Home How it works Free Services About Blog
Ultrasaur / Blog / July 2009
Ultrasaur Blog

Keeping track of exciting new threats to your digital records.

Archive for July, 2009

Digital Media Authentication

Thursday, July 23rd, 2009

If you ask a random person on the street if digital photos can be trusted, the answer is probably going to be a no — even though many prints live most of their lives digitally.

Adobe and others are working on software to heuristically tell if a photo has been altered. From a mathematical perspective, I find this software fascinating, but in a sense it’s self defeating:

  • No matter how much the software costs, I suspect that phot forgers are also software pirates, so they’re going to have this software
  • You can now iterate on your forged imaged until it passes the test

So essentially a tool for detecting forgeries is a perfect tool for creating forgeries.




Tags: ,
Posted in misc | No Comments »

Wait, what’s a typewriter?

Friday, July 17th, 2009

When we demo, usually one of the first things I say is “You have digital records” because almost every organization is moving towards having more and more of their content in document management systems of some stripe.

But it’s always interesting to read about the tiny fraction that aren’t, like New York Police Department, which still spends a third of a million dollars every year on typewriters.

Most of the city’s arrest forms have been computerized, but property and evidence vouchers printed on carbon-paper forms still require the use of typewriters.

…officials are working on software that would eliminate the need for the typewriters.

Tags: , , ,
Posted in misc | No Comments »

Reading keystrokes through the power grid

Monday, July 13th, 2009

Apparently this is old news in the security world, but in a world where critical passwords are still on post-it notes on the monitor, it’s still interesting. Hackers can read your keystrokes through the power grid, Currently it’s only been proven to a distance of about 15 meters which means they have to get access to an outlet in the same building, even if it can be floors away. And the researchers claim this is done with only $500 in equipment, so it stands to reason that specialized equipment could do better.

The Slashdot discussion points out that defenses against this technology were declassified over 20 years ago. (See TEMPEST.)

Most importantly, there’s a fun way to try this at home if you have a CRT monitor and a short wave radio (unfortunately I have neither), Tempest for Eliza is a program that will do essentially the reverse of this hack — vary what’s being shown on your monitor to do something specific with the leaking electromagnetic waves: playing a song in a short wave radio frequency.

Tags: , ,
Posted in hackers | No Comments »

From the not-really-secret-files

Tuesday, July 7th, 2009

Using a Social Security Number as a password is fairly common in the US for reasons I can’t understand.

Of course this password is nowhere near random, different states get different prefixes and now:

With just two attempts, the researchers correctly guessed the first five digits of SSNs for 60 percent of deceased Americans born between 1989 and 2003.

Oddly, the solution is the old (and wrongheaded):

The new findings remind consumers that they should use caution when sharing data online

Which is a little strange considering that all that was involved in this attack is knowing the victim’s date of birth — the kind of information that has been published in old fashioned local newspapers for a lot longer than the internet has been around.

Tags: , ,
Posted in misc | No Comments »

File Mix-ups in the News

Monday, July 6th, 2009

Why do we know that the chief of MI-6 (yes that MI-6) is friends with David Irving? Well, someone let out too much info on Facebook. Sooner or later, any information you give a third party can eventually leak out (that’s why we don’t collect any), it’s just too easy to make it sooner.

And a California teacher accidently put pornography on a DVD for her class. And yes:

The person in the video turned out to be Isabelle Jackson Elementary fifth grade teacher Crystal Defanti.

Tags: ,
Posted in file failure | No Comments »