With the death of Michael Jackson last week, Google saw an unprecedented level of Michael Jackson related searches. The most impressive thing about Google’s response is that they apparently deploy captcha tests on demand only when they think there is an automated attack going on. As someone who hates having to type in those letters printing in the most unreadable manner possible, I think this is a great step up.

In case anyone is keeping score at home, SharePoint strips alternate data streams off of files. SharePoint (usually) stores its documents in a SQL database, so my guess is that’s what does it.

I recently finished “High: Confessions of an International Drug Smuggler“. The author, Brian O’dea, is a former (and now reformed) drug smuggler and addict who pulled off a few very large smuggling operations. In one of his largest ones he tried to bring in huge quantities of drugs from Asia via boat without being picked up by the feds who had been tipped off to his activities by an informant. They also needed to communicate with boats as far away as the South China sea and Alaska from the US mainland. They decided to use Single-sideband radio, which was used by licensed amateurs. They set up an antenna in a campground powered by a mobile home. It had the power they needed for communications, but the government knew about single-sideband, and was constantly monitoring for people using it for illicit purposes.

Since it was 1985, they didn’t have access to modern cryptography. To avoid the feds, they needed something which not only encoded their information, but also sounded innocuous. Here’s what they did. They all bought copies of Websters dictionary. When they wanted to send a sentence, they looked up each word in the dictionary, noted the page number, and the entry it was on the page. If the word appeared on page 795, and was the 23rd word on the page then he would call the ship (or the home base in the other direction) and ask them to check part number 795-23. Doing this over and over again any eavesdropper would think it was just a ship requesting information on a list of parts.

Analyzing this, it is actually surprisingly good. At first I assumed that because it’s a basic substitution cipher, usually the easiest type of cipher to break, it would crumble quickly. However, substitution ciphers are usually broken because they don’t hide the distribution of letters, and their distribution can be easily matched to the distribution of English letters. In this case they’re not substituting letters, but words. There are only 26 letters in English, but far more words. Given the extremely small amount of ciphertext, it is unlikely that a proper distribution could ever have been discovered. While a straight substitution cipher has very little entropy, and the ciphertext is still going to be highly structured, the limited amount of ciphertext would make cryptanalysis very hard. Someone trying to attack the system would probably only break it if they managed to get a person to talk or captured a boat and noticed the dictionary lying conspicuously close to the radio equipment.

A few weeks ago Trustwave reported on a new piece of malware that targets ATMs. This sparked a conversation in Bruce Schneier’s blog about the value of running a well known commercial OS (like Windows) on a limited use device (like an ATM or voting machine). The debate has centered around the fact that commercial operating systems have well known vulnerabilities which can be targeted by black hats. This has of course raised calls of security through obscurity.

I’ve been doing a lot of work in this area of late, and I think the debate is missing the point. Writing a custom OS for a custom piece of hardware is not more secure than a Windows OS on a Intel chip because it’s less common, it’s more secure because it does less. A windows machine is general purpose – it can be used to surf the web, read PDF documents, play movies, edit images, send email, and transfer files. An ATM should do none of those things. If you were making an ATM from scratch and not using Windows, you would undoubtedly write a very small custom OS that would only perform the dozen or so functions that an ATM actually needs to do. It is not more secure because it is obscure, it is more secure because there is less of it to be insecure.

Why is it that so many people use ping when they want to find out the IP address of a system? True ping does do an lookup on the name and display the results along with the ping results, but using nslookup (or host on a unix system) does the same thing with far less overhead.