Entries in data security (3)


Digital Spying for the Citizen: Available and Cheap

NYTimes article highlights the relative ease with which a citizen can monitor the digital activities of other citizens.  It's not that this is necessarily legal, and can easily cross the line into the (US) Computer Fraud and Abuse Act.  But, it does demonstrate how easily and inexspensively it can be accomplished.

A Cheap Spying Tool With a High Creepy Factor - NYTimes.com:

Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?
Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones. …



Does advance in mathematics threaten security?

It's always interesting to see what does (and does not) get picked up by the technology press each year after a Black Hat Conference. This work from Alex Stamos of Artemis has not been widely reported, but that's mostly because the threat is not imminent.

Math Advances Raise the Prospect of an Internet Security Crisis | MIT Technology Review:

Alex Stamos, chief technology officer of the online security company Artemis, led a presentation describing how he and three other security researchers studied recent publications from the insular world of academic cryptopgraphy research, which covers trends in attacking common encryption schemes. “Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years,” said Stamos, referring to the two most commonly used encryption methods.



Hardware Solution for Cloud Data Security? Ascend

This may, in the long term, represent one way in which security for cloud-resident data-at-rest becomes manageable and cost-efficient.

Hardware Trick Could Keep Cloud Data Safe - IEEE Spectrum:

Dubbed Ascend, the component hides the way CPUs request information in cloud servers, making it immensely difficult for attackers to glean information about the data stored there. Such a hardware-reliant scheme is an unusual proposition in the realm of cloud security, which is dominated by software solutions.
The researchers assume that sensitive data on cloud servers is already encrypted—typically the first line of defense when it comes to data security. Ascend goes a step further, its designers say, by dealing with sneak attacks that can happen through various so-called side channels. In a side-channel attack, an observer measures things like computation time, memory traffic, and power consumption to infer the behavior of a program running on that hardware, and from that the watcher can glean some information.