Thursday, January 30, 2014

Cunning, that

One of the problems with playing "defensive security" (as opposed to "offensive security" a.k.a. hacking) is that people play too nicely.  That may be changing:
Together with Thomas Ristenpart of the University of Wisconsin, [Ari Juels] has developed a new encryption system with a devious streak. It gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data.
This would be a neat addition to Stegonography tools.


Dave H said...

The best example I've ever experienced of that kind of thinking was the old MS-DOS computer game Starflight. Their copy protection scheme was a decoder wheel packed with the game. To launch your starship in-game, you'd be challenged with three words which you had to dial in on your wheel. You had to enter the resulting number correctly to get launch authorization. If you didn't enter it correctly you could still launch, fly to another planet, and mine all kinds of valuable minerals. But on your way home you'd get pulled over by a cop wearing a fedora inside his spacesuit helmet, and if you couldn't pass another challenge the game ended with you in prison.

Best demo I ever played, and when I got busted I went out and bought the game.

WoFat said...

I'd make a terrible hacker. I get confused SO easily.

newrebeluniv said...

Dave, I remember how early gamers used to get xerox copies of those game wheels.

I'd like to see a really offensive layer that sends an EMP back along the line to the hacker frying his system or having it send his whole browser history to his mom's email address.

People keep hacking because there is no real penalty. No pain.


Borepatch said...

Dave, I lost a lot of hours playing Starflight, back in the day.

Dave H said...

You and me both, BP. Once I knew what nid berries were good for, I was unstoppable.

Siege said...

My thoughts went straight to the same place as Hale's did, Attack Barriers and Intrusion Countermeasures ( ) and the like, that will disable or burn out the system trying to perform the hack.