Friday, January 31, 2014

Yahoo prompts users to change passwords

Yahoo prompted its users to change their password after a database of usernames and passwords was accessed by unnamed attackers. Yahoo claims that its own systems were not compromised, but that a third-party was.

More here.

Monday, January 20, 2014

The worst passwords of 2013

SplashData has compiled a list of the worst passwords for 2013 (okay, this is subjective).  No comment.

Friday, January 17, 2014

IBM to invest some serious money into Watson

Do you remember Watson, IBM's Jeopardy winner? Well, after its triumphal apparition in the game show, IBM tried to place it as a medical advisor, but so far, success hasn't been there.

Recently, the (big) blue company announced it would pour $1 billion into the business development, to help place the cyber doctor/advisor. A few reasons are presented for why sales have not skyrocketed.

This is interesting, as there were a number of initiative to bind machine learning with medicine. In several cases, the machine was able to find a better, i.e. more efficient or cheaper, than its flesh-and-bone counterpart. The underlying, unsaid reason (in my views) is that a machine doesn't partake in "sales" politics: it doesn't favour a specific brand nor does it try to "treat without curing".

Anyways, I really wish Watson become more of a success: with the explosion of diseases, such as autoimmune diseases or cancers, we really need to have all the brainpower we can have, both hardware and wetware.

Wednesday, January 15, 2014

An introduction to Firmware Analysis [30c3]

For  many, the term "firmware" refers to some kind of black box software that no one really has access to. This talk explains how to analyse such an image. For example, that's how recently it was found that certain consumer routers have a default hardcoded username/password, or that some administrative pages were accessible without authentication.

A very good talk from Stefan Widmann. Enjoy!

Monday, January 13, 2014

Target breach worse than initially thought

I guessed the Target breach would prove worse than initially thought, but that worse? Woaw! No.

In addition to the 40 million credit and debit cards records stolen, it seems that "at least 70 million PII records were also accessed." The Star Tribune also mentions the opinion of Jack Tomarchio, attorney specialized in cybersecurity and data protection, who claims that if the credit and debit cards breach was bad, the PII one is even worse: the banks can quickly revoke a credit or debit card, but people are usually unwilling to change where they live or their name.

And to have a good start for 2014, not only Target and Neiman Marcus were hit, but it appears that several other retailers suffered the same type of breach.

2014 already announces itself as the Year of the Permanent Credit Card Monitoring.

Thursday, January 9, 2014

How did the NSA hack our emails?

a good introduction to Elliptic Curve Cryptography. Enjoy!