INFOSEC Year in Review
I just saw a link in a discussion at the Security Catalyst (thread is here) where Rebecca Harold pointed out the INFOSEC Year in Review compiled by Dr. Mich Kabay.
The project’s page is at http://www2.norwich.edu/mkabay/iyir/index.htm.
Last year’s report can be downloaded in PDF form from here: http://www2.norwich.edu/mkabay/iyir/2005.pdf.
At 525 pages, it’s not short reading, but even just a quick scan shows a wealth of useful information.
This was the first nugget that caught my eye. It’s dedicated to the paranoia in each of us:
KEYBOARD NOISE ALLOWS INFERENCE ABOUT WHAT’S BEING TYPED
Using sophisticated artificial intelligence programs, scientists from UC Berkeley have been able to deduce what people are typing simply from the sounds of the different keys. Doug Tygar and colleagues say that they don’t need to study the individual keyboard — the programs use the differences in sounds of keys on the outer side of the keyboard vs the sounds of the inside keys. The microphones can be outside the room being monitored. Over time, the software gets better, and “Once our algorithm has ten minutes’ worth of typed English, it can recover arbitrary text, such as passwords,” says Tygar.
Gotta love it.