Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Volmarias
Dec 31, 2002

I'm sure I'll think of something.

The_Franz posted:

gotta love the ol' "your punishment for not going to school is being forced to not come to school"

"Your parents now have to figure out wtf to do with you during this time, when they would normally be at work, they will punish you far more effectively than we will"

There's in school suspensions too, where you just get to sit in a classroom and do absolutely nothing for 7 hours.

Adbot
ADBOT LOVES YOU

Jabor
Jul 16, 2010

#1 Loser at SpaceChem

Volmarias posted:

"Your parents now have to figure out wtf to do with you during this time, when they would normally be at work, they will punish you far more effectively than we will"

yeah, but that stops working once you're talking about kids that are old enough for the parents to just say "whatever just stay home and play videogames all day"

suffix
Jul 27, 2013

Wheeee!

ymgve posted:

Someone claims to have broken the SIMON cipher on shorter keylenghts

https://eprint.iacr.org/2019/474

but the whole document is...weird

https://twitter.com/colmmacc/status/1127100892883312640

https://crypto.stackexchange.com/qu...sim/70471#70471
argues that the examples could have been found by brute force search without too much trouble

Sagebrush
Feb 26, 2012

a non-peer-reviewed, non-institutionally-affiliated, single-authored e-publication on the topic of government-sponsored cryptography, which mentions a conspiracy theory in its opening paragraph, might be making some incorrect assumptions and drawing unsupported conclusions??


you

don't

say

suffix
Jul 27, 2013

Wheeee!
there's three listed authors though? :confused:

The_Franz
Aug 8, 2003

suffix posted:

there's three listed authors though? :confused:

do they even exist? googling the last two names turns up nothing related to security or crypto research, aside from a link to that paper

Sagebrush
Feb 26, 2012

yeah i think they may all be fake names

- no hits on google scholar for any of the three authors
- no relevant hits on google proper either, for that matter
- each name is super generically english, yet the paper reads like it's written by an EFL writer
- the very first three words in the paper read "SIMON et SPECK" instead of "SIMON and SPECK", which is a bizarre error to make unless you translated it from french or the author is unconsciously code-switching
- i can find no reference to the "alba3" group they say they're part of
- but "alba3" is a pun in french: alba-trois, albatross

i think it's a wacko conspiracy theorist and/or amateur mathematician whose first language is french who has added a bunch of academic embellishments to his zine to try and get his ideas more traction than stapling them to a telephone pole can provide

Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.



suffix posted:

https://crypto.stackexchange.com/qu...sim/70471#70471
argues that the examples could have been found by brute force search without too much trouble

uh

https://twitter.com/colmmacc/status/1127107937367781376

infernal machines
Oct 11, 2012

the future has already arrived. it's just not evenly distributed yet.
Are y'all sure this isn't one of those NN generated papers?

Soricidus
Oct 21, 2010
freedom-hating statist shill

Sagebrush posted:

yeah i think they may all be fake names

- no hits on google scholar for any of the three authors
- no relevant hits on google proper either, for that matter
- each name is super generically english, yet the paper reads like it's written by an EFL writer

it's literally matthew, mark, luke, and john (the evangelists), plus james (the brother of jesus)

the thing is either purestrain crazy or a rather well-constructed troll

haveblue
Aug 15, 2005



Toilet Rascal

this pi remake sucks

mystes
May 31, 2006

haveblue posted:

this timecube remake sucks

Lutha Mahtin
Oct 10, 2010

Your brokebrain sin is absolved...go and shitpost no more!

Jabor posted:

yeah, but that stops working once you're talking about kids that are old enough for the parents to just say "whatever just stay home and play videogames all day"

that's what happened to me the one time i got suspended. i think i worked a few extra hours at my job too. the situation sucked overall but the "no school for 3 days" part was alright

Shame Boy
Mar 2, 2010

i've got a question about old cryptography that y'all can probably answer: so i know that in world war 2, the allies used that weird robotic voice SIGSALY system for their highest-level communications. what did the axis powers use for that same role? was it just some more complicated variant of a rotor-based system like the enigma machine?

Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano
the russians? they used a pencil.

Soricidus
Oct 21, 2010
freedom-hating statist shill

Shame Boy posted:

i've got a question about old cryptography that y'all can probably answer: so i know that in world war 2, the allies used that weird robotic voice SIGSALY system for their highest-level communications. what did the axis powers use for that same role? was it just some more complicated variant of a rotor-based system like the enigma machine?

I donít think there was an exact equivalent, ie a cipher developed specifically for top level communications between different axis powers. they didnít trust each other that much or work together as closely as the uk and usa did. for example, German communications with japan pretty much all went through the Japanese ambassador - hitler didnít talk to hirohito directly or anything - and the ambassador just used standard Japanese codes, which were terrible and regularly broken by the allies.

so the closest thing was probably the german Lorenz cipher, which hitler used personally to communicate with military commands. it was a rotor-based cipher but quite different from enigma - it was basically an early stream cipher operating on 5-bit characters. the british figured out how it worked just from a few instances of key reuse, then built colossus to break it.

Computer Serf
May 14, 2005
Buglord

Shame Boy posted:

i've got a question about old cryptography that y'all can probably answer: so i know that in world war 2, the allies used that weird robotic voice SIGSALY system for their highest-level communications. what did the axis powers use for that same role? was it just some more complicated variant of a rotor-based system like the enigma machine?


maybe your answer is in this fine book on vocoders
http://howtowreckanicebeach.com/?page_id=14

edit: :thunk: the enigma machine?

Computer Serf fucked around with this message at 01:42 on May 13, 2019

Shame Boy
Mar 2, 2010

Soricidus posted:

I donít think there was an exact equivalent, ie a cipher developed specifically for top level communications between different axis powers. they didnít trust each other that much or work together as closely as the uk and usa did. for example, German communications with japan pretty much all went through the Japanese ambassador - hitler didnít talk to hirohito directly or anything - and the ambassador just used standard Japanese codes, which were terrible and regularly broken by the allies.

so the closest thing was probably the german Lorenz cipher, which hitler used personally to communicate with military commands. it was a rotor-based cipher but quite different from enigma - it was basically an early stream cipher operating on 5-bit characters. the british figured out how it worked just from a few instances of key reuse, then built colossus to break it.

yeah ok, that fits with the gist i was getting when looking into it myself, it just seemed weird that i couldn't find anything that flat out said like, "this thing served a similar purpose as SIGSALY"

SIGSEGV
Nov 4, 2010


IIRC the inherent dysfunctions of the axis meant that the KM in the med gave away a lot of italian navy plans and action because the german codes were broken but (at least at one point) the italian ones weren't, because the germans had to play Senior Partner all the time and so on

akadajet
Sep 14, 2003

Rufus Ping posted:

the russians? they used a pencil.

how'd the russian mathematician cure his constipation?
he worked it out with a pencil.

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat
im picturing a balding profressory-type dude squatting in front of a chalkboard doing math proofs and its cracking me up

spankmeister
Jun 15, 2008






Squatting is the Russian's natural pose.

Fallen Hamprince
Nov 12, 2016

gonna be a huge dumb pedant and point out that the 'russians used a pencil' thing is a myth. the soviets used grease pencils because a graphite pencils crumble in low g and poo poo up electronics and air filters. the 'astronaut pen' was developed as a gimmick by a pen company and eventually adopted by both programs. ballpoint pens work fine in low g, they only don't work when you turn them upside down in normal gravity

Soricidus
Oct 21, 2010
freedom-hating statist shill

Shame Boy posted:

yeah ok, that fits with the gist i was getting when looking into it myself, it just seemed weird that i couldn't find anything that flat out said like, "this thing served a similar purpose as SIGSALY"

sigsaly was a special case because they had these awkward civilians in charge who knew everything and were drat well going to chat about it all over the phone and nobody was going to convince them to exchange written messages instead, so the allies just had to figure out a way to make that secure.

pretty much everyone else was willing to put up with written messages, or mitigated the fact that speech wasnít secure by using codewords and so on. (I believe the Germans and Russians did both develop voice encryption devices, or at least obfuscation? but they werenít very secure or widely used.)

Volmarias
Dec 31, 2002

I'm sure I'll think of something.

From the Cyberpunk thread but seems worth posting here too. Not a gently caress up but pretty neat.

flakeloaf
Feb 26, 2003

Still better than android clock

https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114

quote:


A system to transfer money online ó used over a million times a day in Canada ó is not as safe as it advertises, says a Royal Bank customer who had $1,734 stolen during an e-transfer.

The theft occurred after Anne Hoover of Peterborough, Ont., e-transferred money from her RBC account to her friend Fran Fearnley, only to have a fraudster intercept the transaction and divert the money to his own account at another bank.

"I always use e-transfer," says Hoover. "I thought it was a safe way to send money."

An RBC manager says an internal investigation indicated that Fearnley's email account had been hacked, and when Hoover sent the e-transfer, the fraudster figured out the answer for the security question necessary to deposit the money, and then redirected it to a different bank account.

The bank blamed the theft on Fearnley's email security.

Hoover's security question to her friend was: "Who is my favourite Beatle?" The fraudster would have had a one in four chance of getting it right ó John, Paul, George or Ringo. In a test of RBC's Interac system, Go Public was given four chances to answer the security question correctly.

In a statement, AJ Goodman, RBC's director of external communications wrote: "As part of our electronic access agreement, clients commit to using passwords and security questions that are unique and cannot be easily guessed or obtained by others."

In a statement, the company's senior manager of external communications, Adrienne Vaughan, wrote that Canadians must "protect their email and passwords so they do not fall victim to cybercrime and they can safely transact online."

Popa did a quick search of Fearnley's email on https://www.haveibeenpwned.com a website that tracks data breaches and reports almost eight billion occasions when personal accounts have been exposed. The same email address could be acquired from several different sources.

Popa found her email was compromised on two sites when hackers attacked LinkedIn and Verification.io

"That means people have found those e-mail lists. They have sold them to others," says Popa. "Different people have taken what they've needed from those lists, and that's how they got compromised, very likely."

The cybersecurity expert says financial institutions and Interac need to require something called "two-factor authentication" to better protect people's accounts.

"Every time you log into an account you need to use a second factor," explains Popa. "A code that arrives as a text message or as a separate email to a different email address that is only valid for a few seconds or a few minutes after it's received."

:bang:

a good part of my job is spent standing at the front of teh room telling people not to do basically any of the things in this article

flakeloaf fucked around with this message at 16:21 on May 13, 2019

Potato Salad
Oct 23, 2014

nobody cares


flakeloaf posted:

https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114


:bang:

a good part of my job is spent standing at the front of teh room telling people not to do basically any of the things in this article

Security Question: What color is Barney the Purple Dinosaur?

infernal machines
Oct 11, 2012

the future has already arrived. it's just not evenly distributed yet.

flakeloaf posted:

https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114


:bang:

a good part of my job is spent standing at the front of teh room telling people not to do basically any of the things in this article

security is a process, and a big part of that process is you not being an absolute goddamned idiot just every second of every day

haveblue
Aug 15, 2005



Toilet Rascal
what are the odds that you don't type in the name of your favorite beatle but pick it from a dropdown

flakeloaf
Feb 26, 2003

Still better than android clock

^^nah the interac Q&A is just two freeform text fields

infernal machines posted:

security is a process, and a big part of that process is you not being an absolute goddamned idiot just every second of every day

i don't phrase it quite like that but yes that is generally the message

it's weird the things people will think of very differently when you say it with your "i'm saying something obviously ridiculous" voice

the tech will not protect you, do not trust it

evilweasel
Aug 24, 2002

flakeloaf posted:

https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114


:bang:

a good part of my job is spent standing at the front of teh room telling people not to do basically any of the things in this article

security questions are such a poorly thought out idea

"nobody will ever know what the mascot of your high school was, knowing that is good enough to reset your password!"

haveblue
Aug 15, 2005



Toilet Rascal
mega lol if you put the truth as answers to security questions

flakeloaf
Feb 26, 2003

Still better than android clock

i think that's one of hte more infuriating parts of this article. It's not a security question, it's a text box where the recipient has to type a passphrase and the sender can either send them a hint (gently caress no what is wrong with your brain) or utter gibberish, because the arrival of $1800 probably isn't a surprise and you can mention the password when you tell the person the money is coming

Q: fieopwje hiasfj pwefhj23fiodajf o2038foisljfjasdfdaspfjfjdfjjjjjjjjjjjjjj

A: eighteen kilograms of poo poo in a thimble

e: i tried ending the answer with a sql injection type phrase (single-quote or one equals one) and got a cloudflare block message lol

flakeloaf fucked around with this message at 16:57 on May 13, 2019

flakeloaf
Feb 26, 2003

Still better than android clock

evilweasel posted:

security questions are such a poorly thought out idea

"nobody will ever know what the mascot of your high school was, knowing that is good enough to reset your password!"

to log in to the pay system, i need an encrypted smartcard and a password

the security question i face after i log in with those things is "what is your employee id number", the number anyone who knows how to use a smartcard can easily learn

Sagebrush
Feb 26, 2012

haveblue posted:

what are the odds that you don't type in the name of your favorite beatle but pick it from a dropdown

It's not strictly a security question. When you do an interac e-transfer in Canada, you put in the recipient's email address and it sends them a "claim your money" link. There is no verification of the email address, so you have to also write a question where the answer is known only to you and the recipient. This question can be whatever you want, though, so there's nothing stopping you from making it "what is 2+2." I haven't done one in a while, but I'm pretty sure that once you get the email and answer the question correctly, that's the end of it and you can deposit the money into any account you want. Really it's just surprising that no one has reported on it until today

Yes, obviously the correct response is to make both fields a bunch of hexadecimal junk but that isn't how people's brains work

Sagebrush fucked around with this message at 17:02 on May 13, 2019

Schadenboner
Aug 15, 2011

by Shine

Fallen Hamprince posted:

gonna be a huge dumb pedant and point out that the 'russians used a pencil' thing is a myth. the soviets used grease pencils because a graphite pencils crumble in low g and poo poo up electronics and air filters. the 'astronaut pen' was developed as a gimmick by a pen company and eventually adopted by both programs. ballpoint pens work fine in low g, they only don't work when you turn them upside down in normal gravity

Goddamnit, I was going to Kramer the gently caress on in with an :actually: on your pedantry but you said low g not zero g. :mad:

obstipator
Nov 8, 2009

by FactsAreUseless
e: ooos wrong thread

obstipator
Nov 8, 2009

by FactsAreUseless

haveblue posted:

what are the odds that you don't type in the name of your favorite beatle but pick it from a dropdown

lol

flakeloaf
Feb 26, 2003

Still better than android clock

Sagebrush posted:

I'm pretty sure that once you get the email and answer the question correctly, that's the end of it and you can deposit the money into any account you want. Really it's just surprising that no one has reported on it until today

yup, that's exactly how it goes

an email arrives saying "Hi, [whatever the sender calls you], Sendername sent you $420.69 (CAD). Click here to deposit to the bank we know you bank with, or click there to put it somewhere else"

once you have that email you're a facebook "getting to know you with 50 questions" quiz away from fabulous riches

if you've lost control of your email account, surprise surprise, someone else can read your emails and click things you sent, but yes, a clunker like that is exactly the sort of thing cbc marketplace "investigates"

cutting-edge stories this year include: "Inuvialuit pay too much for southern food", "FTD are shite" and "Always-on security cameras and microphones in your house are watching and listening to you"

flakeloaf fucked around with this message at 17:12 on May 13, 2019

Adbot
ADBOT LOVES YOU

dpkg chopra
Jun 9, 2007

Fast Food Fight

Grimey Drawer
I seem to remember clearXchange or whatever it was called before becoming Zelle letting you send money like this and they didn't even have a security question.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply