* Posts by Wim Ton

44 posts • joined 24 Oct 2008

Reliable system was so reliable, no one noticed its licence had expired... until it was too late

Wim Ton

Re: Remember Y2K?

If you wan to save memory space, you use a byte for the year. That would even outlast the *nix roll over.

Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Wim Ton
Mushroom

Re: USB bricker?

Stick the suspicious device in a cheap hub. Frying a 10£ hub is preferred to frying a motherboard.

Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts

Wim Ton

Re: "End-to-end encryption" isn't?

Depends how you define "end" :-)

Nikola Tesla's greatest challenge: He could measure electricity but not stupidity

Wim Ton

More scientists on banknote.

A previous generation of Swiss banknotes had Euler and Bernouilly on them.

https://en.wikipedia.org/wiki/Leonhard_Euler

https://en.wikipedia.org/wiki/Daniel_Bernoulli

who both wear wigs :-)

Dear America: Want secure elections? Stick to pen and paper for ballots, experts urge

Wim Ton

In the US, the fraud takes place before the election: meddling with district boundaries and trying to exclude people that could vote for the wrong candidate.

Ugh, of course Germany trounces Blighty for cyber security salaries

Wim Ton

Re: Switzerland

The parliament watered down the result of the referendum enough to avoid economic damage and to avoid to annoy the EU.

Fridge killed my baby? Mag-field radiation from household stuff 'boosts miscarriage risk'

Wim Ton

Re: MF - EMF

According to Wikipedia, the earth magnetic field is between 250 and 650 mG.

Admitted, rather constant.

We need to talk about mathematical backdoors in encryption algorithms

Wim Ton

Re: Layered encryption

The other reason was, that it was not known at the time if DES was a group, so encrypting 3 times with 3 different keys would be equivalent to encrypting once with a different key.

Wim Ton

Re: Layered encryption

Not exactly "terminally compromised". You need 2^47 chosen plaintext-ciphertext pairs to achieve this.

Russia could chop vital undersea web cables, warns Brit military chief

Wim Ton

Re: "Can you imagine a scenario where those cables are cut or disrupted?"

In the early hours of 5 August 1914, only a few hours after war was declared, Britain carried out something that seemed to be minor, but was actually vital. A British cable ship severed five German overseas underwater cables, which passed from Emden through the English Channel to Vigo, Tenerife, the Azores and the USA

This cut direct German communications to outside Europe, most significantly to the United States. The British could now intercept German signals to their embassies. They were sent in code, but British codebreakers were eventually able to read them.

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Wim Ton

Not exactly new:

http://www.heise.de/imgs/18/1/4/9/3/2/0/8/gross-5ef9ea01a8d439d3.jpeg

You forgot that you hired me and now you're saying it's my fault?

Wim Ton

Re: Ah, memories.

The Shell department where I worked had one of these in the big meeting room. It was nicknamed "the video cannon".

Smart meter firm EDMI asked UK for £7m to change a single component

Wim Ton

Re: That doesn't sound ridiculous

868 MHz Zigbee has a lower bandwidth and duty cycle than the 2.4 GHz version, so the application might have to be adapted as well

Wim Ton

Meter reading

"Smart" Water (and gas) meters run on a battery and send their readings with a simple radio protocol.The trick is that the radio sleeps most of the time to achieve a 10 years battery life.

For a nicer display, one can use the "In-home display".So no need to crawl under the stairs.

Ordinary punters will get squat from smart meters, reckons report

Wim Ton

Re: Can you switcj on/off via the keypad?

The supplier cannot switch on remotely for safety reasons. The command is "enable switch on by the consumer".

Furthermore,if the meter's switch is not certified as a safety device, an appropriate warning is printed on the meter.

US standards lab says SMS is no good for authentication

Wim Ton

Re: Good riddance

I can still get a piece of paper mailed with one-time transaction codes.

As US court bans smart meter blueprints from public, sysadmin tells of fight for security info

Wim Ton

Less than 6 Watts (legal limit) In practice about 1.5 Watts. Not metered, but paid by you through a different path.

Wim Ton

Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

It is an option but costs more. Up to the utility to decide if it is worth the investment.

HTTPS is not enough: Boffins fingerprint user environments without cracking crypto

Wim Ton

Re: Side channel attacks

This was also called "Traffic Analysis".

IBM pimps Watson out to Hilton robot for concierge duty

Wim Ton

Sounds like the fate of poor Marvin; a brain that can beat any human at chess, go and Jeopardy and work as a hotel concierge.

Cisco: Businesses are losing the ground war against hackers

Wim Ton

Perimeter defense

Perimeter defense is still necessary, but don't count on it alone.

Hacker predicts AMEX card numbers, bypasses chip and PIN

Wim Ton

Re: Is there anywhere in the UK that still allows just using the magnetic strip?

AFAIR, in Switzerland, payment processors charge a higher fee for magstripe transactions than for chip & PIN because of the risk, so the merchant has an interest to use chip & PIN.

In the Netherlands, most magstripe reader slots in are blocked to prevent mistakes.

Home routers co-opted into self-sustaining DDoS botnet

Wim Ton

Re: Class action?

Adding individual passwords on a mass produced product surely will increase the cost. You need an extra printing station on the assembly line to print it on the case or the logistic process to put the paper with the password in the same box as the matching router.

Spotty solar power management platform could crash the grid

Wim Ton

Reporting

When solar power is fed to the grid, the producer gets paid for it. That means that it is measured by a calibrated device like a electricity meter and not some random log device.

Village-swallowing MUDCANO was no accident, say boffins

Wim Ton

In 1965 a whole drilling rig disappeared in a mud outburst in the Netherlands.

see: http://en.wikipedia.org/wiki/'t_Haantje,_Drenthe

Now it gets serious: Fracking could RUIN BEER

Wim Ton

Some remarks:

That Groningen is sinking, is because the gas bearing rock is rather porous (no fracking needed).

Oilfields in the US are generally less deep than in Germany, so closer to the groudwater (Don't know about their gas fields).

(Very) Deep groudwater is often salty (fossil sea water) and undrinkable anyway.

Crap computers in a crap box: Smart-meter blackouts risk to UK

Wim Ton

Re: How much extra leccy does the smart meter use?

About 0.5 Watt

Wim Ton

Re: Use too much Leccy? We will turn you off

The loads to be controlled have an own relais. For example in my house, the boiler, the washing machine and the heap-pump (for floor heating) are separately controlled.

Wim Ton

Re: Use too much Leccy? We will turn you off

The point of load control is that you turn off those loads that won't cause too much inconvenience. If you switch off a boiler or an electric heater for a short time, the effects will be limited.

Wim Ton

Re: Not much to the point for futute meters

The DCC can verify and trothle, but not sign. The whole security architecture is designed to avoid a single point of failure.

Wim Ton

Re: Not much to the point for futute meters

For meters a "Commercial Product Assurance" is planned (see the CESG website for details) Maybe Common Criteria later.

Wim Ton

Not much to the point for futute meters

The article talks about first generation meters obtained on eBay. For the meters to be deployed in the UK, DECC has written some resonably detailed security requirements: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/68898/smart_meters_equipment_technical_spec_version_2.pdf

Some high level requirements:

Compromise of one end device (like a meter) shall not lead to the compromise of other end devices (so no system wide passwords anymore)

Critical commands like switching off the power are digitally signed and subjected to a plausibality check. If a hacked utility tries to switch off all its customers, this will be stopped by the independent Data Communication Company.

PS. I work for a meter manufacturer in case you didn't guess that.

Brits on benefits: 'Dole office site only works on PCs over 10 YEARS OLD'

Wim Ton

CYA?

Maybe they did not have time to test the modern browsers and cover themselves againts complaints?

Like putting the warning "contains nuts" on a bag of peanuts...

Canadian man: I solved WWII WAR HERO pigeon code!

Wim Ton

If a one time pad was used, all plaintexts are equally probable unless you find the key. The sender surely has destroyed his copy after sending, so hope that the intended receiver still has his copy...

Internet Explorer becomes Korean election issue

Wim Ton

Re: @Proud Father

AES was chosen after an international public competion and is designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen)

Americans resort to padlocking their dumb meters

Wim Ton

Re: RF interference

Disconnection is a major concern for the security design.

The idea is to use a digitally signed command for that single meter. Broadcasts are not allowed by design.

Visa approves wireless payment chip

Wim Ton

Speed

I worked on a RFID terminal that could do an EMV transaction within a second. The bottleneck is often the communication with the till.

Dutch twaddle-prof lambasts Google Scholar

Wim Ton

Jose

Yes. The J is pronounced as the J in joke, not like g as in Spanish.

Dell kept buyers in dark over hardware problems, say docs

Wim Ton

Dell Video

My Dell had a faulty video chip too (apparently they are not cooled well enough) and it was replaced the next day. The telephone support asked me for only one video test.

What will Google do with NFC?

Wim Ton

Advantage of NFC

As NFC is linked to the phone, it can have a user interface, contrary to a contactless card.

So you may be able to switch the payment function on/off or have a overview off all transactions.

Credit card 'flash attack' steals up to $500,000 a month

Wim Ton

Chip and PIN

@Henry Wertz: You still have to pay for the fraude, as the card issuers will claim this money back through transaction fees (either directly or trough increased prices in the shop)

Tech resource woes won't be solved with Afghan minerals

Wim Ton
Thumb Up

Other reason to release this report

The war in Afghanistan does not seem to be very successful yet. Claiming that substantial profits can be made in the future might be an attempt to gain political support.

Chip and PIN security busted

Wim Ton

Solution

As indicated in the paper, the card check the PIN result from the terminal with it's internal PIN result and take appropriate action if they do not match (decline or online)

English speakers hit hardest by ID theft

Wim Ton

Napoleon

The english speaking countries were not conquered by Napoleon. He introduced the first central population databases and a stronger system of identity. On the continent a telephone bill is not considered a stronger proof of identity than the dreaded id-card.

Biting the hand that feeds IT © 1998–2019