adactio / tags / security

Tagged with “security” (37)

  1. Human Insecurity

    The French telegraph system was hacked in 1834. What does the incident teach us about modern-day network security?

    The French telegraph system was hacked in 1834 by a pair of thieves who stole financial market information—effectively conducting the world’s first cyberattack. What does the incident teach us about network vulnerabilities, human weakness, and modern-day security? Guests include: Bruce Schneier, security expert.

    http://www.slate.com/articles/podcasts/secret_history_of_the_future/2018/10/what_an_1834_hack_of_the_french_telegraph_system_can_teach_us_about_modern.html

    —Huffduffed by adactio

  2. Public key cryptography

    Geeks versus government – the story of public key cryptography.

    Take a very large prime number – one that is not divisible by anything other than itself. Then take another. Multiply them together. That is simple enough, and it gives you a very, very large “semi-prime” number. That is a number that is divisible only by two prime numbers. Now challenge someone else to take that semi-prime number, and figure out which two prime numbers were multiplied together to produce it. That, it turns out, is exceptionally hard. Some mathematics are a lot easier to perform in one direction than another. Public key cryptography works by exploiting this difference. And without it we would not have the internet as we know it. Tim Harford tells the story of public key cryptography – and the battle between the geeks who developed it, and the government which tried to control it.

    http://www.bbc.co.uk/programmes/p04vqrwy

    —Huffduffed by adactio

  3. Cory Doctorow on legally disabling DRM (for good)

    The O’Reilly Security Podcast: The chilling effects of DRM, nascent pro-security industries, and the narrative power of machines.In this episode, I talk with Cory Doctorow, a journalist, activist, and science fiction writer.

    We discuss the EFF lawsuit against the U.S. government, the prospect for a whole new industry of pro-security businesses, and the new W3C DRM specification.Here are some highlights from our discussion around DRM:

    How to sue the government: Taking on the DCMA

    We [Electronic Frontier Foundation] are representing [Bunny Huang and Matthew Green] in a case that challenges the constitutionality of Section 1201 of the DMCA. The DMCA is this notoriously complicated copyright law, the Digital Millennium Copyright Act, that was brought in in 1998. Section 1201 is the part that relates to bypassing digital rights management (DRM), or digital restrictions management as some people call it. The law says that it’s against the rules to bypass this, even for lawful purposes, and that it imposes very severe civil and criminal penalties. There’s a $500,000 fine and a five-year prison sentence for a first offense provided for in the statute. The law’s been on the books, obviously, for a very long time—since 1998. Given that all digital technology works by making copies, it’s hard to imagine a digital technology that can’t be used to infringe copyright; no digital technology would be legal.

    Recent changes add urgency

    A couple things changed in the last decade. The first is that the kinds of technologies that have access controls for copyrighted works have gone from these narrow slices (consoles and DVD players) to everything (the car in your driveway). If it has an operating system or a networking stack, it has a copyrighted work in it. Software is copyrightable, and everything has software. Therefore, manufacturers can invoke the DMCA to defend anything they’ve stuck a thin scrim of DRM around, and that defense includes the ability to prevent people from making parts. All they need to do is add a little integrity check, like the ones that have been in printers for forever, that asks, "Is this part an original manufacturer’s part, or is it a third-party part?" Original manufacturer’s parts get used; third-party parts get refused. Because that check restricts access to a copyrighted work, bypassing it is potentially a felony. Car manufacturers use it to lock you into buying original parts.

    This is a live issue in a lot of domains. It’s in insulin pumps, it’s in voting machines, it’s in tractors. John Deere locks up the farm data that you generate when you drive your tractor around. If you want to use that data to find out about your soil density and automate your seed broadcasting, you have to buy that data back from John Deere in a bundle with seed from big agribusiness consortia like Monsanto, who license the data from Deere. This metastatic growth is another big change. It’s become really urgent to act now because, in addition to this consumer rights dimension, your ability to add things to your device, take it for independent service, add features, and reconfigure it are all subject to approval from manufacturers.

    How this impacts security

    All of this has become a no-go zone for security researchers. In the last summer, the Copyright Office entertained petitions for people who have been impacted by Section 1201 of the DMCA. Several security researchers filed a brief saying they had discovered grave defects in products as varied as voting machines, insulin pumps and cars, and they were told by their counsel that they couldn’t disclose because, in so doing, they would reveal information that might help someone bypass DRM, and thus would face felony prosecution and civil lawsuits.

    When copyright overrides the First Amendment

    There are some obvious problems with copyright and free speech. Copyright is a government monopoly over who can use certain combinations of words or pictures, or convey certain messages in specific language, all of which seems to conflict with First Amendment rights. In both the Eldred and Golan cases, the Supreme Court said the reason copyright is constitutional, the reason the First Amendment doesn’t trump copyright, is that copyright has these escape valves. One is fair use. The other is what’s called the traditional contours of copyright, which determine what is and isn’t copyrightable (i.e., copyright only covers expressions and not ideas, copyright doesn’t cover non-creative works, and so on). But the DRM situation is urgent. Because DRM can be used to restrict fair use, because it can trump the traditional contours, and because it has criminal penalties, we were able to bring a challenge against it. When there are criminal penalties, you don’t have to wait for someone to sue you. You can sue the government.

    Related resources:

    EFF is suing the US government to invalidate the DMCA’s DRM provisions (BoingBoing)

    America’s broken digital copyright law is about to be challenged in court (The Guardian)

    1201 complaint in full

    https://www.oreilly.com/ideas/cory-doctorow-on-legally-disabling-drm-for-good

    —Huffduffed by adactio

  4. Alex Langley’s Tech Chat episode 02 - It’s An Insecure World

    Alex Langley and guests chat about the latest tech news and developments with a distinctly British slant. The main show comes out every month with follow up bitesize shows every week in between.

    Andy Budd and Mick Peace join Alex in the studio, putting the world to rights on all aspects of online security

    http://techchatuk.com/#episodes

    —Huffduffed by adactio

  5. BBC Radio 4 - In Our Time, P v NP

    Melvyn Bragg and guests discuss the problem of P versus NP, which has a bearing on online security. There is a $1,000,000 prize on offer from the Clay Mathematical Institute for the first person to come up with a complete solution. At its heart is the question "are there problems for which the answers can be checked by computers, but not found in a reasonable time?" If the answer to that is yes, then P does not equal NP. However, if all answers can be found easily as well as checked, if only we knew how, then P equals NP. The area has intrigued mathematicians and computer scientists since Alan Turing, in 1936, found that it’s impossible to decide in general whether an algorithm will run forever on some problems. Resting on P versus NP is the security of all online transactions which are currently encrypted: if it transpires that P=NP, if answers could be found as easily as checked, computers could crack passwords in moments.

    http://www.bbc.co.uk/programmes/b06mtms8

    —Huffduffed by adactio

Page 1 of 4Older