Tag: Technology

Acoustic Cryptanalysis

Can you extract an encryption key by listening to a computer? As it turns out you can:

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

It should be noted that GnuPG has fixed this vulnerability. But the method of attack described in this paper is fascinating to read. It also shows that technology still hasn’t surpassed human creativity.

Scott Adams: Possible Future Anarchist

I work in an office environment so it should go without saying that I’m a fan of the Dilbert comic. In a strange but positive turn of events, a recent post by Dilbert’s author, Scott Adams, leads me to believe he’s traveling down the road to anarchism:

I have a hundred-year plan to eliminate government.

The key to making this work is picking one element of government at a time and using technology to eliminate it. Remember, we have a hundred years to develop and test lots of little plans. So we won’t permanently eliminate any part of government until citizens have seen proof it can work on a state level, or for a brief test period nationally, or in another country.

He gives several examples of how technology could be used to replace government functions. If you’re a neophile anarchist, such as myself, what he’s saying is nothing new. I’ve been advocating the use of technology to eliminate the state by providing competition and alternatives to its programs. One of the state’s greatest weaknesses is its inability to adapt to long term changes. We see this whenever the state moves to regulate a new technology, often before the ramifications of that technology are understood.

Its regulations are seldom sensible and usually take the form of outright prohibitions or licensing. My favorite example of this is Wisconsin’s ban using electromagnetic weapons for hunting. Electromagnetic weapons, as far as hunting goes, are still fantasy but the Wisconsin government has already banned such usage even though we have no understanding of how such technology would effect hunting.

I theorize that the state’s hatred of new technologies stems from its fear of being supplanted by them.

Everybody is Sick of Obama

I try not to focus too much on individual politicians unless they’ve done something especially egregious. It wouldn’t matter to me who occupied the White House, I would oppose that person. But I find it amusing how Obama has gone from the beloved celebrity to an irritant in the eyes of the public. This continuously dwindling public imagine isn’t surprising considering the number of scandals that has befallen his administration. From Fast and Furious to the ongoing National Security Agency (NSA) fiasco we have seen Obama receive and ever growing slew of negative publicity. What makes this downfall even more entertaining is the constant attempts by Obama to divert peoples’ attention.

Obama met with the higher ups of several major technology companies. During this meeting the representatives of the technology companies had to prevent Obama from diverting the meeting topic from the NSA fiasco to the Healthcare.gov fiasco:

The top leaders from the world’s biggest technology companies pressed their case for reform of the National Security Agency’s controversial surveillance operations at a meeting with President Obama on Tuesday, resisting attempts by the White House to portray the encounter as a wide-ranging discussion of broader priorities.

Senior executives from the companies whose bosses were present at the meeting said they were determined to keep the discussion focused on the NSA, despite the White House declaring in advance that it would focus on ways of improving the functionality of the troubled health insurance website, healthcare.gov, among other matters.

I have no love for the leaders of the present technology companies either. From my point of view most of them are merely lower level oligarchs in the great state/industry marriage. But it’s entertaining to watch the lower tier oligarchs rebel against the upper tier oligarchs. The NSA fiasco has cause users to question most major technology companies, which threatens profits. If there’s one thing the lower oligarchs won’t stand for it’s the potential to lose profits. Such a threat is enough to get them to become restless and even go against the desires of higher oligarchs. In this instance the lower oligarchs weren’t willing to let the upper oligarchs sweep the NSA fiasco under the table.

Nothing to See Here

Once again I spent my night working on WristCoin. It turns out that doing asynchronous lookups of Bitcoin prices and sending them to the Pebble as they come in is a recipe for bad times. The Pebble can only handle a single incoming message, which it must process before it will accept another incoming message. There is no way that I’ve found to check from the phone side whether or not the Pebble is ready to accept another message so I had to switch over to synchronous lookups, which is not ideal in my book (I like firing and forgetting as opposed to waiting around for each price to arrive before looking up the next price). Considering how resource constrained the Pebble is I do understand this design decision but it’s a pain in my ass.

Poll Reveals 60 Percent of Americans Want Unicorns

Reason did a poll asking Americans whether or not they should be allowed to manufacture firearms on 3D printers:

3D printers can create a variety of items from plastic, including working guns. However, the new Reason-Rupe poll finds six in 10 Americans say Americans should not be allowed to print 3D guns. Thirty percent of Americans believe people should be allowed to print 3D guns at home.

Majorities of Democrats, Republicans, and independents agree that printing 3D guns should be prohibited. However, Democrats are more unified in their opposition with 67 percent who favor prohibiting 3D printed guns compared to 52 percent of non-partisan independents and 55 percent of Republicans. Twenty-five percent of Democrats and a third of non-partisan independents and Republicans think people should be allowed to print their own functioning 3D guns.

One cannot stop the march of advancing technology, which renders the opinions of those 60 percent irrelevant. The beauty of 3D printers is that they are devices that can be kept entirely within a home. There is no need for a separate shop that could raise the suspicion of local law enforcement. That makes enforce any laws that prohibit manufacturing a good on a 3D printer impossible to enforce. By favoring laws against manufacturing firearms on 3D printers the respondents might as well have asked for unicorns.

I’m a strong advocate of 3D printers because they enable individuals to manufacture goods from easily copied rendering files. Just as the Internet rendered censorship irrelevant 3D printers will render regulations against physical objects irrelevant.

How the State Prevents Progress

Amazon’s announcement that it was experimenting with delivery drones to get packages to customers quickly generated a lot of excitement. Fast package delivery is obviously something people want but, unfortunately, is something people can’t have. Why? For the same reason we can’t enjoy most technological advancements: the state. As it turns out Amazon couldn’t even test its drones in the United States because of Federal Aviation Administration (FAA) restrictions:

When Jeffrey P. Bezos revealed to CBS’s Charlie Rose that Amazon.com was planning for a fleet of whirring octocopters to deliver everyone’s next iPhone case, the video that went along with it showed a prototype drone rising lazily off the ground and floating across green, open fields to reach its destination. It could’ve been anywhere — sunny California, maybe, or somewhere near Seattle. But it was actually neither of those places. Turns out it wasn’t even in the United States.

Spokespeople for Amazon and the Federal Aviation Administration have confirmed that the company chose an international location for its concept video after FAA restrictions prevented them from shooting here. Exactly which lucky country got a cameo is still a mystery; neither official would talk specifics.

This kind of problem occurs more often than you might think. The United States is technologically behind in many areas including manufacturing, medical technology, and automotive technology. We linger behind other countries because many of the technologies are either illegal here or the costs of getting them approved to sell here are too high. But don’t despair, all hope is not lost. I’m sure if Amazon hands enough bundles of cash over to the right politicians and bureaucrats the FAA will be convinced to reconsider the current regulations. This is America, if you want to play you have to pay.

Affordable 3D Printers Capable of Working with Metal on the Horizon

The march of technology cannot be stopped. When Solid Concepts unveiled their metal 3D printed guns people on both sides of the aisle agreed that the technology to print those firearms was cost prohibitive. As it turns out technology marches very quickly and we’re on the horizon of affordable 3D printers capable of working with metals:

So far affordable 3D printing has been more about using polymers. Yet we all know that the ‘real thing’ must be made of metal. But the price of 3D metal printers has been the major stumbling block towards making the use of this truly 21st century technology an everyday routine. That is why only wealthy scientific organizations, such as NASA, or the military can afford metal 3D printers that cost well over $500,000.

Now Professor Joshua Pearce and his team of 3D apostles from Michigan Technological University are proclaiming the era of Open Access 3D Printing, having published their “A Low-Cost, Open-Source Metal 3-D Printer,” article in the journal, IEEE Access. Practically anyone who is interested is now free to print objects and make a 3D metal printer of their own.

The team admits that this is only a beginning. The printer is quite basic, but it does print complex geometric objects, putting down thin layers of steel with its kit worth $1,500. The most important components are a small commercial MIG welder and an open-source microcontroller.

At this rate we’ll probably see a firearm printed with metal on an affordable 3D printer sometime next year. After that we can put the entire gun control debate to bed. Controlling easily reproducible goods is possible no matter how large or powerful the state is.

Bitcoin Versus Gold: Or How I Learned to Stop Caring About Economic Internet Arguments

I think it’s time we took a moment to chat. If you pay attention to economic, crypto-anarchism, libertarianism, or other similarly intersecting online forums you have probably picked up on the recent Bitcoin versus gold debate that has been raging on. The latest exchange started with Peter Schiff posted this video touting gold over Bitcoin:

This kicked the Bitcoin community into holy crusade mode. The most well written counterargument to Schiff’s video, in my opinion, is this one from Reddit.

I have a problem with both sides of the argument. There is no reason one has to win. We, as a species, are actually capable of using more than one thing as a medium of exchange. For example, gold and silver have historically been found together as mediums of exchange in markets based on precious metals. Today we see the use of dollars, yuan, yen, pounds, euros, and many other currencies used to facilitate transactions. In fact I would submit that having a single medium of exchange is just as dangerous as any other monopoly.

Bitcoin is a new and exciting newcomer. It’s attractive to us neophiles, in part, because it’s an unknown quantity that could greatly shake the foundation of the current monetary systems. Neophobes tend to shy away from Bitcoin because it’s new and unproven. For them gold is a better option because it’s been around forever. I’m a fan of diversification. If Bitcoin takes a dump and gold excels then I’m happy to have gold. If the opposite happens I’m happy to have Bitcoin. If both excel as currencies I’ll be happy to have both. The only way this debate will be determined once and for all is when time leads us to a result. I just hope that whatever result we arrive at is unexpected by all involved interests. Nothing is worse than minds not being blown.

Fabricating Controversy

I’m always amused when non-technology publications attempt to write about technology. They either get the details laughably wrong or they try to drum up controversy over nothing. The Washington Post decided to post an example of the latter:

BROOKLINE, Mass. — Researcher Garth Bruen long has investigated the seamier corners of the Internet, but even he was shocked to discover Rapetube.org, a site urging users to share what it called “fantasy” videos of sexual attacks.

[…]

Sickened, Bruen tried to determine who operated the sites, a first step toward possibly having them shut down. But he quickly hit a wall: The contact information listed for Web sites increasingly is fictitious or intentionally masked by “privacy protection services” that offer ways around the transparency requirements built into the Internet for decades.

Oh. My. God. These pornography sites are so seedy and evil that they’re concealing their WHOIS information! They’re up to no good and this proves it! Except it doesn’t prove anything. Many domain owners utilize privacy services to conceal their personal information from WHOIS look ups. In fact I use such a service. If you do a WHOIS look up for this domain you’ll receive the following response:

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CHRISTOPHERBURG.COM
Registry Domain ID:
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2013-02-26 07:56:55
Creation Date: 2009-03-06 02:30:35
Registrar Registration Expiration Date: 2014-03-06 02:30:35
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller: Hover
Reseller: help@hover.com
Reseller: 416.538.5498
Reseller: http://help.hover.com
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Contact Privacy Inc. Customer 0130416343
Registrant Organization: Contact Privacy Inc. Customer 0130416343
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: +1.4165385457
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: christopherburg.com@contactprivacy.com
Registry Admin ID:
Admin Name: Contact Privacy Inc. Customer 0130416343
Admin Organization: Contact Privacy Inc. Customer 0130416343
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: +1.4165385457
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: christopherburg.com@contactprivacy.com
Registry Tech ID:
Tech Name: Contact Privacy Inc. Customer 0130416343
Tech Organization: Contact Privacy Inc. Customer 0130416343
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: +1.4165385457
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: christopherburg.com@contactprivacy.com
Name Server: NS1.HOVER.COM
Name Server: NS2.HOVER.COM
DNSSEC:

Am I doing something nefarious? No. I simply don’t want my personal address and phone number accessible to anybody with enough know how to type whois christopherburg.com into their command line. Pornographers most likely want the same protection because their business is seen by many in this country as dirty, immoral, and deserving of punishment. In fact this story affirms the value of a WHOIS privacy service. It’s talking about a man who is on a personal crusade against so-called violent pornography websites. While that’s not my particular kink I see no reason to harass pornographers creating fiction for those with more violent fantasies.

Media outlets always try to insinuate that those utilizing anonymity tools are up to no good. In reality most users of anonymity tools merely want to protect their privacy. Time and time again we see media outlets try to drum up controversy over onion routers, encrypted communications, and location hidden services. These attempts are desperate grasps for ratings by old media outlets that are incapable of changing with the times.

Getting Paid to Play Video Games

For many people their dream job would be one that paid them to play video games. It used to be that play testing and playing in professional gaming leagues were the only careers that fulfilled such dreams. But now there’s another employer willing to pay employees to hammer at keyboards and mice in virtual worlds: the National Security Agency (NSA):

To the National Security Agency analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency’s impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs.

That vision of spycraft sparked a concerted drive by the NSA and its UK sister agency GCHQ to infiltrate the massive communities playing online games, according to secret documents disclosed by whistleblower Edward Snowden.

[…]

The agencies, the documents show, have built mass-collection capabilities against the Xbox Live console network, which boasts more than 48 million players. Real-life agents have been deployed into virtual realms, from those Orc hordes in World of Warcraft to the human avatars of Second Life. There were attempts, too, to recruit potential informants from the games’ tech-friendly users.

There you have it ladies and gentlemen. If you want to get paid to play video games just sign up with the NSA or the Government Communications Headquarters (GHCQ). Both of those agencies are willing to fork over hard stolen tax dollars to agents willing to subject themselves to the rigors of sitting in a chair and operating a keyboard and mouse (I know that also describes programming but playing video games for a living is probably more fun).

I wonder how long it will take the Federal Bureau of Investigations (FBI) to take up this strategy. Imagine agents running around Minecraft servers trying to recruit players to take TNT blocks and blow up bridges and buildings. After the deed is done the FBI can get a warrant to reveal the player’s Internet protocol (IP) address, contact the internet service provider (ISP) that controls that address to discover the user’s name and address, and arrest the user for virtual terrorism. It would give a much needed boost to the agency’s terrorist arrest numbers.