On the always-excellent Search Engine podcast from TVOntario, host Jesse Brown interviews Alan Borovoy, general counsel of the Canadian Civil Liberties Association. Borovoy in one of Canada's most respected free speech and privacy activists, and he describes the state of Canada on the eve of the introduction of a sweeping spy-bill that will require ISPs to log and retain enormous amounts of our private communications, and then give police access to that material without a warrant. This is a stirring call-to-arms and an important historical context to understand the history of free speech and privacy in Canada.
The Electronic Frontier Foundation's SSL Observatory is a research project that gathers and analyzes the cryptographic certificates used to secure Internet connections, systematically cataloging them and exposing their database for other scientists, researchers and cryptographers to consult.
Now Arjen Lenstra of École polytechnique fédérale de Lausanne has used the SSL Observatory dataset to show that tens of thousands of SSL certificates "offer effectively no security due to weak random number generation algorithms." Lenstra's research means that much of what we think of as gold-standard, rock-solid network security is deeply flawed, but it also means that users and website operators can detect and repair these vulnerabilities.
While we have observed and warned about vulnerabilities due to insufficient randomness in the past, Lenstra's group was able to discover more subtle RNG bugs by searching not only for keys that were unexpectedly shared by multiple certificates, but for prime factors that were unexpectedly shared by multiple publicly visible public keys. This application of the 2,400-year-old Euclidean algorithm turned out to produce spectacular results.
In addition to TLS, the transport layer security mechanism underlying HTTPS, other types of public keys were investigated that did not use EFF's Observatory data set, most notably PGP. The cryptosystems that underlay the full set of public keys in the study included RSA (which is the most common class of cryptosystem behind TLS), ElGamal (which is the most common class of cryptosystem behind PGP), and several others in smaller quantities. Within each cryptosystem, various key strengths were also observed and investigated, for instance RSA 2048 bit as well as RSA 1024 bit keys. Beyond shared prime factors, there were other problems discovered with the keys, which all appear to stem from insufficient randomness in generating the keys. The most prominently affected keys were RSA 1024 bit moduli. This class of keys was deemed by the researchers to be only 99.8% secure, meaning that 2 out of every 1000 of these RSA public keys are insecure. Our first priority is handling this large set of tens of thousands of keys, though the problem is not limited to this set, or even to just HTTPS implementations.
We are very alarmed by this development. In addition to notifying website operators, Certificate Authorities, and browser vendors, we also hope that the full set of RNG bugs that are causing these problems can be quickly found and patched. Ensuring a secure and robust public key infrastructure is vital to the security and privacy of individuals and organizations everywhere.
Ford's Theater's Center for Education and Leadership sports a 6,800 volume, 34-foot-tall tower of (aluminum replica) books about Abraham Lincoln.
The majority of the titles are histories and biographies about Abraham Lincoln. Also included are books of Lincoln’s speeches, books of quotations or quips and one or two travel titles (i.e.: Indiana’s Lincolnland by Mike Capps and Jane Ammenson). Several children’s titles also are included, though not much in the way of adult historical fiction.
(Many sites report that there are 15,000 books in the pile, but that's not correct).
On my way to Dallas-Fort Worth airport today, I snapped this picture of the sticker on the inside of the back-seat passenger-side window of my taxi. It warns "The method used to authenticate credit card transactions for approval is not secure and personal information is subject to being intercepted by unauthorized personnel." There's some history there, I'm guessing. Consumer warnings are very nice, but I'm left wondering why they don't just update the firmware on the credit-card box with some decent crypto (unless this is because they use a CB radio to call in card numbers, which is pretty danged foolish).
Wired Science's Dave Mosher investigates elastomeric soft robots -- air-powered origami creepers that can go places that challenge their rigid metallic kin.
Getting the soft robots to perform a particular action is a feat of origami: Folded in just the right way and glued in the right spots, for example, the researchers showed how a crinkled clump of silicone-soaked paper lifted a 2-pound weight. The force of the air required to drive it was roughly twice that of a human exhalation.
The team has also cylinders that blow into spheres, tubes that act like springs and compact stacks that turn into rigid rings or pipes.
Avi Solomon notes the similarity between these eerie things and the robots in Ted Chiang's brilliant science fiction story Exhalation.
Absolut has commissioned Jamie Hewlitt (co-creator of Tank Girl and Gorillaz) to do a limited edition vodka bottle celebrating London's public drunkenness. It's a rather nice piece of work, too -- suitably grotesque. All it's missing is the grimy, mutilated pigeons squabbling over puddles of last night's binge-drinking lad and ladette vom.
MEP who resigned ACTA role explains how the treaty will result in invasive border searches of personal devices, privacy-invading dissemination of public's personal information
Kader Arif is the former EU rapporteur on ACTA (the secretive copyright treaty pushed by the US Trade Rep) on Europe's behalf. He made headlines when he handed in his report on ACTA and his resignation as rapporteur, which damned ACTA as an undemocratic, overly broad and ill-conceived trainwreck. In this WSJ interview, Arif goes into detail on the problems that made ACTA utterly irredeemable, and Mike Masnick despairs at how Arif's successor in the EU is seemingly unwilling to stand up for the democratic principles that ACTA tramples.
First is the article 11 of the agreement, which states that the right holder has the right to ask for information “regarding any person involved in any aspect of the infringement or alleged infringement”. This article is worded in such wide and unclear terms that it leaves a great deal of room for interpretation. In practice, almost anyone could be linked to an infringement of intellectual property rights and face criminal sanctions under such a vague definition. It is our responsibility as legislators and people’s representatives not to leave it to a judicial authority to decide of the scope of an agreement which could affect people’s civil liberties.
The second is the issue of having travelers’ personal luggage searched at borders. ACTA foresees that the use of counterfeited goods on a commercial scale can lead to criminal sanctions. But here again no definition of “commercial scale” is given. Article 14 of the agreement clearly states that, unless contrary action is taken by one of the parties, it is possible to search people’s personal luggage, including small consignments. So if a traveler has on his laptop or MP3 player a tune or movie downloaded illegally, could he face sanctions ? How many tunes or movies would one need to set up a commercial illegal activity? In theory one would be enough… The problem again here is that ACTA does not give any clear indication. Besides the fact that it is an extremely sensitive issue to authorize for the search of all travelers’ luggage, and personally I am totally opposed to it, I see here a great risk for abuse and unjustified sanctions.
Following The New York Times Sunday profile on VICE's in house drug aficionado/chemist, Hamilton Morris and his original web series Hamilton's Pharmacopeia, VICE today premieres the latest episode where Hamilton travels to Amsterdam to discover the Philosopher's Stone of psychedelics -- the [psilocybin-containing] truffle.A trip at the Magic Truffles farm
In this episode of Hamilton's Pharmacopeia, Hamilton sits down and chats with the notorious Truffle Brothers in a quaint Dutch farm that also functions as the world's largest truffle factory, then proceeds to munch down 8 grams of the magical mushrooms and explore Amsterdam on Queen's Day (the Netherland's most chaotic and rampantly wild day of the year).
Several years ago, I read Brian Aldiss's Billion Year Spree -- his "true history of science fiction" from Mary Shelley to the early 1970s. I found Aldiss's account of the genre's development entertaining and informative... but something bothered me, long after I'd finished reading it. So much so that I've since spent hundreds of dollars on forgotten, out-of-print books; I've written dozens of long, scholarly posts about the thing that bothered me so much, for io9 and my own blog, HiLobrow; and this year I've even launched a money-losing publishing imprint in a quixotic effort to set the record straight.
Aldiss's book is terrific on the topic of science fiction from Frankenstein through the "scientific romances" of Verne, Poe, and Wells -- and also terrific on science fiction's so-called Golden Age, the start of which he, like every other sf exegete, dates to John W. Campbell's 1937 assumption of the editorship of the pulp magazine Astounding. However, regarding science fiction published between the beginning of the Golden Age and the end of the Verne-Poe-Wells "scientific romance" era, Aldiss (who rightly laments that Wells's 20th century fiction after, perhaps, 1904's The Food of the Gods, fails to recapture "that darkly beautiful quality of imagination, or that instinctive-seeming unity of construction, which lives in his early novels") has very little to say. "Hm," I thought, when I noticed that. "That's an awfully long stretch of science fiction history to overlook, isn't it?"
Aldiss seems to feel that authors of science fiction after Wells and before the Golden Age weren't very talented. He doesn't think much, for example, of the literary skills of Hugo Gernsback (sometimes called the "Father of Science Fiction") who founded Amazing Stories in 1926 and coined the phrase "science fiction" while he was at it. True, Gernsback's ideas were advanced, while his story-telling abilities were primitive. But does that really justify skipping over the 1900s through the mid-1930s? (PS: By my reckoning, Campbell and his cohort first began to develop their literate, analytical, socially conscious science fiction in reaction to the 1934 advent of the campy "Flash Gordon" comic strip, not to mention Hollywood’s innumerable mid-1930s Bug-Eyed Monster-heavy "sci-fi" blockbusters that sought to ape the success of 1933's King Kong. They were also no doubt influenced by the 1932 publication of Aldous Huxley's Brave New World. In other words, the Golden Age began before 1937; if I had to choose a year, I'd say 1934.) Is Aldiss's animus against that era due solely to style and quality? I suspect not. Billion Year Spree reminds me of one of those airbrushed Soviet-era photos from which an embarrassing historical fact has been excised.
Read the rest
My friend Vann Hall received the following email from the FBI. Apparently, they caught him through their, er, track light monitoring device. Vann, I hope you can clear this up quickly!
-------- Original Message --------
Subject: ISSUES OF FRAUD CRIME AGAINST YOU
Date: Fri, 20 Jan 2012 08:25:36 +0200
From: Mr Ronald Anthony (firstname.lastname@example.org)
THIS IS THE (F.B.I)
FBI Headquarters in Washington, D.C.
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C. 20535-0001
FEDERAL BUREAU OF INVESTIGATION (FBI)
This the Federal Bureau Of Investigation (FBI) We are writing in response to our track light monitoring device which we received today in our office about the illegal transactions that you have been involve in for a long time now.
We understand from our general investigations that some con men from Australia has been ripping a man off him hard earned money with the pretense of dealing with birds Company that will deliver a pet to him and the proposed amount which was to be transferred to you is the sum of $5,000,000 Usd as stated in our record here.
We also got a complain from our Australia man counterpart stating that your identity/information's was used to dupe a Australia business man to the tune of $4 Billion Usd by some Australia Fraudsters which you have been in contact with for some time now.
The German Government has ordered for your urgent arrest regarding the crimes that was committed with your name,after all the series of investigations conducted here in our office we tracked your record and we found out that you have never been jailed or had any fraudulent case that may jeopardize your image and personality.
All this information's are on record and we are going to use it against you in the world court when this case will be brought before it and we called the Australia High Commission for an urgent compensation for the bad deed that has been committed with your name.
The Australia Government has made available the sum of $950,000.00 Usd for your compensation and then we would like to inform you to stop any further communications with the con men so that you will not be brought before the law..
We also discovered that you have made some payments to them earlier for this same funds that was to be sent to you.
Don't forget that all your properties will be confiscated as soon as you are jailed because it will be believed that you got them from fraudulent and dubious business transactions like the one that you are in right now.
We have forwarded a copy of this information's to all the states crime agencies including,
National Crime Information Center (NCIC)
CrimTrac Agency, Canberra,
Crime and Corruption Commission
Crime and Misconduct Commission
Home Land Security Service.
Economic And Financial Crimes Commission (EFCC)
Nigerian Local Metropolitan Police (NLMP)
So all you need to do right now in other to clear your name from the scam list which has already been forwarded to our office is to secure the CLEAN BILL CERTIFICATE immediately.
This Certificate will then clear your name from the scam list and also after the Certificate has been issued to you, you will then forward it to the payment officer for the urgent transfer of your compensation funds of $950,000.00 Usd.
You are required to forward to us your private contact number for oral communications and don't forget that you will be given only 72hours to secure the CLEAN BILL CERTIFICATE or you will face the law and its consequences.
Your e-mail address is now under our e-mail track monitor, so you should make sure that you don't respond to any e-mail that is being sent to you from anybody or organization that claims to be working for the Government.
Forward the details of the payment you made to them earlier, and also all the information's/documents that was forwarded to you by those criminals that you have been in contact with for a long time now.
Also below is my attached Identity Card for your perusal.
Get back to us as soon as you receive this e-mail so that we can guild you on how to secure the Certificate within 72hours.
THANKS FOR YOUR CO-OPERATION.
Thanks as I wait for your response
Mr Ronald Anthony
VeriSign Inc., the company responsible for assuring that more than half the world’s websites are authentic, was hacked multiple times in 2010, and the thieves succeeded in stealing information, reports Christopher Maag in Credit.com
When users click on a website, or on a hyperlink that would carry them to a website, their browser automatically checks the site’s security certificate to make sure that it’s authentic. If there’s a problem with the certificate, the browser may present a warning screen advising the user of possible security threats, or it may block access altogether.VeriSign, pillar of Internet security, hacked
If hackers gain access to those certificates however, they can make their own copy that looks exactly like the real thing. That would enable them to run a virtually fool-proof phishing scheme, diverting users to a fake website in order to steal account passwords, Social Security numbers and other valuable private data.
The Speal’s Tavern Cigar Box Guitar Museum near Pittsburgh, PA has been expanded and improved for 2012. The museum now sports over 40 handmade instruments, cigar box amplifiers, antique photos and artwork along with historical facts and discoveries. The 2012 exhibit will be unveiled this Saturday, February 18 at 6pm followed by a special Mardi Gras blues concerty by museum creator and cigar box guitarist, Shane Speal.
The centerpiece of the museum is a 92 year old cigar box guitar from 1910. It’s crude form features only a single string and is very similar to instruments performed in Vaudeville theatre at the turn of the Century. The museum is free and open to the public during Speal’s Tavern regular business hours.
Here's a trailer for Tim Burton's forthcoming adaptation of the satirical horror novel Abraham Lincoln: Vampire Hunter. Hard to tell how Burton will play it -- it will be tricky to maintain the relevance of the fact that the action hero is also Honest Abe without obliterating suspension of disbelief, since each reminder of this fact is a bit jarring in the context of a fun/funny horror romp.
Here's the Onion's Sean O'Neal's thoughts:
Adapted from the monster mash-up novel from Seth Grahame-Smith, the forthcoming film from Wanted director Timur Bekmambetov and producer Tim Burton obviously gets fairly tongue-in-cheek with its alternate U.S. history—the kind the liberal-run schools are too afraid to teach you—but it's not like you’d necessarily know it from this teaser.
Abraham Lincoln: Vampire Hunter (Thanks, Fipi Lele!)
Over at Submitterator, anelson sends us this surreal video of a child playing with a huge pack of Saint Bernards in a temperate rainforest in British Columbia. I love the idea of being surrounded by these panting, gallumphing beasts.
Buzzblog sez, "Ten years ago today, at 9:25 a.m., Slashdot founder Rob 'CmdrTaco' Malda, used his insider access to the homepage of one of the tech world’s most popular forums to send a very public Valentine’s Day marriage proposal to Kathleen Fent. Fifteen minutes later she said yes -- and then called him a dork -- an exchange that would generate more than 2,000 comments and make news on other tech sites. As the 10th anniversary of the proposal approached, Network World asked the couple to share their memories of that day and thoughts about it since, as a kind of case study on how this type of public proposal – be it on Slashdot or the stadium Jumbotron – holds up over the years. Would they recommend it? … Seems there is disagreement on that score."
Kathleen, what was your reaction the moment you read your name in that headline and realized what was happening?
I knew something was afoot when I left for work and Rob said "See you soon!" I decided to check Slashdot right away when I got to work to see what was going on. When I saw my name in the proposal, I slammed my hand down on the desk and screamed, "Oh my god!" before I could even read the entire article. I started to hyperventilate.
Everyone rushed back to my cubicle to see what was the matter. I had to resist the urge to phone Rob at home, knowing that an email reply was much more fitting for the eventual story we'd tell. This was long before texting was commonplace, or I would have texted him the answer.
Rob, what did you think of the outpouring of well wishes -- and snark -- from the Slashdot community?
There was some pretty witty stuff in there. Kathleen pointed out a few random comments that she thought were funny. She read every single comment, but I was thankful for the moderation system that day because it was a (popular) story and it had its fair share of mean in it that I was able to skip. But mostly it was very positive: The vast majority of the Slashdot community strongly supported me throughout my time there, and this story might be the single loudest example of that.