Quotulatiousness

April 20, 2011

Logic, consistency not strong points for this would-be terror gang

Filed under: Britain, Middle East, Religion — Tags: , , , — Nicholas @ 07:30

A group of would-be terrorists were discovered before they could put their plans into action partly because of their disdain for “infidel” technology:

Recently, a British Moslem (Rajib Karim) was sentenced to 30 years for attempting to use his job at British Airways to help plan, coordinate and carry out terrorist attacks. One reason Karim was caught was the refusal of his terrorist cohorts in Yemen and Bangladesh to use modern cryptography for their communications. The reason was that the modern stuff was all invented by infidels (non-Moslems). Instead the group was forced to use ancient (over 2,000 year old) single letter substitution codes. The group’s implementation of this was accomplished using a spreadsheet. Unlike modern ciphers, like PGP and AES, the ancient substitution methods are easy to crack with modern decryption techniques.

A major shortcoming of Islamic radicalism is its disdain for modern, particularly non-Moslem (Western) technology. This often causes problems, like the one Karim (a computer specialist with British Airways) had with his less educated fellow terrorists in Yemen and Bangladesh. But what Karim encountered was another major problem for Islamic radicals, the fact that these groups tend to attract a disproportionate number of poorly educated recruits. The Islamic world, in general, is less educated and literate than the West, thus giving Islamic radical groups a poorly educated pool of potential recruits to begin with.

The disdain is highly selective, unless spreadsheets were also part of the Arabic cultural heritage.

April 11, 2011

SSL is “just an illusion of security”

Filed under: Technology — Tags: , , , , — Nicholas @ 10:09

SSL (Secure Sockets Layer) is critically important to safe communications on the internet. It may also be “hopelessly broken“:

SSL made its debut in 1994 as a way to cryptographically secure e-commerce and other sensitive internet communications. A private key at the heart of the system allows website operators to prove that they are the rightful owners of the domains visitors are accessing, rather than impostors who have hacked the users’ connections. Countless websites also use SSL to encrypt passwords, emails and other data to thwart anyone who may be monitoring the traffic passing between the two parties.

It’s hard to overstate the reliance that websites operated by Google, PayPal, Microsoft, Bank of America and millions of other companies place in SSL. And yet, the repeated failures suggest that the system in its current state is hopelessly broken.

“Right now, it’s just an illusion of security,” said Moxie Marlinspike, a security researcher who has repeatedly poked holes in the technical underpinnings of SSL. “Depending on what you think your threat is, you can trust it on varying levels, but fundamentally, it has some pretty serious problems.”

Although SSL’s vulnerabilities are worrying, critics have reserved their most biting assessments for the business practices of Comodo, VeriSign, GoDaddy and the other so-called certificate authorities, known as CAs for short. Once their root certificates are included in Internet Explorer, Firefox and other major browsers, they can’t be removed without creating disruptions on huge swaths of the internet.

August 23, 2010

QotD: Peak Culture

Filed under: Government, Liberty, Quotations, Space, Technology — Tags: , , , , , — Nicholas @ 13:47

The height of their society peaked in 1969. They used militarism and socialism to put two guys on the Moon, they trotted out their public-private partnership (Concorde) to build exclusive supersonic transport for the rich. Max Faget and some other brilliant engineers designed a space shuttle fleet of ten vehicles capable of hundreds of flights a year to make access to low Earth orbit cheap and routine. And the Advanced Research Projects Agency had some geeks create an inter-networking protocol that could survive a nuclear war.

Obviously, they shot their wad, as it were, and no longer put guys on the Moon. They no longer fly supersonic transports. Their space shuttle is going to stop flying soon, if it hasn’t already. Those geeky guys went on to develop open source cryptography, open source software, and totally private economic transactions. The future we’re creating is going to be very, dramatically different. It is going to be decentralised to a fare thee well.

Right now, today, two people anywhere in the world *can* have a totally private economic exchange that cannot be detected by anyone else. And since it cannot be detected, it cannot be regulated, it cannot be prohibited, and it cannot be taxed. Even inflation cannot tax it, if the exchange is denominated in some money like silver or gold. Which means that those who dream of ruling the world sowed the seeds of their own damnation?

Jim Davidson, “Peak Culture”, Libertarian Enterprise, 2010-08-22

August 16, 2010

Practically speaking, the end is in sight for passwords

Filed under: Technology — Tags: , , , , , — Nicholas @ 10:37

Advances in computing are not always uniformly beneficial: short passwords are increasingly vulnerable to brute-force cracking:

The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack.

A password of less than seven characters will soon be “hopelessly inadequate” even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long.

The number crunching abilities of graphics processors were recently applied to commercial password auditing and recovery tools from Russian developer ElcomSoft. It’s a safe assumption that black hats are able to use the same type of technology for less laudable purposes. Richard Boyd, of the Georgia Tech Research Institute, told the BBC that the number-crunching capacity of graphics cards compares to those of supercomputers built only 10 years ago.

Passwords are going to go away, sooner rather than later. All of us have too many passwords to remember that it’s pretty much guaranteed that you’re using one of the following coping strategies:

  • Using the same password on many different sites (or, shudder, all of them)
  • Using a simple password (among the most commonly used are “password” and “letmein”)
  • Leaving a sticky note on your monitor or your keyboard with your passwords listed
  • Using the name of the site as your password for that site

There are tools available to generate passwords that avoid the most obvious pitfalls (too short, no numeric or non-alphanumeric characters, using full words), but very few people use them consistently. I don’t know what the replacement for passwords will be, but we clearly need to move to more secure ways of verifying identity as soon as we can.

I’ve posted items about password security before.

June 18, 2010

EFF introduces “Encrypt the Web” Firefox plugin

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 12:13

A very interesting new project from Electronic Frontier Foundation:

Today EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.

This Firefox extension was inspired by the launch of Google’s encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted.

H/T to BoingBoing for the link.

August 11, 2009

So much for the right to not self-incriminate

Filed under: Britain, Law, Liberty — Tags: , , — Nicholas @ 12:24

The headline really does tell the story: Two convicted for refusal to decrypt data: Up to five years in jail after landmark prosecutions. You will provide the key, citizen . . . or you’ll do hard time:

Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years.

The government said today it does not know their fate.

The power to force people to unscramble their data was granted to authorities in October 2007. Between 1 April, 2008 and 31 March this year the first two convictions were obtained.

The disclosure was made by Sir Christopher Rose, the government’s Chief Surveillance Commissioner, in his recent annual report.

The former High Court judge did not provide details of the crimes being investigated in the case of the individuals &mash; who were not necessarily suspects — nor of the sentences they received.

« Newer Posts

Powered by WordPress