i || o

Jan 21

[video]

Jan 06

“Distraction is the only thing that consoles us for our miseries, and yet it is itself the greatest of our miseries.” — Blaise Pascal

Nov 28

[video]

Nov 14

Neil Degrasse Tyson on faster-than-light neutrinos

• bluengreen7: What are your thoughts on the reports of neutrinos traveling faster than the speed of light?
• neiltyson: Three options:
• 1) Mistake in the data
• VERY DISTANT 2) New particle traveling backwards through time. No need to modify relativity.
• EVEN MORE DISTANT 3) Need to modify Relativity.

Nov 11

[video]

Nov 08

[video]

Nov 07

Amazon War Story #1: Jeff Bezos -

People like Jeff are better regarded as hyper-intelligent aliens with a tangential interest in human affairs.

Nov 04

“Remember: sometimes the people who are not on the same page as you have simply read more of the book than you have.” — Not on the Same Page

Nov 01

How to Break XML Encrypttion -

We show that an ad­versa­ry can de­crypt a ci­pher­text by per­for­ming only 14 re­quests per plain­text byte on aver­a­ge. This poses a se­rious and truly prac­tical se­cu­ri­ty thre­at on all cur­rent­ly used im­ple­men­ta­ti­ons of XML En­cryp­ti­on. In a sense the at­tack can be seen as a ge­ne­ra­liza­t­i­on of pad­ding ora­cle at­tacks (Vau­den­ay, Eu­ro­crypt 2002). It ex­ploits a subt­le cor­re­la­ti­on bet­ween the block ci­pher mode of ope­ra­ti­on, the cha­rac­ter en­co­ding of en­cryp­ted text, and the re­s­pon­se be­ha­viour of a Web Ser­vice if an XML mes­sa­ge can­not be par­sed cor­rect­ly.

“the old is dying and the new cannot be born” — Antonio Gramsci

Oct 09

“By the way, nice sig; mind if I steal it? :P
> > A: Yes.
> > >Q: Are you sure?
> > > >A: Because it reverses the logical flow of conversation.
> > > > >Q: Why is top posting frowned upon?” — Someone’s sig. !

Oct 04

The security impact of a new cryptographic library (pdf) -

AES-128, RSA-2048, etc. are widely accepted standards.

Obviously infeasible to break by best attacks in literature.

Implementations are available in public cryptographic libraries such as OpenSSL.

Common security practice is to use those implementations. But cryptography is still
a disaster! Complete failures of confidentiality and integrity

We have designed+implemented a new cryptographic library, NaCl (“salt”), to address
the underlying problems. http://nacl.cace-project.eu, http://nacl.cr.yp.to: source
and extensive documentation.

Sep 23

I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users’ Privacy -

In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other realtime communication applications may have similar privacy issues. We first design a scheme that calls an identified targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the filesharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and filesharing usage of tens of millions of identified users.

Aug 16

“

To farishte poochhenge mehshar mein paakbaazon se
Gunah kyoon na kare, kya khuda rahim na tha?

Trust me, the angels will ask the pious on judgement day:
“Why didn’t you sin? Didn’t you trust in God’s mercy?”

Aug 12

Mont Saint-Michel. More pics here.