Posts

Showing posts from April, 2011

Clock skew is the new TCP flag

The surprise in my eyes when I read through the papers about how "clock skew" can be used to fingerprint and identify hidden servers, was similar to the surprise I had when I read about nmap and OS fingerprinting the first time ( 2001 ? ). An eye opener in many ways. It reminded me of Dan Brown's book, "Angels and Demons", where they were on a hunt for the hidden "anti-matter particle" container. If the server broadcasting the image was on the internet, they could have flipped airconditioning ( in addition to lights) across the city to detect "clock skew" and narrow down to which part of the city it could have been. http://www.schneier. com/blog/archives/20 11/04/pinpointing_a_ c.html http://www.schneier. com/blog/archives/20 05/03/remote_physica l.html   http://www.caida.org /publications/papers /2005/fingerprinting /KohnoBroidoClaffy05 -devicefingerprintin g.pdf   http://www.hackitoer gosum.org/2010/HES20 10-rlifchitz-Fingerp rinting-hardwa

Humans are the most insecure device attached to computers..

The attack on RSA made me realize that an old joke needs to be updated. The one about "whats the most secure computer" Old Answer: "A computer which is disconnected from the internet, unpowered, buried under 10 feet of concrete." New Answer "A computer which is disconnected from the internet, unpowered, buried under 10 feet of concrete, which no human knows about" Social engineering has always been the week point. But humans have now taken over internet as being the most unreliable piece of equipment connected to the computer.

Scalability and performance - Its all about the customers

Todd pinged me to see how I felt about  antirez's suggession in his post titled " On the webserver scalability and speed are almost the same thing ". While I disagree with parts of the post, I can understand why he believed what he wrote. If someone were to design a state of the art scalable webserver in place of an existing service (lets say apache) which can deliver content in 50 ms, then by my definition the new webserver should continue to serve that content at 50 ms even if the number of requests handled per second by the service increases 100 times. Antirez's argument is somewhat correct that just because you can scale doesn't mean that customers will always forgive you for slower performance. But as it happens I've seen many different solutions in the last decade which ignored that concern and provided  a scalable yet slower service and still succeeded in generating enough revenue to prove that slower speed may not be a show stopper. In my opinion