Hubert Chathi

Link: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

August 7, 2012

technical, security

15:51 -0400

Hubert Chathi: "If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life. " #security

July 19, 2012

Link: http://www.oregonlive.com/portland/index.ssf/2012/07/northeast_portland_man_who_str.html

18:40 -0400

Hubert Chathi: Man who protested TSA by stripping is acquitted of indecent exposure #security

Via: /.

Link: http://www.businessinsider.com/linkedin-hacked-2012-6?goback=.gde_3795279_member_121987161

June 6, 2012

work, security

12:59 -0400

Hubert Chathi: Time to change your LinkedIn password #security

Via: @twitter.com/ghenrick

April 18, 2012

Link: http://www.schneier.com/blog/archives/2012/04/hawley_channels.html

14:03 -0400

Hubert Chathi: Schneier's take on Hawley's essay #security

April 16, 2012

Link: http://online.wsj.com/article/SB10001424052702303815404577335783535660546.html

11:10 -0400

Hubert Chathi: Kip Hawley is not an idiot? #security

Via: Slashdot

September 16, 2011

personal, privacy, security

10:27 -0400

Hubert Chathi: Help stop the proposed warrantless spying legislation http://www.StopSpying.ca/ #privacy #security

July 18, 2011

12:38 -0400

Hubert Chathi: "If you wanted to be a smuggler, probably the first thing you'd want to do is enrol in the Nexus program" http://www.cbc.ca/news/canada/british-columbia/story/2011/07/18/bc-nexus-pass-smuggling-border.html #security

May 4, 2011

10:39 -0400

Hubert Chathi: Banks turn a blind eye to fraud http://www.cbc.ca/news/canada/british-columbia/story/2011/05/02/bc-abmfraud.html #security

February 22, 2011

news, security, privacy

11:29 -0500

Hubert Chathi: Awesome http://www.cbc.ca/news/world/story/2011/02/22/body-scanners-airport.html #security #privacy

November 17, 2010

13:45 -0500

Hubert Chathi: airline #security season again: http://www.cbc.ca/world/story/2010/11/16/body-scanner-backlash-air-travel.html and http://www.newser.com/story/105351/tsa-pats-down-3-year-old.html

January 22, 2010

personal, security, paranoia

12:37 -0500

Hubert Chathi: OK, now this is really getting ridiculous http://en.wikinews.org/wiki/Bomb_scare_aboard_plane_caused_by_harmless_prayer_box #security #paranoia

January 5, 2010

14:55 -0500

Hubert Chathi: stupid paranoia wins again http://www.cbc.ca/canada/story/2010/01/05/security-canada-us-airport.html #security

14:35 -0500

Hubert Chathi: "secure" USB drives not-so-secure: http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html #security

December 17, 2009

personal, vote, security

18:07 -0500

Hubert Chathi: Nearly 2/3 of Canadians would #vote online http://www.cbc.ca/politics/story/2009/12/17/ekos-poll.html In related news, nearly 2/3 of Canadians don't understand #security

July 17, 2009

11:40 -0400

Hubert Chathi: wants users to have passwords that are 20 characters long, with at least 8 upper-case letters, 9 lowercase letters, 4 digits, and 8 Unicode symbols above the normal ASCII range... #security

June 18, 2009

personal, privacy, security

14:44 -0400

Hubert Chathi: doesn't like this: http://www.cbc.ca/technology/story/2009/06/18/tech-internet-police-bill-intercept-electronic-communications.html #privacy #security

December 3, 2008

clipperz

bookmark, security, privacy

17:40 -0500

URL:: http://www.clipperz.com/
Tags:: security, privacy

I used to pretty much only use my laptop, which was nice, because all my data was stored in one place. However, I now use a desktop computer at work. For the most part, it's OK, because I don't need to access much work stuff from home, and vice versa. However, occasionally it does happen, and so I'm thinking more about online services.

Clipperz is an online password (or other textual data) manager. Now for most security-conscious people, “online” and “password manager” do not go together. However, Clipperz uses JavaScript to encrypt all your data before sending it to their servers. That means that none of your data can be accessed by Clipperz (or anyone else) unless they know your password.

Even better, Clipperz is free/open-source software, which means that if you really don't trust them, you can audit their source code. Or run your own service.

I had thought about implementing something similar, but Clipperz does more-or-less what I want it to, plus some things that I hadn't thought of. The only downside is that I wish it would have better organizational features (in particular, a hierarchical organization).

November 7, 2008

Government wants good hash

17:09 -0500

No, not that kind of hash. The NIST is holding a contest for a new cryptographic hash function. Vulnerabilities have been found in the most commonly used hash functions, MD5 and SHA-1, and the contest is for the new SHA-3 standard. The deadline for submissions was last Friday, so if you missed it, too bad.

Schneier et al. have submitted their algorithm, called skein, and Rivest et al. have submitted MD6.

The NIST held a similar contest several years back for encryption algorithms, which resulted in Rijndael being officially named as the Advanced Encryption Standard. That contest took 5 years. We'll see how long this one takes. Hashing is generally less well-understood, and harder to do, than encryption.

October 7, 2008

Data mining can't identify terrorists

bookmark, news, security, privacy

20:11 -0400

URL:: http://news.cnet.com/8301-13578_3-10059987-38.html?part=rss&subj=news&tag=2547-1_3-0-20
Tags:: news, security, privacy

(see also: /.)

The National Research Council has released a 352-page report that tells us what most of us knew already: trying to use data mining to find bad guys doesn't work very well. The problem being that there are too many false positives.

Whether or not this will actually stop anyone from trying to do it anyways remains to be seen.