Wish for 2008

Posted on 2008-01-08 by Jon Leirdal

When you read the news from anti-virus companies and security advisors you get convinced that 90% of the software you find on the net is malware, and the last 10% have so many security issues that it turns out the same thing. At the same time a life seems to be worth less than the copyright interests of media companies.

I don’t know if you have noticed, but I feel that the whole world has been overrun by solutions and programs that want to harvest personal information about me. The products that don’t ask for the information grab it anyway.

Trusted computing is a much debated architecture, maybe rightfully so. That kind of architecture might limit the spreading of free/open source software. Microsoft has proven that they can offer this trough their HD-Video support. There they have signed code in all layers, and only approved hardware devices are allowed in the pipe from storage media to screen. I am not saying that it is impossible to bypass this pipe in some way, but the threshold to perform such a hack has been raised a fair bit.

So, when you consider the stack of components needed to display HD-Video, what do you need to have the same security/quality for our computers? Especially when you are connected to the Internet?

The question then is if we maybe should take a look at this “cursed” subject again. Financing solutions in order to secure that open source software can be verified and approved might become a reality. There is one thing that we have learned so far. It is impossible to count all evil. You cannot permit the execution of all software except the bad ones listed in a list. Such a list will never be complete. But you can allow all enumerated good software and block the execution of all other code. Anti-virus software tries to perform this enumeration on our behalf, but still they do not know everything and ask the users what to do when in doubt. When they do, the s**t hits the fan. Users do not know what to do. They do not realize the consequences of their choices.

Again, the driver is the money. It is somewhat of a symptom of the state of the world that it’s more important for Microsoft that a video is not copied than to secure the personal information of a user. If somebody steals all our personal details, all our money from our bank accounts and our identity, that is not as important for Microsoft as a video unlawfully duplicated and distributed.

So what is my wish for 2008?

My wish is that our lives and our identities will become more important to protect on the net than the economic interests of a few.

Encryption and security

Posted on 2007-11-19 by Jon Leirdal

Maybe it’s not as secure as you think. According it this article and the following post on Slashdot, Hushmail has been caught red-handed in backstabbing their own marketing.

"The only way to decrypt or unscramble Hush messages is by using your passphrase when you open up your Hushmail account. Carnivore cannot decrypt your mail, and is therefore, powerless against messages sent between Hush users."

Now it seems that they have handed over the private keys of users to the government, and thus voided their own technology. I would guess that they soon will have a few trust issues with their customers. I am not going to discuss the old saying, "if you are not doing anything wrong, why do you worry about the government reading your email".

At the same time some people within the U.S. government wants to redefine "privacy" so that it doesn’t include anonymity, and that NSA seems to have included a backdoor to a random number generator for use in encryption programs.

Code breaking challenge, 1945 vs 2007

Posted on 2007-11-15 by Jon Leirdal

According to BBC for the first time in more than 60 years a Colossus computer will be cracking codes at Bletchley Park. For all of you that don’t know. Bletchley Park was the site that Alan Turing and other brilliant men worked when they cracked, among else, the German Enigma codes during World War II. Another reason I find this particularly interesting is that I recently finished the novel "Cryptonomicon" by Neal Stephenson. Some of the story in that book takes place at Bletchley Park and deals among else with that wartime effort. So, when "participants" from that book resurfaces as a rebuild and is matched up against at modern computer in a code cracking challenge, I find it quite intriguing.

Update: 2007-11-19

The colossus lost the challenge. Well probably not too unexpected. It is after all a machine built in 1943. There are a few generations between that machine and a modern day PC. Read more here