* Posts by mj.jam

24 posts • joined 14 Mar 2019

Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images

mj.jam

Can't they just scroll through to find the one that matches. Although maybe far easier to go into the real world and just wait until you see a car like the one you want to clone.

Outlook turned eBay into DD-Bay: Topless busty babe mysteriously fronts souk's emails

mj.jam

Re: Hash/UUID collision

The birthday problem for this sort of clashes is well studied.

https://en.wikipedia.org/wiki/Birthday_attack

If they did use 128 bit hashes, then the probability of a clash is very low even for billions of images.So I guess that either

1. They really do have billions of hashes, and were just (un)lucky here.

2. Somebody has worked out the algorithm used and manufactured a hash collision.

3. They are using far fewer than 128 bits.

4. This wasn't a hash attack.

Given the combination of account it happened with, and the image that ended up being used, I would tend towards this being something that was done deliberately.

I couldn't possibly tell you the computer's ID over the phone, I've been on A Course™

mj.jam
FAIL

Don't tell him your name pike

Yes, he did great, right up to the point where he gave his name.

No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs

mj.jam
FAIL

Re: Review changes to 3rd party code

The problem is that people don't want to re-invent the wheel constantly. So reusing somebody else's code makes it simple to build things on top of other components.

The problem comes that people don't review what they are importing, the repositories have no quality control so act as dumping grounds, and then people blindly take updates.

Also people create pointless components that aren't worth using. For example the wonderful is-even:

https://www.npmjs.com/package/is-even

mj.jam

Review changes to 3rd party code

Once again the blindly pulling of third party code causes problems.

The only way to stay secure is to specify a version, and audit all changes.

With Javascript, either use a local copy, or use SRI (or if you are BA, do both)

If building into your own code, then fix the versions, and check and changes.

Welcome to Hollywood, Claranet-style: You've (not) got mail, or hosted sites for that matter

mj.jam

Indeed, you would think that "a fault with one of the two feeds" would be the sort of thing they can handle.

Now instead somebody else will be having to deal with the other sort of redundancy.

Brits are sitting on a time bomb of 40m old electronic devices that ought to be recycled

mj.jam

49% have no old devices

Maybe I'm too far from normal. I can't imagine anybody without an old device at home.

I'm in the 10+ category (Kindles, old phones, old laptops, old desktops, digital cameras,...) and that is before I could anybody else's stuff.

Moore's Law isn't dead, chip boffin declares – we need it to keep chugging along for the sake of AI

mj.jam

How much memory are they planning?

"In an ideal situation, the size of memory on a chip will be larger than the training dataset"

Training datasets can be multiple GB. So they are suggesting 1000x the amount of L1 cache compared to current chips?

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all

mj.jam

Thank god he only had rudimentary tools

Boeing say “IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments"

I read "If he had reviewed more parts of the network, and had other tools, then he may have worked out how to jump between the network segments"

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

mj.jam

Block P2P comms

But maybe the next phase will be to stop people being able to communicate except with approved providers. Your ISP will be mandated to prevent you sending messages to anywhere else.

Then to finish it off, all providers will need to stop you uploading encrypted content as well. Imagine if people used some sort of encrypted message, sent over email. The horror.

Airbus A350 software bug forces airlines to turn planes off and on every 149 hours

mj.jam

Re: What is overflowing?

Sounds plausible, but 2^19 is 524288, so is under 146 hours.

The 2^29 works, so AFDX must have changed that.

mj.jam

Re: What is overflowing?

That makes it sound like they were trying to allocate individual header bits to different fields. So 28 bits only would give them 74 hours, but that wasn't enough, and 30 bits gave 300 which would never be needed, so they choose 29 bits.

I guess they then didn't write any test cases for overflow. I can imagine the problem is that they haven't wrapped the comparison operation correctly. So the newest data ends up looking very old.

mj.jam

What is overflowing?

Any ideas about what is overflowing? 149 hours of seconds doesn't seem to be that obvious a limit, but I guess they probably have rounded down a little to stop planes falling out of the sky.

I've seen issues similar to the Boeing one turn up in less critical places. Found my customers since in internal testing no system was left up for long enough.

Here's a great idea: Why don't we hardcode the same private key into all our smart home hubs?

mj.jam

Re: Host Key != User Private Key

Because they also added it as an authorised key, allowing anybody with the corresponding private key to connect.

Reusing the key they were connecting out with is bizarre

mj.jam
Joke

They don't need to contact them. They can just SSH in using their backdoor and upgrade them.

AI can now animate the Mona Lisa's face or any other portrait you give it. We're not sure we're happy with this reality

mj.jam

Re: They're already doing this

Some cameras already allow for this digital watermarking.

However at the same time the cameras are getting more powerful and adding analytics capabilities. With this amount of processing power, the camera can generate the deepfake and authenticate it as well.

MI5 slapped on the wrist for 'serious' surveillance data breach

mj.jam

Bungled security of what?

Quietly ignoring the details of what environment this was. Maybe time will tell us whether this was an open MongoDB instance, a Amazon S3 bucket, ...

Double-sided printing data ballsup leaves insurance giant Chubb with egg on its face

mj.jam

I assume they use envelopes with windows, so they don't have to do a second printing. All automated so the letter gets folded and the address on the front shows through. But they would have quite a lot of envelopes left unused.

Self-taught Belgian bloke cracks crypto conundrum that was supposed to be uncrackable until 2034

mj.jam

Re: So, the real question is now ..

No, this was a brute force attack. Repeatedly square a number, for 3.5 years.

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

mj.jam

Note that the client performs the same authentication procedure as the router. Therefore the side-channel methods also apply to the client. This means that observing the memory access patterns is far more of an issue on the client.

The downgrade attacks also are against the client, not the router. The attacker spoofs the access point, and tells the client that it doesn't support WPA3, so the client tries WPA2.

mj.jam

Re: Again?

It didn't take that long. This was only announced last summer, and given they have been working with WiFi Alliance and manufacturers on a responsible disclosure, then this is only a few months from release.

Autonomy paid its own customers to pump up revenues, claims HPE

mj.jam

Basically that they were selling stuff at less than they could buy it for. So whilst impacting their profit and loss in a bad way, making their revenue apparently be growing.

Probably based on the reasoning that a startup isn't supposed to be making any profit in the early days, and is trying to gain market share.

Intel gets court order telling former engineer to return confidential docs in Micron row

mj.jam

OMG, think of the GDPR issues.

3000 contact details, clearly he wants to keep in touch with a lot of people. :-)

Although it isn't clear if this is just their email addresses, or other stuff. I'm sure they monitor all their emails anyway, so any poaching attempts to their work email would be pointless.

Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround

mj.jam

Re: Confusion due to lax use of terminology in RFC?

This comes down to the fact that ASN.1 is used in the certificate. The RFC uses an INTEGER type, which is signed. This means anything reading the certificate must treat this as a signed number. The size of the integer can be varied, and the RFC says up to 20 octets. Obviously you could take a 64 bit unsigned, and if the top bit was set, encode this as 9 octets, and if it was unset use fewer (right down to 1 for some very small serial numbers), but clearly they decided to use a signed value.

The IETF certificate on https://tools.ietf.org/html/rfc5280 uses 9 octets for exactly this reason, top octet is 0.

Biting the hand that feeds IT © 1998–2019