This one is absolutely mind-numbing in the amount of stupidity shown. A man burglarized a house, used the victim’s computer to log in to Facebook, and didn’t log out. The homeowner posted his phone number on the burglar’s Facebook page, in the hopes that someone who knew the burglar would contact him. Instead, the burglar himself texted the homeowner and arranged to meet so he could pick up some clothing he’d left in the house. He actually showed up, so the homeowner called the police and the burglar was arrested.
Automated combat systems have long held a place in science fiction. Warfare turns into battles between machines, some directly controlled by human beings and some completely autonomous. We’ve all heard about the airplane drones that are seeing significant use in recent conflicts, but here’s something quite different. The US Navy is testing autonomous swarm boats. They’re small, unmanned boats that sense the environment and work together to achieve their objective. That may be to protect a particular ship, attack a target, etc. It’s quite interesting. Note, however, that the Navy doesn’t allow the swarm boats to utilize their weapons unless there is a human being on board. The linked video explains in more detail.
Microsoft has announced Windows 10. (What happened to Windows 9 you may ask — who knows?) Details are sparse, but they did say that it will run on all devices a la Windows 8, but will configure itself for the device type. So PC users will see a Windows 7 interface while phone users will get a start screen with tiles. Also, there will be a single app store with apps that run on all platforms and devices. Sounds like they learned from Windows 8.
Recently I’ve been hearing about government support for remote kill switches, say in automobiles for law enforcement use, or in cell phones for when they’re stolen. And my first thought is always that some hacker is going to find a way to trigger the switch and cause all kinds of problems.
Apparently the hackers had the same thought. The linked article covers a situation where stolen iCloud credentials were used to lock out iPhones via the “Find My iPhone” anti-theft feature.
Astute Chad’s News readers will have already heard about the Heartbleed vulnerability, but it’s something we all need to be aware of. Fortunately, xkcd has the best explanation I’ve seen to date. If you manage or own a website that uses SSL certificates for secure HTTPS connections, the linked page will check to see if your site is vulnerable.
You can also use it to verify websites that you visit, to make sure they aren’t open to Heartbleed attacks. Major sites have already patched their systems and installed new SSL certificates, so I’m thinking the real concern is the smaller e-commerce sites. (Note: If you use this tool to verify a site, do it before you open the site in your browser.)
Here at Chad’s News, we’ve previously mentioned Tor, a network used for anonymous communication on the internet. Volunteers host Tor servers, and a user’s internet traffic is routed through those servers, thus disguising the actual location of the sender. (NOTE: Never, ever, ever host a Tor server on a computer that you wouldn’t want confiscated by law enforcement.) Tor has been touted as a great method for political dissidents, whistle-blowers, and others to confidentially send information via the internet without being identified. Of course, it’s also used for illegal traffic.
The linked article discusses a paper [PDF] (Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, lead author Aaron Johnson of the US Naval Research Laboratory) that comes to some startling conclusions about Tor anonymity. If someone uses Tor regularly, an adversary with significant resources (e.g., a government) has a high chance (80% to 95%) of successfully tracing that user over a period of 3 to 6 months.
Here at Chad’s News, we’ve previously discussed the issues involved in securely wiping files stored on a solid-state drive (SSD). The linked article summarizes another, more recent study on the topic that pretty much says the same thing: the only way to ensure that you’ve securely wiped an SSD is to physically destroy the hard drive. Other methods may work, but they are not universally reliable.
The US Navy will be deploying a laser weapon system later this year, a la Star Wars, and has plans to deploy a railgun within the next two years. Railgun systems have been available in laboratory settings for a while now, and the real challenge has been meeting their huge power requirements on a seagoing vessel—the ship hosting the railgun, for example, will be able to generate 78 megawatts of electricity, enough to power a medium-sized city.
Security through obscurity, while helpful, is not sufficient to reliably safeguard your secrets from a determined attacker. That may be changing, however, as the linked article describes a new type of computer code obfuscation that can’t be reverse engineered. This would allow encryption programs and keys to be obfuscated, producing a new type of reliable encryption that (I’m assuming) can’t be broken by quantum computers.
This all goes back to a fundamental problem with protecting your proprietary computer code: the computer that it’s running on has to be able to understand it. In the early ’80s when personal computers were still fairly new, there were a bunch of anti-copying schemes for commercial software that tried to make it impossible to copy the floppy disks. Most of them were easily circumvented by skilled hackers. I remember a peripheral device for hackers that, when you pushed a button, would create a copy of whatever was in memory. So even if you couldn’t duplicate the disk, you could make a copy of the program from memory and save that to a non-protected disk. It was a losing battle, and most companies eventually abandoned these types of copy protection schemes.
But that’s all changed. The new method described in the linked article uses “indistinguishability obfuscation” to create computer code that’s too complex to be reverse-engineered, yet when run on a computer will produce the proper results. This is accomplished by including elements that appear random and add complexity but are carefully chosen to cancel themselves out.
As with the popular public key encryption, this method of obfuscation is tied to a difficult math problem. From the article: “This obfuscation scheme is unbreakable, the team showed, provided that a certain newfangled problem about lattices is as hard to solve as the team thinks it is.”
Obfuscation is not yet completely proven, but it shows great promise. And if it stands up after further research then we’ll probably see it go mainstream for at least cryptography and perhaps more.
Net neutrality has been a hot topic in the internet world, but many people have no idea why it’s important. The linked article gives the best definition that I’ve seen. Essentially, without net neutrality, your ISP and other network providers can play god in regards to the content you receive. They can block certain sites or give preferential treatment to sites. They can demand that a content provider (e.g., Google) pay them in order to not have their content receive degraded performance. This is not hypothetical—I remember reading about how the CEO of a major network provider wanted to charge companies like Google for the traffic coming over its system, even though the network provider’s subscribers were already paying for that access. He saw it as a source of additional income and was upset that Google didn’t have to pay to use the company’s network.
This goes against everything the internet stands for, of course, so the FCC instituted a regulation enforcing net neutrality. The FCC, however, doesn’t have the authority to make that kind of regulation, and the courts recently struck it down. Congress could make a law enforcing net neutrality, but somewhere along the line this topic became a partisan political issue. Not sure why that’s the case, but the end result is that congress is unlikely to pass any legislation in the foreseeable future.
Only time will tell what the major ISPs and network providers do with their new freedom, but I think it’s going to be ugly.
How concerned are you about your privacy in regards to companies you do business with? The first linked article describes (in length) how corporations are using data collection and analytics to learn private details about their customers, with a particular emphasis on Target identifying which of its customers are pregnant and sending targeted coupons to those women. The second article highlights one of the more interesting situations that Target encountered, where a father found out that his 16-year old daughter was pregnant only after she received baby-related coupons from the company.
I personally have no problem with companies collecting my data and using it to send me useful coupons or to market stuff they think I want to buy. King Soopers, my grocery store, sends me targeted coupons all the time—and it saves me a good deal of money. But there are a lot of people out there who find this type of thing spooky and a bit frightening. It’s all perfectly legal, but that glimpse into the world of big data analytics is unsettling to many. The third linked article lists additional areas where some institution knows more about you than you may want them to know.