If you're suspicious, check the targets out for yourself. Here's the clues that I relied on:
Mechanical/Formatting - The sites are decent, (i.e., not foreign spam bad) but they have enough errors and inconsistencies that I think they aren't up to the caliber of an international financial organization. If they really have any international dealings, they can afford a decent marketing firm or department to do their web site.
Sitebuilders - Look for systematic naming, formatting, and telltale HTML tags. Again, I wouldn't trust a financial org that uses a sitebuilder.
Plagiarized Wording - Try Googling some of the complex wording. A number of them show up word for word on other sites.
Take for example, financialsecurities.org.uk.
The wording "has a highly experienced team of professionals providing unbiased and highly qualified services exclusively to its clients in selected technology & health care industries which drive the high-tech revolution" appears only at this site. Notice also the >>high tech revolution<< punctuation that appears afterwards.
Now it's possible that Viscardi is plagiarizing financialsecurities.org.uk, but Viscardi leaves a phone number, so you can call them and ask about it.
Now sure, this isn't hard evidence, but the consistency of clues on so many sites tells me these people (the artists) have gone through some work to come up with such a reasonably self-consistent list.
Spyware -- software that piggybacks on other software and masquerades itself as something relevant, hoping you won't notice.
How ironic would it be if the house of reps outlawed spyware, and inadvertently made it illegal to tack "riders" onto House Bills.
IDNRTFA. 0:-)
Responses to assertions that this is insecure
on
Port Knocking in Action
·
· Score: 5, Insightful
A number of people have commented that because the port knocking sequence is transmitted without any form of encryption, port knocking is insecure. I disagree, on the basis that port knocking is not an access control measure, but rather a deterrent measure.
If you intend for port knocking to stop determined, targeted attacks, then yes, you are sadly mistaken. However, port knocking is effective in making your host less attractive to be hacked.
I think that an limited analogy is the removable stereo faceplate. Car stereos are a hot target for car thieves. A car thief sweeping a parking lot will not spend time on cars where he does not see the whole stereo (faceplate included).
By hiding the faceplate, you make yourself less likely to be a victim, even if you just leave the faceplate in your glovebox. If the thief saw where you hid your faceplate, then yes, he could pop it back in and have your stereo in the 30 seconds it takes him to yank it out. But he would have to be watching you. This would be akin to packet sniffing.
Likewise, someone scanning for a host is looking for evidence of a particular (vulnerable) service. If he doesn't see that service on your PC, he just moves along.
Haha, People's Daily... Yeah, that's fair and balanced.. Just like Bill O'Reilly.
There may not be as much violent crime as some cities I know, but a few districts come to mind where you'd better watch your wallet. Mong Kok, Sham Shui Po, etc., etc. You know, all the interesting ones.
Why don't you make it out of rings? Haha, my Rings of Power are faster than your Rings of Power.
Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for the Mortal Men doomed to die,
One for the Dark Lord on his dark throne In the Land of Mordor where the Shadows lie.
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.
And Quad Xeon rings for the geeks.
I can just feel the power dissipating through my hand!
How rediculous. I may have given my name to a store, but that does NOT give them the right to contact me for ANYTHING unless I give my explicit permission to. Without these kinds of checks and balances the whole system would collapse, and we'd end up with lifesaving "advertising specials" and constant harrassment from retailers.
You apparently haven't graduated from a university, because the alumni association where I'm from is damn good at finding my contact information and hitting me up for money. And that's after I've moved...
Oh, and what is this "whole system" that you speak of?
Interesting... looking for things being too random...
So then to counter this, the steg programs need to encode data in such a way that the various nonrandom patterns originally present in the unaltered files.
It seems like this would become a mathematical arms race where, on one side, analyzers are developing new statistical tests for patterns, and on the other side, programmers for steg programs must keep patching their programs to account for these types of patterns.
Referencing this page, it looks like the standard way that one sets up a routing table in a network switch, as I learned it in a Telecom Networks class.
There's lots of examples of this, if you search on google. The first one I found is in this powerpoint (slide 9). For those of you who don't want to download a ppt, here's the relevant text:
Basic Switching Algorithm
- Maintain data structure called the switch forwarding table
- The forwarding table is indexed by MAC address and contains port numbers
- Packet arrives on port P with source S and destination D
- Set Fwd(S)=P
- If we have an entry Fwd(D) and Fwd(D)P, then send packet out Fwd(D)
- Otherwise, flood packet out all ports
I googled with "learning bridge OR bridges" network switch algorithm.
This looks pretty cool, but it seems like there will be problems when nodes go on and offline, since broadcasts get used to find nodes. Won't nodes that come and go periodically cause problems -- or is this a non-issue?
The idea that nodes go down will probably not be an issue, because you have a (two-way) TCP connection to the node, so you know when it goes down.
Why does every radio emit a signal? Is it inefficiency? Is it really every radio or only old ones?
Your radio has a component in it (an oscillator) that vibrates at the frequency of the station you're listening to. This is "tuning" into the station. This vibration is what emits the signal.
Is this signal broadcasted back through your antenna or is this just a faint signal inside your radio and they have really good receivers in their billboards?
Definitely a result of good receivers in the billboard. Though I think the antenna helps.
Has anybody tried to create a radio that doesn't emit this signal?
Not that I know of. I don't think it's really been a major issue worth pursuing in the consumer market. The best way to do it would probably be to shield the
box. But since you've got to have an antenna linking the oscillator with the emag signal, you can never completely isolate it.
Is this only something with FM radio, or also with AM?
Both AM and FM. You've got to have an oscillator to tune into either one.
Maybe this has been siad before, but it's also good because then it becomes way more difficult to know when you've correctly de-stegg'd a message, because the output data is completely random.
I'm curious as to whether Google News, since it draws from various news sources and groups articles by topic (similar to paraphrasing, perhaps), uses any of the same techniques.
I've taken a look at your site, and I see a couple of possible problems with your scheme.
First off, the master password thing makes me nervous. If your master password is compromised, then all your previous passwords are compromised. I think that there are ways to mitigate this risk, by using salts. I'm not sure about this, but it's my gut feel.
Second, to your question. You probably do not want to use CRC32 to hash the input. When you take MD5(masterpw + siteurl) = sitepw, you're relying on the fact that if someone gets your sitepw, they still won't be able to recover the masterpw even if they know the url.
It's a little late, and despite my nick, I'm a bit rusty on the mathematical details at the moment. My inclination is that CRC32 isn't a good idea for absolute security. Reply if you want to chat about this off-thread, and I'll get in touch.
I can't believe nobody else has thought of this before, but what about mouse gestures in javascript?
The Mozilla Gestures plugin is actually implemented in Javascript. So yes, someone has thought to implement them in Javascript. Look under your mozilla directory under chrome\mozgest\content, and you'll see the whole host of gestures javascript files.
Slashdot Mirror
Mechanical/Formatting - The sites are decent, (i.e., not foreign spam bad) but they have enough errors and inconsistencies that I think they aren't up to the caliber of an international financial organization. If they really have any international dealings, they can afford a decent marketing firm or department to do their web site.
Sitebuilders - Look for systematic naming, formatting, and telltale HTML tags. Again, I wouldn't trust a financial org that uses a sitebuilder.
Plagiarized Wording - Try Googling some of the complex wording. A number of them show up word for word on other sites.
Take for example, financialsecurities.org.uk. The wording "has a highly experienced team of professionals providing unbiased and highly qualified services exclusively to its clients in selected technology & health care industries which drive the high-tech revolution" appears only at this site. Notice also the >>high tech revolution<< punctuation that appears afterwards.
Now it's possible that Viscardi is plagiarizing financialsecurities.org.uk, but Viscardi leaves a phone number, so you can call them and ask about it.
Now sure, this isn't hard evidence, but the consistency of clues on so many sites tells me these people (the artists) have gone through some work to come up with such a reasonably self-consistent list.
Spyware -- software that piggybacks on other software and masquerades itself as something relevant, hoping you won't notice.
How ironic would it be if the house of reps outlawed spyware, and inadvertently made it illegal to tack "riders" onto House Bills.
IDNRTFA. 0:-)
A number of people have commented that because the port knocking sequence is transmitted without any form of encryption, port knocking is insecure. I disagree, on the basis that port knocking is not an access control measure, but rather a deterrent measure.
If you intend for port knocking to stop determined, targeted attacks, then yes, you are sadly mistaken. However, port knocking is effective in making your host less attractive to be hacked.
I think that an limited analogy is the removable stereo faceplate. Car stereos are a hot target for car thieves. A car thief sweeping a parking lot will not spend time on cars where he does not see the whole stereo (faceplate included).
By hiding the faceplate, you make yourself less likely to be a victim, even if you just leave the faceplate in your glovebox. If the thief saw where you hid your faceplate, then yes, he could pop it back in and have your stereo in the 30 seconds it takes him to yank it out. But he would have to be watching you. This would be akin to packet sniffing.
Likewise, someone scanning for a host is looking for evidence of a particular (vulnerable) service. If he doesn't see that service on your PC, he just moves along.
There may not be as much violent crime as some cities I know, but a few districts come to mind where you'd better watch your wallet. Mong Kok, Sham Shui Po, etc., etc. You know, all the interesting ones.
Wait, they found an address and someone to serve the papers to? Looks like Infinium Labs is making progress...
Haha, my Rings of Power are faster than your Rings of Power.
Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for the Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.
And Quad Xeon rings for the geeks.
I can just feel the power dissipating through my hand!
Bah, what's a few holes in the walls?
I've found that sleeping masks help me sleep better in general. I'm surprised at what complete darkness will do to your sleep rhythms.
Only if he's talking to Drew Carey and he has to guess where he is. And then only if he gets a thousand points for doing it.
Interesting... looking for things being too random...
So then to counter this, the steg programs need to encode data in such a way that the various nonrandom patterns originally present in the unaltered files.
It seems like this would become a mathematical arms race where, on one side, analyzers are developing new statistical tests for patterns, and on the other side, programmers for steg programs must keep patching their programs to account for these types of patterns.
There's lots of examples of this, if you search on google. The first one I found is in this powerpoint (slide 9). For those of you who don't want to download a ppt, here's the relevant text:
I googled with "learning bridge OR bridges" network switch algorithm.
The idea that nodes go down will probably not be an issue, because you have a (two-way) TCP connection to the node, so you know when it goes down.
*hit = hype. Sorry.
CSCZero. Yeah, another sierra hit that's super late.
Your radio has a component in it (an oscillator) that vibrates at the frequency of the station you're listening to. This is "tuning" into the station. This vibration is what emits the signal.
Is this signal broadcasted back through your antenna or is this just a faint signal inside your radio and they have really good receivers in their billboards? Definitely a result of good receivers in the billboard. Though I think the antenna helps.
Has anybody tried to create a radio that doesn't emit this signal?
Not that I know of. I don't think it's really been a major issue worth pursuing in the consumer market. The best way to do it would probably be to shield the box. But since you've got to have an antenna linking the oscillator with the emag signal, you can never completely isolate it.
Is this only something with FM radio, or also with AM?
Both AM and FM. You've got to have an oscillator to tune into either one.
I thought Groklaw was more of an expert in law.
Maybe this has been siad before, but it's also good because then it becomes way more difficult to know when you've correctly de-stegg'd a message, because the output data is completely random.
I'm curious as to whether Google News, since it draws from various news sources and groups articles by topic (similar to paraphrasing, perhaps), uses any of the same techniques.
Then after that, we need to convert it to ASCII art. That'll be a doozy.
mmm... Fravia. Good stuff.
I've taken a look at your site, and I see a couple of possible problems with your scheme.
First off, the master password thing makes me nervous. If your master password is compromised, then all your previous passwords are compromised. I think that there are ways to mitigate this risk, by using salts. I'm not sure about this, but it's my gut feel.
Second, to your question. You probably do not want to use CRC32 to hash the input. When you take MD5(masterpw + siteurl) = sitepw, you're relying on the fact that if someone gets your sitepw, they still won't be able to recover the masterpw even if they know the url.
It's a little late, and despite my nick, I'm a bit rusty on the mathematical details at the moment. My inclination is that CRC32 isn't a good idea for absolute security. Reply if you want to chat about this off-thread, and I'll get in touch.
Not politicians. Bureaucrats started this little crapfest.
How about "mid-cable" and "end-cable."
The Mozilla Gestures plugin is actually implemented in Javascript. So yes, someone has thought to implement them in Javascript. Look under your mozilla directory under chrome\mozgest\content, and you'll see the whole host of gestures javascript files.
Heya moe... why you no talka wit-a you accent-a no more? And now we know; it's because of a whack to the head. Mamma Mia!