GeekSpeak for 2015-11-14

Vader Statue Pwns HTTPS

Teaser medium

Lenin looses to Vader, make sure you buy the right USB-C cable, caffeinated peanut butter, and a long form discussion on trust with regards to computers, password managers, and SSL certificates.

Google Engineer Warns Against Perils Of Buying Cheap, Third-Party USB-C Cables

Leung and his teammates at Google work inside of the Chromebook ecosystem, and as such, they’ve had lots of hands-on experience with USB-C cables. The Chromebook Pixel remains one of the very few notebooks on the market that directly supports USB-C. Nonetheless, in his experience, not all cables are built alike, and in some cases, cheap out-of-spec cables could potentially cause physical damage.

It’s such a big problem, in fact, that Leung began buying cables off of Amazon and leaving his feedback on each one. Ultimately, what the problem boils down to is that some of the specifications in a cable may be not well controlled. He notes that in some bad cables, incorrect resister values are throwing off power specs wildly – 3A vs 2A in one example.

Floppy disks still in use

When was the last time that you used a floppy disk? While still used as the save icon in modern software packages like Microsoft’s Office suite, it’s unusual to see one out in the wild. Given that a typical floppy disk offers up a minuscule 1.44MB of space — not even enough to house a three-minute pop song in MP3 format — there’s seemingly no reason for these disks to stay in circulation.

But while the average user might not have any cause to use a floppy disk, there are those out there who can’t settle for anything else. They’re in dire need of the disks, which most manufacturers have stopped producing. The floppy disk might seem like something better left in the 1990s. Instead it’s a product that’s alive and well in the 21st century.

Caffeinated peanut butter is here, draws ire of Charles Schumer

A company called STEEM is making a caffeinated version of the popular protein-packed spread. Two tablespoons of it offers the same dose of caffeine as almost two cups of coffee, the company boasts. But that fact isn’t a selling point to Senator Schumer, a well-established opponent of caffeine-boosted foods. On Monday, he called for the Food and Drug Administration to investigate the safety of the enhanced peanut butter.

Hacking tool swipes encrypted credentials from password manager

Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user’s computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to a file.
KeeFarce, as the tool has been dubbed, targets KeePass, but there’s little stopping developers from designing similar apps that target virtually every other password manager available today.

This 11-year-old is selling cryptographically secure passwords for $2 each

We now live in a world where a New York City sixth grader is making money selling strong passwords. Earlier this month, Mira Modi, 11, began a small business at dicewarepasswords.com, where she generates six-word Diceware passphrases by hand.

Diceware is a well-known decades-old system for coming up with passwords. It involves rolling actual six-sided dice as a way to generate truly random numbers that are matched to a long list of English words. Those words are then combined into a non-sensical string (“ample banal bias delta gist latex”) that exhibits true randomness and is therefore difficult to crack. The trick, though, is that these passphrases prove relatively easy for humans to memorize.

HTTPS certificates with forbidden domains issued by “quite a few” CAs

Browser-trusted certificate authority (CA) Comodo said it mistakenly issued transport layer security credentials for “mailarchive,” “help,” and at least five other forbidden names and warned that “quite a number” of unnamed competitors have committed similar violations.

The non-compliant certificates are forbidden under the baseline requirements enforced by the CA Browser Forum, an industry group of CAs and browser makers that establish rules CAs must follow for their digital certificates to be trusted in Chrome, Internet Explorer, and other major browsers. The rules forbid the issuance of certificates for internal names that aren’t part of a valid Internet domain name or for a reserved IP address such as 192.168.1.1.