John Graham-Cumming

In the past I've written about measures I've taken to protect my Google Mail account: I use long random passwords  and Google's two-factor authentication with no recovery options and I have a tempting canary waiting for any intruder. But to further protect my account I created a system that automatically tells me when a log in occurs on my Google Mail account. The system sends me an SMS whenever there's a new log in. The system is able to distinguish a machine that's used on different IP addresses (such as when I move my laptop from home to an office) and brand new log ins from machines that have never been seen before. And unlike the canary it doesn't require any action. It happens automatically. Here's the SMS chronicle of a trip to the San Francisco office of CloudFlare and my return home. The first SMS was received because I logged in in my hotel, later I went to the CloudFlare office and a few days later I returned home. I'm posting thi

Some months ago CloudFlare launched a service called ScrapeShield that's designed to protect web page content from content scraping. It's a free service and I enabled it on this blog. The ScrapeShield report shows where my blog content has been copied around the web. It doesn't get copied very often, but just the other day there was a great example of how ScrapeShield spots taken content: I wrote a popular blog entry about Mars Curiosity; someone saw it and wrote their own version taking a single line of text from my blog. ScrapeShield caught it. My article was Curiosity Rover writes Morse Code of JPL everywhere it goes  and a web site owner obviously read it and added this section to an article called "Five awesome things about Curiosity": That's not the photo that I used, nor is that the text I wrote, but the caption under the photograph is a copy/paste of the title of my article. How am I sure? Because when they copy and pasted, they copy and pa

It seems every time I come across a story about the Mars Curiosity rover there will be many people commenting on the technology used starting with "Why don't they just..?" and usually pointing out things like: the processor in their smart phone is way faster than the one of Mars, or they have way more memory on their iPad, or their digital camera is way better than the one sending back pictures. These "Why don't they just..?" questions are both annoying and to be expected. Annoying because the underlying thought is "Those NASA/JPL guys are so dumb LOL" and to be expected and encouraged because we wouldn't make any progress without asking questions and, in particular, asking why. But it doesn't take much research to find the answer. (Even though I'm tempted to answer: "Because it's on friggin' Mars, doofus!") 1. The Mars Science Laboratory project was  started eight years ago in 2004. So, all the technology on

It's common for web sites to have a password recovery feature and some ask the user to set up answers to security questions which they can answer later. The main feature of these is that they are intended to be something the user knows and can answer later without remembering. So questions like "What was the make of your first car?" are common. Unfortunately, these questions are weak because a determined attacker can often find out the information required to answer the questions. In one notable case a US Vice Presidential candidate's email was hacked  by searching for and finding the target's high school name and date of birth. This leads to these questions being very insecure. In addition, some questions, such as "What was the make of your first car?" have a very small likely answer space. If the target is British, for example, the number of car makers is small and a guess is quite likely to work, especially considering that it's unlikely tha

The Curiosity Rover that landed on Mars today has a neat feature in its wheels that allows it to spot if it gets stuck. The wheels have an asymmetric pattern of holes in them that leave a distinctive imprint on the surface of Mars. The rover views these marks with a camera to determine if it has traveled the distance it thinks it has. This 'visual odometry' means that Curiosity can spot if it's slipping or stuck and call home for help. The visual odometry is mentioned in this video where the marks can be clearly seen: Here's a close up shot of the marks on the centre wheel. Look carefully and the pattern is short long long long short long long short short long short short or . - - - . - - . . - . . which is Morse Code for JPL , the home of Curiosity.

For over a week now my talk, The Greatest Machine That Never Was , has been on the front page of TED . It's got over 170,000 views. If you haven't seen it, here it is: