Tuesday, July 21, 2015

Cool stuff other than Pluto

Let me say upfront that the recent New Horizons flyby of Pluto was awesome. But NASA's images speak for themselves; you don't need my two-cents worth on the topic.
When it rains, it pours
Instead, today I'll write mostly about some interesting computer (in)security topics. (You also don't need me to tell you how awful the recent OPM hack was, or the ho-hum non-response from the executive branch, so I'll cover less prominent security topics.)

Some in Washington officialdom -- to the level of the Director of the FBI! -- assert that a solution to our national-security problems is to add insecure back doors to Internet encryption protocols. That strategy is intended to assure government access to terrorist communications. These hobbled, vulnerable protocols will be safe, we're assured, for the rest of us.

We're to believe the bad guys could never figure out how, or coerce someone, to open the back doors. After all, it's not like someone just stole personal, in many cases compromising, data on >21 million current and former federal employees and contractors. (Oh, wait.) So: no. As the authorities seemingly must keep relearning, there are plenty of good hackers out there. Purposefully making the Internet insecure is a horrible idea. See "Encryption with backdoors is worse than useless -- it's dangerous."

Can it be made to tell all?
But on a positive note, consider: "... a practically undetectable, all-purpose malware discovery protocol." This protocol is implemented in hardware, and ought to be very (no pun intended) hard to defeat. Methinks we can't roll out such technology quickly enough. Power fingerprinting, PFP, likely won't suit all devices -- what goes into, and how (and how much) each of us uses, our cell phones isn't terribly consistent, and hence can't be "fingerprinted." For embedded devices like those that operate much of our infrastructure, however, PFP seems ideal. See "Rooting Out Malware With a Side-Channel Chip Defense System." 

Beware ...
Meanwhile, beware that: " 'USB Killer' is a flash drive designed to fry your laptop." It's not a big surprise someone would use this delivery mechanism. Rumor at one point was that the Stuxnet worm was first deployed with USB drives.

And while you're sweating what might fry your laptop (okay, maybe I'm unable not to intend wordplay), I'll leave you with the unrelated possibility that "Project Will Make Clothes Cool So You Don't Need the AC." DOE estimates that five percent of electricity in the US goes to running air conditioners. Smart, temperature-modulating clothing -- if it comes about -- could make a real difference in power usage. And even better, such tech would abate the thermostat wars in many a household.


Anonymous said...

On the topic of hacking, I've seen speculation about all our personal systems being hijacked—auto-driving cars, car/truck/landing gear tires deflated, clothing made unbearable hot or cold ... not to mention military equipment. One can think of a rogue hacking teener having a lot of fun at other's expense.

Government's role should be clear. The threats to interstate as well as international commerce and defense could easily be read into our constitution ... even though it doesn't mention software specifically.

Edward M. Lerner said...

Hacking of our cars isn't speculation -- it's been demonstrated. The Washington Post is currently running a series of articles about the topic/threat.

I've yet to see any benefit from putting cars online that merits the risks of having them online. Making cars self-guiding, self-parking, self-braking, etc. doesn't require cars to be on the Internet. Letting passengers surf? That's *not* a sufficient reason.

A personal/historical note: in my first novel, Probe (1991), I made the hacking of a car a plot element. That car had embedded microprocessors, but was NOT online, making the hack a more subtle, longer-in-the-making attack.