(Via Dvorak Uncensored.)
A group of girls claiming to be affiliated with controversial Russian art collective “Voina” (of penis bridge fame) thrust kisses on female law enforcement officers as part of a bizarre statement of protest against the Russian police’s attempt to soften its image through re-branding.
Yubico, the leader in open source strong authentication, has successfully tested its innovative YubiKey with Apple’s iPad.
The iPad is recognized by many as a game changing device positioned between the laptop and the smart phone which sold one million devices in it’s first month. As this device is likely to be used with many applications requiring strong authentication, the YubiKey is the ideal partner.
Currently, the YubiKey has to be connected to the dock of the iPad using Apple’s Camera Connection kit which provides a standard USB port. Once connected, the iPad recognizes the YubiKey as a standard keyboard. Used with the iPad’s Safari browser, the user navigates to a site which requires the YubiKey. In the login field the user touches the YubiKey button and a securely encrypted one time pass code is generated and sent to the site. The YubiKey requires no client software as it uses the standard USB keyboard interface for sending the pass codes.
The popular single sign-on service LastPass is working on adding YubiKey support to their iPad app. Yubico look forward to other iPad application developers taking advantage of the YubiKey when easy and strong authentication is a benefit.
Big Brother Tees, sporting a variety of slogans relevant to airport security: “Nobody is safer when you take my water,” “Cast Member of Airport Security Theater,” “You can only detect and respond,” “Technology can’t solve security problems,” “Franklin’s Essential Liberty,” “What airport security procedures miss.”
Someone will come along any moment in the comments to explain that if you get hassled for wearing one of these, it’s your own fault for antagonizing them.
But let’s be clear: the TSA’s job is to keep airplanes safe. Criticizing the TSA does not undermine the safety of airplanes. Hurting a screener’s feelings does not endanger our skies. Refusing to believe in the pseudoscience of binary explosives made in airplanes from the contents of your toothpaste tube does not constitute noncompliance with the magic-anti-terror-baggie rule.
(Via Boing Boing.)
Sorry. The MUNI display can’t accept the VNC connection until someone dismisses the Flash memory error.
(Via kung fu grippe.)
Ed Bott zdnet.com
IE6 users, it’s time to move on. Your IT staff has had more than three years to come up with alternatives to IE6. If they can’t handle it, maybe it’s time to replace them, too.
How SSLs can be spoofed in man-in-the-middle attacks.
Bandwidth for Security Now is provided by AOL Music and Spinner.com.Running time:
(Via Security Now.)
An anonymous reader writes “Nine weeks after Moxie Marlinspike presented at Defcon 17, null-prefix certificates that exploit the SSL certificate vulnerability are beginning to appear. Yesterday, someone posted a null-prefix certificate for www.paypal.com on the full-disclosure mailing list. In conjunction with sslsniff, this certificate can be used to intercept communication to PayPal from all clients using the Windows Crypto API, for which a patch is still not available. This includes IE, Chrome, and Safari on Windows. What’s worse, because of the OCSP attack that Moxie also presented at Defcon, this certificate cannot be revoked.”
Update: 10/06 23:19 GMT by KD: Now it seems that PayPal has suspended Marlinspike’s account.