Sunday, May 29, 2011

About TCP protocol flaws

While not about security itself, this topic is about very related question - performance of internet communication (and performance is closely linked to security).

The article discusses alternatives to TCP and includes description of TCP design as part of the discussion. The flaw of the design is caused by the strategy used by TCP stack when detecting undelivered packets - it reduces transmission rates dramatically and increases them back in small steps. This leads to very uneven delivery rate and ineffective transmission in the end.

"Another issue of current TCP implementations is the fact that the AIMD algorithm constantly pushes network loads into an overflow condition. This occurs because the only feedback that the sender gets from the receiver is about whether or not packets are lost along the way. If packets aren’t lost, then the assumption is that the sending rate can be increased; if packets are lost then the sending rate needs to be decreased. In this situation, senders are constantly ramping up data rates to the point when buffer overflow occurs."

Monday, May 2, 2011

Nikon's signature mechanism broken, vendor ignores the problem

According to this article, russian company ElcomSoft (well-known for the lawsuit in which Adobe attempted to attack the company for finding weaknesses in Adobe's DRM) managed to extract the private key from DSLR cameras, produced by Nikon. This allowed the designers to create fake pictures and make them look as real ones by digitally signing these pictures.

Nikon supposedly doesn't react on the problem, ignoring it. Ostrich position of Nikon is bad cause, as much as with ostrich, while protecting the head it leaves the back (and everything below) opened to attacks.

SFTP Net Drive beta is available

The fist public beta version of free SFTP Net Drive application is available for download and use.

SFTP Net Drive is a free tool that lets you work with remote SFTP server as if it were a local disk. You can copy the files to and from that disk or open them directly (without prior downloading) in any application, modify those files and save them back (again without creating a local copy) to the remote server.