Category: Security

Security is immunity from the will of others.

‘backed by certain states’

In a slightly ominous development, GMail is now warning me that: “We believe that attackers backed by certain states may be attempting to compromise your account or computer” and urge me to: “Protect yourself now“.

This is probably just further fallout from the Stratfor hack. I wish it wasn’t happening while I am so completely occupied with urgent school assignments, climate work, and continuing efforts to do paid photographic work.

Phone hacking – everything is a computer these days

This video shows off some of the realistic attacks that can be performed against office-type landline telephones these days:

The presentation in this video was made by by by Ang Cui, a researcher from the Columbia University Intrusion Detection Systems Lab.

More information about the ‘symbiote’ protective software mentioned in the video is on their site. Weird that hacking your own phone to address failures in the firmware might be the best way of improving the security of your network…

I wonder if the Columbia researchers collaborate at all with U of T’s Citizen Lab

Intrigue

From Kipling’s Kim:

“It was intrigue,— of course he knew that much, as he had known all evil since he could speak,— but what he loved was the game for its own sake — the stealthy prowl through the dark gullies and lanes, the crawl up a waterpipe, the sights and sounds of the women’s world on the flat roofs, and the headlong flight from housetop to housetop under cover of the hot dark.”

Anyone want to try Silent Circle?

Given the unencrypted email and phone traffic is now likely to be intercepted by state intelligence services, and given that services like Skype probably have backdoors that render their encryption ineffective, would anyone be interested in trying out Silent Circle: a new encryption platform backed by Phil Zimmerman, creator of the original PGP?

According to the people running the service:

We do not have the ability to decrypt your communications across our network and nor will anyone else – ever. Silent Phone, Silent Text and Silent Eyes all use end-to-end encryption and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys. Our encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors in our systems, nor will there ever be.

The service costs $20 per month and includes encrypted phone, text, email, and video chat capabilities. In recognition of how such services only become useful once they have a certain base of subscribers, each subscription lets you also sign up one friend for the service for free.

Nuclear proliferation and nuclear abolishment

The Canberra Commission on the Elimination of Nuclear Weapons was assembled by the Australian prime minister in 1995, with a mandate to consider nuclear proliferation and the elimination of nuclear weapons.

Their final report is well worth a look. It opens with a concise statement that lays out the situation:

The destructiveness of nuclear weapons is immense. Any use would be catastrophic.

Nuclear weapons pose an intolerable threat to all humanity and its habitat, yet tens of thousands remain in arsenals built up at an extraordinary time of deep antagonism. That time has passed, yet assertions of their utility continue.

These facts are obvious but their implications have been blurred. There is no doubt that, if the peoples of the world were more fully aware of the inherent danger of nuclear weapons and the consequences of their use, they would reject them, and not permit their continued possession or acquisition on their behalf by their governments, even for an alleged need for self-defence.

Nuclear weapons are held by a handful of states which insist that these weapons provide unique security benefits, and yet reserve uniquely to themselves the right to own them. This situation is highly discriminatory and thus unstable; it cannot be sustained. The possession of nuclear weapons by any state is a constant stimulus to other states to acquire them.

Personally, I don’t have a great deal of hope that we will avoid the use of nuclear weapons during my lifetime. I suspect that regional rivalries will drive large numbers of states to acquire the weapons and that eventually some miscalculation, lapse in control, or security breach will result in the use of a bomb, possibly followed by nuclear retaliation.

If that is to be prevented, states with access to sophisticated nuclear technology and the means to produce bomb-grade uranium and plutonium need to become a lot more serious about non-proliferation. The recent behaviour of countries including the United States suggests this is unlikely.

Making the best of overlapping WiFi

Most of the places I have lived during the last few years have been permeated by more than ten overlapping WiFi networks. Apartments and businesses each have their own internet connection which they connect to their own devices via a wireless router.

Unfortunately, the effect of so many simultaneously operating networks can be one of disruptive interference between them. Everyone gets slower and patchier internet access as all the routers compete for the relatively small number of communication channels that are part of the WiFi standard.

It would be really neat if people could develop software to allow routers to engage with each other intelligently. Consumers could program in their preferences regarding total bandwidth usage, whether to let strangers use their network, and so on. The routers could then make intelligent use of the infrastructure that is available: turning off less capable WiFi hotspots to reduce interference, directing traffic through the connections of those with large bandwidth caps, and deploying encryption technology to foil some of the illegal surveillance that has become commonplace around the world. There could even be a quid pro quo system implemented; people who are willing to share their internet connection with strangers could be granted priority access by the routers of others. By sharing my home internet connection in Toronto, for instance, I might be given a login credential that I could use with appropriate routers in other cities. With a big enough network of users, such connection sharing could be very useful.

This isn’t a system that would need to be deployed all at once by all router manufacturers. A few could adopt a voluntary standard for cooperation between routers. That would allow for some real-world testing and the identification of any problems related to functionality or security. In the end, the result could be the bottom-up development of a more effective and secure mechanism for wireless internet access in high-density environments.

Norway’s response to terrorism

A year after Norway’s terrorist attack, I’d say the Norwegians are demonstrating the appropriate way to respond to terrorism: by refusing to be terrorized.

“There have been no changes to the law to increase the powers of the police and security services, terrorism legislation remains the same and there have been no special provisions made for the trial of suspected terrorists.

On the streets of Oslo, CCTV cameras are still a comparatively rare sight and the police can only carry weapons after getting special permission.

Even the gate leading to the parliament building in the heart of Oslo remains open and unguarded.”

I wish Canada and the United States had been courageous enough to follow this model, instead of doubling down on the military-industrial complex approach. Rather than responding to terror with courage and resilience, we have been driven by fear to create huge and unaccountable security states that are ultimately more dangerous than terrorist groups.