We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.
Plus it’s your feedback, a huge roundup & so much more!
Team was able to crack four digit-PINs with 70 percent accuracy on the first try, with 100 percent accuracy by try number five
A site accessed with malicious code can open the device to such sensor-based monitoring working in the background when browser tabs are left open.
The team suggests a number of ways to help combat vulnerabilities, including regularly changing PINs and quitting out of any apps not currently in use
Dan suggests: Simple way around this: randomize the display of numbers on the keypad. I think this should be standard for all PIN entry. I recall seeing this somewhere, years ago, but I don’t recall where. I’ve always wondered why I’ve never seen it again. If the numbers have a narrow field of vision, nobody can watch over your shoulder.
From the PDF: . In the latest Apple Security Updates for iOS 9.3 (released in March 2016), Safari took a similar countermeasure by “suspending the availability of this [motion and orientation] data when the web view is hidden”x
Robert Watson spoke at the very first BSDCan
There are three main fundamental causes of insecurity: technology complexity, culture, an the economic incentives of the computer business.
PostgreSQL < 9.6 has DATADIR is the same for all versions
PostgreSQL 9.6+ on FreeBSD, each major version has it’s own DATADIR
Installing in a FreeBSD jail means you can easily upgrading another jail, then start using it
10 messages this past week. Requests for deep dives on PostgreSQL, DNS, ZFS, Jails.
The guy who asked us about that free DNS service, wrote in to say he has no connection with them.