Rogue Nodes Turn Tor Anonymizer Into Private Listening Post

A security researcher has figured out a novel way to compromise the security of messages traveling in the Tor anonymizer network. Messages in the Tor network are encrypted as they travel from node to node to their final destination. But the last node has to decrypt the messages before it can deliver them to their final destination on the Internet. Many Tor users mistakenly believe their message remains encrypted through the entire Tor network, when in fact this is not the case: the last node must decrypt them. The researcher simply ran a few of these nodes and was able to read all unencrypted last-node traffic that came through them. This included sensitive communications of many government embassies around the world. The researcher believes that intelligence agencies around the world are already taking advantage of this weakness to eavesdrop on Tor traffic. Interestingly, when he pointed this security hole out to some of the embassies that were sending non-secure message they didn't respond or even appear to understand the problem. Read more here.

AOL Adds 63 Million Users to OpenID ... Digg Joins Too

The folks at Read/Write Web have a great analysis of AOL's recent move to support the OpenID initiative. AOL has integrated with OpenID, adding 63 million users in a bid to make AIM handles sticky.

Digg also just announced they are joining OpenID.

OpenID is one of the technologies that I am tracking as a key enabler of Web 3.0.

First Quantum Computer to be Announced Next Week

D-Wave, a company making quantum computers, claims the first quantum computer will be unveiled next week. If this really happens it could be big. Quantum computing can theoretically enable a massive increase in computing power. The question is what will it cost? If this technology is viable it also ups the ante in the encryption field -- because quantum computers can potentially crack codes that are today effectively beyond the limits of our present computing power. This could bring about a  new market for quantum crytography, such as that provided by MagiQ, which is invulnerable to being cracked by quantum computers.

Almost Unbelievably Stupid -- Diebold Posts Photo of Voting Machine Key -- Hackers Replicate Key From Photo

This one really takes the cake. Diebold, the makers of the infamously hackable electronic voting machines, has done it again. They posted photos for replacement keys for their voting machines on their Web site. Unfortunately the photos were high enough resolution that anyone who knows how to make keys could easily copy them. And that's exactly what one hacker did and he documented how he did it too -- using just the photo and a file he made a set of universal keys that can unlock any Diebold voting machine. DUH! So now this basically means that the security of every Diebold voting machine is potentially compromised. The only way for Diebold to fix this would be to replace all the locks in all their machines. Will they do this? Highly unlikely. More on this story here.

British Ministry of Defense Chief Resigns; Cites Concerns About UFO's

Ok, here's a very unusual news item:

During his time as head of the Ministry of Defence UFO project, Nick Pope was persuaded into believing that other lifeforms may visit Earth and, more specifically, Britain.

His concern is that "highly credible" sightings are simply dismissed.

And he complains that the project he once ran is now "virtually closed" down, leaving the country "wide open" to aliens.

Mr Pope decided to speak out about his worries after resigning from his post at the Directorate of Defence Security at the MoD this week.

"The consequences of getting this one wrong could be huge," he said.

Read the rest here.  I have several thoughts about this  news and what it might mean... 

Diebold Voting Machines Conclusively Hackable

Allegations of electronic tampering with Diebold voting machines in previous elections gained new evidence this week. A research paper by a team of researchers at Princeton University has conclusively demonstrated that Deibold voting machines are trivially easy to hack. The team not only hacked the machines and changed votes, they created a virus that can do it -- and that spreads from machine to machine.

Contextual Ad Targeting On Your Life

This article discusses a new research project at Google where they are working on a way to run contextual ads on your computer that reflect what is taking place in the room around you. The technology works by using the computer microphone to make brief snippet recordings of your room where you are. It then tries to recognize music or TV content that is playing. Next it matches that to a database of ads in order to show ads on your screen that are related to what is heard in the room you are working in. This sounds almost like a joke -- except that it probably isn't. I'm not sure what the benefit to me the consumer would be for letting Google eavesdrop on my life to that extent. Do I really need more relevant ads THAT much? What a strange world we live in.

A Good Article on Lack of Search Privacy

This article from the Guardian raises the red flag about the vast amount of personal information that search engines are collecting, and the risks to individual privacy that entails. The article was really well written and made some good points. I've blogged about my thoughts about this issue in a previous post.

Location Awareness -- The Next Big Thing

Japanese cell phone company KDDI is offering a new GPS-enabled 3D navigational tool to their 17 million subscribers (see article and picture). Their system helps consumers navigate city streets and even within buildings, using an innovative 3D map and audio directions. This system is similar to (but possibly more advanced than) the in-car navigation systems we are familiar with, such as Hertz "Neverlost" or the Magellan products (note: I have a Magellan aftermarket nav system in my car -- it's one of the most useful things I ever bought!).

GPS-enabled mobile devices and the location-aware services they enable are definitely a "Next Big Thing" contender.  They have many compelling potential uses in the near-term and mid-term future. Below are some of my wild speculations on how this technology could be used:

• Personal navigation. Your device can help you find your way when walking, driving, or even on the water or in the wilderness.
• Location-aware advertising. Your device can get special offers from stores near you, as you walk or drive around, according to your permissions, preferences and profile of course.
• Location-aware storage, search and retrieval. Your device remembers where you were when you wrote a note, took a photo, or sent a message.You can later search for your stuff based on where you were -- for example, "photos I took in Brazil" or "Notes I made at PC Forum in 2006" (for the best example of this, see the amazing product, EverNote -- the next version of which I got to preview recently, it is mind-blowingly cool!).
• Location-aware photo-enhancement. When you take a photograph it is not only tagged with time and location where it was taken, but the content of the photo can be automatically tagged based on the orientation of the camera. For example, if you take a photo of the Empire State Building, your camera will someday be able to tag the photo as being about the Empire State Building, and can even detect and tag the shape of the building itself in the photo.
• Location-aware social networking. Your device can track people nearby who are your friends, family, colleagues, or who match your interests and want to meet you (for example: dating). This can be useful to find people at a crowded event, or to hook up with your friends while out on the town, or to meet people at a trade show or conference.
• Location-aware personal security. Your device can keep a transcript of your movements on a server. Parties you authorize can track you if they need to find you immediately, or in case you go missing. In addition, bulk alerts can be sent to people who happen to be in particular areas -- for example, if a tornado is coming, people who happen to be in that vicinity can be warned.
• Location-aware information services. You can get news and other local info about the place you happen to be in. If you are standing outside a restaurant you can see reviews and discussions from people who have been there before. If you are already in the restaurant you can see recommendations of what to order from people who were there before you. Information can be virtually posted to particular places or regions -- you can hang a virtual post it note in your doorway so that anyone who passes through it gets the note.

Email Postage Stamps Coming ... Now

This is a good idea...

Companies will soon have to buy the electronic equivalent of a postage stamp if they want to be certain that their e-mail will be delivered to many of their customers.

America Online and Yahoo, two of the world's largest providers of e-mail accounts, are about to start using a controversial system that gives preferential treatment to messages from companies that pay from 1/4 of a cent to a penny each to have them delivered. The senders must contact only people who have agreed to receive their messages, or risk being blocked entirely.

  The Internet companies say that this will help them identify legitimate mail and cut down on junk e-mail, identity-theft scams and other scourges that plague users of their services. The two companies also stand to earn millions of dollars a year from the system if it is widely adopted.

Privacy Nightmare

The ACLU has a nice little animation of what life will be like once the government, and corporate America, have access to all personal data. It's a nice little simulation.

Doomsday Vault to House World Seed Bank

The Norwegians are planning to create a deep underground vault near the North Pole to house a backup copy of seeds for all known varieties of crops. The goal is to ensure food supplies and enable humanity to regenerate in the event of nuclear war, global warming or other catastrophes. It's a good idea. This is similar to my own idea for what I call the Genesis Project, which would provide a backup of critical human knowledge as well, and a system for helping humanity relearn it, in case we get knocked back to the Stone Age for some reason.

Wireless Quantum Crypto Announced

A system for wireless quantum cryptography has been announced by BBN. This is curious: I wonder how they manage the key exchange? They could be using a laser, I suppose, but that would only be line of sight, or would require airborne reflectors. Another possibility would be the EPR effect, but if they actually built a transmitter based on that they would probably win the Nobel Prize, so I'm doubtful. It will be interesting to learn more. Also, I wonder what the reaction will be over at MagiQ.

The Next Flu Pandemic...

This article provides some interesting details on the leading candidate for the next flu pandemic, which is overdue, and appears to be brewing in Asia. Unlike normal flu's pandemic strains seem to have an uncanny ability to kill off people in the prime of their lives, by causing the immune system to go so far into overdrive that it actually kills the host as well as the virus. The article points out that governments and vaccine companies are dragging their feet in facing this threat.

Color Laser Printers Secretly Encode Tracking Codes on Printouts

This is quite interesting. It turns out that manufacturers of color laser printers are secretly encoding tracking numbers onto every inch of every printout. These microscopic codes enable printouts to be traced back to particular printers that printed them, and thus to whomever owns those devices. I'm surprised there hasn't been more discussion of this.

Kryptonite U-Locks Easily Picked -- Using Ballpoint Pen!

This meme is spreading rapidly across the Net. Someone figured out that the latest Kryptonite U-Locks can be picked in under 30 seconds, using an ordinary ballpoint pen! Yikes. Bikers beware.

Safer Air Travel: Separate Flights for Luggage?

Here's an idea to help reduce the threat of terrorism against airplanes, and to speed up those long lines at airport security: Separate flights for luggage on high-risk routes.

Security Idea: One-Time Passwords

Typing your password into a website is increasingly risky, especially when logging in via a wireless device or from an Internet terminal. The primary risk is interception of your login information and password by an eavesdropper or via a keystroke-capture spyware installed on the machine you are using without your knowledge. Fortunately there is a way to defend against this issue, and to protect your passwords from hackers in general. The concept is a "one-time password" and is based on the concept of a one-time pad that is used in cryptography.
onetime password.

How to Save the Upcoming Elections from Terrorism Alert Manipulation

There has been much recent discussion lately about alleged evidence that the Bush administration is issuing terrorist alerts for political gain. While I am not taking a position on this issue, I do have a suggestion that could eliminate any doubts, and in the process protect our upcoming elections.

In order to prevent the possibility that national terrorism alerts might be issued for political gain by an incumbent Presidential administration, the right to issue or imply terrorism alerts and the right to postpone elections, should be given to a bi-partisan committee. This policy change should be instituted immediately.

New Way to Crack Declassified Documents

A new technique has been proposed that appears to be able to determine a shortlist of possible words that can occupy sections of declassified documents that have been "blacked out." The attack makes use of some clever analytical tactics. Using this method the researchers were able to determine the identity of an intelligence agency in a declassified CIA document. This technique could potentially be applied to all previously declassified documents. While documents that are already in the public domain cannot be defended from this method, there is a way to block future attempts in future declassified documents -- When redacting a document, always black out at least one, or possibly two or more words, on either side of a classified word -- never redact just the word itself. This will introduce a measure of uncertainty such that the size of the possible list of words or sets of words that could occupy the blacked out space will be too large to be of use.

New Security Threat from P2P Bot Networks -- "Phatbot"

Security agencies are monitoring the emergence of a new type of Trojan Horse that uses peer-to-peer networks of bots to mount denial of service attacks on targeted sites. Dubbed Phatbot, one such Trojan is spreading widely across the Net and is especially difficult to disable due to the peer-to-peer nature of the attack. This type of technology is something that I predicted would emerge several years ago when I was thinking about cyberwarfare. If enough PC's had such bots installed, they could literally take a government offline by focusing their combined outputs on a set of key nodes around the network. Similarly these networks could be used by protestors, or by terrorists, to bring business and communications to a halt. The problem is, the centralized architectures of our current networks are simply impossible to defend from distributed threats. We need to start developing truly decentralized server architectures that cannot be targeted and taken offline by attacks on any one location.

The Actual Situation in Madrid: Unsanitized News

Here is an article that accurately depicts the carnage in Madrid. In the USA we only get highly sanitized news and war coverage is usually very minimal -- but this article tells it like it really is. Perhaps if the public was shown what was war was really like there would be less of it?

Secret Pentagon Report Leaked: Warns of Coming Climate Change, British Ice-Age, Riots, Nuclear War

A leaked secret report by top Pentagon analysts claims that within 20 years Britain could become "Siberian" and Major European cities will be sunk beneath rising seas. In addition the report warns of nuclear conflict, mega-droughts, famine and widespread rioting around the world as massive climate changes reshape the planet.

New Way to Hide Messages from Email Sniffers

In reference to my posting about word scrambling as a means of protecting online privacy, a reader named Jack has created a Scramber script in Python for obfuscating text such that it can still be read by recipients without decryption. So now you can Scramble all your email before sending it in cleartext across the net without using encryption keys. On the other side you readers can read it with no problem, but any bots, agents or sniffers enroute will not be able to recognize the words in your message. It would simply be too much calculation for a bot to test every possible permutation of every word against a dictionary. Because of that barrier, this method of scrambling words is likely to be quite secure against sniffers and bots. This is also a lot better than using standard encryption because that tends to set off alarms -- if someone is looking for secrets and they see something that looks like binary encrypted data they are going to get interested. But if it is merely text it will appear to be nothing more than a meaningless email message and won't arouse any curiousity. For example, "itnlelgneice acgeny." So this is a method of "hiding in a crowd." Of curose, tihs olny mtatres if you hvae smeotihng to hdie!!!!