RSS Feed
  1. rambo

    May 19, 2007 by Saar Drimer

    Last night I happened to watch Rambo: First Blood. Of course, this is not the first time I’ve seen it, but it has been a while. The cruelty these vets suffered from the population upon their return always struck a chord with me. For the record, Rambo I is a good movie; it has what we would call today “moderate violence” and a decent message and dialog (unlike its successors). I dare say that even the acting was good. These were the times where they (Hollywood) had to produce a good script because they couldn’t distract the audience with visual effects like they do today.

    Anyway, I remembered that as a child and young teenager, I was convinced that the Vietnam War was invented by the movie industry as a ruse to produce war movies. I think I had the notion of this “fake” war because I only heard about it in the movies. Then I grew up and found out the sad truth. In Israel, they didn’t teach us about these wars; we had plenty of our own.


  2. first patent issued, finally

    May 16, 2007 by Saar Drimer

    The first patent I submitted while I was at Xilinx was finally awarded. It was frustrating to wait nearly four years for the system to process it, though. The patent system is kind of broken and bad patents do manage to go through, but this one was actually useful. We’ll see how the other five I have in the pipeline take to be approved ;)

    “Method of measuring the performance of a transceiver in a programmable logic device” (USPTO, PDF)


  3. “what a piece of Acrobat!”

    April 29, 2007 by Saar Drimer

    Adobe does not like people using their product names as verbs, specifically, “photoshopping” is not allowed.

    Trademarks are not verbs.
    CORRECT: The image was enhanced using Adobe® Photoshop® software.
    INCORRECT: The image was photoshopped.

    (emphasis not mine)

    Over the years I’ve grown to hate the bloated, often-crashing, slow going, Acrobat Reader. When my system (or browser) is slow, or not responding, the first thing I try is to kill the Acrobat process. That usually does the trick. It’s a poor product, to say the least.

    So it occurred to me that as a response to their prohibition of the verbing of their product names, I’ll start using “Acrobat” in all sorts of new ways, like so:

    “This product is a piece of Acrobat®!”
    “I just Acrobatted myself. Acrobat®!”
    “This plum tastes like Acrobat®.”
    “He’s got Acrobats® for a brains.”
    “Get out of here, you Acrobatting® piece of Acrobat®”
    “I Acrobat® you not!”

    Got some more?


  4. “no” is a perfectly acceptable answer

    March 19, 2007 by Saar Drimer

    Lately, I am increasingly annoyed with people assuming that a lack of an answer means a “no” when they are invited to do something. Well, it isn’t! A lack of an answer means (surprise!) a lack of an answer. I’d much rather hear a “no, I won’t come to your lousy party even if you served the last drink on earth” than a silenced cop-out. At least I know where I stand.

    People are embarrassed/shy/uncomfortable saying “no” in general, for some odd reason. Delaying a “no”, or not giving it at all, hoping that everything will just magically go away — like kids closing their eyes assuming no one can see them anymore — is disrespectful for the other person’s time and effort. Yes, I believe that saying “no” is a sign of respect only second to a “yes”, of course (unless it is a “courtesy invite”, but that’s another matter), while non-answer is, you guessed it, insulting.

    I don’t require a reason. I don’t care. Why do people feel obliged to give an, often made-up and unimaginative, excuse to weasel out of something they don’t want to do? I long for the day where I can comfortably say “Nah, don’t feel like it” (those who know me already know that I often do it anyway, but it is socially unaccepted and considered impolite, especially around relative strangers, and I end up looking like a weirdo).

    So, for those of you that interact with me… say “no” without the excuse and I promise to never-ever-ever-ever be insulted or ask why. But for goodness sake, do it quick.


  5. journalism honesty

    February 24, 2007 by Saar Drimer

    The Times is a pretty popular newspaper here (I always have to ask the locals, since there are so many). A couple of weeks ago, subsequennt to our Chip & PIN relay attack, I got a call from a journalist regarding the use of Chip & PIN cards in petrol (gas!) stations (there has been a surge of fraud lately, particularly in these shops). This is the resulting article with my quote below:

    Saar Drimer, a security expert and researcher at Cambridge University, also said he had stopped using his cards at petrol stations. “The more we look into the ways that you could be defrauded, the more worrying it becomes. Cash is always better to use because there is no record and you’re not giving away any of your secrets,” he said.

    After talking to the guy I learned that he first called Steven, who refused to spoon feed him the quote that he was after. Namely, “I recommend people not use Chip & PIN cards at petrol stations.” Then, he called me, the media novice. I told him many things, among them that I don’t own a car and therefore, I don’t use petrol stations. He then massaged the questions such that I gave him the above (general) quote, which he wrapped in an untrue preamble. Ah, well, I should have known.

    One of the things I told him was that I wouldn’t use those stand-alone ATMs because they are easier to manipulate (attachements or complete fakes, etc.); a point he wanted me to elaborate on. However, that may have put him in a bind because his point was that people should use cash in stations, but where would they get it? From the station’s ATM…

    Anyway, next time a journalist type calls I’ll cut the bullshit and ask him what exact quote he is after and see if I am comfortable saying it. Someone suggested that next time I should write it down for him so there are no mistakes, and that’s what press releases are for. Lesson learnt ;)


  6. “I’ve got a customer”

    February 10, 2007 by Saar Drimer

    A few weeks ago Steven J. Murdoch and I released a video of a Chip & PIN terminal playing Tetris (YouTube version). Back then, I alluded to the fact that this is just a small part of something grander. We were working on an experiment that showed a particular vulnerability Chip & PIN is prone to. This is important because banks now maintain that if the PIN was used, then the customers must prove they were not negligent, which is impossible (given that they do not have access to the evidence and no way to show that no one has been looking over their shoulder, for example). Therefore, due to at least one way of defrauding customers who clearly have not been negligent with their PIN, they should be reimbursed.

    saar drimer, steven murdoch on watchdog bbc1Anyway, there is a somewhat of a technical article on ZDNet, with more info here, and Steven dissecting an insulting response from the Financial Ombudsman Service to a customer who seeks to know on what grounds he has been refused a refund.

    What was missing from the media hype over this is what is included in the academic paper. In it, not only do we describe the attack in detail, including background, we also describe and implement a defense against it called “distance bounding”, which is the main contribution.

    In addition, we spilled the beans on prime-time TV here on the island’s BBC1, in a program called “Watchdog“, which is a popular and long running consumer-watch program. This was quite an experience and I learned a lot from it. We spent about 11 hours with the crew, with the outcome of about 2 minutes of us appearing and a not-so-clear representation of the attack. Sigh. Before all this, I thought TV was evil; let’s just say I have not changed my mind.

    I cannot post the video publicly (it would probably infringe on someone’s rights) but if you’d like to see yours truly say the line in the heading of this post on TV, email me at <first name><last name>@gmail.com.

    UPDATE: Someone has posted the segment on YouTube, here. If you want a better quality version, email me.


  7. two years

    January 17, 2007 by Saar Drimer

    I realized that “Side Channels” is two years old this month. Not very exciting, is it? Well, it has gotten less of my time and attention in the past six months. A few things led to this… firstly, I was, and still am, busy. I am involved in a few research projects that I am excited about and enjoy working on. I also devote time to people around me who I like to spend time with. Secondly, I feel I don’t have anything profound to say that hasn’t already been said. You’ll notice that I try to be original whenever I can… but it is hard when everyone and their grandmother have a weblog too ;) Over time my expectations of this way of expression settled at the right place. I do not expect to have huge readership and I write whenever and of whatever I feel like. I feel comfortable with that; no pressure.

    So, my dear readers, I appreciate those of you who have stuck around and loyally keep coming back for my outbursts. As a thank you*, I give you a recent picture from my trip to Edinburgh with Craigmillar Castle as the backdrop.

    saar drimer craigsmillar castle

    * Yeah, I know it might seem like I am full of myself, giving a picture of myself as a “thank-you”… but I really like this one and I couldn’t think of anything else to give ;)


  8. been busy

    January 9, 2007 by Saar Drimer

    All good things, though…

    On Christmas day, Steven Murdoch and I decided it would be fun to post a video of a Chip & PIN terminal playing Tetris on our group’s weblog. It was an excuse to say merry Christmas and happy new year to our readers. Then, I spent a week in Edinburgh, which is a lovely city, even in the winter. If you haven’t been, I’d recommend. Rosslyn chapel was really nice. They are doing really well due to the “Da Vinci Code Effect”–people flocking places Brown mentions in the book. Regardless, worth a visit. The Scottish parliament was nice, people were nice… I’ve seen enough castles for a year or so, though. I also learned about the Scottish history and now understand better the “situation” between them and the English. The Hogmanay on new year’s eve was canceled due to 70 mph winds, but that wasn’t a big deal.

    When I got back I found out that a paper of mine got accepted to a workshop, and I need to produce a final version. Then, our little “Tetris stunt” was picked up by some blogs and it went crazy from there… newspapers, radio… I’ll save you the details. It did, however, culminated in a Slashdot mention, which made us pretty damn happy.

    Since no one is reading this very weblog anyway, I can say that there is more surprises to come on the “Tetris” front! Stay tuned.


  9. exposed: online, people sometimes lie about themselves

    December 23, 2006 by Saar Drimer

    Todd Shriber contacted, what may be considered, random people online soliciting them to hack into his former college and give his GPA a face lift. He gave them all his personal information, including SSN, and some pictures of local squirrels the “hackers” required as “proof”. They, in turn, put the e-mail correspondence online, of course.

    Turns out the idiot works as a communications director for a Montana congressman. He was later fired after his extracurricular contractual endeavors were publicized in sites like reddit.

    So, two things. Firstly, not everyone who talks shop is an expert… this applies to real life too. Secondly, if people still have not realized that other people are not who they say they are (in real life too!) they deserve this kind of treatment. The more this happens, the more people be careful what they say or write, mostly in consideration of their future. In our world, where everything is recorded and archived, nothing is forgotten. Memory is cheap. Remember this when, in five years’ time, your potential employer asks you about the time you got drunk, busted, and jailed on new years’ eve, as you detailed with pride on your now moldy myspace page. Old-school cool becomes new-school stupid.

    Oh, yeah, some fucker stole my bike; the joy of living in Cambridge. Somehow, uncharacteristically to the island, no security cameras covered the scene.


  10. greetings

    December 21, 2006 by Saar Drimer

    balls of furyJust a ping to say Happy new year, Merry Shopping Christmas, Greasy Hanukkah, or whatever else people are celebrating at this time of the year.

    I know for a FACT, though, that something awesome is waiting for us all next year!

    Balls of Fury

    YEAH! It’s going to be awesome! I hope it shows on this island here… but I doubt it. I’ll just have to fly over to the US for the premier.