If You Aren’t Doing Anything Wrong

You have nothing to hide. I found some chilling news that everybody already expected from Says Uncle. Apparently the TSA has been searching the electronic devices of travelers and going so far as to copy files and send them to third parties. From the link:

• In a span of just nine months, CBP officials searched over 1,500 electronic devices belonging to travelers. Under the current policy, they were not required to justify a single one of these searches.

• Travelers’ laptops are not the only devices at risk of being examined, detained, or seized by the government. In fact, cell phones were the most commonly searched and seized devices between October 2008 and June 2009.

• Other types of devices that were searched and detained during this time period include digital cameras, thumb drives, hard drives, and even DVDs.

• Between July 2008 and June 2009, CBP transferred electronic files found on travelers’ devices to third-party agencies almost 300 times. Over half the time, these unknown agencies asserted independent bases for retaining or seizing the transferred files. More than 80 percent of the transfers involved the CBP making copies of travelers’ files.

We need to have a chat for a second. When you have sensitive information it should be encrypted. A great tool to created encrypted partitions is TrueCrypt. It’s a great utility that even goes so far as to allow you to create hidden encrypted partitions in such a way you have plausible deniability should you be asked for the encryption key to a hidden partition (You can’t prove it’s there so they can’t hold you indefinitely if you say there isn’t one). On all of my computers my entire home directory is encrypted (Mac OS has a feature called FileVault that allows for easy home directory encryption). Furthermore important files are then put into a TrueCrypt partition.

Another option to consider when traveling with important and secure data is to not have it on any device you travel with. Put the information on a server and download it when you get to your destination. Some companies have started doing this practice. Nobody can get your data if it doesn’t exist.

Either way this is important and scary information. I know almost everybody assumed this was the case but it’s finally been confirmed. Encrypt everything, period.

Developer Kit Coming to Amazon’s Kindle

Now this is interesting. Amazon is planning to release a development kit for their Kindle. It’s going into beta next month, and I’m going to do everything I can to grab a copy (Assuming it’s a closed beta).

This will allow developers to write applications for the Kindle devices. This could be huge as it opens the possibility of adding readers for other e-book formats to the device. Of course there are restrictions:

Amazon has released some specifications and pricing details for prospective KDK developers. The max file size is set at 100MB, compared to the iPhone’s 2GB (just over 2,000MB) limit, but the Kindle shares Apples policy on restricting users from wirelessly delivering active content over 10MB on the Kindle’s 3G connection. Files larger than this will need to be transferred via USB.

Other restrictions include a ban on content deemed offensive, advertising or misuse of the user’s information, as well as a ban on voice over IP software and applications that supersede the Kindle’s basic functions.

Developers can also choose to provide small pieces of content (less than 1MB) for free, but are forced to charge for any larger content to pay for 3G data costs. Software creators can choose between a one-time purchase and a monthly subscription model for their content.

The need to make an application cost money if it’s over a certain size isn’t surprising to me. Every Kindle user gets access to free 3G. But that connection is really only free to you in the sense that you don’t pay a monthly fee. Every time you download a book part of the money you paid goes to Sprint or AT&T for the data transferred.

I’m rather worried that Amazon is planning such strict controls over the development process beyond the use of the 3G connection though. It seems like Apple made it OK to release a device where the manufacturer has to approve every applications for that said device. I really hate that idea and it’s part of the reason I don’t have an iPhone. I hate to see this kind of crap catch on.

But not matter how you slice it having an SDK for the Kindle is a pretty cool idea.

ATM Card Skimmers

Via Bruce Schneier’s blog we get some pictures of ATM card skimmers. Take a look at the pictures and you’ll see how hard it is to tell if you’re inserting your card into an ATM alone.

ATM skimmers are little devices that criminals attach to the card reader of an ATM. What it does is read the number from the card and somehow either store it for later retrieval or send the number to the criminal. It doesn’t interfere with the operation of the ATM so while the criminal gets your card number you simply get your money and receipt from the ATM. As the pictures in the linked article shows it’s very difficult to tell whether a skimmer as been attached to an ATM.

Another Great Idea Ruined By Litigation

I’m sure many of you have heard about several colleges doing pilot programs with the Amazon Kindle. The idea is to allow students to have all their heavy text books on a single device. Well the National Federation of the Blind and the American Council of the Blind decided they would have none of that and took a great big dump all over the the project. Why? Because the devices are not completely accessible to the blind.

In an agreement (At gun point) the Ministry Department of Justice barred the use of electronic readers until they are completely usable by the blind.

In other news another technological achievement will be banned in from use in universities due to inaccessibility to the blind. Although the technology has been in use for some time the two organizations in support of the blind have found that the devices were not accessible to those unable to see. They are working on brining a lawsuit against every university in the United States to bar the use of so called “text books” from use until such a time they are made accessible to the blind.

China Responds to Google

Google has threatened to pull out of China and have already stopped filtering search traffic in that country. Well China has responded:

China has said that foreign internet firms are welcome to do business there “according to the law”.

As I stated if you want to do business in a country you have to play by that country’s rules. If you don’t like the rules don’t do business there. That seems pretty straight forward to me.

Don’t Hack Google

Here is something to note, don’t hack Google. Apparently several malicious hackers from Google have been banging on their virtual door. Strangely enough these attacks have originated in China. This wasn’t a bunch of bots or script kiddies, these attacks were targeted at Google and the malicious bastards knew what they were doing. They even managed to run away with some of Google’s intellectual property. But here’s the icing on the cake:

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Well apparently this has made Google think about it’s China operation. First they are looking over the “viability” of their China operation. There is even the threat of pulling out of that country entirely (With how much money is at stake I’m betting this won’t happen). But effective already Google is no longer censoring search results on their Chinese page.

It’ll be interesting to watch how this turns how. I believe if you want to sell your toys in a country you need to follow that country’s rules. If you don’t like those rules you simply don’t go there. But seeing as how Google is playing by China’s rules and being punished for it I’d say screw it as well.

GSM 3G Encryption Cracked

Are you on AT&T or T-Mobile? Bad news if you are the encryption use for their 3G networks has been cracked. Don’t panic quite yet though:

“This is a nice piece of work. This is breaking the math, not just an implementation,” said cryptographer Bruce Schneier. “They found a practical, related key attack. It’s not clear whether it can break actual traffic or whether it’s useful operationally. Related-key attacks are a form of cryptanalysis that showed up about 10 years ago, but they’re rare in the real world because you need the related keys.”

So what happened? Well the GSM guys took a cryptographic algorithm and decided to modify it. This is never a good idea. The modifications that were made actually broke it. This further proves that if you’re going to use complex mathematical algorithms make sure you know exactly what you’re doing. Head over to the link to get more details.

It Just Dawned On Me

As I’m sitting here something just dawned on me. As I’m typing this I have the following applications open on my laptop:

  • Google Chrome
  • NewNewsWire
  • Apple Mail
  • Quicksilver
  • Safari
  • Eclipse
  • iCal
  • VMWare Fusion
  • Terminal
  • Activity Monitor
  • System Preferences
  • KisMAC
  • Scrivener
  • Preview

And the system is running flawlessly. Boy how far we’ve come in computer. Although I’m used to stable multi-tasking I’m now remembering, not fondly, the days of Windows 3.11, Windows 9x, and Mac OS Classic where having multiple applications running at the same time was a risky proposition. Man thing have certainly improved.

Hell the sleep mode on my laptop works which was also a risky thing back in the days of my machines that run older operating systems. The number of kernel panics (UNIX version of Blue Screens of Death for you Windows folks) I get in a year can be measured on one hand as opposed to the old days where system crashes weren’t a matter of if but when (And When usually mean sometime that week).

Yes our computer operating systems are far more complex than they were just a mear 10 years ago (My God it’s been a long time since Windows 9x was in use). Yes modern operating systems take up gigabytes of space instead of kilobytes of spaces. But you know what our systems are far more stable nowadays then ever before. I love the advancement of technology.

Digital “Rights” Management Proven Useless Again

I’ve always found the term digital rights management to be an idiotic one. You don’t need your rights managed. But alas that’s the name that became popular and many companies used it. For instance Amazon uses it on downloaded e-books for their Kindle. Its use is an attempt to prevent copying of the material but alas an ingenious hacker has cracked it.

I have no problem paying for e-books so why do I care about this? Because I want to be able to use my documents on other devices. Maybe somebody in the future will build an e-reader that I like better than the Kindle. What will I do? Re-purchase all my books for the new platform? Well that’s the only option unless the Kindle’s DRM gets cracked, which it just did. I’ll try out the tool and report back on it this weekend (not a copy is available at the link, get it before Amazon pulls a DMCA notice and gets it removed).

Oh and here is a link to the blog of the person doing the fine work.

And for the sake a clarity I just want to make it clear that this tool allows breaking Kindle books obtained via Kindle for the PC. Cracking Kindle books on a Kindle has been possible for quite a while now.