Acoustic cryptanalysis

Check this out.

Maybe the most interesting part of this paper is the attack using just a mobile phone in 30 centimeter distance of victim laptop. This side channel attacks are one the most near to spying stuff things in cryptography. In the fifteenth question of the page, two documented real world acoustic attacks carried out by MI5 and some-not-mentioned-organisation in USA has been exampled.

There is also a wiki page for this attack.

Users assumption about what security a system provides

On Bruce Schneier blog there was a post about arresting of a student who has sent email bomb threat to Harvard for skipping a final exam. Although he has used Tor network for anonymization, FBI has identified and arrested him by going through a list of Harvard users who has accessed Tor.

In cryptography, we believe that usually the weakest parts of the whole security system are users. Additionally, I believe that the problem mostly arises when users have some false assumptions about what sort of security the system provides. In this case, the user, the cheating student, supposed that Tor can anonymize him among the whole users of the internet or at list whole users of Harvard, contrary to his expectations Tor network just anonymize the user among users of its own network and in this case the users of its own network that are behind the University's gateway. The rest is just some police mechanisms.

In my opinion, there should be enough clarifications for users about what type and level of security the system provides. This clarification is a hard process as the users are not experts. Besides, this clarification is mostly a duty of system designers.