Seeing what stuxnet…

… was capable of, it was just a matter of time until someone take a jab to the instalations of an utility company.

We need a “DO NOT TRACK” option for smart-phones!

smartphones tracking users

Hey Apple, Google, when are you going to have a DO NOT TRACK option on your smartphones’ operating systems?
This is another idea, maybe RIM engineers can come up with a feature like that to give the BlackBerrys a fighting chance.

The fact that most of us carry (voluntarily) a tracking device should not be news for anybody. I guess the news-worthy part is that somebody expossed what Apple and Google where doing. I am not sure it is illegal, have you checked the small font bits of the contract you signed? Me neither.
Believe me, that Apple and Google know where you are and where you have been is not the biggest of our problems with privacy as discussed in here.

Related:

• A good reference to understand privacy.
• We know where you are, and there is nothing you can do about it.

(h/t) Raymond who sent this link

Advertisement

Fingerprinting Computers – Part II – Hardware

The fingerprinting of a computer using data accessible or generated by software is subjected to a Replay attack or could be easily disrupted by malware. This method should not be used to authenticate the machine.
In order to defeat Replay attacks, the fingerprinting algorithm needs to generate a one time string, based on some unique property of the hardware and that can be used by the verifier to check the identity of the computer.
One example of such technology is the Intel IPT (Identity Protection Technology) that works by generating a unique 6 digit number every 30 seconds. This number is generated by a section of the chip that is inaccessible to the Operating system and holds some secret key shared with the validator/server. Once a particular processor is linked to a server, the server will be able to identify the CPU and validate the computer. Of course this does not imply user authentication and the intended use of this technology is as an additional factor on a multi-factor authentication scheme.
A Public Key infrastructure (Certificate Authority) is still needed to defeat the Man in the Middle attack.
Technologies that can identify hardware to the chip level are being developed to prevent counterfeiting. These are based on the PUF (Physically Unclonable Functions) that use physical variations of the circuit to extract certain parameters that are unique to each chip and cannot be reproduced nor manipulated without physically tampering with the circuit.
Related:
Power-up of a SRAM as a source of Entropy and Identification
Secure Processors, the ultimate battlefield
A PUF Design for Secure FPGA-Based Embedded Systems

Fingerprinting Computers – Part I – Your browser.

Authentication is about the only big open problem in the practice of internet security. The existing encryption and hashing algorithms as well as the key generation/management protocols offer a high degree of security, barring programming/implementation errors.
Authentication technologies face serious challenges mainly because identity is difficult to establish with a 100% certainty even using physical characteristics, i.e., signatures and credentials can be forged, the physical appearance of people can be manipulated, etc.
Read more of this post

The End Of IP As We Know It (from SANS website)

SANS Institute has the best article I’ve seen on the issue of IPv4 address space exhaustion. A good read, including the comments.

Today, IANA announced that it had handed out two more /8 IPv4 assignments to APNIC. As a result, IANA is down to 5 /8s, triggering its special policy to hand out one address to each regional registrar (RIR). The 5 RIRs are AFRNIC (Africa), APNIC (Asia Pacific), ARIN (North America), LACNIC (Latin

via The End Of IP As We Know It.

Stuxnet virus demonstration

Symantec released a video showing how the Stuxnet infect a PLC module attached to an air pump. See the Stuxnet virus in action

del.icio.us Tags: Cryptoblog,insecurity,hacking,hardware,technology

If you think we have problems now….

wait until we have a smart grid powered by MS and Google and scores of hackers designing the replacement for Stuxnet.

 

 

del.icio.us Tags: in the news,hacking,hardware,smart grid,insecurity,anti-tamper,Cryptoblog

Beyond Silicon

A breakthrough in material technologies that can extend Moore’s Law for a few more years.

Speaking about the successful creation of a metal-insulator-metal diode, Douglas Keszler a distinguished professor of chemistry at Oregon State University said

“This is a fundamental change in the way you could produce electronic products, at high speed on a huge scale at very low cost, even less than with conventional methods. It’s a basic way to eliminate the current speed limitations of electrons that have to move through materials.”

Read more …