Uncrackable Passwords

October 1, 2003
Volume 1, issue 5

News

Uncrackable passwords

As a result of “heightened demands” for secure computing, PC makers are taking a serious look at biometrics. Companies such as Apple, Dell, Gateway, and MicronPC (MPC) are marketing fingerprint readers or developing add-ons.

MPC’s TransPort laptops, for example, use heat-sensitive scans integrated into the system’s BIOS. The MPC’s TouchChip, manufactured for MPC by STMicroelectronics, captures fingerprint scans from the laptop’s palmrest. A laptop can be registered to multiple users, who can each designate which files, folders, or directories will be shared. Very James Bond.

Unfortunately, Linux and Unix users will have to wait a little while to get their hands on one of these new TransPorts; at the moment an individual’s fingerprint scans can only be tied in with Microsoft Windows’ security functions.

The other gotcha’? The TransPort’s thermal scans are so sensitive that users might experience difficulties logging on if they’ve been sipping a hot or cold beverage. As a failsafe, users must register the fingerprints of two fingers—one from each hand—which is probably just fine because, if you’re drinking two mugs of coffee or two chilled pints of beer, you probably shouldn’t be working on the computer anyway.

WANT MORE?

http://www.gcn.com/22_14/security/22347-1.html

WebFountain drinks down the Web

After approximately three years of development involving over 250 participants in five countries, IBM is finally readying WebFountain, its super spider that can slurp down the entire Internet—as well as intranet and third-party data—in a couple of weeks.

As a first step, WebFountain uses focused crawling to access all unstructured data on the Internet (Web pages, Word docs, PowerPoint presentations, etc.). After that comes a detailed analysis of its findings. This might emcompass, for instance, anything from popular trends in online publications to complex patterns in designated communities to consumer feelings as expressed in blogs, chat rooms, and bulletin boards.

WebFountain’s results can be gathered, organized, and delivered within a week—instead of the six-month to one-year turnaround that current analysis projects typically take.

Here’s the good news: WebFountain’s platform is open source and will be accessible to programmers and content developers.

The bad news? Leasing IBM’s 1,000-node Intel Linux cluster, with its half a petabyte of storage, is sure to cost a pretty penny.

WANT MORE?

http://www.almaden.ibm.com/webfountain/

Embracing open source in India

Open source software was a topic of concern during a May dedication ceremony for India’s new International Institute of Information Technology (I2IT). Dr. A.P.J. Abdul Kalam, president of India, lamented, “The most unfortunate thing is that India still seems to believe in proprietary solutions.” He then challenged current and future members of India’s techno-elite, stating that even a small shift toward business practices involving proprietary models could have a devastating impact on Indian society. “It is precisely for these reasons,” he continued, “that open source software needs to be built [so as to] be cost effective for the entire society.

Perhaps less of a highlight: During his speech, Kalam also referred to a “difficult” conversation he had with Bill Gates, a guy who tends to favor those maligned proprietary models.

Just six months prior to Kalam’s speech embracing open source, Microsoft made a three-year commitment to donate $400 million toward technology development and education in India.

No wonder the conversation was difficult.

WANT MORE?

http://presidentofindia.nic.in/S/html/speeches/others/may28_2003_2.htm

Originally published in Queue vol. 1, no. 5—
see this item in the ACM Digital Library

Roger Piqueras Jover - Security Analysis of SMS as a Second Factor of Authentication
The challenges of multifactor authentication based on SMS, including cellular security deficiencies, SS7 exploits, and SIM swapping

Simson Garfinkel, John M. Abowd, Christian Martindale - Understanding Database Reconstruction Attacks on Public Data
With the dramatic improvement in both computer speeds and the efficiency of SAT and other NP-hard solvers in the last decade, DRAs on statistical databases are no longer just a theoretical danger. The vast quantity of data products published by statistical agencies each year may give a determined attacker more than enough information to reconstruct some or all of a target database and breach the privacy of millions of people. Traditional disclosure-avoidance techniques are not designed to protect against this kind of attack.

Rich Bennett, Craig Callahan, Stacy Jones, Matt Levine, Merrill Miller, Andy Ozment - How to Live in a Post-Meltdown and -Spectre World
Spectre and Meltdown create a risk landscape that has more questions than answers. This article addresses how these vulnerabilities were triaged when they were announced and the practical defenses that are available. Ultimately, these vulnerabilities present a unique set of circumstances, but for the vulnerability management program at Goldman Sachs, the response was just another day at the office.

Arvind Narayanan, Jeremy Clark - Bitcoin’s Academic Pedigree
We’ve seen repeatedly that ideas in the research literature can be gradually forgotten or lie unappreciated, especially if they are ahead of their time, even in popular areas of research. Both practitioners and academics would do well to revisit old ideas to glean insights for present systems. Bitcoin was unusual and successful not because it was on the cutting edge of research on any of its components, but because it combined old ideas from many previously unrelated fields. This is not easy to do, as it requires bridging disparate terminology, assumptions, etc., but it is a valuable blueprint for innovation.