The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

Archive for September 2012

The Washington Post has a good article on social engineering attacks. It is a good treatment of the topic. Short answer, humans are the weak link, and can be defeated with extremely high probability. The take away from this whole thing is that we need to be building security systems that don’t rely on humans […]

· ·



Picking Powerful Pins

Despite all the work on dual factor authentication and other new security methodologies, in general our passwords are the keys to the kingdom. In many cases, such at ATMs, we are limited to 4 digit numeric PINs. This post to DataGenetics does a good job of analyzing how bad we are at picking PINs and […]


The New Scientist has an article on the FBI’s Next Generation Identification (NGI) program. It started out as a project to replace the old fingerprint database, but will now include biometrics, DNA, voice prints, and facial recognition. The idea is to database all the mugshots so people can be quickly identified after arrest, or possibly […]

· ·

NBC News is reporting that the iOS UDIDs leaked last week were actually stolen from Blue Toad publishing company. Comparing the leaked data with Blue Toad’s data showed 98% correlation which makes them almost certainly the source. They checked the leaked data against their own after receiving a tip from an outside researcher who had […]

· ·

In the tradition of Jonathan Swift’s “A Modest Proposal” is “The Dictator’s Practical Guide to Internet Power Retention, Global Edition”. Under the pretext of being a guide on how to crack down on Internet dissent for dictators, it does a nice job of analyzing how the Internet is used by dissidents, and the techniques used […]

· · ·

YouTube’s anti piracy filters automatically blocked the authorized video of First Lady Michelle Obama’s convention speech as infringing. Evidently the algorithm automatically looks for content that matches content from their commercial partners. Since all the networks were re-broadcasting the convention speech, it got flagged. This is not the first time this has happened. Wired article […]

· · ·

Forbs is reporting that Anonymous and Antisec have dropped a file with a million Unique Device ID (UDID) numbers for Apple iOS devices. They claim to have acquired an additional 11 million records which they may release later. In addition to the identifiers, the file is said to also contain usernames, device names, cell numbers, […]

· · · · ·