TechHui

Hawaiʻi's Technology Community

Information

Crypto & Security

Nalbar vagrerfgrq va urycvat zr vzcyrzrag gur Ravtzn znpuvar'f pvcure va WninFpevcg? Yrnir n zrffntr sbe Oebbxr ba gur Pbzzrag Jnyy orybj...

Members: 26
Latest Activity: May 31, 2018

Go on, try it...

Discussion Forum

Airforce: Crypto: FAIL

Started by Daniel Leuck Dec 17, 2009.

Need Security Consultant for short project

Started by Ken Berkun Sep 21, 2009.

Time.com 100 Most Influential People of 2009 Hack 1 Reply

Started by Brooke Fujita. Last reply by Joe Segal Apr 20, 2009.

Schneier on Security

Loading… Loading feed

Comment Wall

Comment

You need to be a member of Crypto & Security to add comments!

Comment by Brooke Fujita on August 21, 2008 at 11:58am
In case you didn't know, the image for this group is of a 3-rotor Enigma, the cipher machine created by Nazi Germany for use in World War II.

As luck would have it, I just watched that Matthew McConaughey movie U-571 on NHK Satellite TV the other night. Can't believe the tomatometer for this stinker is leaning towards the fresher side. History was re-written in order to sell this movie. Argh, I am only sorry that I tuned in too late to see Jon Bon Jovi get decapitated by flying debris. Seriously.

By the way, one of the major historical inaccuracies: the British Navy scored the first Enigma machine when they captured U-110 in May of 1941. But even before that, Polish mathematicians in Poland's cipher bureau had figured out the internal wirings of the Enigma machine, and at great risk, managed to pass this information along to the Allies in 1939 just before the German invasion.

The advanced encryption used by Germany led to the development of cryptanalysis at Britain's Bletchley Park, and of course paved the way for modern computing.
Comment by Brooke Fujita on August 6, 2008 at 5:56pm
Dan Kaminsky finally outlined the DNS vulnerability that was reported about 4 weeks ago (article on The Register). It appears to be a DNS forgery variant of DNS cache poisoning. If an attacker of a DNS server can quickly and correctly guess a 16-bit transaction ID, then the attacker will be able to replace DNS entries with their own spoofed ones. There has been one confirmed attack so far, where the attacker caused AT&T subscribers to be re-routed to fake Google pages.

For the curious, you might want to see how safe your ISP's DNS servers are. Try the "Check My DNS" button on Dan Kaminsky's site; or the "Test My DNS" link here. The key here is to see the amount of randomness of transaction IDs and query source ports in your ISP's DNS servers.
 

Members (26)

 
 
 

Sponsors

web design, web development, localization

© 2019   Created by Daniel Leuck.   Powered by

Badges  |  Report an Issue  |  Terms of Service