July 2008

Why are secret URLs “security through obscurity”?

Yesterday’s InformationWeek had an article about how cellphone pictures sent via MMS (Multimedia Messaging Service) by customers of U.K. mobile network Operator O2 are winding up available via Google search pages. The article, titled Picture Leak: O2’s Security Through Obscurity Can’t Stop Google, explains that O2 provides a fallback for customers who try to send photos from their cellphone to cellphones that don’t support MMS, namely they post the photos online and then send the recipient a URL to the picture via email. For security, each URL includes a 16-hex-digit (64-bit) hex digit message ID. The “problem”, as they breathlessly explain it, is that some of these URLs are getting indexed by Google, and can be discovered by performing a search with the inurl: search type.

The whole thing is much ado about nothing — further investigation shows that the reason a handful of these “secret” URLs wound up in Google is that people were using MMS to post photos directly to their public photoblogs. While it’s not the case here, I do have to wonder at the charge that secret URLs are somehow just security through obscurity, which usually refers to a system that is secure only as long as its design or implementation details remain secret. That’s not the case here — even a modest 16-hex-digit ID is about as difficult to guess as a random ten-character password containing numbers and upper & lowercase letters. What can be a risk is that people and programs are used to URLs being public knowledge, and so sometimes they aren’t safeguarded as well as one might safeguard, say, his bankcard PIN number. On the plus side, unguessable URLs can easily be made public when it’s appropriate, for example when posting to your photo blog from your O2 cellphone. Now if only we could selectively prevent clueless reporters trying to write scare-stories from finding them…

Why are secret URLs “security through obscurity”? Read More »

Magnetic wall

This weekend’s project was to paint the dining room wall and bedroom doors with magnetic paint (paint with an iron-dust mix-in). Actually, this was my wife’s project while I fixed the bathroom sink — but that project was much less interesting to blog about. The dining room is shaping up to hold all the various birth & wedding announcements, plus magnetic poetry and probably some random wall games. The bedroom doors will be more personal expressions, and right now the guest room has tourist magnets from everyone who’s visited. Best of all, it’s a great excuse for another order from our favorite magnet source!

magnetic-primer.jpg magnetic-primer.jpg poetry-wall-thumb.jpg
Magnetic Primer The start of our
downstairs postboard…
…and poetry wall
magnetic-primer.jpg daughters-door-thumb.jpg our-door.jpg
Guest room door Our daughter’s
(*PINK*) door
Our bedroom door

Magnetic wall Read More »

52-card Psycho

There are exactly 52 playing cards in a standard deck. There are also exactly 52 shots in the famous shower scene in Alfred Hitchcock’s movie Psycho. From this amazing coincidence comes 52 Card Psycho, a new augmented-reality experimental film piece my brother recently designed in collaboration with the Future Cinema Lab at York University:

52 Card Psycho is an installation-based investigation into cinematic structures and interactive cinema viewership; the concept is simple: a deck of 52 cards, each printed with a unique identifier, are replaced in the subject’s view by the 52 individual shots that make up Hitchcock’s famous shower scene in Psycho. The cards can be manipulated by the viewer: stacked, dealt, arranged in their original order or re-composed in different configurations, creating spreads of time, and allowing a material interaction with the ‘cinema screen’— an object which normally is removed and exalted, and unchangeable in its linearity.

52-card Psycho Read More »