passwords

How many bits of secrecy does a typical person have in memory?

After thinking long and hard, I came to the conclusion that all security ends up being physical security. Currently we assume a person’s body is physically secure, with memory being the most secure part of all. Common security systems, such as passwords, try to extract as much of this secrecy out of us as possible and store it somewhere less secure like on a remote server. This is horrible. I don’t care that it’s stored in hashed form: if we only have a finite amount of secrecy to give, then once we reveal it in a form that can be brute-forced, Moore’s Law will ensure that at some point it will be brute-forced and will no longer be secret.
(Read the article)

airline ticket name change

A self-styled consumer advocate claims here that “the non-transferrability rule for tickets is bogus … it has absolutely nothing to do with security and everything to do with money.” He says this on account of somebody who was able to get a name changed on a ticket after paying $800 in fees. The best you can do? No, because in this amazing comment below:

Krys
$800?? Wow. Here is what I did and it only cost me about $60.
I had similar problem. The ticket was in my name and i bought it in June 08 for the trip to Poland in December. In July, my grandmother died. Since we did not have a lot of money I decided to give my ticket to my dad. I ran into the same problems trying to change name on the ticket. After whole week of trying I gave up. I looked into changing my dad’s legal name. And there it was. A process that took about 1 week, $60 in cash, 15 minutes in front of judge and we had my dad’s first name changed to mine. I was honest with the judge as to why he wanted to change his first name (my dad doesnt speak english). Once we got the approval, we went to secretary of state to get him new license, once we got that we got him new green card (took 2 months) and there he went. He now changed his name back for another $60.

sometimes small is better (part 1)

… in air travel.

This is part of the Toronto visit series.

I sit in this small airport in the middle of Downtown Toronto, wondering why airports can’t all be like this. YTZ (Billy Bishop) is small, with a single terminal (if it can be called that). There is just one commercial airline, also a small company. And its planes are small, four-seat-across propeller aircrafts that I’ve sworn not to take again after one particularly unpleasant ride years ago, but am taking anyway. More on that later.
(Read the article)

IT security policy “research”

“Researchers find way to steal encrypted data,” screams this article in the New York Times.

Oh do they? But come… on…, what is this ridiculous demonstration? Okay, okay, it’s the IT Policy School over there, let’s cut them some slack. What they’ve come up with is a way to read seated DRAM under OS lock without specialized hardware, and if they said that, it would be fine.
(Read the article)