Profile cover photo
Profile photo
Steven Bellovin
1,779 followers
1,779 followers
About
Steven's posts

Post has shared content
The alpha-geeks speak against the NSA.  I realize this is terse. Please understand that IACR is historically a very apolitical group. 

Post has attachment
 I have a new crypto history paper out: "Vernam, Mauborgne, and Friedman: The One-Time Pad and the Index of Coincidence". Here's the abstract:

    _The conventional narrative for the invention of the AT&T one-time pad was related by David Kahn. Based on the evidence available in the AT&T patent files and from interviews and correspondence, he concluded that Gilbert Vernam came up with the need for randomness, while Joseph Mauborgne realized the need for a non-repeating key. Examination of other documents suggests a different narrative. It is most likely that Vernam came up with the need for non-repetition; Mauborgne, though, apparently contributed materially to the invention of the two-tape variant. Furthermore, there is reason to suspect that he suggested the need for randomness to Vernam. However, neither Mauborgne, Herbert Yardley, nor anyone at AT&T really understood the security advantages of the true one-time tape. Col.&mbsp;Parker Hitt may have; William Friedman definitely did. Finally, we show that Friedman's attacks on the two-tape variant likely led to his invention of the index of coincidence, arguably the single most important publication in the history of cryptanalysis. _

Post has attachment
"It was 20 years ago today...."

Firewalls and Internet Security: Repelling the Wily Hacker came out exactly 20 years ago.  Fortunately, the book by me and +Bill Cheswick, was completely successful and we no longer need to worry about hackers.

The genesis of the book was a random train ride -- Bill and I ran into each other on our way to a conference in Baltimore.  Bill mentioned he'd been thinking of doing a book; we agreed on a collection of papers and drew up a table of contents.  Fortunately, shortly after that ride +John Wait paid one of his periodic visits to my office to see if I wanted to write a book.  He looked at what I had, nodded, and expressed a distinct lack of interest in a collection of papers.  "I'm sure you can write a real book".  A couple of iterations later, we had a new, completely different table of contents, and the book was underway.  "A chance-meeting, as we say in Middle-earth".  (Yes, if you've read the book you know I can't resist Tolkien quotes.  And if you haven't--the full text of the first edition is available at http://www.wilyhacker.com/1e)
Photo

New blog post: "Speculation About Goto Fail" (https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html)

Following the logic in my previous post, I don't think that Apple's goto fail was a deliberate attack. Suppose it was, though. What can we learn about the attacker? 

....

Post has attachment
A Song of Ice and Aluminum -- the ice won...
PhotoPhotoPhoto
2014-02-24
3 Photos - View album

Post has attachment
Congratulations to +Jennifer Rexford on her election to the National Academy of Engineering (http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062014).

Post has attachment
Reading https://support.google.com/hangouts/answer/3111929?p=circles&rd=1, I saw this: "If you use Google+ you can enable specific circles to Hangout with you. When someone from an enabled circle sends you a message or invites you to a video call, you'll be able to Hangout right away without having to accept a Hangout request (Invite) first."   Surely I'm reading this incorrectly--it seems to say that if you enable that feature, certain people (plus whoever has hacked their computers) can turn on your video camera without you having to do anything.  And if that's correct, how does your computer (or, more precisely, the g+ plug-in for video chats) authenticate the request?  Because it's digitally signed by Google?  Or digitally signed by whoever--or whatever agency--has stolen that private key?

Again, I hope I'm misreading this; it's hard to imagine a bigger misfeature.

Post has shared content
Also see http://blogs.scientificamerican.com/the-curious-wavefunction/2013/05/01/how-to-repel-students-from-science/

If there's any justice in the world, the school and the local police will hastily back down and try to wipe the egg off their collective faces.  Not only that, Kiera will have a lot more doors not just opened to her, but actively beckoning her in.

I read recently about Zworykin's experience when caught doing unauthorized experiments in his high school's physics lab.  This teacher was smarter, and hired him.  One wonders how different the world would be if the teacher reacted the way this school did.
Girl tries science in science class. Is expelled from School. Anyone want to organize a summer science opportunity? This is terrible.  This is a young scientist who needs our support! Google! Invite her to your high school event for girls!!! This is a  young scientist who needs our support! 

Post has shared content
The +NBA's Jason Collins Changes the Face of Sports Forever By Coming Out.  

Share this image to show your support! Read more: http://bit.ly/NBAcollins
Photo

Post has shared content
The reasoning makes sense to me, even if weren't from the most authoritative source possible on this topic.
Wait while more posts are being loaded