Profile

Cover photo
Steven Bellovin
1,710 followers|88,199 views
AboutPostsPhotos

Stream

Steven Bellovin

Shared publicly  - 
 
 
The alpha-geeks speak against the NSA.  I realize this is terse. Please understand that IACR is historically a very apolitical group. 
8 comments on original post
18
6
Tracy Di Marco White's profile photoJo Hastings's profile photo
Add a comment...

Steven Bellovin

Shared publicly  - 
 
"It was 20 years ago today...."

Firewalls and Internet Security: Repelling the Wily Hacker came out exactly 20 years ago.  Fortunately, the book by me and +Bill Cheswick, was completely successful and we no longer need to worry about hackers.

The genesis of the book was a random train ride -- Bill and I ran into each other on our way to a conference in Baltimore.  Bill mentioned he'd been thinking of doing a book; we agreed on a collection of papers and drew up a table of contents.  Fortunately, shortly after that ride +John Wait paid one of his periodic visits to my office to see if I wanted to write a book.  He looked at what I had, nodded, and expressed a distinct lack of interest in a collection of papers.  "I'm sure you can write a real book".  A couple of iterations later, we had a new, completely different table of contents, and the book was underway.  "A chance-meeting, as we say in Middle-earth".  (Yes, if you've read the book you know I can't resist Tolkien quotes.  And if you haven't--the full text of the first edition is available at http://www.wilyhacker.com/1e)
73
8
Wences Michel's profile photoBenoit Flippen's profile photoRichie Primus's profile photoGabriel Díaz López de la llave's profile photo
15 comments
 
I'd been speaking about the Evil Bit for a number of years before I wrote that RFC, but not, I think, until well after the book was out...  (But see https://www.cs.columbia.edu/~smb/3514.html for the reactions that RFC drew.)
Add a comment...

Steven Bellovin

Shared publicly  - 
 
Congratulations to +Jennifer Rexford on her election to the National Academy of Engineering (http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062014).
The nation turns to the National Academies -- National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council -- for independent, objective advice on issues that affect people's lives worldwide.
20
1
Hubert Chao's profile photo
Add a comment...

Steven Bellovin

Shared publicly  - 
 
Also see http://blogs.scientificamerican.com/the-curious-wavefunction/2013/05/01/how-to-repel-students-from-science/

If there's any justice in the world, the school and the local police will hastily back down and try to wipe the egg off their collective faces.  Not only that, Kiera will have a lot more doors not just opened to her, but actively beckoning her in.

I read recently about Zworykin's experience when caught doing unauthorized experiments in his high school's physics lab.  This teacher was smarter, and hired him.  One wonders how different the world would be if the teacher reacted the way this school did.
 
Girl tries science in science class. Is expelled from School. Anyone want to organize a summer science opportunity? This is terrible.  This is a young scientist who needs our support! Google! Invite her to your high school event for girls!!! This is a  young scientist who needs our support! 
5 comments on original post
4
Marc Staveley's profile photoMarty Shannon's profile photoPeter Thoenen's profile photoRussell Nelson's profile photo
4 comments
 
If she was that smart, why was she in a public school at age 16? Both my children were high school dropouts (that is, they stopped bothering to report their homeschooling to the public school). My daughter never got anything less than a 4.0 (and is writing her dissertation), and my son is receiving Presidential honors in college.
Add a comment...

Steven Bellovin

Shared publicly  - 
 
The reasoning makes sense to me, even if weren't from the most authoritative source possible on this topic.
1
George Michaelson's profile photo
 
there is a building outside the Copenhagen central railway station which looks like a Hollerith card. As the light reflects off the open or shut windows, the effect is only increased because they look like the chad holes.

http://en.wikipedia.org/wiki/Radisson_Blu_Royal_Hotel,_Copenhagen

the cute thing is I said to deb "hey.. this looks like a punch card" before I read online the meme...
Add a comment...

Steven Bellovin

Shared publicly  - 
 
 
t appears that Richard Nixon intentionally sabotaged the Paris peace talks in 1968, perpetuating the Vietnam war and killing untold numbers of people, in order to assure his election. Also revealed: LBJ congratulated Mayor Daley for his brutal suppression of protesters in Chicago. Politicians are a species all their own.

http://www.bbc.co.uk/news/magazine-21768668
View original post
3
James Johnston's profile photoDavid Newman's profile photo
2 comments
 
Nixon double-dealing with SVN is not news; only LBJ's response on the tapes is new.

In a similar vein, Reagan's team talked with the Iranians during the 1980 campaign.
Add a comment...
Have them in circles
1,710 people
Suresh Krishnan's profile photo
Nikita Borisov's profile photo
Kushuka Lee's profile photo
Peter Dong's profile photo
Samuel David's profile photo
Jeroen van Gelderen's profile photo
Marck Gomez's profile photo
Geoff Halprin's profile photo
Ray Bellis's profile photo

Steven Bellovin

Shared publicly  - 
 
 I have a new crypto history paper out: "Vernam, Mauborgne, and Friedman: The One-Time Pad and the Index of Coincidence". Here's the abstract:

    _The conventional narrative for the invention of the AT&T one-time pad was related by David Kahn. Based on the evidence available in the AT&T patent files and from interviews and correspondence, he concluded that Gilbert Vernam came up with the need for randomness, while Joseph Mauborgne realized the need for a non-repeating key. Examination of other documents suggests a different narrative. It is most likely that Vernam came up with the need for non-repetition; Mauborgne, though, apparently contributed materially to the invention of the two-tape variant. Furthermore, there is reason to suspect that he suggested the need for randomness to Vernam. However, neither Mauborgne, Herbert Yardley, nor anyone at AT&T really understood the security advantages of the true one-time tape. Col.&mbsp;Parker Hitt may have; William Friedman definitely did. Finally, we show that Friedman's attacks on the two-tape variant likely led to his invention of the index of coincidence, arguably the single most important publication in the history of cryptanalysis. _
6
3
ozan “oz” yigit's profile photoDesiree Miloshevic's profile photo
Add a comment...

Steven Bellovin

Shared publicly  - 
 
New blog post: "Speculation About Goto Fail" (https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html)

Following the logic in my previous post, I don't think that Apple's goto fail was a deliberate attack. Suppose it was, though. What can we learn about the attacker? 

....
4
4
Kristian Köhntopp's profile photoPeter Berlich's profile photoJürgen Christoffel's profile photoMalte Woelky (skynetzero)'s profile photo
2 comments
 
Hi
Add a comment...

Steven Bellovin

Shared publicly  - 
 
A Song of Ice and Aluminum -- the ice won...
4
Christopher Morrow's profile photoSteven Bellovin's profile photoDouglas Schales's profile photoMichael Dillon's profile photo
4 comments
 
Just be thankful that you don't have a tale of ice and copper pipes. Two winters in a row.
Add a comment...

Steven Bellovin

Shared publicly  - 
 
Reading https://support.google.com/hangouts/answer/3111929?p=circles&rd=1, I saw this: "If you use Google+ you can enable specific circles to Hangout with you. When someone from an enabled circle sends you a message or invites you to a video call, you'll be able to Hangout right away without having to accept a Hangout request (Invite) first."   Surely I'm reading this incorrectly--it seems to say that if you enable that feature, certain people (plus whoever has hacked their computers) can turn on your video camera without you having to do anything.  And if that's correct, how does your computer (or, more precisely, the g+ plug-in for video chats) authenticate the request?  Because it's digitally signed by Google?  Or digitally signed by whoever--or whatever agency--has stolen that private key?

Again, I hope I'm misreading this; it's hard to imagine a bigger misfeature.
1
Kristian Köhntopp's profile photoPhil Pennock's profile photoLauren Weinstein's profile photoPeter da Silva's profile photo
10 comments
 
I have never voluntarily joined a hangout, nor enabled anything.

This was on the G+ client on my Nexus 4.

After leaving I proceeded to get several additional calls, which I rejected.

Perhaps Google was testing something.
Add a comment...

Steven Bellovin

Shared publicly  - 
 
 
The +NBA's Jason Collins Changes the Face of Sports Forever By Coming Out.  

Share this image to show your support! Read more: http://bit.ly/NBAcollins
7 comments on original post
2
Add a comment...

Steven Bellovin

Shared publicly  - 
12
5
Tony Watson's profile photoKristian Köhntopp's profile photoSimon Leinen's profile photoGordon Lennox's profile photo
4 comments
 
+Steven Bellovin For what it's worth, I might also note that Google's own domains (google.com and gmail.com) are not yet signed. Furthermore, I tend to view 8.8.8.8 and friends as a passive eavesdropping attack on DNS... So I read the announcement as marketing for the MITM attack. :-)
Add a comment...
People
Have them in circles
1,710 people
Suresh Krishnan's profile photo
Nikita Borisov's profile photo
Kushuka Lee's profile photo
Peter Dong's profile photo
Samuel David's profile photo
Jeroen van Gelderen's profile photo
Marck Gomez's profile photo
Geoff Halprin's profile photo
Ray Bellis's profile photo
Story
Introduction
Columbia University