Quotulatiousness

March 31, 2012

Botched investigation into GCHQ staff member’s mysterious death

Filed under: Britain, Government, Science, Technology — Tags: , , , — Nicholas @ 09:17

This sounds particularly bad:

Forensic investigators have apologized for the bungling of the inquiry into the mysterious death of a codebreaker employed by the Government Communications Headquarters (GCHQ).

In August 2010, Gareth Williams, described as a mathematical genius by his peers and employed at GCHQ since leaving university, was found dead in his flat in London. Williams, who had recently qualified for deployment with MI6 — Britain’s version of the CIA — was found naked and partially decomposed in a sports bag that had been locked from the outside and placed in the bath.

In the pre-inquest hearing on Friday, the court heard that the investigation into Williams’ death had been botched from the start. LGS Forensics said that DNA found on Mr Williams’ body was investigated, but later turned out to have been transferred there from one of the forensic scientists investigating the death, and a search of the apartment turned up no clues as to his death.

February 10, 2012

Help sponsor a new home for the historic Colossus code-cracking computer

Filed under: Britain, History, Technology, WW2 — Tags: , , — Nicholas @ 11:11

John Leyden at The Register on the fundraising efforts to build a new home for the WW2 cryptographic computer:

The National Museum of Computing (TNMOC) has turned to a tried-and-tested fundraising method to establish a home for the rebuilt Colossus computer at Bletchley Park.

Individuals and firms are invited to buy up pixels of an online picture of the wartime code-breaking machine — at 10 pence per dot with a minimum spend of £10 — pretty much like Alex Tew’s million-dollar homepage effort.

The museum’s curators need the cash to open an exhibition featuring the Colossus in the historic Block H, on the spot where Colossus No 9 stood during the Second World War and where the rebuild took place.

Colossus was the world’s first electronic programmable computer, and was used to crack encrypted messages between Hitler and his generals.

December 15, 2011

Google donates to the Bletchley Park restoration project

Filed under: Britain, History, Technology, WW2 — Tags: , , — Nicholas @ 09:15

Google has made a significant contribution to the preservation and restoration of the famous WW2 codebreaking site:

The centre has won a £4.6million grant from the Heritage Lottery Fund but needs to attract £1.7million in outside funding before the big grant can be delivered and the next stage of the development kickstarted.

The £550,000 Google contribution is the biggest single donation that the Bletchley Park Trust has received so far. It was given by the search engine’s charitable arm, which donated a total of $100 million (£64.4million) in 2011.

“It would be wonderful if other donors follow Google’s example to help preserve our computing heritage,” said Simon Greenish, CEO of the Bletchley Park Trust. “We could then proceed as soon as possible with restoration of the profoundly historically significant codebreaking huts.”

October 5, 2011

The irony of Bletchley Park’s funding windfall

Filed under: Britain, History, Technology, WW2 — Tags: , , — Nicholas @ 10:47

Cory Doctorow has the good news about Bletchley Park’s recent grant:

Bletchley Park, the birthplace of modern crypto and the home of the WWII codebreaking effort, has received a £4.6m Heritage Lottery Fund grant to fund restoration efforts and new exhibits. Bletchley was broken up after the war and its work was literally buried as part of the Cold War climate of secrecy that prevailed. In the years that followed, neglect and time led to the near-destruction of many of the historic sites. The Bletchley Park trust has since done amazing work on a shoestring budget to restore and preserve Bletchley, creating a fabulous museum and rebuilding some of the most beautiful electromechanical computers I’ve ever seen.

[. . .]

Ironically, the money to restore Bletchley has come from the lottery, a government-run system designed to reinforce and exploit statistical innumeracy of the sort that Bletchley’s cryptographers overcame in order to help win the war.

August 1, 2011

A quick plug for a useful EFF plug-in for Firefox

Filed under: Liberty, Technology — Tags: , , , , — Nicholas @ 10:25

I’ve mentioned this before, but I was just reminded about it as I started using the new laptop with its new install of Firefox:

This Firefox extension was inspired by the launch of Google’s encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted. At the same time, we were also able to encrypt most or all of the browser’s communications with some other sites:

  • Google Search
  • Wikipedia
  • Twitter and Identi.ca
  • Facebook
  • EFF and Tor
  • Ixquick, DuckDuckGo, Scroogle and other small search engines and lots more!

Firefox users can install HTTPS Everywhere by following this link.

As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).

April 20, 2011

Logic, consistency not strong points for this would-be terror gang

Filed under: Britain, Middle East, Religion — Tags: , , , — Nicholas @ 07:30

A group of would-be terrorists were discovered before they could put their plans into action partly because of their disdain for “infidel” technology:

Recently, a British Moslem (Rajib Karim) was sentenced to 30 years for attempting to use his job at British Airways to help plan, coordinate and carry out terrorist attacks. One reason Karim was caught was the refusal of his terrorist cohorts in Yemen and Bangladesh to use modern cryptography for their communications. The reason was that the modern stuff was all invented by infidels (non-Moslems). Instead the group was forced to use ancient (over 2,000 year old) single letter substitution codes. The group’s implementation of this was accomplished using a spreadsheet. Unlike modern ciphers, like PGP and AES, the ancient substitution methods are easy to crack with modern decryption techniques.

A major shortcoming of Islamic radicalism is its disdain for modern, particularly non-Moslem (Western) technology. This often causes problems, like the one Karim (a computer specialist with British Airways) had with his less educated fellow terrorists in Yemen and Bangladesh. But what Karim encountered was another major problem for Islamic radicals, the fact that these groups tend to attract a disproportionate number of poorly educated recruits. The Islamic world, in general, is less educated and literate than the West, thus giving Islamic radical groups a poorly educated pool of potential recruits to begin with.

The disdain is highly selective, unless spreadsheets were also part of the Arabic cultural heritage.

April 11, 2011

SSL is “just an illusion of security”

Filed under: Technology — Tags: , , , , — Nicholas @ 10:09

SSL (Secure Sockets Layer) is critically important to safe communications on the internet. It may also be “hopelessly broken“:

SSL made its debut in 1994 as a way to cryptographically secure e-commerce and other sensitive internet communications. A private key at the heart of the system allows website operators to prove that they are the rightful owners of the domains visitors are accessing, rather than impostors who have hacked the users’ connections. Countless websites also use SSL to encrypt passwords, emails and other data to thwart anyone who may be monitoring the traffic passing between the two parties.

It’s hard to overstate the reliance that websites operated by Google, PayPal, Microsoft, Bank of America and millions of other companies place in SSL. And yet, the repeated failures suggest that the system in its current state is hopelessly broken.

“Right now, it’s just an illusion of security,” said Moxie Marlinspike, a security researcher who has repeatedly poked holes in the technical underpinnings of SSL. “Depending on what you think your threat is, you can trust it on varying levels, but fundamentally, it has some pretty serious problems.”

Although SSL’s vulnerabilities are worrying, critics have reserved their most biting assessments for the business practices of Comodo, VeriSign, GoDaddy and the other so-called certificate authorities, known as CAs for short. Once their root certificates are included in Internet Explorer, Firefox and other major browsers, they can’t be removed without creating disruptions on huge swaths of the internet.

August 23, 2010

QotD: Peak Culture

Filed under: Government, Liberty, Quotations, Space, Technology — Tags: , , , , , — Nicholas @ 13:47

The height of their society peaked in 1969. They used militarism and socialism to put two guys on the Moon, they trotted out their public-private partnership (Concorde) to build exclusive supersonic transport for the rich. Max Faget and some other brilliant engineers designed a space shuttle fleet of ten vehicles capable of hundreds of flights a year to make access to low Earth orbit cheap and routine. And the Advanced Research Projects Agency had some geeks create an inter-networking protocol that could survive a nuclear war.

Obviously, they shot their wad, as it were, and no longer put guys on the Moon. They no longer fly supersonic transports. Their space shuttle is going to stop flying soon, if it hasn’t already. Those geeky guys went on to develop open source cryptography, open source software, and totally private economic transactions. The future we’re creating is going to be very, dramatically different. It is going to be decentralised to a fare thee well.

Right now, today, two people anywhere in the world *can* have a totally private economic exchange that cannot be detected by anyone else. And since it cannot be detected, it cannot be regulated, it cannot be prohibited, and it cannot be taxed. Even inflation cannot tax it, if the exchange is denominated in some money like silver or gold. Which means that those who dream of ruling the world sowed the seeds of their own damnation?

Jim Davidson, “Peak Culture”, Libertarian Enterprise, 2010-08-22

August 16, 2010

Practically speaking, the end is in sight for passwords

Filed under: Technology — Tags: , , , , , — Nicholas @ 10:37

Advances in computing are not always uniformly beneficial: short passwords are increasingly vulnerable to brute-force cracking:

The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack.

A password of less than seven characters will soon be “hopelessly inadequate” even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long.

The number crunching abilities of graphics processors were recently applied to commercial password auditing and recovery tools from Russian developer ElcomSoft. It’s a safe assumption that black hats are able to use the same type of technology for less laudable purposes. Richard Boyd, of the Georgia Tech Research Institute, told the BBC that the number-crunching capacity of graphics cards compares to those of supercomputers built only 10 years ago.

Passwords are going to go away, sooner rather than later. All of us have too many passwords to remember that it’s pretty much guaranteed that you’re using one of the following coping strategies:

  • Using the same password on many different sites (or, shudder, all of them)
  • Using a simple password (among the most commonly used are “password” and “letmein”)
  • Leaving a sticky note on your monitor or your keyboard with your passwords listed
  • Using the name of the site as your password for that site

There are tools available to generate passwords that avoid the most obvious pitfalls (too short, no numeric or non-alphanumeric characters, using full words), but very few people use them consistently. I don’t know what the replacement for passwords will be, but we clearly need to move to more secure ways of verifying identity as soon as we can.

I’ve posted items about password security before.

June 18, 2010

EFF introduces “Encrypt the Web” Firefox plugin

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 12:13

A very interesting new project from Electronic Frontier Foundation:

Today EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.

This Firefox extension was inspired by the launch of Google’s encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted.

H/T to BoingBoing for the link.

August 11, 2009

So much for the right to not self-incriminate

Filed under: Britain, Law, Liberty — Tags: , , — Nicholas @ 12:24

The headline really does tell the story: Two convicted for refusal to decrypt data: Up to five years in jail after landmark prosecutions. You will provide the key, citizen . . . or you’ll do hard time:

Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years.

The government said today it does not know their fate.

The power to force people to unscramble their data was granted to authorities in October 2007. Between 1 April, 2008 and 31 March this year the first two convictions were obtained.

The disclosure was made by Sir Christopher Rose, the government’s Chief Surveillance Commissioner, in his recent annual report.

The former High Court judge did not provide details of the crimes being investigated in the case of the individuals &mash; who were not necessarily suspects — nor of the sentences they received.

« Newer Posts

Powered by WordPress