Remote Kill Switches are a Bad Idea

May 29th, 2014

GuillotineRecently I’ve been hearing about government support for remote kill switches, say in automobiles for law enforcement use, or in cell phones for when they’re stolen. And my first thought is always that some hacker is going to find a way to trigger the switch and cause all kinds of problems.

Apparently the hackers had the same thought. The linked article covers a situation where stolen iCloud credentials were used to lock out iPhones via the “Find My iPhone” anti-theft feature.

Link: http://time.com/…
(via Kim Komando)

Test Your Website for the Heartbleed Vulnerability

May 7th, 2014

Computer SecurityAstute Chad’s News readers will have already heard about the Heartbleed vulnerability, but it’s something we all need to be aware of. Fortunately, xkcd has the best explanation I’ve seen to date. If you manage or own a website that uses SSL certificates for secure HTTPS connections, the linked page will check to see if your site is vulnerable.

You can also use it to verify websites that you visit, to make sure they aren’t open to Heartbleed attacks. Major sites have already patched their systems and installed new SSL certificates, so I’m thinking the real concern is the smaller e-commerce sites. (Note: If you use this tool to verify a site, do it before you open the site in your browser.)

Link: http://safeweb.norton.com/…
(via Kim Komando)

Tor Anonymity Can Be Compromised, Given Time and Resources

May 6th, 2014

Computer SecurityHere at Chad’s News, we’ve previously mentioned Tor, a network used for anonymous communication on the internet. Volunteers host Tor servers, and a user’s internet traffic is routed through those servers, thus disguising the actual location of the sender. (NOTE: Never, ever, ever host a Tor server on a computer that you wouldn’t want confiscated by law enforcement.) Tor has been touted as a great method for political dissidents, whistle-blowers, and others to confidentially send information via the internet without being identified. Of course, it’s also used for illegal traffic.

The linked article discusses a paper [PDF] (Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, lead author Aaron Johnson of the US Naval Research Laboratory) that comes to some startling conclusions about Tor anonymity. If someone uses Tor regularly, an adversary with significant resources (e.g., a government) has a high chance (80% to 95%) of successfully tracing that user over a period of 3 to 6 months.

Link: http://www.theregister.co.uk/…
(via Kim Komando)

Wiping Solid-state Drives, Part 2

March 5th, 2014

Hard DriveHere at Chad’s News, we’ve previously discussed the issues involved in securely wiping files stored on a solid-state drive (SSD). The linked article summarizes another, more recent study on the topic that pretty much says the same thing: the only way to ensure that you’ve securely wiped an SSD is to physically destroy the hard drive. Other methods may work, but they are not universally reliable.

Link: http://www.techrepublic.com/…

Sci-fi Becomes Sci-fact: Railguns and Laser Weapons

February 19th, 2014

ExplosionThe US Navy will be deploying a laser weapon system later this year, a la Star Wars, and has plans to deploy a railgun within the next two years. Railgun systems have been available in laboratory settings for a while now, and the real challenge has been meeting their huge power requirements on a seagoing vessel—the ship hosting the railgun, for example, will be able to generate 78 megawatts of electricity, enough to power a medium-sized city.

Link: http://www.foxnews.com/…
(via Kim Komando)

A New Type of Encryption: Obfuscation

February 5th, 2014

CryptographySecurity through obscurity, while helpful, is not sufficient to reliably safeguard your secrets from a determined attacker. That may be changing, however, as the linked article describes a new type of computer code obfuscation that can’t be reverse engineered. This would allow encryption programs and keys to be obfuscated, producing a new type of reliable encryption that (I’m assuming) can’t be broken by quantum computers.

This all goes back to a fundamental problem with protecting your proprietary computer code: the computer that it’s running on has to be able to understand it. In the early ’80s when personal computers were still fairly new, there were a bunch of anti-copying schemes for commercial software that tried to make it impossible to copy the floppy disks. Most of them were easily circumvented by skilled hackers. I remember a peripheral device for hackers that, when you pushed a button, would create a copy of whatever was in memory. So even if you couldn’t duplicate the disk, you could make a copy of the program from memory and save that to a non-protected disk. It was a losing battle, and most companies eventually abandoned these types of copy protection schemes.

But that’s all changed. The new method described in the linked article uses “indistinguishability obfuscation” to create computer code that’s too complex to be reverse-engineered, yet when run on a computer will produce the proper results. This is accomplished by including elements that appear random and add complexity but are carefully chosen to cancel themselves out.

As with the popular public key encryption, this method of obfuscation is tied to a difficult math problem. From the article: “This obfuscation scheme is unbreakable, the team showed, provided that a certain newfangled problem about lattices is as hard to solve as the team thinks it is.”

Obfuscation is not yet completely proven, but it shows great promise. And if it stands up after further research then we’ll probably see it go mainstream for at least cryptography and perhaps more.

Link: https://www.simonsfoundation.org/…
(via Kim Komando)

Net Neutrality is Dead, and Why You Should Care

February 2nd, 2014

InternetNet neutrality has been a hot topic in the internet world, but many people have no idea why it’s important. The linked article gives the best definition that I’ve seen. Essentially, without net neutrality, your ISP and other network providers can play god in regards to the content you receive. They can block certain sites or give preferential treatment to sites. They can demand that a content provider (e.g., Google) pay them in order to not have their content receive degraded performance. This is not hypothetical—I remember reading about how the CEO of a major network provider wanted to charge companies like Google for the traffic coming over its system, even though the network provider’s subscribers were already paying for that access. He saw it as a source of additional income and was upset that Google didn’t have to pay to use the company’s network.

This goes against everything the internet stands for, of course, so the FCC instituted a regulation enforcing net neutrality. The FCC, however, doesn’t have the authority to make that kind of regulation, and the courts recently struck it down. Congress could make a law enforcing net neutrality, but somewhere along the line this topic became a partisan political issue. Not sure why that’s the case, but the end result is that congress is unlikely to pass any legislation in the foreseeable future.

Only time will tell what the major ISPs and network providers do with their new freedom, but I think it’s going to be ugly.

Link: http://www.techrepublic.com/…

Target Store Knows a Girl is Pregnant Before Her Father Does

January 26th, 2014

ShopperHow concerned are you about your privacy in regards to companies you do business with? The first linked article describes (in length) how corporations are using data collection and analytics to learn private details about their customers, with a particular emphasis on Target identifying which of its customers are pregnant and sending targeted coupons to those women. The second article highlights one of the more interesting situations that Target encountered, where a father found out that his 16-year old daughter was pregnant only after she received baby-related coupons from the company.

I personally have no problem with companies collecting my data and using it to send me useful coupons or to market stuff they think I want to buy. King Soopers, my grocery store, sends me targeted coupons all the time—and it saves me a good deal of money. But there are a lot of people out there who find this type of thing spooky and a bit frightening. It’s all perfectly legal, but that glimpse into the world of big data analytics is unsettling to many. The third linked article lists additional areas where some institution knows more about you than you may want them to know.

Here at Chad’s News we’ve already written that cell phone privacy and online privacy don’t exist.

Link #1: http://www.nytimes.com/…

Link #2: http://consumerist.com/…

Link #3: http://www.komando.com/…

Make It So! Make It So! Make It So!

December 6th, 2013

Captain PicardThis video has clips of characters from Star Trek: The Next Generation that combine to do the vocals for the Christmas song, Let It Snow. It’s hilarious! Something every geek should see.

Link: http://videos.komando.com/…

When to Purchase the Cheapest Airline Tickets

November 17th, 2013

ShopperDid you know that when you purchase an airline ticket can have an impact on the price? Buying tickets on Tuesdays or over the weekend can get you a better deal. Also, purchasing them seven weeks before the trip will usually get you the best fare.

Link: http://www.komando.com/…

PIN/Password Analysis Shows That We’re Predictable

August 6th, 2013

Computer SecurityThe author of the linked article accumulated a database of hacked PINs and numeric passwords, then analyzed it to see what patterns emerged. Here are some of the highlights:

  • 20% of all PINs use just five different numbers: 1234, 1111, 0000, 1212, and 7777.
  • The fourth most popular seven-digit password is 8675309. (Wait for it…)
  • Using a year in the form 19XX is a bad idea.
  • The least used PIN is 8068.
  • Including 007, 420, and 69 may seem like a neat idea, but they turn out to be quite common.
  • Numbers made from drawing lines or patterns on the keypad are also popular.

Link: http://www.datagenetics.com/…
(via Kim Komando)

Appeals Court in Favor of Automated DVR Ad-skipping

July 28th, 2013

TelevisionThe U.S. Court of Appeals for the 9th Circuit confirmed a lower court’s ruling that Dish Network’s Hopper, a DVR that automatically skips commercials when playing back recorded content, does not violate copyright law. Whether or not the decision is appealed, this case will produce a landmark ruling.

Link: http://www.washingtonpost.com/…
(via Kim Komando)