security

PeNP?

We now know that terrorists have found ways of hiding communications encoded in financial transactions.

Never mind the evidence for the prevalence of this problem; weʼre only beginning to uncover the threat.  For now, itʼs clearly a technical possibility.  Even Paypal have done it for years.  Each single figure in an arbitrary decimal sum can represent four and a half bits of digital character information; the essential, brief command messages sent between terrorist cells can therefore easily be hidden in a few purchases between sock-puppet traders on eBay, Etsy and Amazon.  We know this sort of activity goes on, for all sorts of reasons.

But now weʼve realised that stock exchange high speed trading is also a perfect medium.  The volume of transactions is such that, with customised trading software, they can hide enormous amounts of data about targets, how to get round security systems, where to get the latest training videos and when.  And letʼs face it, terrorism is well-funded by certain interests with connections to people we know have access to a share of our oil wealth.  It might be time we did something about that.  Finish the job.

And not only stock exchanges.  Consumer-grade bank accounts can be used.  A disturbingly high proportion of the population now has these, and theyʼre all available over the internet.  Potential terrorists with no police record, no record of anything apart from walking past security cameras with abnormal features, could now be simply logging into a superstructure of terrorism command and control networks through their online bank accounts, sending a few pennies at a time in any currency, according to some master plan dictated to them by unidentified controllers.  Remember, we donʼt have total surveillance yet.  We donʼt know what theyʼre really doing in the gaps when weʼre not watching them.  Donʼt believe the naïve suggestion that the larger planning instructions can only be disseminated in the media weʼve already succeeded in monitoring.  If only it were that simple...

Clearly, thereʼs only one thing to be done if we are to give our children the secure future they deserve.  We have to take control of the stock markets. 

security snapshot

Itʼs not news that it is possible to use a laptop computer (or other device)ʼs built in camera to take pictures without the current user being aware of it. I ran across some discussion of this recently which seemed odd. Some people suggest (e.g. here) that the standard security response of taping (or equivalent) over the camera is inadequate because a usable image might still be obtainable by post-processing. The suggestion may not be serious, but it hadnʼt occurred to me; I have never thought much about whether a piece of metal foil tape or black tape would be better than the little square cut out of a post-it note Iʼve been using all these years. I prefer a post-it note because itʼs easy to remove if you ever actually want to use the camera – though thereʼs nothing stopping you using metal foil tape on top of a post-it note.

Anyhow, evidence. This is a self-portrait image taken with my laptop webcam, with a light shining directly on me, through a single layer of purple post-it note. The original image was almost black, so I ran it through the Photoshop Equalise filter.

view through a postitnote

The speckling is partly jpeg and partly low-light randomness. However, I suspect it would be a challenge to extract a usable image from this even if you could access the raw data. It doesnʼt even give much opportunity for pareidolia. Semitransparent tapes might not give the same level of protection.

Result: Probably not a security issue in the foreseeable future. And Iʼm quite pleased with this picture. I look much prettier than usual. ^.^

When the Ink Moves Again (the future of squidgy)

Cory Doctorow suggested recently that Digital Rights Management and its shoring-up exercises may be only the start of a “War on General Computing” to come – in which various interests, probably more powerful than the entertainments industry, will attempt to control peopleʼs use of computers by requiring that they only operate with built-in spyware to monitor and control our activities – no matter how impossible that is to actually achieve in any comprehensive sense.  (And I might add, no matter the problems prohibition and wars always create.)

This sets me thinking:  As others have observed, one area this might happen is 3D printing.  Right now, weʼre in much the same place microcomputing was in the mid-to-late 1970s, with build-it-yourself kits (like the original Apple) being about the most popular way of obtaining them.  We have yet to see the 3D printer equivalent of the Vic-20, ZX81, or BBC Micro.  Thatʼs not to say that there will inevitably be such a thing.  (If history really did repeat itself it would be easier to learn from.)  Itʼs questionable whether there will ever be the kind of demand for 3D printing at home that there has been for computing and 2D printing.  But it can be expected that something like the IBM PC will emerge and dominate the market anyway, because thatʼs what mass-production markets do.  And going by present trends, it will have DRM; instead of USB it will connect with something like HDMI, a cable (or at least an interface) which restricts the actions of a computer, owned by anyone, to those permitted by a Luddite industry association.  There is no particular reason to think that industry associations in this case will be any less inane than the entertainments outfits, so there will probably be something like DVD region encoding too.  Which is one reason why I plan to get in early and get the equivalent of an Apple I (in memory of the days when Apple did not seem like part of the problem).

But thatʼs not what I came here to blog about.

Subscribe to RSS - security