28.03.2006 23:30

Comments off

Comments are off temporarly - I need some time to test my new comment script. The change is caused by the amount of spam I need to delete from comments.

Posted by Mara | Permalink | Categories: General

23.03.2006 22:15

RFID malware

RFID tags have very small storage. It's easy to assume they can't be used to attack other systems. It's not true. Data from the tags can be modified to cause buffer overflows, SQL injections and other attacks. The reason? Software that receives the data do not always parse it correctly.

It's nothing new. It's nothing new to read opinions like the one below (written until first big crash of the new system):

While we have some hesitation in giving the ''bad guys'' precise information on how to infect RFID tags, it has been our experience that when talking to people in charge of RFID systems, they often dismiss security concerns as academic, unrealistic, and unworthy of spending any money on countering, as these threats are merely ''theoretical.''

Posted by Mara | Permalink | Categories: Security

12.03.2006 14:40

PIN security by example

Techweb article shows possible reasons for the recent Citibank PIN scandal (large number of PINs for debit cards were stolen and new cards released in UK, Russia and Canada).

It happens (according to the article) that PIN encrypted data and keys used to encrypt them are kept at the same place. The question is why the PIN data is stored at all...

Posted by Mara | Permalink | Categories: Security

05.03.2006 19:17


Klik is a way to run programs under Linux without installing them. You don't compile anything, just download binaries (with dependencies handled).

Klik works using cramfs images (what means that you don't have to be root to download and install programs, root is needed only to allow mounting). It's a nice way to try experimental software or to run something when installation is not an option.

Posted by Mara | Permalink | Categories: Software

01.03.2006 21:03

User-level filesystems

Unix and Unix-like systems support a large number of filesystems. Recently new solutions have started to appear. They allow a filesystem written in user mode. For user it means no need to compile a new kernel, for programmers -- easier debugging and development.

Examples of such filesystems? Imagine a FTP directory mounted just like a local one. It's possible. Midnight Commander has it. The thing is that the interface was non-standard.

An example of a multi-purpose interface allowing to write a new filesystem easily is FUSE. Sumit Singh from IBM has written an introductionary paper about it.

FUSE is used for: GMailFS, gphoto2-fuse-fs (digital camera filesystem), Cvs-FS, SshFS and many more. You can see the whole list at the project's page.

Posted by Mara | Permalink | Categories: Software