Eavesdropping on Encrypted Compressed Voice

Posted on 2008.06.20 by Alan

Eavesdropping on Encrypted Compressed Voice: “Impressive.”

David Robson has a writeup on New Scientist’s site that talks about recovering content based on packet size. Knowing how sounds are encoded can help the attackers guess at the sounds that led to the observed packet sizes.

The software breaks down a typed phrase to be listened for into its constituent sounds using a phonetic dictionary. A version of the phrase is then pasted together from audio clips of phonemes taken from a library of example conversations, before finally being made into a stream of VoIP-style packets.

Indeed. The short version is that this appears to be a creative application of traffic analysis to recover language structure. The packets in the compressed domain can reveal hints as to the phonemes and utterances under the encoding.

(Via Schneier on Security.)

U.S. motorists brave Mexico border violence for fuel | U.S. | Reuters

Posted on 2008.06.20 by Alan

U.S. motorists brave Mexico border violence for fuel.

A recent article about cross-border shopping for fuel in southern California inadvertently points out how miserably people perform risk-reward calculations. One driver, when asked about his cross-border fuel shopping, in light of rampant drug violence in Sinaloa MX these days says:

“‘I know they could kill me or kidnap me, but the cost of filling my tank in the United States is just too much,’ he said.”

Either they are full of false bravado, rampantly over-estimating the risks of being attacked or kidnaped, or simply ignoring the risks and making (in my opinion) a poor choice. I could not imagine that my life is worth a few hundred dollars in fuel savings. Which I suppose leads me back to the over-estimating (or at least over-stating) the risks to satisfy a self-interested machismo laced agenda.

(Via Reuters.)

Quicksilver and screen locking.

Posted on 2008.06.01 by Alan

A few people have asked me how I lock my screen so conveniently when I walk away from my Mac. Here are two approaches that I’ve used. Both of them have relied on Quicksilver, a wonderfully powerful application that I cannot stand to be without.

Method 1 : Activate the Screen Saver on Hotkey activation.

This one is slightly easier than the login window tip, since it does not require any supporting scripts. There are reasons to prefer one over the other, so I leave the choice to the reader. This one is easy, but requires that you set the security properties so that your screen saver requires a password to disable – otherwise there is no security benefit to this variant.

Fire up Quicksilver’s Preference panel and select Triggers:
Create a new item that opens
/System/Library/Frameworks/ScreenSaver.framework/Resources/ScreenSaverEngine.app
when the hotkey is pressed. You will have to navigate to this file in order to have Quicksilver find it. (Start by typing / S y s and navigate the directories.

That’s it. Once you press your hotkey, you should see a little Quicksilver indication and the screen saver will start. Make sure you select a screen saver AND that you have your security settings to request a password to turn off the screen saver.

Method 2 : Activate the Login Window on Hotkey activation.

Using a tiny glue script (in bash, thankyouverymuch), we tell the session manager to suspend the current login session. I do not know if this requires fast-user switching to be activated, but I have it setup on my Mac.

I prefer this one since it uses less CPU and puts the machine in a state where someone else could use it more readily — this is handy at home where the machine is truly multiuser.

Open the Quicksilver Triggers panel (as above).
Create ~/bin/LoginScreen.sh. Open Terminal.app and paste this into it:
```
[ -d ~/bin ] || mkdir ~/bin
cd ~/bin
cat > LoginScreen.sh << EOF
#!/bin/bash
x="/System/Library/CoreServices/Menu Extras/User.menu/Contents/Resources/CGSession"
[ -x "$x" ] && "${x}" -suspend
EOF
chmod +x ~/bin/LoginScreen.sh
```
If you are familiar with shell scripts and having your own bin directory, feel free to create LoginScreen.sh you own way. You can also just download it here, right click and save as in a well known place.
Create a hotkey trigger that will launch LoginScreen.sh.
Navigate to the script (perhaps in ~/bin) and get Quicksilver to launch it when you press the hotkey.

LoginScreen.sh

This is a super simple script to tell the session manager to return to the login screen (suspend the active user's login session).

#!/bin/bash
x="/System/Library/CoreServices/Menu Extras/User.menu/Contents/Resources/CGSession"
[ -x "$x" ] && "${x}" -suspend

polyphase.ca

In Soviet Canuckistan, Blogs Read You!

Monthly Archives: June 2008