October 2009 Archives

Why Higher Ed Should Follow @tonyhawk’s Lead

By Paul Gilzow on October 23, 2009 3:14 PM | | Comments (0) | TrackBacks (0)

4021077653_968fbf03d6_m.jpg I was part of something truly monumental this last weekend. After a week of hide and seek, Tony Hawk ended his Twitter Hunt extravaganza (#THTH) with a surprise demo here in Columbia, MO. Why was this monumental (besides having the Michael Jordan of skateboarding here in the home of the University of Missouri), and more importantly, how is this relevant to us in Higher Education? Because it was one of the most successful uses of Social Networking/Media I have seen to date. (photo by Genevieve Howard)

Continue reading Why Higher Ed Should Follow @tonyhawk's Lead.

Converting .ttf to .eot in Windows

By Jason Rollins on October 21, 2009 10:11 AM | | Comments (0) | TrackBacks (0)

command.png @font-face is all the rage in the CSS world these days and I’ve been dying to give it a whirl. This entry won’t discuss the best practices in terms of CSS syntax or the ins-and-outs of @font-face; that has been done in numerous other places which I will link to at the bottom of this entry. I’d rather focus on a specific Windows-related issue.

Continue reading Converting .ttf to .eot in Windows.

Attack against whole disk encryption

By Paul Gilzow on October 20, 2009 3:25 PM | | Comments (0) | TrackBacks (0)

Many universities have implemented whole disk encryption on university-owned laptops in order to provide protection against data loss if the laptop is lost or stolen. Truecrypt and PGP Whole Disk Encryption are two common software solutions used. However, recent research from Invisible Things Lab has come up with a proof of concept (dubbed Evil Maid Attack) that would allow them to hook into the encryption software and sniff the password.

Attack happens like this:

  1. Attacker has access to your laptop for 1 to 2 minutes (like a maid at a hotel)

  2. Attacker boots laptop from a USB stick and infects the system with the Evil Maid Sniffer

  3. Victim returns to the hotel room, boots laptop, enters in disk encryption password (that is now sniffed by Evil Maid)

  4. Victim leaves laptop in hotel room again

  5. Attacker can now boot laptop again off the USB stick and acquire the sniffed passphrase.

At this point the attacker can either steal the laptop altogether, or boot it up and steal specific information.

So, what can you, as an end user, do to alleviate this attack? Short of never leaving the laptop physically unprotected (i.e. place it in a safe when you leave the room), not much. I know that sounds pessimistic, but the harsh reality is that whenever a device leaves your hands, it has become insecure. Assume, that even with encryption, you are still at risk.

(via Invisible Things)

« September 2009 | Main Index | Archives