Always approach that person behind the counter with a smile and always asked them how they are doing. Not only is it pleasant, but it will get you better service as well. Most people just take them for granted – if you do not, it will stand out in a good way.
This is key when your seat reservation on that last minute, packed flight you had to book for business is awful. You could use electronic checkin, but you know there are better seats being held open (not available via electronic checkin) and you want one of them.
-
In DIY news,
Here’s how to make a PS/2 keyboard line keylogger
This was of interest because of a generic saying my buddies and I used to have when I was younger that revolved around attacks, such as social engineering techniques, key loggers, implementation errors, and rubber hoses, that often violated the assumptions of threat models and rendered the security mechanisms of a system moot – we used to say “yeah right, crypto this.” The term derived from our feeling that crypto was often not the weakest link and that claims like such and such crypto being used meant a product/system/whatever was amazingly “secure” were often effectively meaningless. (This previous post comes to mind.)
-
In this same groove… FUD about “crypto for the masses” still exists, as this article about Skype illustrates. But, the interesting item is this.
[...]For the FBI, keyloggers are a popular choice; they obviate the need for backdoors or for sophisticated computer solutions. They simply steal the password. The same (metaphorical) approach may give them access to Skype calls; rather than breaking the encryption, they simply grab the key and decrypt the data.
There we go. “Yeah right, crypto this.”
Also of note,
The FCC ruled last year that VoIP providers need to offer backdoors into their systems for wiretapping reasons, but Skype isn’t based in the US and so is not subject to the rule. It is subject to the EU’s new Data Retention Directive, though, which may require them to retain call logs and decryption keys for a period of time. If so, real-time monitoring of Skype calls would still be out, but after-the-fact review of recorded calls from people of interest might well be possible for the government.
Key escrow. (Even without key escrow, 1024 bit RSA keys are coming within reach – that means a passive adversary could archive the calls, crack the 1024 bit RSA keys used during key transport (thus compromising the 256 bit AES keys used for data encryption), and satisfy those voyeuristic tendencies.)
via cypherpunks
-
A simple crypto implementation error.
The Perl Crypt::CBC module versions through 2.16 produce weak
ciphertext when used with block encryption algorithms with blocksize >
8 bytes.
Ciphertext encrypted with Crypt::CBC using the legacy RandomIV header
and the Rijndael cipher is not secure. The latter 8 bytes of each
block are chained using a constant effective IV of null, meaning that
the ciphertext will be prone to differential cryptanalysis,
particularly if the same key was used to generate multiple encrypted
messages. Other >8-byte cipher algorithms will be similarly affected.
Whoops, that ain’t AES in CBC mode. 
-
This article discusses IBM’s belief and moves in the “software as service” area.
The growing interest in hosted applications, or software as a service, among corporate customers has prompted IBM to focus its ISV program on hosting, said Buell Duncan, IBM’s general manager of ISV and developer relations.
“Software as service” fits with this old post, in particular as another example for the following paragraph.
Selling software is so last century, much like long distance call fees. New software is distributed for free virtually immediately after its development, regardless of a company’s desire to sell it, and we could chat about ways to control that, but I don’t think there is much point in that. Services are what matter now.[...examples...]
Coming from a small business background, the real-world example of a successful “software as service” that always comes to mind is salesforce.com. They built a great CRM that should be at the top of the list for consideration by any small business looking at deploying such a tool.
Thanks to Potter for the pointer.
-
And, everyone here enjoyed this post by Lindstrom.
Don’t be first. Be best… at something. It doesn’t even have to be a product function – it could just as easily be customer service or price.
Amen.
(Should I start splitting these into seperate posts?)
[...] (Obviously, these settings also do nothing against someone that can grab the data before it enters, or after it exits, the SSL/TLS session. For example, spyware can grab sensitive credentials off your machine, rendering SSL/TLS moot. That is neither here nor there for this post though – see “yeah right, crypto this” or pretty pictures.) [...]
[...] Also, it should be noted that this means of gathering an IP address is not an attack on TOR itself. The attack exploits tools being used outside of TOR, in particular a web browser with proxy support (somewhat) and enabled Java support – the end-user is not being protected by, or using, Tor and Privoxy, as their traffic is not being routed through these proxies on its way to the outside world. (Yeah right, crypto this?) [...]
[...] “Yeah right, crypto this!” [...]