There are two bugs in the Skein code. They are subtle and esoteric, but they're there. We have revised both the reference and optimized code -- and provided new test vectors -- on the Skein website. A revision of the paper -- Version 1.1 -- has new IVs, new test vectors, and also fixes a few typos in the paper....

It's been suggested. For the record, I don't want the job. Since the election, the newspapers and Internet have been flooded with unsolicited advice for President-elect Barack Obama. I'll go ahead and add mine. [...] And by "revamp," I mean "start over." Most security experts agree that the rigmarole we go through at the airport is mere security theater, designed...

Fascinating: The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS [The Human Oxytocin Mediated Attachment System], the human brain makes us feel good when we help others--this is the basis for attachment to family...

Really: Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day. Certainly this won't last: Bhandari said he expects the spam volume to recover to normal levels in about...

Mostly sardines, but some squid....

Interview with me from Datamation....

My Guardian article also appeared in The Hindu. Nothing I haven't said before....

Not a threat people think a lot about....

It's a tough security trade-off. Guests lose their hotel room keys, and the hotel staff needs to be accommodating. But at the same time, they can't be giving out hotel room keys to anyone claiming to have lost one. Generally, hotels ask to see some ID before giving out a replacement key and, if the guest doesn't have his wallet...

Using the incremental update feature of pdf files to watch a malware author create his exploit....

I was in Dubai last weekend for the World Economic Forum Summit on the Global Agenda. (I was on the "Future of the Internet" council; fellow council members Ethan Zuckerman and Jeff Jarvis have written about the event.) As part of the United Arab Emirates, Dubai censors the Internet: The government of the United Arab Emirates (UAE) pervasively filters Web...

Excellent paper on the economics of spam. The authors infiltrated the Storm worm and monitored its doings. After 26 days, and almost 350 million e-mail messages, only 28 sales resulted -- a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to $100. Taken together, these conversions...

Fascinating: Paul Kelly and colleagues at Loughborough University found that a disulfur dinitride (S2N2) polymer turned exposed fingerprints brown, as the polymer reaction was initiated from the near-undetectable remaining residues. Traces of inkjet printer ink can also initiate the polymer. The detection limit is so low that details of a printed letter previously in an envelope could be read off...

I haven't seen the paper yet. EDITED TO ADD (11/11): A really good article, and the actual paper....

Aspidistra was a World War II man-in-the-middle attack. The vulnerability that made it possible was that German broadcast stations were mostly broadcasting the same content from a central source; but during air raids, transmitters in the target area were switched off to prevent them being used for radio direction-finding of the target. The exploit involved the very powerful (500KW) Aspidistra...

Nice....

First terrorists, then trash cans: More than half of town halls admit using anti-terror laws to spy on families suspected of putting their rubbish out on the wrong day. Their tactics include putting secret cameras in tin cans, on lamp posts and even in the homes of 'friendly' residents. The local authorities admitted that one of their main aims was...

The Indian police are having trouble with SIM card cloning: Police had no idea that one SIM card could be used simultaneously from two handsets before the detention of Nazir Ahmed for interrogation. Nazir was picked up from Morigaon after an SMS from his mobile number in the name of ISF-IM claimed responsibility for Thursday's blasts in Assam. Nazir had...

Really interesting post by Orin Kerr on whether, by taking hash values of someone's hard drive, the police conducted a "search": District Court Holds that Running Hash Values on Computer Is A Search: The case is United States v. Crist, 2008 WL 4682806 (M.D.Pa. October 22 2008) (Kane, C.J.). It's a child pornography case involving a warrantless search that raises...

People have been sending me this paper that "proves" that P != NP. These sorts of papers make the rounds regularly, and my advice is to not pay attention to any of them. G.J. Woeginger keeps a list of these papers -- he has 43 so far -- and points out: The following paragraphs list many papers that try to...