples: FastTrax, PayWave, RFID passports

PayWave uses a 13.56 MHz transceiver frequency. This is about a 25 meter wavelength, so a high-gain directional antenna would be pretty obvious (rule of thumb: antenna size is one quarter or one half the wavelength of the frequency in question). The antenna systems used in PayWave are extremely inefficient, but when the range is almost "touch", that's not a bug, it's a feature. Adjacent registers with PayWave won't be interfering with each other or reading each others' transactions. However, RFID systems that use the 900MHz band are another matter. 900MHz has a wavelength of about 33cm/13 inches. A high-gain directional antenna would be about six inches wide, and anywhere from six to twenty-four inches long, producing 12dBd or better of gain for the longer size. It's not hard to conceal something like that in a tree aimed at a 7-11, or in a radio-neutral briefcase in an airport aimed at the passport-checking station at the security point.

So yes, bad guys can easily see the transaction, depending upon the wavelength used. The security is in the encryption of the transaction (or lack thereof). If the RFID device just pukes it's ID when tickled, that's bad. If there is a challenge-and-response cycle, not quite as worrying as you'd need many transactions recorded for a single device to crack it, though with keyless car entry systems, that's already happened (see http://www.cosic.esat.kuleuven.be/keeloq/keeloq-rump.pdf ).

Like almost anything else, it's all about implementation. You can never assume the transport between two devices is absolutely secure, and RFID is most definitely not an exception; indeed, it's the poster-child.

I want it - For My Car by StCredZero · 2010-04-19 02:05 · Score: 2, Interesting · on Life Recorder

I want such a device, but not for my person. I'd want it on my car with 360-degree coverage, but no audio. I'd like to have a record of all of my interactions with traffic police. If there's no audio, then it doesn't fall afoul of recorder laws. It would also be dandy for catching people who dent your car in parking lots. Also, I've been in the occasional traffic accident and I know that people lie in that situation.

Of course, have it encrypt its content using RSA and randomly generated session keys, so that only I would be able to decrypt the recordings. (Even if an attacker hacks the hardware! You'd have to be able to read the RAM while the session keys were resident. You could even get around this with some judicious White Box encryption. )

Re:on-board AES? by wirelessbuzzers · 2010-02-04 13:10 · Score: 1 · on Intel Details Upcoming Gulftown Six-Core Processor

The fastest code that I know of for AES in CTR mode is Kasper-Schwabe. It does 8 128-bit encryptions at a time, so it also should be suitable for, say, PMAC if you doctor it. I believe that it does not handle decryption (outside of CTR mode where it's the same as encryption) or other key sizes. Modes other than CTR lose some optimization, and should be ~20% slower. It should be available on Kasper's homepage. It requires SSSE3 and reportedly achieves 6.9 cycles/byte on Nehalem for CTR mode.

My code is available here. On Nehalem, it achieves ~9.4 cycles encrypting, ~11.1 cycles decrypting in essentially any mode. It is suitable for encryption or decryption, and supports all three key sizes (longer keys are slower, of course). A newer (unreleased, experimental) version makes slight performance improvements (maybe down to 9.1 cycles encrypting on Nehalem) and implements an optimization for CTR mode that brings it down to ~7.5 cycles. Email me (mhamburg AT cs DOT stanford DOT edu) if you want to try the experimental version. However, my code fundamentally requires SSSE3, and it performs quite poorly on Conroe.

Also, Dan Bernstein (homepage) has somewhere a fast conventional (not timing-attack resistant, but not requiring any sort of SSE) implementation of AES for several processors, and I've heard Crypto++ is pretty fast too.

I believe that all of the above libraries are public-domain and patent-free.

Out of curiosity, what's your application? Can you just get a VIA Nano or Intel Westmere core and run on that?

Re:What about the banks? by fluffy99 · 2009-10-14 17:16 · Score: 1 · on Washington Post Says Use Linux To Avoid Bank Fraud

Completely impossible if you use a One time Pad. If you use a secret key, and the display updates the code every 10 seconds, it is feasible that it would require the cracker to wait for several years or decades worth of data from the display in order to figure out what the secret key is.

Two months of output is enough to crack 10% of the SecurID tokens. http://www.cosic.esat.kuleuven.be/publications/article-118.ps. So definitely possible, but not very feasible as I stated.

you might be able to glitch the secure chip by playing with temperature, voltage, or cutting into the chip and injecting current to the IC itself while it is still running.

If you look at http://www.linuxsecurity.com/content/view/124176/2/, they simply sped the clock up and recorded all the possible outputs. In theory you could take a SecurID token, modify the clock long enough to spit out all the values and "wrap" around to the current time again.

Re:Is it that much of a deal? by Anonymous Coward · 2008-03-08 18:56 · Score: -1, Insightful · on Japan IDs All Its Citizens

You could as well say that paper money is bad, because there's a single point of failure in it, because to cheat the system, you only have to reproduce one banknote...

If you lose this card you are completely fsck'd.

You aren't, because the data still exists in the databases themselves. You simply go to the police, tell that you lost your ID card, and they provide you with a temporary one while a new one is being created. The old one is rendered invalid in the same way a lost credit card can be blocked. This is exactly how it works in my country, where we have electronic ID cards for years. Notice that, just as with credit cards or driver's licence, people tend to be very careful not to loose their ID card, so it is not a very common event for most.

And if someone wants to steal your identity all they have to do is either steal or forge your card.

And without a standardized ID card system, it is easier to steal somebody's identity, because you only have to fake one of the documents that can be used to identify you. And since those were not really designed as an personal ID mean, they often lack proper security measures to make forging more difficult. Think about it: in a lot of countries that are not using ID cards, the driver's licence can be used to identify you. In how many of those countries is the driver's licence more than a piece of plastic or printed paper with a picture glued on it, something a ten-year-old child could easily duplicate with a good printer ? And I'm not speaking of the increased complexity for the administration that has to deal with multiple ID documents.

And before people say that forging cards is theoretically as difficult as forging a credit card I'll just point out that that's extremely little comfort. Forging credit cards is one of the most common credit card scams. All you need is an account number and the PIN and you can make a card to use in any ATM.(...)

Yet it doesn't prevent most people to use bank cards on a daily basis, with the added thread that your personal data is not exposed to the government, but to a private institution whose sole goal is to make money. And just as a side note, forging a properly designed ID card is much harder than forging a credit card. In many countries, the access to the government databases is based on an assymetrical private/public key system similar to PGP. It means that even if you can fake the external appearance of the card, you still need to get a hold a copy of the key of the citizen you're trying to fake the identity of. See for example http://www.cosic.esat.kuleuven.be/publications/article-769.pdf , which is a good example of an ID card designed with security in mind.

Now, you could say that it is not "100% secure". Sure - nothing is absolutely forging-proof. But multiple unsecure documents are in no ways better than a single one designed with security in mind.