Digression #2 -- Anyway, back to the current Crypto-Gram newsletter, I think the SHA-1 (Secure Hash Algorithm) announcement on Bruce's blog failed to catch the current issue but it's making its rounds -- , ,  etc. How will this impact Joe Average? Not much would be my guess. Any issues would be solved at the back end, and by the frequent download/upgrade software cycles that Joe Average goes through. Since SHA-1 is used in digital certificates, your worst nightmare may be something like this Dilbert strip (expires in 30 days) except that it would happen via an official, digitally signed e-mail!
Ok, enough distractions. Back to the interesting articles and links from Crypto-Gram.
- A Rand study concluded that outfitting aircraft with missile defense is not a good security trade-off [ABC News] -- He paraphrased the ABC article. The article mentions that a study concluded that the missile system would be too costly to implement. But of course. I would assume that these systems are MILSPEC (Military Specification) compliant or very close to that. What this means is that there are very stringent engineering requirements that the system has to comply with; after all, you do want it to work when you need it yes? You can probably drive down the production cost with volume if (and I say if) all airlines adopt it, but your maintenance and support cost won't go away. If I were in the position of the airlines, I might even question if the money could be better spent in other areas such as improving intelligence (primarily because then, I [airline] wouldn't have to foot the bill!).
- PS2 cheat codes hacked [Adam Fields weblog] -- Now this is what I call a brute force attack! The game hacked was "Grand Theft Auto - San Andreas". Check it out!
- Weakest Link -- This reminds me more of the "Suggestion Scheme" we have here in Singapore ... but in a temperate setting of course! Ha!
- Bank sued for unauthorized transaction [SunSentinel] -- While it helps to create disincentives, shrewd banks would take advantage of this incident by promoting some fraud protection mechanism or scheme. It's not that different from internet credit card fraud is it?
- The curse of the secret question -- Yes, good advice here on not using the "common answers" to the "common questions" as a means of retrieving your forgotten password. I usually use an "uncommon answer" to a "common question", the "uncommon answer" being as complicated as my original password i.e. if my original password is 'password', then my back-up password would be, you guessed it, 'password'! Just kidding! But seriously, if I'm to make an analogy, just look at the "toll gate" picture from Weakest Link. The policy governing how complex your password should be is like the toll gate, the common question to retrieve your password is likened to the wheel tracks on the field!
Technorati tag: YC Security