We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.

Plus it’s your feedback, a huge roundup & so much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

• HD Video
• Mobile Video
• MP3 Audio
• OGG Audio
• YouTube
• HD Torrent
• Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers demonstrate how PINs and other info can be gathered through phone movement

• Team was able to crack four digit-PINs with 70 percent accuracy on the first try, with 100 percent accuracy by try number five

• A site accessed with malicious code can open the device to such sensor-based monitoring working in the background when browser tabs are left open.

• The team suggests a number of ways to help combat vulnerabilities, including regularly changing PINs and quitting out of any apps not currently in use

• Dan suggests: Simple way around this: randomize the display of numbers on the keypad. I think this should be standard for all PIN entry. I recall seeing this somewhere, years ago, but I don’t recall where. I’ve always wondered why I’ve never seen it again. If the numbers have a narrow field of vision, nobody can watch over your shoulder.

• A better article on the issue

• The PDF of the study

• From the PDF: . In the latest Apple Security Updates for iOS 9.3 (released in March 2016), Safari took a similar countermeasure by “suspending the availability of this [motion and orientation] data when the web view is hidden”x

Computer security is broken from top to bottom

• Robert Watson spoke at the very first BSDCan

• There are three main fundamental causes of insecurity: technology complexity, culture, an the economic incentives of the computer business.

Deep Dive starts with Dan’s first blog post about PostgreSQL

• PostgreSQL

• PostgreSQL < 9.6 has DATADIR is the same for all versions

• PostgreSQL 9.6+ on FreeBSD, each major version has it’s own DATADIR

• Installing in a FreeBSD jail means you can easily upgrading another jail, then start using it

Feedback

• 10 messages this past week. Requests for deep dives on PostgreSQL, DNS, ZFS, Jails.

• The guy who asked us about that free DNS service, wrote in to say he has no connection with them.

• Building pfsense box

• Suggestion for a Simple Inventory & Change Management Software

• Raidz-1 with hotspare vs raidz-2

Round Up:

• Hacker sets off all 156 emergency sirens in Dallas

• Allan Jude Interview with Wendell

• The TP-Link M5350 has a XSS exploit via text message. Responds with admin password in clear text. Original article in German

• Building a NAS