Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmAttack of the week: searchable encryption and the ever-expanding leakage function2019-02-13T14:20:18+00:00
https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/
jmIn all seriousness: database encryption has been a controversial subject in our field. I wish I could say that there’s been an actual debate, but it’s more that different researchers have fallen into different camps, and nobody has really had the data to make their position in a compelling way. There have actually been some very personal arguments made about it. The schools of thought are as follows:
The first holds that any kind of database encryption is better than storing records in plaintext and we should stop demanding things be perfect, when the alternative is a world of constant data breaches and sadness.
To me this is a supportable position, given that the current attack model for plaintext databases is something like “copy the database files, or just run a local SELECT * query”, and the threat model for an encrypted database is “gain persistence on the server and run sophisticated statistical attacks.” Most attackers are pretty lazy, so even a weak system is probably better than nothing.
The countervailing school of thought has two points: sometimes the good is much worse than the perfect, particularly if it gives application developers an outsized degree of confidence of the security that their encryption system is going to provide them.
If even the best encryption protocol is only throwing a tiny roadblock in the attacker’s way, why risk this at all? Just let the database community come up with some kind of ROT13 encryption that everyone knows to be crap and stop throwing good research time into a problem that has no good solution.
I don’t really know who is right in this debate. I’m just glad to see we’re getting closer to having it.
(via Jerry Connolly)
]]>cryptography attacks encryption database crypto security storage ppi gdpr search databases via:ecksorhttps://pinboard.in/https://pinboard.in/u:jm/b:1935af4cab15/BBC News - How one man turns annoying cold calls into cash2013-08-29T09:04:50+00:00
http://www.bbc.co.uk/news/technology-23869462
jmOnce he had set up the 0871 line, every time a bank, gas or electricity supplier asked him for his details online, he submitted it as his contact number. He added he was "very honest" and the companies did ask why he had a premium number. He told the programme he replied: "Because I'm getting annoyed with PPI phone calls when I'm trying to watch Coronation Street so I'd rather make 10p a minute." He said almost all of the companies he dealt with were happy to use it and if they refused he asked them to email.
]]>spam cold-calls phone ads uk funny premium-rate ppihttps://pinboard.in/https://pinboard.in/u:jm/b:3a587afd99e4/Hotels to pay royalties on music - The Irish Times - Fri, Dec 14, 20122012-12-14T14:31:49+00:00
http://www.irishtimes.com/newspaper/breaking/2012/1214/breaking27.html
jmhotels ppi ireland music money royaltieshttps://pinboard.in/https://pinboard.in/u:jm/b:8e26f042899d/