Liudvikas Bukys

Linux Today: Debian Investigation Report After Server Compromises

[Full-Disclosure] GnuPG’s ElGamal signing keys compromised:

In January 2000, as part of version 1.0.2, the GnuPG code was changed
to create ElGamal keys which work more efficiently for encryption
(selecting a smaller x secret exponent and using a smaller k for
encryption). While making this change the problem with signing keys
was accidentally introduced: the same small k for encryption was also
used for signing. This can be used for a cryptographic attack to
reveal the private key (i.e. the secret exponent x) if a signature
made using that key is available. Such a signature is always
available for primary ElGamal keys because signatures created with
that key are used to bind the user ID and other material to the
primary key (self-signatures). Even if the key was never used for
signing documents it should be considered compromised.

Scientific American: What a Little Limeade Can Do — Owning the rights for frozen juice to treat angina:

Method of treating chest pain, patent 6,457,474, Carl E. Hanson of St. Paul, Minn. This inventor has patented lime juice to replace nitroglycerin as a treatment for chest pain such as angina pectoris…. The lime juice can also be administered intravenously or by the angina sufferer’s placing the frozen concentrate directly into his or her mouth.

“The spammers have discovered the hole.”

Stan Liebowitz: The Economist: The QWERTY Myth:

A fine tale, but largely fiction. The paper by Messrs Liebowitz and Margolis shows, in the first place, that the first evidence supporting claims of Dvorak’s superiority was extremely thin. The main study was carried out by the United States Navy in 1944 (doubtless a time when every second counted in the typing pools). The speed of 14 typists retrained on Dvorak was compared with the speed of 18 given supplementary training on QWERTY. The Dvorak typists did better — but it is impossible to say from the official report whether the experiment was properly controlled. There are a variety of oddities and possible biases: all of them, it so happens, seeming to favour Dvorak.

But then it turns out — something else the report forgot to mention — that the experiments were conducted by one Lieutenant-Commander August Dvorak, the navy’s top time-and-motion man, and owner of the Dvorak layout patent.

Another source server compromise,
this one at Debian

Steven Searle succinctly compares and contrasts the Auto-ID and Ubiquitous ID projects in The Auto-ID vs. the Ubiquitous ID vs. ?:

In fact, the Ubiquitous ID and the Auto-ID are very different in their technologies and their scope. The Ubiquitous ID scheme is a “meta code,” i.e., a code of existing and new codes, that gives a 128-bit number to both physical and non-physical things and is intended to operate across multiple network types. The Auto-ID scheme is a “new product code” that gives a 64/96-bit number to physical products and is intended to operate mainly via the Internet. Moreover, they use different scanning frequencies: the Ubiquitous IDs use a dual band, 2.45 GHz for RFID and 13.56 MHz for eTRON smart cards; while the Auto-IDs use 915 MHz for RFID. Here’s a chart of the main differences.

Note that the Auto-ID Center at MIT has evolved into something like a trade group, EPCglobal Inc.

Ed Felten in Freedom to Tinker: Flaky Voting Technology cites
The
Washington Post: Fairfax Judge Orders Logs Of Voting Machines Inspected regarding yet another specific example of a buggy or fraudulent voting machine in action, and concludes:

You could hardly construct a better textbook illustration of the importance of having a voter-verifiable paper trail. The paper trail would have helped voters notice the disappearance of their votes, and it would have provided a reliable record to consult in a later recount. As it is, we’ll never know who really won the election.

An interesting page: Unique ID – The numbers that control your life, that includes details on how various ID numbers are constructed, including some that embed data in the ID number.

Dan Gillmor’s eJournal – AT&T’s Anti-Anti-Spam Patent:

“A system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam.) An address on a list is assigned to one of m sublists, where m is an integer that is greater than one. A set of m different messages are created. A different message from the set of m different messages is sent to the addresses on each sublist. In this way, spam countermeasures based upon duplicate detection schemes are foiled.”

The mind boggles at the willingness of the U.S. Patent & Trademark Office to grant patents to the most trivial ideas. Some commentators note that perhaps the patent can be used for good and not evil.