RSS Feeds:
HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed
Become a supporter on Patreon:
Show Notes:
Researchers demonstrate how PINs and other info can be gathered through phone movement
-
Team was able to crack four digit-PINs with 70 percent accuracy on the first try, with 100 percent accuracy by try number five
-
A site accessed with malicious code can open the device to such sensor-based monitoring working in the background when browser tabs are left open.
-
The team suggests a number of ways to help combat vulnerabilities, including regularly changing PINs and quitting out of any apps not currently in use
-
Dan suggests: Simple way around this: randomize the display of numbers on the keypad. I think this should be standard for all PIN entry. I recall seeing this somewhere, years ago, but I don’t recall where. I’ve always wondered why I’ve never seen it again. If the numbers have a narrow field of vision, nobody can watch over your shoulder.
-
From the PDF: . In the latest Apple Security Updates for iOS 9.3 (released in March 2016), Safari took a similar countermeasure by “suspending the availability of this [motion and orientation] data when the web view is hidden”x
Computer security is broken from top to bottom
-
Robert Watson spoke at the very first BSDCan
-
There are three main fundamental causes of insecurity: technology complexity, culture, an the economic incentives of the computer business.
Deep Dive starts with Dan’s first blog post about PostgreSQL
-
PostgreSQL < 9.6 has DATADIR is the same for all versions
-
PostgreSQL 9.6+ on FreeBSD, each major version has it’s own DATADIR
-
Installing in a FreeBSD jail means you can easily upgrading another jail, then start using it
Feedback
-
10 messages this past week. Requests for deep dives on PostgreSQL, DNS, ZFS, Jails.
-
The guy who asked us about that free DNS service, wrote in to say he has no connection with them.
-
Suggestion for a Simple Inventory & Change Management Software