Showing posts with label research. Show all posts
Showing posts with label research. Show all posts

Monday, June 03, 2013

Smart or Dumb: The OSX update saga

Have you ever logged into OSX at gotten a message about needing updates although you are sure you have applied them already? How about a message saying that you need to accept certain packages like iPhoto in the update manager but when you try you are told they have been purchased with another account and you need to login with that one to install them? Looking at the Apple OSX support forums across a number of sites I can tell you don't bother answering, I know it is a rhetorical question. These errors happen to a lot of people and all the time. Eventually some other forum user will suggest some bit of command line trickery that has nothing to do with the problem and the errors go away.
Read more »
By No comments: Links to this post
Labels: , , , ,

Monday, June 30, 2008

More fodder for the arms race...

http://tech.slashdot.org/article.pl?sid=08/06/30/1155205&from=rss

A long, long time ago (5 years I think) I did a talk on why anomaly based IDSes do not work. If given the ability to spend a few days analyzing traffic you can evade them easily. I am guessing the same holds true for "throttling traffic even though it’s encrypted". If you look at to two points of data that can be reliably read, packet size and frequency, those can be varied greatly by an attacker without introducing much latency or overhead.

Like most things in security produced in labs, this technique will only be efficient as long as no one knows it has been implemented.
By No comments: Links to this post
Labels: ,
Subscribe to: Posts (Atom)