Category: Internet matters

Posts about the internet

GSM encryption cracking demo

I have written before about how the encryption used by GSM cell phones is not secure. At the upcoming Defcon conference, Chris Paget is planning to demonstrate how the cryptoscheme in GSM can be circumvented completely, using a man-in-the-middle attack, based around a device called an ‘IMSI catcher.’ Specifically, he is planning to “intercept and record cellular calls made by [his] attendees, live on-stage, no user-input required.”

This is a good illustration of some of the limitations of cryptography. Even very sound encryption algorithms are often used in ways that make them vulnerable to attack, including man-in-the-middle attacks where legitimate senders and receivers don’t realize their communications are being routed through a third party. The take-home message is: just because something is encrypted, don’t assume that other people won’t be able to access it.

The internet and confirmation bias

The issue of confirmation bias has come up repeatedly here before. Basically, people evaluate new information in a way that is far from impartial; new information that seems to confirm pre-existing beliefs is generally filed as evidence for the appropriateness of those beliefs, while contradictory information is downplayed or ignored. While this phenomenon is ancient, there does seem to be good reason to think that it may be especially acute now, as the media becomes more personalized and segmented.

That danger is highlighted by Harvard academic Ethan Zuckerman, who gave a TED talk on how social networks mislead us. Because we are exposed to the thoughts of people who are already much like us, we are at risk of being convinced that we are more typically than we really are, and our views are more mainstream and justified than may actually be the case.

How much of a problem would people say this is, both from the perspective of being well-informed citizens and in the context of being effective in promoting particular policies? Is there any way either social networks or individuals can combat this entrenching of confirmation bias? For my own sake, I have been trying to incorporate more articles from newspapers I disagree with into my daily reading.

Recovering keystrokes from audio recordings

Those trying to compromise the integrity of computer systems have a large variety of attack options to work with: everything from mathematical approaches to breaking cryptography, to TEMPEST attacks based on unintentional signal radiation, to social engineering methods designed to trick people into granting them access. A recent Economist article highlights a danger likely to be unfamiliar to most, namely how it is possible to convert audio recordings of typing back into text:

Such snooping is possible because each key produces a characteristic click, shaped by its position on the keyboard, the vigour and hand position of the typist, and the type of keyboard used…

That said, the method does have one limitation: in order to apply the language model, at least five minutes of the recorded typing had to be in standard English (though in principle any systematic language or alphabet would work). But once those requirements are met, the program can decode anything from epic prose to randomised, ten-character passwords.

The software being employed seems fairly clever. It augments the audio data with frequency analysis, based on how often individual letters and specific pairs of letters come up in English text. With refinements, it seems plausible that it could be made to work with a smaller sample.

Making a computer system secure against a capable and resourceful attacker is extremely difficult. That said, the basic principles of security continue to hold. For instance, using defence in depth can reduce the severity of any breach – for instance, by keeping critical files encrypted. Also, it must always be remembered that security involves trade-offs. Increasing security against these audio attacks is no different, and it will always be accompanied by some cost, in terms of finances, convenience, or security of a different type.

Saturday Morning Breakfast Cereal

While I am sure it will be old news to some of you, I recently came across this web comic and found it amusing and geeky, though sometimes crude.

Here are some of the strips I found funny. Note – many of these may be considered offensive by some people:

The strip is nearly always cynical, and sometimes horrifying, but amusing when one is in the right frame of mind.

David Mitchell on climate change

A couple of years ago, the issue of the consequences of climate change being very depressing came up here, given how dealing with the problem means giving up some excellent things, like being able to visit China or Hawaii on a whim and being able to concentrate our scientific efforts on neat things like space travel.

More recently, David Mitchell (of Mitchell and Webb) produced a funny video with a similar message:

David discusses why tackling climate change is always presented to us by people who either tell us off or patronisingly try to convince us that tackling it is “cool” or “fun”, when actually it’s just something we have to do, because of facts.

I don’t entirely agree with him – since I do see moving to renewable forms of energy as an opportunity. That said, I do like the delivery of his message.

BOLO 2010 photos

My photos from yesterday’s blogging event are on Picasa:

I think I managed to get a shot of everyone who read, with a few of the crowd thrown in. Some more photos are in a Facebook album. I also have photos from last year’s event.

My thanks go out to David Scrimshaw, who had the cleverness and boldness to point a couple of the ceiling-mounted house lights at the microphone, greatly facilitating the photography of all present. Indeed, there were very few annoying flashes.

If anybody wants full resolution files, they can contact me. Keep in mind, the original files are about 10 megabytes a piece, at 5616 x 3744 pixels. Also, my internet connection is in terrible shape. Getting these on Picasa took hours, and many false starts.

They were pretty much all shot between 6,400 ISO and 25,600 ISO. I was expecting the venue to be a bit brighter, so I brought my 70-200 f/4 lens, whereas my 50mm f/1.8 might have been a better choice.

Blog Out Loud Ottawa 2010

Blog Out Loud Ottawa 2010, which I mentioned before, went very well. My thanks go out to Lynn from TurtleHead for organizing it, bringing together twenty four readers and dozens of audience members.

All the night’s readings were good, but some of my favourites were:

I had heard Evey’s entertaining Bus People on the radio a few days before.

I was the only one who presented a political post written in an editorial style – Why conservatives should love carbon taxes. Perhaps next year I will have some company. After all, blogs can be turned to serve many purposes, including advocating changes in public policy.

Does caffeine work?

You Are Not So Smart is a blog that seeks to catalog the many mental failings of human beings: from the confirmation bias to our ignorance about our past beliefs.

In one post, they argue that caffeine (coffee, specifically) mostly just alleviates caffeine withdrawal. Rather than lifting you up from ‘normal’ to a more wakeful state, it just brings you back to normal, from the depressed state that caffeine consumption establishes as your new norm:

The result is you become very sensitive to adenosine, and without coffee you get overwhelmed by its effects.

After eight hours of sleep, you wake up with a head swimming with adenosine. You feel like shit until you get that black gold in you to clean out those receptor sites.

That perk you feel isn’t adding anything substantial to you – it’s bringing you back to just above zero.

Neurologist Stephen Novella echoes this position on his blog:

The take home is that regular use of caffeine produces no benefit to alertness, energy, or function. Regular caffeine users are simply staving off caffeine withdrawal with every dose – using caffeine just to return them to their baseline. This makes caffeine a net negative for alertness, or neutral at best if use is regular enough to avoid any withdrawal.

As an experiment, I am going to try abandoning caffeine for a week or so. I will report on any notable effects, though it is always hard to determine which observed changes in ones mental life are the consequence of any particular change in circumstances, given all the complexities of life and all the failings of our mental faculties.

Khan Academy

Khan Academy is a collection of over 1,400 miniature lectures, delivered by one man via YouTube. They cover topics that range widely, in disciplines including mathematics, chemistry, biology, statistics, history, finance, and physics.

From the twenty or so I have tried, they seem to be quite accessible, at least for those with a basic grounding in mathematics. I had never covered matrices in high school or university math, but the videos in the linear algebra collection have left me with what feels like an adequate theoretical awareness of what they are, why they are useful, and how they fit into mathematics more broadly.

The whole collection is worth a look.

Now on Twitter

In the ongoing quest for eyeballs, there is now a new way to follow updates from a sibilant intake of breath and BuryCoal.com:

http://www.twitter.com/sindark/

http://www.twitter.com/burycoal/

Each will be updated when new content goes onto the site, for the benefit of readers who prefer to keep track of things that way. It won’t necessarily be every post that goes there, but I am hoping it will be a way to spread awareness of some more interesting or important ones.

RSS

By default, WordPress creates Really Simple Syndication (RSS) feeds that can be checked in an automated way using tools like BlogLines or Google Reader. sindark.com has a feed for posts and another for comments, as does BuryCoal.com (comments).

Facebook

Both sites also have Facebook pages: sindark.com, BuryCoal.com.