D-kriptik Blog

So, I recently saw Juno for the first time, and was surprised and happy to hear Kimya Dawson permeate the soundtrack. And, I ate at wd~50, which was, well, an experience - highly recommended if you want to try something truly new.

Anyway, yes, still here. Unfortunately, this rare act of posting will be limited to a quickie - a few miscellaneous items accumulated over a couple of months.

-

A few headaches…

1. Wow, just wow.
   

   The result of this is that for the last two years (from Debian’s “Etch” release until now), anyone doing pretty much any crypto on Debian (and hence Ubuntu) has been using easily guessable keys. This includes SSH keys, SSL keys and OpenVPN keys.

   Update immediately. And be sure to do things such as regenerate all persistent keys that used random data taken from the vulnerable Debian OpenSSL during their generation - some of this type of work is handled automatically when updating your packages (e.g., OpenSSH server keys), but only you know what you have done outside this automated window.

2. I booted up a Windows XP box only to find that some resource of the Logitech QuickCam software had become corrupted, and this resulted in a nasty msi installer loop hitting the box as soon as a user logged in. I found this tool extremely useful in cleaning up the mess.
   

   [..]With the Windows Installer CleanUp Utility, you can remove a program’s Windows Installer configuration information. You may want to remove the Windows Installer configuration information for your program if you experience installation (Setup) problems. For example, you may have to remove a program’s Windows Installer configuration information if you have installation problems when you try to add (or remove) a component of your program that was not included when you first installed your program.

3. Much to my very unpleasant surprise, I upgraded a server over here from Ubuntu Gutsy to Hardy and discovered networking for Xen DomU’s in Ubuntu Hardy 8.04 is somewhat broken. I ended up using the 2.6.24-17-xen kernel from the hardy-proposed repository, but you could also just stick with the Gutsy Xen kernel for DomU’s.
4. When I upgraded to Gnome 2.22 on a particular FreeBSD 7.0 system, certain things, like the clock applet, did not work. This was due to the dbus daemon not being started. Then, the hal daemon and Gnome did not want to play nice together. This page provided the information necessary to get them playing nice - in this particular instance, not mounting procfs was the problem.

Side note, I was helping someone install Ubuntu recently, and it brought to my attention yet again how much I take what I consider to be basic skills for granted when using *nix. Small things, like running an executable from within your environment path versus by directly specifying the path (the most confusing to many example of this seems to be trying to run an executable in the current working directory), are just not common knowledge. Even the whole command line itself is often scary and bizarre to people. This makes it extremely difficult to provide useful guidance for people to blindly follow (posts on this blog should never be assumed to provide step-by-step instructions - they are just some basic notes at best, as extremely helpful comments like this make obvious). And, even Ubuntu is not as trivial to use as it would appear to many that work in the *nix world.

-

Three useful Ubuntu and FreeBSD pages…

USN.

These are the Ubuntu security notices that affect the current supported releases of Ubuntu.[...]

FreeBSD VuXML.

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML).[...]

FreeBSD Security Advisories.

This web page contains a list of released FreeBSD Security Advisories.[...]

-

Story-telling is one of the fundamental tools in a teacher’s toolkit. Having done quite a bit of consulting, I have learned how invaluable a good story is to driving home particular points and building relationships. There is something fundamental about how stories effect us, perhaps stemming from our innate ability to empathesize and our massive pattern recognition horse-power.

Anyway, this site has a useful set of stories. [via exi]

Here are some stories, analogies, research findings and other examples that provide wonderful illustrations for learning, and inspiration for self-development.

In fact, the first story mirrors a recent post.

An old lady had a hearing-aid fitted, discreetly, hidden underneath her hair.

A week later she returned to the doctor for her check-up.

“It’s wonderful - I can hear everything now,” she reported very happily to the doctor.

“And is your family pleased too?” asked the doctor.

“Oh I haven’t told them yet,” said the old lady, “And I’ve changed my will twice already..”

This reminds me of a story I often tell about someone I met a while back, a graduate student in psych. She was studying aspects of the initial meeting/courtship routines of people, and would go out to bars and such and interact with potential suitors. Here these suitors were, following their typical pickup routines and sometimes spilling more than their drinks, and here she was, analyzing their interaction and subsequently writing up notes to be turned into research papers, etc.

-

NIST draft SP 800-108 has been released.

SP 800-108

DRAFT Recommendation for Key Derivation Using Pseudorandom Functions

NIST announces the release of draft Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions. This Recommendation specifies techniques for key derivation from a secret key using pseudorandom functions (PRF). Please submit comments to draft-SP800-108-comment@nist.gov with “Comments on SP800-108″ in the subject line. The comment period closes on June 28, 2008.

Yet more KDFs.

-

They just don’t quit, do they?

1

This is the first article analyzing the security of SHA-256 against fast collision search which considers the recent attacks by Wang et al. We show the limits of applying techniques known so far to SHA-256. Next we introduce a new type of perturbation vector which circumvents the identified limits. This new technique is then applied to the unmodified SHA-256. Exploiting the combination of Boolean functions and modular addition together with the newly developed technique allows us to derive collision-producing characteristics for step-reduced SHA-256, which was not possible before. Although our results do not threaten the security of SHA-256, we show that the low probability of a single local collision may give rise to a false sense of security.

2

We study the security of step-reduced but otherwise unmodified SHA-256. We show the first collision attacks on SHA-256 reduced to 23 and 24 steps with complexities $2^{18}$ and $2^{50}$, respectively. We give an example colliding message pair for 23-step SHA-256. The best previous, recently obtained result was a collision attack for up to 22 steps. Additionally, we show non-random behaviour of SHA-256 in the form of pseudo-near collisions for up to 31 steps, which is 6 more steps than the recently obtained non-random behaviour in the form of a semi-free start near-collision. Even though this represents a step forwards in terms of cryptanalytic techniques, the results do not threaten the security of applications using SHA-256.

3

[...]First we describe message modification techniques and use them to obtain an algorithm to generate message pairs which collide for the actual SHA-256 reduced to 18 steps. Our second contribution is to present differential paths for 19, 20, 21, 22 and 23 steps of SHA-256. We construct parity check equations in a novel way to find these characteristics. Further, the 19-step differential path presented here is constructed by using only 15 local collisions, as against the previously known 19-step near collision differential path which consists of interleaving of 23 local collisions. Our 19-step differential path can also be seen as a single local collision at the message word level. We use a linearized local collision in this work. These results do not cause any threat to the security of the SHA-256 hash function.

4

[...]We build on the work of Nikoli\’{c} and Biryukov and provide a generalized nonlinear local collision which accepts an arbitrary initial message difference. This local collision succeeds with probability 1. Using this local collision we present attacks against 18-step SHA-256 and 18-step SHA-512 with arbitrary initial difference. Both of these attacks succeed with probability 1. We then present special cases of our local collision and show two different differential paths for attacking 20-step SHA-256 and 20-step SHA-512. One of these paths is the same as presented by Nikoli\’{c} and Biryukov while the other one is a new differential path. Messages following both these differential paths can be found with probability 1. This improves on the previous result where the success probability of 20-step attack was 1/3. Finally, we present two differential paths for 21-step collisions for SHA-256 and SHA-512, one of which is a new path. The success probability of these paths for SHA-256 is roughly $2^{-15}$ and $2^{-17}$ which improves on the 21-step attack having probability $2^{-19}$ reported earlier. We show examples of message pairs following all the presented differential paths for up to 21-step collisions in SHA-256. We also show first real examples of colliding message pairs for up to 20-step reduced SHA-512.

Completely academic, but you know what they say - attacks only get better.

-

Interesting stuff.

NSA/CSS periodically releases declassified documents or indexes to these documents to the public. The documents listed on this page were located in response to numerous requests received by NSA on the various subjects stated and for which there appears to be a general public interest. The date after each entry reflects the most current release date of that material. When additional material for a given subject is updated then a new subject index date is posted. To select a subject index, click on the subject title.

In particular, the Cryptologic Spectrum Articles and Cryptologic Quarterly Articles have some fun reads.

-

An easy to cut ‘n paste into a blog post set of old web server log entries depicting an instance of Tor being used to proxy/anonymize automated probes of this web site.

anonymizer.blutmagie.de - - [13/Mar/2008:00:59:00 -0700] “GET /forum/phpbb/index.php HTTP/1.0″ 404 285 “http://forum.d-kriptik.com/phpbb/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

tor.anonymous.proxy.quex.org - - [13/Mar/2008:00:59:01 -0700] “GET /forum/phpbb2/index.php HTTP/1.0″ 404 286 “http://forum.d-kriptik.com/phpbb2/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

tor.anonymizer.ccc.de - - [13/Mar/2008:00:59:02 -0700] “GET /forum/forums/index.php HTTP/1.0″ 404 286 “http://forum.d-kriptik.com/forums/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

tor.anonymizer.ccc.de - - [13/Mar/2008:00:59:08 -0700] “GET /forum/board/index.php HTTP/1.0″ 404 285 “http://forum.d-kriptik.com/board/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

-

Like heat and humidity, free music and Central Park mean summer. The 2008 schedule is up at the Summer Stage web site. And, the opening Saturday looks good to me.

Vampire Weekend
Kid Sister
Ecstatic Sunshine

Saturday, June 14, 2008
From 4:00 PM to 7:30 PM
Central Park SummerStage

I feel like I am beating a dead horse with the start of this post. I tried to go a little off course from there.

-

Another discussion of FIPS 140 has been kicked off on SAAG. Besides the kick off message (on including FIPS-approved algorithms in a possible IETF recommended set of crypto algorithms), this post (on product customer demand for FIPS 140) and this post (on the general pain of the process) are probably of most interest, but the entire thread may be worth a read if FIPS 140 matters to you. (Oh, and this made me laugh.)

This post of mine from a year ago seems relevant to some of what is being said.

1. A vendor has been put at a competitive disadvantage because they do not have FIPS 140 validation. Perhaps their competitors have it. Perhaps a bid requires it. Whatever the case may be, they don’t have it, so now they want to tear it down.

   Also found here are people that just dislike FIPS 140 or, perhaps, standards in general.

2. A vendor has gone through the process, and it was quite painful. So, now they vent about all the changes they had to make, how silly particular requirements were, how incompetent the lab staff was, etc.
3. An expert tells stories of how the requirements are ambiguous and the labs all vary in how they interpret the requirements.

   Also found here (and often quite different from the previously described expert) are people that have run into FIPS a number of times over the years, which has caused them exposure to differing requirements without having seen the evolution of those changes.

In that lengthy post, I discuss some points often causing pain.

1. Vendor misunderstanding of the FIPS 140 requirements and terminology.
   [...]
2. Vendor misinterpretation of lab (or NIST/CSE) questions and issues.
   [...]
3. Labs can, and do, make requests and recommendations.
   [...]
4. New labs, new lab staff, new technologies, and new revisions of FIPS 140 (and related) standards can make for created requirements. (This is where you can find the most variation among labs.)
   [...]

Anyway, I think a couple of additional points might be relevant to some of what I read in the latest SAAG thread.

First, I don’t think the concept of failure in a FIPS validation effort is quite so rigid as is being implied in parts of the SAAG discussion. During a FIPS validation effort, the lab (during testing) or NIST/CSE (during review) may bring up issues that a vendor has to address. These issues are often areas in which the module may be failing to meet particular FIPS requirements. This does not mean the module “fails,” it just means that the issues raised must be addressed before the module “passes.” In general, issues often boil down to some of the following:

1. Clarification - the issue raised is just seeking some short clarification about the product’s workings and/or how a requirement is met. A quick written or verbal response (e.g., answering a question) can often be enough.
2. Documentation - the issue raised is about incorrect, confusing, or incomplete documentation. Modifying the documentation is normally the fix here. (Even though what follows in 3 is often what vendors dread most, 2 can also lead to much pain if the lab starts questioning technical aspects of the product and heads down all sorts of testing paths that would otherwise have been avoided (i.e., prepare documentation that gives the lab what it needs in an easy to use form).)
3. Technical - the issue raised is actually a technical problem with the product in regards to meeting the requirements. Here is where the product itself may have to be modified, and this is what most vendors want to avoid once they are knee deep in the validation (i.e., get the product meeting the requirements before the lab testing gets underway).

In all three cases, the “failure” can be corrected and the product can continue on with its validation. Depending on the issues raised, labs will often continue working on the validation effort in other areas while the vendor is working on addressing the issues; however, there is, of course, a point where the lab will need certain issues addressed before being able to move forward - this is where the third case can be especially problematic.

Second, this brings us to the “restarting” portion of the discussion in that thread. In general, if the issues raised can be addressed in a timely manner and based on the version of the product at that moment going through validation, then there should be no “restart” issue. However, if the issues raised take a long time for the vendor to fix and/or require a switch in the version of the product such that the new version includes a large number of other changes in the product (e.g., a switch to a new version of the product with a whole suite of new features), this could cause a “restart.” I generally think of these restarts coming in these two forms.

1. The lab can no longer move forward with the effort while waiting on the vendor to address issues, so the project is put on hold. Depending on time frame here, lab resources will be moved elsewhere and lab knowledge of the product will deteriorate. When the vendor is ready to start back up, the lab has to restaff the effort, rebuild its knowledge of the product and the validation effort, and generally kick things off again.
2. The changes were rolled into a new version of the product, and this new product is dramatically changed from the one that began the validation effort. The lab will have to figure out what has changed and determine how much of their work performed to this point can be reused, much like in a revalidation scoping but more awkward. If this is in combination with 1, this could get close to starting over.

Needless to say, you want to avoid going down this road.

-

Since I mentioned TrueCrypt in a previous post, look at this.

HotPlug allows you to seize and move a computer without losing power. (Video demos.) See also: MouseJiggler.

Yep, you guessed it.

How to circumvent Whole Disk Encryption
The key: Do not allow the encryption to activate. Low level encryption such as Vista’s Whole Disk Encryption (WDE) can halt an investigation. Use HotPlug and Mouse Jiggler to prevent encryption technologies from activating. If you can carry away the computer while it’s still logged in, you maintain full access to the hard drive.

In short, the plaintext key is often stored (cached), or authorization to access the plaintext key is stored (cached), in volatile memory (e.g., RAM) when using things like full disk encryption, so that data read from/written to disk can undergo transparent (to the user) processing. When the computer is powered down, goes to sleep, etc., assuming the hardware/software properly handles things, the (easy) access to the plaintext key is lost (e.g., the cached key or authorization to use the key is wiped). This gear is meant to prevent the circumstances that cause that wiping from happening.

Think of TrueCrypt - if you are using system disk encryption on your home desktop, then you know that, once you have entered your password at boot, the stored encrypted key is decrypted and the plaintext key is then stored in memory by TrueCrypt to transparently encrypt/decrypt data as it is written to/read from disk (i.e., you only enter your password once per boot). Anyone taking control of your desktop at that point has full access to your encrypted drive. However, if you pulled the plug, then the plaintext key would be lost. Well, this gear allows an attacker to grab your desktop and remove it from your home without it losing power (or hibernating).

-

Now this phenomenon sounds a little familiar.

Over 90% of people responded physically, for example with an exaggerated stare or a wave. Almost half responded verbally – more men than women. Here, says Professor Shuster, the sex difference was striking. 95% of adult women were praising, encouraging or showed concern. There were very few comic or snide remarks. In contrast, only 25% of adult men responded as did the women, for example, by praise or encouragement; instead 75% attempted comedy, often snide or combative as an intended put-down.

I mentioned this impact with regards to attire in this post.

(Side note, I have an old, bright red Futura t-shirt that says “For love or money”. With many, it generates mostly “for love!” comments and generally leads to conversation about values and the like. With others, it often inspires awkward mockery, as is the case with almost any loud attire.)

The “others” here are generally straight men showing negative interest, while the “many” are usually straight women or gay men showing positive interest. Perhaps this makes sense, as I am likely viewed as a potential rival to the former and a potential suitor to the latter.

Whatever the case may be, I always enjoy hacking peoples’ thoughts and behavior with something so simple as a t-shirt. As such, my custom t-shirts often play to this effect quite nicely.

-

Speaking of impact,

ABC2 has obtained new video of Baltimore police officer Salvatore Rivieri in action at the Inner Harbor. This time he confronts Billy Friebele, an artist from Washington D.C., who was videotaping at the Harbor last summer.

Friebele told ABC2 he was taping the reactions of passersby to a box he was moving with a remote controlled car. Officer Rivieri is seen on tape kicking the box off of the car and then kicking the car. The officer then orders Friebele to leave the area.

Small world. I knew Billy back in college.

I am caught up in a few things, but I thought some quickies might be nice.

***

Lets begin with sort of FIPS 140 news…

-

The FIPS 140-2 Implementation Guidance has been updated.

[01-24-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

* 7.7 Key Establishment and Key Entry and Output

Updated Implementation Guidance:

* G.2 Completion of a test report: Information that must be provided to NIST and CSE
o Added reference to CMVP comments document.
* G.8 Revalidation Requirements
o Added reference to the CMVP FAQ in change scenario 1.

[01-16-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

* G.13 Instructions for completing a FIPS 140-2 Validation Certificate
* 1.8 Listing of DES Implementations
* 7.1 Acceptable Key Establishment Protocols
* 9.4 Cryptographic Algorithm Tests for SHS Algorithms and Higher Cryptographic Algorithms Using SHS Algorithms

There are two key updates to look at here, which finally explain in public, written form what has been lore for quite some time.

The new 7.1 IG provides a detailed explanation the key distribution versus key input/output for FIPS 140-2. I can’t say the explanation is the friendliest, but it is good to see the information out there now.

The update to 7.7 basically finishes the translation of the key establishment requirements into something concrete. And, Appendix D now points here.

Also, I always assumed what the change to 9.4 specifies, but I guess this wasn’t explicit until now.

-

An update to the SHA3 candidate implementation C API has been published by NIST.

Revision 3: January 24, 2008

This document specifies the ANSI C interface profile for implementations of SHA-3 candidate algorithms. C implementations shall support the syntax and parameterization of the interface profile messages as described in this API. The API consists of a few data definitions and one function to compute hashes. The function specified in this API has return values listed that are largely used to supply error codes in the event of incomplete execution of the routine. The error values listed are not meant to be an exhaustive list. If additional error codes are useful for your implementation, please provide them.

Update: I figured I would insert this here, rather than in a separate post.

Submissions for the NIST SHA-3 contest are required to include test vectors that can be used to help to verify the correctness of implementations of the candidate algorithms. A specification has been published with the requirements.

Each submission package is required to include Known Answer Test (KAT) and Monte Carlo Test (MCT) values, which can be used to determine the correctness of an implementation of the candidate algorithm. Values shall be included (at a minimum) for each of the four minimum required hash sizes: 224, 256, 384, and 512-bits.

These KAT and MCT tests are based on tests specified in The Secure Hash Algorithm Validation System (SHAVS) [SHAVS], which describes tests for the SHA-2 family of hash functions. Each of the tests for which values are required in the submission packages is described below. In addition, example files are included which specify the exact syntax and format that submitters are required to use when submitting their KAT and MCT values.

Anyone that has undergone algorithm testing for SHA-1 or any of the SHA-2’s will be familar with these types. However, there is an additional test added into the mix, besides the usual SMTs, LMTs, and MCTs.

To test an algorithm’s ability to process messages longer that 232-bits in length, the candidate must supply a message digest for one extremely long sequence. The sequence is a 64-byte character string repeated 16,777,216 times. The message will be supplied in a file called ExtremelyLongMsgKAT_{Length}.txt for each of the required hash length.[...]

So, it looks like we will be running XLMTs in the future too.

(I guess while I am writing this, I should also note that the C API for candidate algorithm implementations has been updated since I wrote the initial post.)

-

Oh, and NIST is running a workshop on IBE.

June 3-4, 2008

This workshop brings together academia, government and industry to explore innovative and practical applications of pairing-based cryptography. Pairings have been used to create identity-based encryption schemes, but are also a useful tool for solving other cryptographic problems. We hope to encourage the development of new security applications and communication between researchers, developers and users. In addition to presentations, the workshop will facilitate panel discussions among invited experts and workshop participants.

***

Besides the many tumbles taking place, banks have had lots of security news of late…

-

Foiled, but popping through physical and people security is a favorite of mine.

The device, which police described as “sophisticated and requiring great (technical) skills,” had apparently been installed during a previous break-in, during which nothing had been stolen from the bank.

-

It looked like looking the part struck again at a bank.

On Wednesday, a man dressed as an armored truck employee with the company AT Systems walked into a BB&T bank in Wheaton about 11 a.m., was handed more than $500,000 in cash and walked out, a source familiar with the case said.

It wasn’t until the actual AT Systems employees arrived at the bank, at 11501 Georgia Ave., the next day that bank officials realized they’d been had. “When the real security guards showed up is when it became known,” said Richard Wolf, a spokesman with the FBI’s Baltimore division.

Or not. Now, it sounds like an insider job.

Assistant State’s Attorney Marybeth Ayres named Elizabeth K. Tarke, a teller at the BB&T branch, as a possible ringleader. Detectives have linked Tarke with Thursday’s theft at a Wachovia branch in the District, Ayres said.

Detectives talked to other employees and grew dubious about Tarke’s story, Pak wrote. Other employees said they saw no “AT” patch on the man’s clothing, just an all-black outfit, with a black hat, gun belt and semiautomatic handgun. They also didn’t see a badge, Pak wrote. Bank video corroborated their accounts, according to the charging documents.

-

Speaking of insiders at a financial (and ignoring write-down scapegoat theories for the moment), this sounds stunning.

The bank identified the trader as Jerome Kerviel. Mr. Kerviel, 31, joined Societe Generale in August 2000 and was working as a trader on the futures desk at the bank’s headquarter near Paris. He was in charge of futures hedging on European equity market indices, known as “plain vanilla” futures. The bank said he was able to dupe the bank’s own security system because he had inside knowledge of the control procedures gained from previous jobs with the bank.

Though Societe Generale says it first learned of what it termed “massive fraudulent directional positions” on Jan. 19, it waited until it could close out those trades before going public with the problem. Winding down the trades, the bank said, resulted in a €4.9 billion write-down, making it potentially the largest loss ever from an alleged rogue trader.

-

Somewhere else, a little online recon strikes at a bank.

A fraudster walked into a branch of Barclays Bank posing as its chairman Marcus Agius and managed to walk out with £10,000.

The conman is believed to have found Mr Agius’ details online and persuaded call centre staff into issuing a Barclaycard in his name.

***

Finally, some miscellaneous items…

-

I mentioned smell before. Well, here is some more.

After the men were allowed to change, 49 women sniffed the shirts and specified which odors they found most attractive. Far more often than chance would predict, the women preferred the smell of T-shirts worn by men who were immunologically dissimilar to them. The difference lay in the sequence of more than 100 immune system genes known as the MHC, or major histocompatibility complex. These genes code for proteins that help the immune system recognize pathogens. The smell of their favorite shirts also reminded the women of their past and current boyfriends, suggesting that MHC does indeed influence women’s dating decisions in real life.

And,

After the men were allowed to change, 49 women sniffed the shirts and specified which odors they found most attractive. Far more often than chance would predict, the women preferred the smell of T-shirts worn by men who were immunologically dissimilar to them. The difference lay in the sequence of more than 100 immune system genes known as the MHC, or major histocompatibility complex. These genes code for proteins that help the immune system recognize pathogens. The smell of their favorite shirts also reminded the women of their past and current boyfriends, suggesting that MHC does indeed influence women’s dating decisions in real life.

Fear not would be social engineers, we already hack this system.

Since the 20th-century hygiene revolution and the rise of the personal-care industry, however, companies have pitched deodorants, perfumes, and colognes to consumers as the epitome of sex appeal. But instead of furthering our quest to find the perfect mate, such products may actually derail it, say researchers, by masking our true scent and making it difficult for prospects to assess compatibility. “Humans abuse body smell signals by hiding them, masking them, putting on deodorant,” says Devendra Singh, a psychologist at the University of Texas. “The noise-to-signal ratio was much better in primitive society.”

Oh, and don’t assume that smelling “good” is always the way to go. For example, say you want some space on a crowded subway.

-

Remember this?

The DHS is funding security audits of many commonly used pieces of open source software, as noticed by Schneier here and described in eWeek here, from which the following excerpt was taken.

If these [1,2] articles are about the same effort, apparently a bit of low-hanging fruit was removed as a result, as noted in this press release.

All the software scrutinised was found to have significant numbers of security flaws, Coverity said on Wednesday. Since 2006 the project has helped fix 7,826 open source flaws in 250 projects, out of 50 million lines of code scanned, the company said.

For instance, 236 flaws were uncovered in 450,000 lines of Samba code, of which 228 have been corrected.

So, now some open source projects are moving on to the next version Coverity’s static analysis tool.

Projects at rung 2 of the Scan ladder have access to a significant upgrade of Coverity Prevent. The first projects to use these new capabilities report a significant increase in the number of identified defects, with some finding as many as 100 new hard-to-find defects than identified in rung 1 of the Scan ladder.

Anyway, I have no idea of what significance the bugs detected by the scans were, but these extra eyes seem like a good thing in general, as does ~7800 less bugs in this open source software.

-

I found this article quite fun.

The study authors, Dr. Rachel C. Vreeman and Dr. Aaron E. Carroll, said that while doctors realize good medicine requires them to constantly learn new things, they often forget to reexamine their existing medical beliefs. “These medical myths are a lighthearted reminder that we can be wrong and need to question what other falsehoods we unwittingly propagate as we practice medicine,’’ wrote Dr. Vreeman and Dr. Carroll.

And the material from which the article was derived, from which I can quote a concise list of the “medical myths” explored.

• People should drink at least eight glasses of water a day
• We use only 10% of our brains
• Hair and fingernails continue to grow after death
• Shaving hair causes it to grow back faster, darker, or coarser
• Reading in dim light ruins your eyesight
• Eating turkey makes people especially drowsy
• Mobile phones create considerable electromagnetic interference in hospitals.

“Food coma.”

-

Lastly, I poked my head in on this.

Replicant

Dates: January 10–February 9, 2008
Opening: February 17, 2008
Location: 526 West 26th Street – 4th Floor – Room 416 – New York, NY
Gallery Hours: Tuesday to Saturday 11 am – 6 pm and by appointment

Virgil de Voldère is proud to present Replicant, a group exhibition of four emerging artists. Rather than brood over a technocratic dystopia, herald clean utopian spaces, or take a reactionary stance on biological and environmental issues such as climate change and bioengineering, this exhibition explores potential futures in which imagination, adaptation, and creativity present a positive view of cultural and scientific progress. The artists—Ian Burns, Shane Hope, Gilles Rotzetter, and Scott Wolniak—are wildly divergent in their mediums and methods: the work is both outsourced and handmade, meticulous and low-tech, highly conceptual and grounded in materials.

If you go, I recommend bringing printout of the linked to page (or related) and plan on spending 10 minutes or so, as it is a small room/exhibition.

Holiday season is NYC can be a painful time of year, but not for the reasons of which most people think. You see, during the holiday season, any watering holes to which you regularly go will likely throw many a free drink at you. Which leads to a problem - you want to go to all these places and see everyone for the holidays, but you don’t want to end up being carried home. So, now you either turn down those drink gifts from those around you or you end up in a tortuous state the next morning, both of which can hurt.

Which is to say, on this home stretch of the holiday season here in the USA, I wish everyone a happy holidays!

–

A post to the SAAG mailing list of interest to the FIPS 140 readers.

This decade many global financial institutions (e.g. banks, insurance firms, credit unions, and so forth) have said that their commercial (re-)insurers are pressuring them to deploy only FIPS-140 compliant algorithms & modes.

In a growing number of cases, there is even pressure from insurers onto major commercial firms, particularly financial firms, to use only equipment (including ordinary routers and switches, not just “security appliances”) that actually has obtained a FIPS-140 approval for the cryptographic module inside.

Further, a number of governments other than the US government have declared that implementations using cryptographic modules that have been approved under FIPS-140 are also acceptable for deployment within their country or government or both. The number of countries in this group appears to be growing, and seems visibly larger now than 8 years ago.

These are trends that people in the FIPS 140 arena have been talking about for a while, and I know I have seen and been involved with them by virtue of having had a strong window into “the vendor going for FIPS 140 validation” perspective for quite some time now. It is interesting to read someone else’s encounters with these things in a public forum.

So, besides the normal USA government requirements, support of at least a FIPS-approved algorithm suite has become a baseline requirement found almost everywhere now when cryptography is used, and every so often you even see pushes for FIPS 140 validation outside of the USA government. Given that, it is commonplace these days for standards, products, and such utilizing cryptography to include support for a FIPS-approved algorithm suite. Doing so not only brings into use a very commonly deployed, rigorously studied, and well-known set of algorithms, but it also facilitates products implementing those standards, products, and such in being able to go through the FIPS 140 validation process at some point. This makes even more sense since many of the people working on standards, products, and such utilizing cryptography are employed by companies that have to play in the FIPS 140 arena, and so there is often thought given to the FIPS 140 “validatibility” of modules implementing these standards, derived from these products, and such.

With the widespread notoriety of many of the algorithms that get rolled into NIST standards causing tons of eyes to look over these standards very closely, and with things like AES and now the next SHA being derived from open international competitions not to mention modes of operation and such being submitted by the outside world, none of this should come as a surprise.

-

Also of possible interest to FIPS 140 readers, a couple [1, 2] of useful posts on Metzger’s cryptography mailing list on the old topic of how to prevent the compiler from potentially optimizing away your “zeroizing” memset call in C. The sort answer, take advantage of volatile.

An example of how GnuPG does this from [1],

  /* To avoid that a compiler optimizes certain memset calls away, these
     macros may be used instead. */
  #define wipememory2(_ptr,_set,_len) do { \
                volatile char *_vptr=(volatile char *)(_ptr); \
                size_t _vlen=(_len); \
                while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
                    } while(0)
  #define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)

And, [2] points to this 2002 MSDN article on the topic.

-

Finally, random software that has been popping up on some mailing lists I follow.

I remember using Maple quite a bit in college.

SAGE.

Use SAGE for studying a huge range of mathematics, including algebra, calculus, elementary to very advanced number theory, cryptography, numerical computation, commutative algebra, group theory, combinatorics, graph theory, and exact linear algebra.

And, I did lots of Lisp there too.

Clojure.

Clojure is a dynamic programming language that targets the Java Virtual Machine. It is designed to be a general-purpose language, combining the approachability and interactive development of a scripting language with an efficient and robust infrastructure for multithreaded programming. Clojure is a compiled language - it compiles directly to JVM bytecode, yet remains completely dynamic. Every feature supported by Clojure is supported at runtime. Clojure provides easy access to the Java frameworks, with optional type hints and type inference, to ensure that calls to Java can avoid reflection.

Clojure is a dialect of Lisp, and shares with Lisp the code-as-data philosophy and a powerful macro system. Clojure is predominantly a functional programming language, and features a rich set of immutable, persistent data structures. When mutable state is needed, Clojure offers a software transactional memory system and reactive Agent system that ensure clean, correct, multithreaded designs.

Io.

Io is a small, prototype-based programming language. The ideas in Io are mostly inspired by Smalltalk (all values are objects), Self (prototype-based), NewtonScript (differential inheritance), Act1 (actors and futures for concurrency), LISP (code is a runtime inspectable/modifiable tree) and Lua (small, embeddable).

Wow, it’s been 10 years.

Nmap v4.50.

December 13, 2007 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.50 from http://insecure.org/nmap/. Nmap was first released in 1997, so this release celebrates our 10th anniversary.

It has been a long time since I wrote a weekend post, as some people have pointed out. Being busy on weekdays looks to have gradually shifted more of my out and about time to weekends, which might be the culprit. And, I guess while the quickies posts might be similar to a weekend post, they just aren’t the same enough for some of you. So, let’s do this.

-

Ok, let me first get the disappointment out of the way - I don’t have any nightlife or other stories I want to write up this time.

That said, Pacha NYC does seem to be a topic of interest to many, as my thoughts on customer service there have attracted some attention. So, why not comment on the crowd?

As I stated before, Pacha is big and well-known, which means that lots of people go there and almost every one of them gets in. The result of this often seems to be that there are very positive, very negative, and a whole bunch of neutral people running around inside during peak time, which is to say, you may run into someone that makes you smile but you may also run into someone that makes you frown.

I guess I should qualify my terms a bit. My thoughts on positive, negative, and neutral in this context are something like follows.

• Positive - there to have fun; respectful; happy; enjoys the music; can handle a crowd.
• Negative - rude; angry; beligerent; incoherent; upset by a crowd.
• Neutral - just sort of there; meat market.

Now, there are three DJs that get me into Pacha routinely, Boris, Victor Calderone (VC), and Danny Tenaglia (dt), and so I will comment on the crowds for these three.

While the neutral people are hard to notice, the positive and negative people do make an impact and their concentrations tend to vary quite a bit across these three DJs when at Pacha. So, here is a breakdown of the crowd for each.

• Boris - Boris generally has a balanced mix of negative and positive people during peak. As after hours comes in, most negative people head out, leaving a much higher concentration of positive people to negative people, which means a good crowd for after hours.
• dt - During peak, the crowd at Tenaglia always seems to be at the extremes, having both the highest concentration of negative people and the highest concentration of positive people. However, once the party rolls over fully to after hours, the dt regulars tend to take over the place. Tenaglia has a “be yourself” and let others be themselves motto, which is something the dt regulars have adopted fully, meaning the crowd when after hours kicks into high gear is completely positive and absolutely perfect.
• VC - The crowd for Calderone from peak to finish always seems to have the lowest concentration of negative people and a high concentration of positive people. Once after hours kicks in, the few negative people tend to depart, leaving a great crowd.

Based solely on crowd, that makes the best bet to go to Pacha when VC is there; however, if you are a late-nighter (like me), then dt pulls ahead.

My recommendation though, forget the crowd, go for the music and fun, and focus on the after hours. All three of these guys play marathon sets (at least 8 hours long), and none of them really kick into high gear until at least 6AM.

-

So, I briefly mentioned height and the results of USA presidential elections in part of a ramble.

We can play with features here too. Take height, which can both play a role in being judged beautiful and has strong ties to being perceived as a leader. Perhaps this is because physical size played an important role in being a leader way back when and helped with survival. Whatever the cause, there are some interesting statistics about height and power. Just look at the heights of US presidents in general (and even as compared to their opponents - probably one of the best ways to pick which candidate will win an election). And, how tall are the CEOs of major corporations on average?

Now, I did not qualify “best” in that comment at all and intended it to be a bit humorous, but the end result may be an incorrect statement. Of course, the general point was to show the influence of physical attributes on our perceptions of people, not to actually mean the most effective way to predict the results of a USA presidential election is answering the question “which candidate is taller?” Nevertheless, I have since changed that statement to avoid additional headaches.

Looking at Wikipedia, there is a discussion of the topic here, which gives the heights of the USA presidents and is summed up as follows.

In reality, for the 46 elections in which the height of which both candidates is known, the taller candidate won 25 times (approximately 54 percent of the time), the shorter candidate won 18 times (approximately 39 percent of the time) and the candidates were the same height three times (about 7 percent of the time).[original research?] Therefore, the taller candidate has won the majority of elections, but the tall-short margin of victory is by no means overwhelming.

It should be noted however that in three of the cases where the shorter candidate won, the taller candidate actually received more popular votes but lost in the Electoral College; this happened in 1824, 1888, and 2000 (the other time that the electoral vote winner was not the popular vote winner was in 1876, for which we do not know the height of the loser).[original research?] So of the 46 cases we have data, the taller candidate has won the popular vote 28 times (61 percent), and the shorter candidate only about 15 times (33 percent of them).

I have no idea if the height information is accurate, but, if it is, this boils down to the following… In USA presidential elections where we know height was different, 58% of the time the taller candidates won the election, and 65% of the time they won the popular vote. Since 1900, in USA presidential elections where we know height was different, 65% of the time the taller candidates won the election, and 69% of the time they won the popular vote.

Clearly, those odds favor the taller candidate, so height is a simple, physical appearance based metric to pick the winner of a USA presidential election with greater than coin flip odds. This seems to make sense, as height is an aspect of physical appearance that effects peoples’ judgments of leadership capabilities. But, let’s look at another aspect of physical appearance that probably shines through better than height in many media used today - faces.

So, we have this paper.

Human groups are unusual among primates in that our leaders are often democratically selected. Faces affect hiring decisions and could influence voting behavior. Here, we show that facial appearance has important effects on choice of leader. We show that differences in facial shape alone between candidates can predict who wins or loses in an election (Study 1) and that changing context from war time to peace time can affect which face receives the most votes (Study 2). Our studies highlight the role of face shape in voting behavior and the role of personal attributions in face perception. We also show that there may be no general characteristics of faces that can win votes, demonstrating that face traits and information about the environment interact in choice of leader.

With the results…

Feeding this percentage into the regression models, we found that the models predicted a win for Blair in terms of both popular vote (53.17%) and seats won (56.6%).

Our predictions were relatively accurate, as Blair won 52.13% of the actual two-way share of the popular vote and 64.3% of the split in seats won[...]

The final polling revealed, from a 99% return for the two candidates, that Bush had 51% and Kerry had 48% of votes, very similar to the 56%/44% split here when judges were asked which face they would vote for as the leader of their country.

And this paper.

Here we show that rapid judgments of competence based solely on the facial appearance of candidates predicted the outcomes of gubernatorial elections, the most important elections in the United States next to the presidential elections. In all experiments, participants were presented with the faces of the winner and the runner-up and asked to decide who is more competent. To ensure that competence judgments were based solely on facial appearance and not on prior person knowledge, judgments for races in which the participant recognized any of the faces were excluded from all analyses. Predictions were as accurate after a 100-ms exposure to the faces of the winner and the runner-up as exposure after 250 ms and unlimited time exposure (Experiment 1). Asking participants to deliberate and make a good judgment dramatically increased the response times and reduced the predictive accuracy of judgments relative to both judgments made after 250 ms of exposure to the faces and judgments made within a response deadline of 2 s (Experiment 2). Finally, competence judgments collected before the elections in 2006 predicted 68.6% of the gubernatorial races and 72.4% of the Senate races (Experiment 3). These effects were independent of the incumbency status of the candidates. The findings suggest that rapid, unreflective judgments of competence from faces can affect voting decisions.

Great, so now we have evidence that facial appearance impacts how we rate someone as a leader too, and this can be used to predict election results. (All of which is right in line with the original ramble.)

So, lets reduce all of this height and face stuff down to the level of picking candidates by answering a simple question, such as our “who is taller?” question.

Perhaps a just as simple and maybe better way to pick who will be elected president than answering “who is taller?” is to answer this more general question - who best looks the part? (A little lamination goes a long way. ) And, of course, a consensus answer gives better results than each individual answer here.

Which might also be in line with this other paper.

The current study examined whether desired personality influences face preference. Pairs of composite faces were made based on the faces that individuals differing in desired partner personality found most attractive. One composite represented a face most attractive to those desiring a particular trait and the other a face most attractive to those not desiring the same trait. Pairs were presented to different participants to ascertain whether the composites reflected the desired personality of the original raters. For several traits the composites did differ in perceived personality indicating that the personality desired in a partner is reflected in face preference: if a trait is desired then faces perceived to possess that trait are found more attractive than faces which do not possess that trait. These findings cast new light on the ‘‘what is beautiful is good’’ stereotype. What an individual desires in partner reflects what they consider ‘‘good’’, and they find faces reflecting these desired traits as attractive – ‘‘what is good is beautiful’’. Possessing personality traits that are attractive may be causal in making a face attractive.

What is good is beautiful, or what is beautiful is good? However you look at it then beauty is good.

But, when do we start to recognize beauty and judge people as attractive or not?

Like adults, young infants prefer attractive to unattractive faces (e.g. Langlois, Roggman, Casey, Ritter, Rieser-Danner & Jenkins, 1987; Slater, von der Schulenburg, Brown, Badenoch, Butterworth, Parsons & Samuels, 1998). Older children and adults stereotype based on facial attractiveness (Eagly, Ashmore, Makhijani & Longo, 1991; Langlois, Kalakanis, Rubenstein, Larson, Hallam & Smooth, 2000). How do preferences for attractive faces develop into stereotypes? Several theories of stereotyping posit that categorization of groups is necessary before positive and negative traits can become linked to the groups (e.g. Tajfel, Billig, Bundy & Flament, 1971; Zebrowitz-McArthur, 1982). We investigated whether or not 6-month-old infants can categorize faces as attractive or unattractive. In Experiment 1, we familiarized infants to unattractive female faces; in Experiment 2, we familiarized infants to attractive female faces and tested both groups of infants on novel faces from the familiar or novel attractiveness category. Results showed that 6-month-olds categorized attractive and unattractive female faces into two different groups of faces. Experiments 3 and 4 confirmed that infants could discriminate among the faces used in Experiments 1 and 2, and therefore categorized the faces based on their similarities in attractiveness rather than because they could not differentiate among the faces. These findings suggest that categorization of facial attractiveness may underlie the development of the ‘beauty is good’ stereotype.

Which brings us to this major work that pulls together of a wealth of studies.

Common maxims about beauty suggest that attractiveness is not important in life. In contrast, both fitness-related evolutionary theory and socialization theory suggest that attractiveness influences development and interaction. In 11 meta-analyses, the authors evaluate these contradictory claims, demonstrating that (a) raters agree about who is and is not attractive, both within and across cultures; (b) attractive children and adults are judged more positively than unattractive children and adults, even by those who know them; (c) attractive children and adults are treated more positively than unattractive children and adults, even by those who know them; and (d) attractive children and adults exhibit more positive behaviors and traits than unattractive children and adults. Results are used to evaluate social and fitness-related evolutionary theories and the veracity of maxims about beauty.

In which we finds things like this.

Surprisingly, in addition to being judged differently as a function of their attractiveness, attractive individuals on average were treated significantly better than unattractive individuals. These findings are powerful evidence that, contrary to popular belief, attractiveness effects extend beyond mere “opinions” of others and permeate actual actions towards others, even though people may not be aware of it.

And, the concluding paragraph of that paper, which follows, reminded me of my previous post on this blog (i.e., this one).

An alternative viewpoint concludes the opposite about the maxims. Perhaps they have been too successful. Perhaps, because children and adults have listened carefully to and assimilated these maxims, they are confident that they have unique standards of beauty, that they do not judge or treat people differently based on their appearance, and that beauty has nothing to do with a person’s behaviors and traits. If people believe that they behave in accord with these principles of decency, they have no reason to recognize or change their behavior. Thus, the very research that identifies the powerful way in which people react to physical attractiveness might ameliorate these apparent unconscious and automatic processes. Being cognitive, humans have the behavioral plasticity and foresightedness to learn to oppose these influences, and the maxims can again remind people to behave more consciously and humanely.

Finally, when it comes to being physically attractive, being the “hottest” is not necessarily the way to be considered the most trustworthy.

If humans are sensitive to the costs and benefits of favouring kin in different circumstances, a strong prediction is that cues of relatedness will have a positive effect on prosocial feelings, but a negative effect on sexual attraction. Indeed, positive effects of facial resemblance (a potential cue of kinship) have been demonstrated in prosocial contexts. Alternatively, such effects may be owing to a general preference for familiar stimuli. Here, I show that subtly manipulated images of other-sex faces were judged as more trustworthy by the participants they were made to resemble than by control participants. In contrast, the effects of resemblance on attractiveness were significantly lower. In the context of a long-term relationship, where both prosocial regard and sexual appeal are important criteria, facial resemblance had no effect. In the context of a short-term relationship, where sexual appeal is the dominant criterion, facial resemblance decreased attractiveness. The results provide evidence against explanations implicating a general preference for familiar-looking stimuli and suggest instead that facial resemblance is a kinship cue to which humans modulate responses in a context-sensitive manner.

Not that one necessarily cares whether they are considered the MOST trustworthy or not, especially when many people do what they can to get and keep that “hot” person looking their way with interest and a smile. Which might be related to this.

ABSTRACT—Few studies have investigated how physical and social facial cues are integrated in the formation of face preferences. Here we show that expression differentially qualifies the strength of attractiveness preferences for faces with direct and averted gaze. For judgments of faces with direct gaze, attractiveness preferences were stronger for smiling faces than for faces with neutral expressions. By contrast, for judgments of faces with averted gaze, attractiveness preferences were stronger for faces with neutral expressions than for smiling faces. Because expressions can differ in meaning depending on whether they are directed toward or away from oneself, it is only by integrating gaze direction, facial expression, and physical attractiveness that one can unambiguously identify the most attractive individuals who are likely to reciprocate one’s own social interest.

-

Finally, in keeping with the spirit of a weekend post, here is the ever popular look at some interesting search terms that popped up in the logs.

what+is+the+use+of+physical+beauty%3F

As referenced in this current post itself, this paper is one exploration of that topic.

photos+hotornot.com+without+permission+angry

In this CCD age, I find that for almost everything people do, someone is right there taking a picture. And, those digital pcitures almost always seem to somehow find their way onto the public interwebs. And, once out there, people tend to do all sorts of things with the pictures that may not have been intended or desired by the people captured in those pictures.

Perhaps we are entering an age of utter transparency with no privacy. Then again, maybe a major backlash will happen here (a cypherpunk opportunity? ).

+Bartenders,+fustration+with+music+they+like+compared+to+what+their+customers+enjoy

One of my positive comments about some of the bartenders in Pacha was that they seemed to like the music. I don’t think liking the music is really what matters though, it is the positive attitude implied by liking the music that has an effect. Which is to say, whether or not you like the music, create a positive atmosphere for the patrons and give them a good customer service experience. If you can’t do that because the music makes you negative, then it may be time to move on.

what+is+a+humint

A humint? Is that like a hummus, only with a taste? This post might be of interest.

diner+%2B+mid-town+manhattan%2C+ny

Cheyenne, as noted in this post.

start+a+home+based+catering+business

The closest I come to cooking is screen printing tees - i.e., curing plastisol ink - and you definitely don’t want to eat the results of that.

And, in our grand tradition, we wrap up here…

middle+age+panty

panty%2Bthrowing%2Bascii%2Bart

Now that’s quality.

I found this article interesting.

“The study suggests that people conscious of the barely noticeable scents were able to discount that sensory information and just evaluate the faces,” Li said. “It only was when smell sneaked in without being noticed that judgments about likeability were biased.”

In other words, awareness of the situation allows a person to adjust their response to suit the situation. There are two key elements at work here - being aware, and effectively using that awareness.

Anyway, this reminded me of Cialdini’s Influence. The attacks of influence are often carried out beneath the radar of the person being attacked. The attacker triggers automatic responses in the person to influence their decisions/behavior, and the actions that hit these triggers go unnoticed at a conscious level by the person being attack at the time of attack, which results in the person being attacked not properly recognizing the level of influence coming from the attacker. Once a person is aware of triggers and/or able recognize attempts to pull triggers, a person can work to mitigate the influence of triggers and/or the responses to triggers.

Side note, I always find this sort of thing interesting with regards to emotions and relationships. We all have emotional triggers, things that set off strong emotional responses. Learning to understand our triggers, and those of the people around us, can go a long way to having healthy, satisfying relationships. And, with such relationships, comes a great deal of our basic security.

-

Speaking of people, this article has been making the rounds.

The artificial intelligence of CyberLover’s automated chats is good enough that victims have a tough time distinguishing the “bot” from a real potential suitor, PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets complete with name, contact information, and photos.

Ok, so, social engineering is nothing new, and love letters have flooded inboxes. But, it got me thinking for a second…

So, I often speak of using real people for people based attacks leveraging things like beauty and charm. However, since real people tend to be a scarce resource, we are quite limited in the number of attacks that can be carried out and, the less attacks we can carry out, the more important each particular attack becomes. For in person attacks, this people cost can reach extremes. On the other hand, if we go virtual, we can come up with all sorts of ways to farm out the people work to reduce its cost.

Coming back to the article at hand, as a potential way to combine this sort of bot and real people, perhaps a bot that bridged conversations serving as a middle man would be interesting. For example, the bot could hang out in multiple chat rooms or web forums, and cross connect conversations. Or, reply to Craigslist ads and link responders.

Of course, with none of the human participants likely to have the agenda of the attacker here, the conversations would probably have less of a chance of being useful to the attacker than result of automated scripts, even if you could effectively pull off the bridging. Oh well.

-

I remember mentioning cell phone tanka a while back. This takes it to a new level.

“I typed it all on my mobile phone,” Rin explains matter-of-factly over the same device. “I started writing novels on my mobile when I was in junior high school and I got really quick with my thumbs, so after a while it didn’t take so long. I never planned to be a novelist, if that’s what you’d call me, so I’m still quite shocked at how successful it’s turned out.”

[...]

Remarkably, half of Japan’s top-10 selling works of fiction in the first six months of the year were composed the same way - on the tiny handset of a mobile phone. They sold an average of 400,000 copies. By August, the president of Goma Books, Masayoshi Yoshino, was declaring in a manifesto that he was determined “to establish this not simply as a fad, but as a new kind of culture”.

My “waiting to be read” book queue is at ~20. As far as I know, none of these books were written on a mobile phone. I really have to get with the times.

-

When you build a technology based on community input and open communication in a medium that lets gossip circle the world at roughly the speed of light, you can’t expect to hide behind a curtain. And, beautifully, the end result is an open study in people, power, and paranoia, with a good helping of “trust me, it’s for your own good” arguments and “shoot yourself in the foot” phenomena.

A couple of choice excerpts from the article,

Meanwhile, Durova continued to insist that she had some sort of secret evidence that could only be viewed by the Arbitration Committee. “I am very confident my research will stand up to scrutiny,” she said. “I am equally confident that anything I say here will be parsed rather closely by some disruptive banned sockpuppeteers. If I open the door a little bit it’ll become a wedge issue as people ask for more information, and then some rather deep research techniques would be in jeopardy.”

And,

This sort of extreme paranoia has become the norm among the Wikipedia inner circle. There are a handful sites across the web that spend most of their bandwidth criticizing the Wikipedia elite - the leading example being Wikipedia Review (http://wikipediareview.com/) - and the ruling clique spends countless hours worrying that these critics are trying to infiltrate the encyclopedia itself.

Now, I partially pointed to this because I know my circles are always amused by this stuff. But, I also wanted to note this.

But he’s not admitting how deep this controversy goes. Wales and the Wikimedia Foudation came down hard on the editor who leaked Durova’s email. After it was posted to the public forum, the email was promptly “oversighted”
- i.e. permanently removed. Then this rogue editor posted it to his personal talk page, and a Wikimedia Foundation member not only oversighted the email again, but temporarily banned the editor.

It ain’t easy blowing whistles. Even in a supposedly open forum such as Wikipedia, the powers that be crack skulls. You know, silence the critics and keep them silent.

Here, that cracking of skulls is figurative. In other venues, it could be literal. Anonymity has its uses.

…

Oh, and in the conclusion of a related article, we have a good summary of what seems to be going on.

“Wikipedia, in its way, is of great benefit to the web community,” he says. “But I’ve also been greatly dismayed that Wikipedia has apparently attracted some intelligent but problematic personalities with ambition, secret personal agendas, and cold, ruthless behavior towards other editors and ideas that they perceive as threatening their power, position, or agendas. What’s disheartening is that Jimbo and the rest of the Wikimedia Foundation not only don’t do anything about it, but they appear to support these charlatans to some degree.”

-

I mentioned the contest previously. Well, here comes the first entrant.

The Google Lunar X-Prize folks held an event at a space investment conference in San Jose to announce their first fully-registered competitor.

Odyssey Moon, a startup based on the Isle of Man, and run by Carl Sagan mentee, Bob Richards and the CFO of  satellite-provider Inmarsat, Ramin Khadem, plans to land a rover on the moon within the next seven years.

Ouch.

A significant flaw in the PRNG implementation for the OpenSSL FIPS Object Module v1.1.1 (http://openssl.org/source/openssl-fips-1.1.1.tar.gz, FIPS 140-2 validation certificate #733, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733) has been reported by Geoff Lowe of Secure Computing Corporation. Due to a coding error in the FIPS self-test the auto-seeding never takes place. That means that the PRNG key and seed used correspond to the last self-test. The FIPS PRNG gets additional seed data only from date-time information, so the generated random data is far more predictable than it should be, especially for the first few calls.

I updated this post accordingly.

[...]This means the PRNG is not reseeded after the KAT, so the PRNG ends up seeded with constant self-test values.

A couple of patches [1,2] are available for the OpenSSL FIPS module. The patches boil down to running FIPS_rand_method()->cleanup() after the PRNG KAT and then reseeding the PRNG.

-

In “related to Tor” news, this is a good write-up on recent vulnerabilities in what is often the default Privoxy configuration, including that shipped with the Tor bundle up until recently.

The installed ‘config.txt’ file (’config’ on Mac OS X) had the following option values set to 1:

• enable-remote-toggle
• enable-edit-actions

Additionally, on Windows the following option was set to 1:

• enable-remote-http-toggle

Malicious sites (or malicious exit nodes) could include active content (e.g., JavaScript, Java, Flash) that caused the web browser to:

• make requests through the proxy that causes Privoxy filtering to be bypassed or completely disabled>
• establish a direct connection from the web browser to the local proxy and modify the user defined configuration values

It should be noted that these are not Tor specific attacks on Privoxy and you may want to disable these Privoxy configuration options even in non-Tor environments.

-

SP800-38D, specifying the GCM mode of operation, has been finalized.

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC has been finalized. This Recommendation specifies and approves Galois/Counter Mode (GCM), an authenticated encryption mode of the Advanced Encryption Standard (AES) algorithm.

I remember superficially comparing GCM and CCM back a few years ago. Both seemed to have a push at NIST, but you knew CCM would go through the vetting process relatively quickly being a combined mode of what was already accepted while GCM would take a bit of time. Well, CCM has been approved for quite a while, and now GCM is finally there too.

-

These [1,2] have been making the rounds. More fun with MD5.

We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.

We have used a Sony Playstation 3 to correctly predict the outcome of the 2008 US presidential elections. In order not to influence the voters we keep our prediction secret, but commit to it by publishing its cryptographic hash on this website. The document with the correct prediction and matching hash will be revealed after the elections.

-

Speaking of hashing, there is a mailing list for the NIST hash competition.

A hash-forum@nist.gov email mailing list has been established for dialogue regarding NIST’s Cryptographic Hash Workshops and Hash Algorithm Competition. It is an unmoderated mailing list; messages addressed to this list are immediately distributed to all the addresses on the list. Only members are allowed to post messages to the list; however, anyone who wishes to do so may add themselves to the list.

-

A location service by Google relying on cell towers to estimate your location when GPS is not available.

Why the uncertainty? The My Location feature takes information broadcast from mobile towers near you to approximate your current location on the map - it’s not GPS, but it comes pretty close (approximately 1000m close, on average). We’re still in beta, but we’re excited to launch this feature and are constantly working to improve our coverage and accuracy.

-

Finally, I found this somewhat interesting to me.

“The empirical fact is that people will often switch to strategies they never picked before. They couldn’t have learned these strategies by reinforcement” from experienced rewards, says Camerer. In these situations, people use imagined rewards, or rewards that could have been theirs, to guide their decision making. This process, called fictive learning, is similar to the emotion of regret. “Regret is essentially the bodily sensation or name we give to fictive learning when there was a better choice than the one we chose.”

I heard Lotus Cafe is gone. And, Rififi may not be happy either. Ah, old timers.

-

Say you have data set you wish to release for research purposes but you don’t want the individual people identified (e.g., a medical data base) and thus tied to particular sensitive attributes (e.g., medical conditions). So, you have this data set consisting of what you consider to be sensitive attributes (e.g., medical conditions) and non-sensitive attributes (e.g., social security number, date of birth, zip code). In order to anonymize the data, you strip out the attributes that serve as blatantly unique identifiers (e.g., names, social security numbers).

Now, there is an immediate issue here. The obvious identifiers have been removed, but lets say this data set also contains attributes (e.g., date of birth, zip code) that when linked to external information lead to the identification of particular individuals (e.g., there is only one person with a given birthday in a given zip code, and this information is readily available someone trying to identify that individual in the data set).

This is where k-anonymity comes in. Now, you have already identified the sensitive and non-sensitive attributes, and you have removed the outright identifiers. From the remaining set of non-sensitive attributes, you can then identify those attributes, which are called quasi-identifiers, that could be linked to individuals through correlation against external data sources.

Here we come to one of the key assumptions made in the k-anonymizing process - the sanitizer can identify the attributes in the data set that can be tied to other, external sources. Not only do they have to identify these attributes, but they also have to assess the level of resources required to use those attributes to penetrate the anonymity of the data set, and make judgment calls on modifying the data for anonymity and/or privacy versus the usefulness of the resulting data set. This is hard stuff.

You can see many issues with this assumption. Does the sanitizer really know what will be quasi-identifiers in a data set? Even if they do, are their judgments about the risk posed by those identifiers realistic? For example, the sanitizer might not know about various public records or even google. Another example, one may assume that only large governments would have access to name, date of birth, and zip code information for individuals. However, most of us have access to this information for at least out friends and family.

Anyway, once you have picked out the quasi-identifiers, you then ensure that at least k records in the data set possess the same set of values for quasi-identifiers (e.g., generalize the date of birth to be year of birth, such that at least 10 records turn up for all years of birth and zip code combinations). In other words, instead of being able to uniquely identify a unique record using particular values for the quasi-identifiers, one always ends up identifying a set of k records with any particular values for the quasi-identifiers (e.g., you pull up 10 records at least for every year of birth and zip code combination).

Important note for the paper that follows later in this post: You may be wondering, what happens when dealing with all these sparse data sets with long-tail distributions? For example, a particular attribute may have a large number of values that are unique or at least very minimally spread across records, which could mean huge impacts on the data set if these values were generalized or removed for k-anonymity purposes. Which means there may be a big trade-off between anonymity and/or privacy, and the usefulness of the data here, which will minimize k if not render k-anonymity infeasible in order to keep the data at all useful. And, it is notable that most transactions databases fall into this category (e.g., credit card records, amazon purchases).

But, say k-anonymity is reasonable for the data without too much loss of usefulness of the data. Great, that covers establishing the exact identity of records, but there is an issue here - we may still be able to tie sensitive attributes to individuals. For example, if the sensitive attributes you are trying to unlink from an individual are applicable to all of the k records pulled up by the quasi-identifiers (e.g., all 10 records have the same medical condition), then one can assume that the individual possesses this attribute even if they can’t uniquely identify which of the k records is that individual. Or, if one knows particular sensitive values do or do not apply to the individual, they can rule out those records, perhaps pinpointing the applicable value of the sensitive attribute for the individual concerned (e.g., the medical condition in the group is either a broken arm or severe depression, and one knows the individual does not have a broken arm).

Which leads to the concept of l-diversity, wherein a set of k records should have l number of values for sensitive attributes contained within it. Now, when one pulls up that set of k records, all of those records do not have the same sensitive values and, even if I know certain sensitive values to do/do not apply to the individual in question, there is potentially still a range of records with other values for sensitive attributes that are applicable, making it hard for me to establish exactly which values for the sensitive attributes apply to a particular individual.

l-diversity can result in the data set undergoing significant modifications. Like with k-anonymity, judgment calls must be made on privacy versus the usefulness of the data set.

But, say l-diversity is applicable to the data set without too much loss of usefulness of the data. Nice, but we may still have some semantic ties or non-uniformity that can be exploited. For example, if all the k records have some related values for the sensitive values (e.g., all the medical conditions were mental problems) while the overall data set covered a larger variety of values, then information is learned about the members of k. Or, if the sensitive attributes in k records have one of set of odds of having particular values (e.g., 75% of members have cancer), while in the overall data set the sensitive attributes have some set of odds (e.g., 10% of members have cancer), this can be used to reveal information about the set of k records distinguishable for the overall data set.

Which leads to t-closeness, wherein the distribution of values of sensitive attributes in a set of k records will mimic the distribution of those values across the whole data set within a range t.

t-closeness can result in the data set undergoing even major changes. Like with k-anonymity and l-diversity, judgment calls must be made on privacy versus the usefulness of the data set.

And so forth.

…

I typed out that summary because I just noted this paper interesting. [via what is left of the cypherpunks list]

We present a new class of statistical de-anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary’s background knowledge.
We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.

A few paragraphs of note…

Micro-data are characterized by high dimensionality and sparsity. Informally, micro-data records contain many attributes, each of which can be viewed as a dimension (an attribute can be thought of as a column in a database schema). Sparsity means that a pair of random records are located far apart in the multi-dimensional space defined by the attributes. This sparsity is empirically well-established [6, 4, 16] and related to the “fat tail” phenomenon: individual transaction and preference records tend to include statistically rare attributes.

This applies to most of those real-world databases out there containing information about us, which is something to note when policies say that information that could identify you has been removed from a data set before that data set is distributed.

Our de-anonymization algorithms are designed to work against databases that have been anonymized and “sanitized” by their publishers. The three main sanitization methods are perturbation, generalization, and suppression [23, 8]. Furthermore, the data publisher may only release a (possibly non-uniform) sample of the database. For example, he may attempt to k-anonymize the records, and then release only one record out of each cluster of k or more records.
If the database is released for collaborative filtering or similar data mining purposes (as in the case of the Netflix Prize dataset), the “error” introduced by sanitization cannot be large, otherwise its utility will be lost. We make this precise in our analysis. Our definition of privacy breach (see below) allows the adversary to identify not just his target’s record, but any record as long as it is sufficiently similar (via Sim) to the target and can thus be used to determine its attributes with high probability.

The tradeoff between privacy and/or anonymity, and usefulness comes into play, and the authors make sure to take advantage of it. The real-world is a fun place.

Moreover, the linkage between an individual and her movie viewing history has implications for her future privacy. In network security, “forward secrecy” is important: even if the attacker manages to compromise a session key, this should not help him much in compromising the keys of future sessions. Similarly, one may state the “forward privacy” property: if someone’s privacy is breached (e.g., her anonymous online records have been linked to her real identity), future privacy breaches should not become easier. Now consider a Netflix subscriber Alice whose entire movie viewing history has been revealed. Even if in the future Alice creates a brand-new virtual identity (call her Ecila), Ecila will never be able to disclose any non-trivial information about the movies that she had rated within Netflix because any such information can be traced back to her real identity via the Netflix Prize dataset. In general, once any piece of data has been linked to a person’s real identity, any association between this data and a virtual identity breaks anonymity of the latter.

Anonymity tends to be a one way street. This can be particularly dangerous when it comes to persistent pseudonyms.

We have presented a de-anonymization methodology for multi-dimensional micro-data, and demonstrated its practical applicability by showing how to de-anonymize movie viewing records released in the Netflix Prize dataset. Our de-anonymization algorithm works under very general assumptions about the distribution from which the data are drawn, and is robust to perturbation and sanitization. Therefore, we expect that it can be successfully used against any large dataset containing anonymous multi-dimensional records such as individual transactions, preferences, and so on.
An interesting topic for future research is extracting social relationships, networks and clusters from the anonymous records. This knowledge can be a source of information for further de-anonymization [13]. In the case of the Netflix Prize dataset, de-anonymization of individual records may also have interesting implications for winning the Netflix Prize. We discuss this briefly in appendix B.

Data is recorded, filtered, and mined. You, your actions are not random. There will be non-uniformity, patterns. Identities and attributes will always appear.

I tend to think pseudonymity is the best you get in practice, and even that is quite difficult.

-

So, a while back I wrote this.

Side note, this is even more interesting in combination with things like the reality it generally takes couples trying to have a baby on the average of a few months to achieve pregnancy. Such drawn out periods seems to protect against a number of attacks, such as misrepresentation and quick judgement - for example, it exposes potential mates that seem good at first glance but aren’t quite so good once a closer look is provided.

Fitting right in here, I noted this.

However, Provost and her colleagues say there is in fact no contradiction between this research and other studies, as they are investigating two different kinds of signal. The previous research investigating men’s response to fertile women focused on signals such as smells and facial expressions, which can only be detected at close range. That makes evolutionary sense, as it would benefit a woman to advertise her fertility to a man that she has decided is worth having children with and has therefore allowed to get close to her.

In contrast, men can pick up on the attractiveness of a woman’s walk from long distance, and it can therefore act as an unwitting signal to less appealing males who she might not want to choose. So the advantage of having a less sexy walk around the time of ovulation becomes clear: it allows a woman to hide her fertile period from undesirable men who might take advantage of her at that time.

-

I noticed this request.

As many of you know, NIST has specified two standard KDFs for use with key agreement algorithms (e.g., Diffie-Hellman or MQV) in NIST SP 800-56A. NIST is considering supplementing the 800-56A KDFs with a more broadly applicable KDF. In particular, NIST is considering a proposal for an HMAC-based KDF. Before committing resources to this effort, we would like to get a better handle on the requirements seen by protocol developers and evaluate the level of support for such a standard. We would also like to identify alternative designs that should be considered.

PBKDF2 (something you may already use possibly without knowing it) and S2V were pointed to in replies.

-

Look at that, Banksy in New York.

VANINA HOLASEK GALLERY·502 West 27TH Street New York, NY 10001 T: 212-367-9093

FOR IMMEDIATE RELEASE:
BANKSY DOES NEW YORK
DECEMBER 2ND – DECEMBER 29TH, 2007
OPENING RECEPTION: SUNDAY, DECEMBER 2ND, 1 PM -5 PM

BANKROBBER GALLERY, London, in collaboration with VANINA HOLASEK GALLERY, are pleased to present for the first time in New York, an exhibition of works by Banksy, on view from December 2nd through December 29th, 2007.

There may even be a comment on security in here.

He’s the maniac who got on the news for managing to smuggle one of his pieces of art into Tate Britain and embarrassed everyone because nobody seemed to notice…He’s the wit behind the stencilled “Mind the Crap” writing that appeared overnight on the steps to Tate Modern. He is the prankster who smuggled 500 alternative copies of the Paris Hilton CD into record stores. He is the subversive who placed a life-size replica of a Guantanamo Bay detainee in Disneyland. He’s the jester who gave LA a painted elephant. He is the trickster whose hoax cave painting of a man pushing a supermarket trolley sat in the British Museum unnoticed for three days. He is the infiltrator who disguised as a pensioner hung his perfectly framed pieces in the Metropolitan, MOMA, Brooklyn Museum and his “dead beetle with glued on sidewinder missiles and satellite dish” had pride of place in the Museum of Natural History NYC. Get the picture, get this. Banksy images are even being used to sell 900k condos in Williamsburg.

Anyway, there is a party Saturday (2007-12-01) night from 6-9pm at the gallery celebrating the opening. [via thisheartsonfire]

-

Finally, here are some generic odds.

The National Safety Council has been compiling and reporting on injury data every year since the 1920s. The table below was prepared in response to frequent inquiries to the Council concerning the odds of dying from or being killed by a specific incident or occurrence such as a lightning strike or a plane crash.

The odds given below are statistical averages over the whole U.S. population and do not necessarily reflect the chances of death for a particular person from a particular external cause. Any individual’s odds of dying from various external causes are affected by the activities in which they participate, where they live and drive, what kind of work they do, and other factors.

Ok, as it has been a while since I last posted and will probably be some time until I next post, lets do two posts in one day. This one is just some miscellaneous items.

-

(Thats “diner” in the title, not “dining cryptographers and their problems”…)

I rarely talk about customer service with regards to places to eat. The main reason for that is I generally eat in my local neighborhood, and I learned a while back that talking about places you can be found reliably on a blog is not always the smartest thing to do.

That said, there is one diner in Manhattan that I make a point of swinging by quite often, namely Cheyenne Diner. Great customer service, including my absolute favorite waitress in Manhattan (I don’t think I have actually had to order for myself in over a year - my food just appears). Quality food and lots of it on the cheap. Open 24 hours, so perfect for a late night person (like me). Just an all around great experience.

Anyway, while I think I may be the only NY resident that absolutely loves this place, at least someone else has noticed it. (Unfortunately, the articles at the referenced site do not have separate links. Perhaps this will end up being the archive page for this month.)

On the block: Top 10 New York Classic Diners, a list of the best New York diners that haven’t changed much at all (including prices, interiors, and staff) in the last 20+ years. What you pay for one drink at some new fancy bar will get you a full meal (with bread, salad, and a side, of course!) at most of these places.

[...]
9. Cheyenne (Midtown West)

It is on the corner of 33rd st and 9th ave, a few blocks from Penn station (for those of us coming from, say Bayside ). Being smack dab in the middle of mid-town, you find locals, commuters, and tourists alike pop in.

Needless to say, highly recommended. I always end up there some time well into the nightshift, and I can’t say enough good things about the late night staff.

-

This is a petnames plugin for Firefox. [recently resurfaced in this mailing list post]

It reminded me of an old post. I pointed out using your bookmarks and commented on an SSH style of bookmark where public keys (in certificates) were part of it. I also noted that such a thing might not mean anything to average end users over a regular bookmark, which was the tricky part.

Attacks based on user ignorance of anything to do with PKI or TLS will apply regardless of “high assurance” certificates or not. What really matters here is whether or not browser security indicators matter to users (e.g., do users know about the security indicators provided by a browser, what the indicators mean, and what should be done in response to the indicators?).

[…]verifying that you are in fact establishing an SSL/TLS session with the proper entity.[…]
[…]countering an SSL/TLS MITM attack.[…]
This is an active research area. Petnames have been proposed, which I like (think PGP web of trust in some form). This has similarities to the SSH-type trust model, which has also been proposed and which I also like. In recent minutes to an IETF-PKIX meeting, the Opera people were looking at “extended validation” certificates. There has been all sorts of talk, pros and cons, about “high-assurance” certificates.

In this regard, while I like the idea of bookmarking a web site and its certificate(s), how exactly to inform a user that a certificate is changed, and establishing what actions a user should take in such a case, is the hard part. Every model I envision reduces to checking the digital certificates when the certificate presented is different from the one that is bookmarked, and then all the same problems come back into play - you might as well have just bookmarked the web site and left out the certificate.

So, I like the petnames plugin for Firefox, and I think most people familiar with the SSH way of doing things would be comfortable here. The plugin adds another layer to the advice provided here, and works well for me at least.

Bookmark web sites that you visit, especially where you conduct transactions like buying stuff, and then return to those sites only through your bookmarks (this is like what we do with server public keys in SSH). Now, when you receive that email, instant message, or embedded link in some rogue web site purporting to be from, or purporting to point you to, Paypal and you really do feel it necessary to log into Paypal in response, don’t follow any of the links provided - instead, use your bookmark for the Paypal web site. It doesn’t solve all these problems, but it helps quite a bit.

-

But, it looked real… [via the gold-silver-crypto mailing list]

Evidently, no one at Minnesota-based Supervalu bothered to confirm the authenticity of emails sent in late February. Purporting to come from two of the company’s suppliers, the messages instructed Supervalu to wire all future payments to new bank accounts. One email purported to come from representatives of Frito-Lay and the other from American Greetings. Both suppliers have established relationships with the grocery chain.

The emails were phony, but within two days, Supervalu began moving money into the accounts. Over the course of a week, the company transferred $10,128941.94 in nine separate payments. [...]

These kids have become my standard quote for this.

Teen #1: Hey, man, I think we should get our important stuff laminated. No one ever questions lamination.

-

Short article (behind a paywall) about talking tech to the non-techie.

Technology is very complex and intimidating, and technology folks are constantly getting knocked for poor communication and poor customer-service skills. It’s taking a lot of time, leads to a lot of frustration, and leads to a lot of money being misspent.

This brought to mind one of the core reasons I originally founded D-kriptik and the original point of this blog - bridging tech and non-techies. Customer service is still at our core, but we have wandered a bit off the general IT support course.

-

Perhaps its the Trek in me, but this reminded me of transparent aluminum.

By mimicking a brick-and-mortar molecular structure found in seashells, University of Michigan researchers created a composite plastic that’s as strong as steel but lighter and transparent.

As promised, here is a weekend post. (Yes, I know it is a Monday, but I was striping/coating a wood floor all weekend, well, with the exception of Boris classics night at Pacha.)

-

Lets begin here (NYT article - not sure how long they are accessible).

Yet he and most in the field now agree that the evidence for psychological hot-wiring has become overwhelming. In one 2004 experiment, psychologists led by Aaron Kay, then at Stanford University and now at the University of Waterloo, had students take part in a one-on-one investment game with another, unseen player.

Half the students played while sitting at a large table, at the other end of which was a briefcase and a black leather portfolio. These students were far stingier with their money than the others, who played in an identical room, but with a backpack on the table instead.

The mere presence of the briefcase, noticed but not consciously registered, generated business-related associations and expectations, the authors argue, leading the brain to run the most appropriate goal program: compete. The students had no sense of whether they had acted selfishly or generously.

From earlier in the article,

Findings like this one, as improbable as they seem, have poured forth in psychological research over the last few years. New studies have found that people tidy up more thoroughly when theres a faint tang of cleaning liquid in the air; they become more competitive if theres a briefcase in sight, or more cooperative if they glimpse words like dependable and support all without being aware of the change, or what prompted it.

So, what would happen if you wore an expensive suit or LEO-type uniform? Or, to fit a theme here, had a beautiful person on your arm? Or, even simpler, threw on an artsy t-shirt that had a word like “trustworthy” written on it in some discernible, yet subtle, way? Would the people aspect of security be manipulated by such things?

(Side note, I have an old, bright red Futura t-shirt that says “For love or money”. With many, it generates mostly “for love!” comments and generally leads to conversation about values and the like. With others, it often inspires awkward mockery, as is the case with almost any loud attire.)

-

So, I saw