Alice should have checked Bob's digital signature

Bruce Schneier has an interesting article on on the parallels between the recent Colombian hostage rescue and man-in-the-middle attacks.

Editor learning curves

A history of Windows startups screens and sounds

KeeLoq car cipher less secure than thought

KeeLoq is a rolling code cipher used in keyless entry and "secure" ignition devices in many makes of cars. While there have been slow methods for cracking KeeLoq in the past, a group of researchers have recently shown that all it takes is access (i.e., proximity) to a car's RFID key for about an hour to gather enough data from the key to inform their code cracking software, which takes about two days to run on a modern 50 node computing cluster.

For cars that have both a traditional machine etched key and KeeLoq, a thief would still need a copy of the key (or good lockpicking skills). Those cars that are really at the most risk here are ones with push-button ignitions, which do not require a physical key insertion. The Prius is of course one such car, but many luxury cars are at similar risk. It may be time for tin foil key cozies.

Do not trust numbers on a computer

Earlier this month:

The Lottery began using computers to generate random numbers on July 28 for all of its lottery games, including Cash 3, Cash 4 and Lotto 5. ...

"I don't like it," said Richard Brymer, 51, who's played the Tennessee Lottery since it started. "I'd rather see the drawings live because of the excitement of the live drawings." ...

"I don't trust the computerized drawings," he said. "Possibly someone could do something to compromise the computerized drawings."

The Tennessee Lottery changed its drawings to keep up with industry trends, said Kym Gerlock, a spokeswoman for the Lottery. ...

"The security and integrity of our games is of utmost importance," she said. "There's no reason to doubt these drawings or question the integrity of how we do the drawings."

This week:

A computer programming error has prevented any number from being selected more than once in Cash 3 and Cash 4 drawings over the past three weeks, the Tennessee Lottery said Tuesday.

The error meant that no winning draw included duplicate numerals, so any ticket holder who had bet on a number such as 2-2-1 or 7-7-7-7, or Johnson's 909, wasn't going to win. ...

A news release from the lottery blamed the problem on "a human error made by an outside, third-party vendor."

Hargrove said a programmer for the vendor, New Jersey-based Smartplay International Inc., made a keystroke error when setting the parameters for Cash 3 and Cash 4, typing a "u" for "unique" instead of an "r" for "repeat."

A second third-party vendor, New Jersey-based Gaming Laboratories Inc., also erred by certifying that the drawings were random and complied with the rules of the games, Hargrove said.

This pleases me to no end. I'm pretty skeptical of the virtues of a scholarship-funding state lottery (i.e., bilking mostly ignorant "players" to send mostly well-to-do kids to college), and I love to see the lottery people eat crow like this. On the bright side for those who chose repeating digits during the last three weeks, they can get a 200% refund on their tickets (or two free plays if they still want to press their luck). Not bad, considering the longterm payout for Cash 3/Cash 4 is merely 50%.

If you play long enough, you're bound to hit it big. Right? Right??

Yarrgonomic keyboard

Freaky custom keyboard

I get enough blank stares from people asking to use any of my computers when I try to explain why my keyboard layout is so funky. I can only imagine trying to explain this monstrosity.

This reminds me that I've been meaning to post a link to a pretty neat Java applet that analyzes sample text and shows various stats contrasting Dvorak and QWERTY keyboard layouts. Not to evangelize or anything.

Syndicate content