Blog Archives

Respondus LockDown Browser

The Respondus LockDown Browser is an application designed to “lock down” a system for the duration of an exam. It claims to display a full screen browser that cannot be minimized, prevents task switching, stops “over 400 screen capture, messaging,

Posted in Computer Science, Hacks, Cracks, and Attacks Tagged with: , , ,

Cyber Attacks on Power Grid? Maybe, Maybe Not

I was debating posting something about this since I thought it was very chicken little, but it made it to slashdot again so my hopes of it dying quietly in the night are broken. The Wall Street Journal had a

Posted in Hacks, Cracks, and Attacks Tagged with: , ,

Users are the weakest link

Not a week goes by without some new problem surfacing in day to day communication security. The newest stems from a black hat talk by Moxie Marlinspike of thoughtcrime.org. This attack is not sky-is-falling immediate action required bad, but is instead of the depressingly presentable variety. Moxie’s new attack is actually quite elegant and has a retro vibe to it in exploiting the most vulnerable link in any security chain: the user.

His setup for the attack examines website deisng as it relates to SSL security. He observes users do not type HTTPS, but rather encounter it from HTTP such as login boxes which post to HTTPS urls. Seperating the feedback mechanisms into positive and negative, he also notes triggering the positive mechanisms (little locks, changing colored address bars, etc) is not so bad while triggering negative mechanisms (invalid security certificate, problem encountered with the website’s certificate etc) are game killers.

Posted in Hacks, Cracks, and Attacks Tagged with: , ,