As expected, the powers-that-be trot out the usual scaremongering tactics from terrorists to paedophiles, and while politicians aren’t known for their intelligence, the current proposals around encryption seem particularly stupid and at odds with experts in the fields of security and mathematics.
Encryption isn’t always that easy to understand, so this video shows a very simple but secure method for encrypting and decrypting messages using nothing more than paper and pencil. The process is a bit laborious but it illustrates how easy it is to be secure even without a computer and that any attempt to put a back door into digital encryption will only compromise the integrity of the internet for everyone.
The BBC’s “In Our Time” radio programme tackles “P v NP” this week and part of the discourse involves prime numbers and their role in encryption. It’s available as a podcast so it’s recommended listening too.
In the latest cyber moves by the Dept of Homeland Security against a Canadian on-line gambling outfit, it’s been confirmed that if it’s a .com domain, it falls under US jurisdiction, regardless of where the servers are, where the company is incorporated or who the domain registrar is.
Strangely for the “Land of the Free”, Americans aren’t allowed to gamble on-line but this didn’t stop Bodog, a Canadian-based on-line gambling site with the domain bodog.com, from aggressively marketing its services to US citizens. As a result, Bodog’s four owners have been indicted (pdf) on various internet gambling charges.
Almost everything to do with this organisation was out of harm’s way in Canada – the company, the owners, the servers, the domain registrar – so the DHS took the step of forcing Verisign into doing the dirty work. Verisign manages the .com infrastructure and they removed (pdf) some of the key linking records to the bodog.com domain, thus putting the domain off the net.
In this instance, it can be hard to feel any particular sympathy with Bodog as it appears that they did what they did knowing that it was illegal. Regardless, though the point is now made that a .com can be taken off the internet pretty much because the US doesn’t like it. Selling holidays to Cuba – you’re gone. Trading with Iran – you’re off-line. Evolution is a fact – you’re history.
If you or your organisation has a .com, you’re now under US jurisdiction, and if you think this is bad, imagine what it would have been like if SOPA had been enacted.
The theft of mobile electronic devices has become increasingly attractive as the value of gadgets rises and the economy falls. A particularly easy way to steal is to simply open likely-looking backpacks and rucksacks while they’re being worn and remove the gadgetry without the owner noticing. Sometimes the pack can be unzipped quietly, other times it’s cut open with a knife or scissors. A skilled thief can do this while someone is walking along but more commonly it happens on trains and buses.
To defend against this thievery, Canadian firm Vivick will debut their new line of anti-theft backpacks at CES in January, comprising three bags constructed from an anti-slash military-grade gauge nylon with a combination lock built into the zipper tab. Each model is designed to look good while being sturdy and durable, and the carry straps are also strengthened.
Rifling through my satchel this morning, I found a laptop, a tablet, an MP3 player and a somewhat old smartphone (Palm Treo Pro). Even with this last item, the total value of the technology exceeds £1000 (or $1500), so this isn’t a purely theoretical risk.
Vivick is known for its professional electronic designs, having worked for Apple, Sony, Samsung and Dell to create accessories for their own product lines. Vivick has also worked with Aston Martin and Ferrari on interior automotive accessories. Based on these credentials, I’ll be very interested to see what they come up with at CES.
The murder trial of Jo Yeates is front page news throughout the UK – a neighbour Vincent Tabak is accused of killing her. At the moment, the prosecution is presenting its case and a couple of interesting things have emerged as evidence.
In particular, the prosecution has alleged that the defendant:
researched criminal forensics, fingerprinting and DNA evidence.
read news stories on the investigation into the disappearance of the victim.
Of course, it will be up to the jury to decide whether these are good indicators of guilt, but regardless it’s clear that if someone is accused of a crime then there’s a pretty thorough examination of one’s computers and on-line behaviour. Obviously this case is about a very serious crime but it’s almost a gift to the prosecution when put together like this: can you think of any good reason to access this material at the time of the disappearance? However, this is circumstantial evidence and needs to be weighed as such.
On a related note, Google has announced that if you are signed-in to Google when you search, you will automatically use https://www.google.com/, the secure version of Google Search. While this will prevent casual snooping on your search, Google will be keeping hold of your search information so that it can better serve you adverts. And how long does Google keep the search information? Indefinitely or until you remove it. So while on the face of it encrypted search is a good thing, it comes at the price of Google knowing yet more about you.
I suspect that in the current murder trial, all the computer forensics team had to do was look back through the defendant’s browser history. Easy if there’s only one computer, but more difficult if the person has a home computer, work laptop, smartphone and so on. If you’re tied into Google everywhere, all they’ll have to do is subpoena information from Google and get your search data in one tidy little bundle. Nice.
As the fall-out from the News of the World scandal continues, many sources continue to inaccurately refer to “mobile phone hacking”. The truth (as far as is known) was that it was the voicemail of the mobile phone that was hacked rather than the phone itself. There are two ways to do this – the first is to simply guess the PIN of the voicemail and the second is to use Caller ID spoofing.
In the mid-2000s, most mobile phone voicemail systems were poorly protected as they typically came with a default PIN which was often easily guessed and only varied according to the mobile phone company. Most users didn’t bother to change the PIN. Say the phone was on Orange, then the default PIN was 1234. If it was Vodafone, then 0000. Typically, the villain then makes two simultaneous calls to the victim. One will be picked up, the other will go to voicemail. By then pressing “*” or “#” while listening to the voicemail prompts, the individual can gain access to the voicemail system using the default PIN. Computeractive has article covering this scenario and how, in theory, it would be harder (but not impossible) to take this approach today.
As for Caller ID spoofing, this technique makes a call look like it’s coming from a different number than it actually is. It can be used legally to make someone calling from a mobile to actually appear to be coming from a company office, so that the person’s mobile number is not divulged. However, in some instances it has been used to gain access to voicemail boxes as many voicemail systems do not ask for further identification if the system recognises the inbound Caller ID as one of its own. PC Mag and c|net have short articles on how this is done and worryingly, this is still a threat. The Wall Street Journal covered the problem in 2010 before the current scandal broke.
It would appear that the best protection to both these attacks is (a) to change your PIN on your voicemail and (b) require your PIN even when calling from your own mobile phone. That way, even if your Caller ID is spoofed, the caller can’t get in without knowing your PIN.
New form of link farming is happening in the blogosphere. The days of people trying to buy text links on your websites are largely gone. What has cropped up is a more malicious form of link farming.
At least 3-4 times a week I get am email the reads like this.
We’re all big fans of Geeknewscentral here at “SomeStupdWebsite” and noticed you use to feature cool infographics now and then.
We just launched this new infographic called “The most amazing Tech companies” and we were wondering if it’s worthy to be featured on your site. We can provide you the pre-written article to post into your page.
What do you think?
Another Dumb Marketing Scam Salesman
The emails all hover around the same theme, how they love our site and how they want to help us and provide content to us on a regular basis, while all the time linking back to their source article to use my sites reputation to build their sites reputation.
At least before the Text Link farmers were willing to pay a few bucks for the opportunity to build their page rank. These new scammers must think were stupid.
The Money Grab has begun. Apple today through its walled garden has thrown down the gauntlet saying you shall pay me 30% to pass through our gateway. Seriously the implications of today’s announcement must have companies like Netflix, Amazon and anyone else selling a product via their iPhone app wondering if they should be on their devices.
Apple has said pay up or get the hello out. After June 30th you cannot charge for anything unless you are willing to give Apple 30% of the proceeds. Most companies’ profit margins are under 10% and to think that Apple wants 30% is simply insane.
As a content provider who may someday sell access to some of my content. The implications of having to pay Apple 30% for the right to do so on their devices is a very steep percentage to pay.
So what’s next, will Apple demand a portion of adverting revenue running in the content. At this point no one should be surprised at anything this company will do to cash in and fatten their bank accounts.
Makes you want to go out and by an Android Device doesn’t it.