By Cory Doctorow at 9:13 pm Wednesday, Apr 25
• Comments • Share
David Stutz has posted a small collection of obituaries for Alan Turing after he was hounded to suicide as a punishment for being gay. Here's my favorite:
“For those who knew him here [at Sherborne] the memory is of an even-tempered, lovable character with an impish sense of humour and a modesty proof against all achievement. You would not take him for a Wrangler, the youngest Fellow of King’s and the youngest F.R.S. [Fellow of the Royal Society], or as a Marathon runner, or that behind a negligé appearance he was intensely practical. Rather you recollected him as one who buttered his porridge, brewed scientific concoctions in his study, suspended a weighted string from the staircase wall and set it swinging before Chapel to demonstrate the rotation of the Earth by its change of direcction by noon, produced proofs of the postulates of Euclid, or brought bottles of imprisoned flies to study their “decadence” by inbreeding. On holidays in Cornwall or Sark he was a lively companion even to the extent of mixed bathing at midnight. During the war he was engaged in breaking down enemy codes, and had under him a regiment of girls, supervised to his amusement by a dragon of a female. His work was hush-hush, not to be divulged even to his mother. For it he was awarded the O.B.E. He also adopted a young Jewish refugee and saw him through his education. Besides long distance running, his hobbies were gardening and chess; and occasionally realistic water-colour painting.
In all his preoccupation with logic, mathematics, and science he never lost the common touch; in a short life he accomplished much, and to the roll of great names in the history of his particular studies added his own.” — The Sherbornian, Summer Term 1954
obituary quotations
By Cory Doctorow at 2:00 pm Friday, Apr 20
• Comments • Share
Jeroen Vader, the owner of PasteBin (a service that provides a simple way to share blobs of text, originally popular for sharing code-fragments and error messages, now also very popular as an anonymous repository for leaked documents and manifestos, especially those affiliated with Anonymous) has revealed that he sometimes shares his server logs with law enforcement agencies, and sometimes censors the material posted by Pastebin's users. People acting under the Anonymous banner and the People's Liberation Front have responded by creating a PasteBin clone called AnonPaste, running a free/open zero-knowledge PasteBin implementation called ZeroBin. AnonPaste's administrators claim that they will not censor or cooperate with law-enforcement, though as far as I can tell, there is no facility in ZeroBin for auditing the admins' adherence to these promises (that is, they could be censor-happy snitches and it wouldn't be easy to learn this fact or prove it to third parties). ZeroBin does have a facility for encrypting the data between the browser and ZeroBin, which means that to the extent that ZeroBin is free from defects, and the hosts of a ZeroBin instance have not added malicious (or incompetent) modifications, ZeroBin's administrators can't know what content is being hosted there.
AnonPaste's admins expressed their intentions in a press-release posted to their own service (of course!):
And so the PLF and Anonymous have teamed up to offer a paste service truly free of all such nonsense. Here is a brief list of some of the features of AnonPaste: 1) No connection logs, period. 2) All pastes are encrypted BY THE BROWSER using 256 bit AES encryption. This means there is no usable paste data stored on the server for the authorities or anyone else to seize. 3) No moderation or censorship. Because the data on our servers is unreadable by us (or anyone), the responsibility for the legality or appropriateness of any paste is the sole responsibility of the person posting. So there will be no need for us to police this service, and in fact we don't even have the ability of deleting any particular paste. 4) No advertisements. This service will be totally user supported through donations. Links for this are available on the web site. Paste services have become very popular, and many people want to post controversial material. This is especially so for those involved in Information Activism. We feel that it is essential that everyone, and especially those in the movement - have a safe and secure paste service that they can trust with their valuable and often politically sensitive material. As always, we believe in the radical notion that information should be free. SIGNED -- Anonymous and the Staff of the Peoples Liberation Front
Megan Geuss of Ars Technica has more detail:
Indeed, without the possibility of deleting information, authorities might argue the site poses a threat to personal privacy and institutional operations. Vader told Ars, "Here at Pastebin.com we think freedom of speech is very important, but we do think there should be some form of content moderation, because people do abuse paste websites, and if there is really no delete option, this could cause major harm." He added that yesterday his site released a "My Alerts" feature, which allows people to track names or keywords on Pastebin, so if illegal information shows up they can submit a takedown request to Pastebin in a timely manner.
And InfoWeek notes that ZeroBin has not been stress-tested against the kinds of DDOS and other attacks that might threaten AnonPaste's operation and philosophy of anonymity. As of this afternoon, access to AnonPaste has been on-and-off, suggesting there are still many hurdles for the endeavor to function at all.
Anonymous builds its own Pastebin-like site
By Cory Doctorow at 12:17 pm Friday, Apr 20
• Comments • Share
GCHQ, the UK government's communications headquarters, has published a set of code-breaking papers written by Alan Turing during WWII. The papers had been held in secret since they were written. The papers are c"The Applications of Probability to Crypt" and "Paper on the Statistics of Repetitions" and they deal with cryptanalysis techniques to optimize breaking Nazi ciphers. They're displayed at the National Archives at Kew. The BBC has more:
According to the GCHQ mathematician, who identified himself only as Richard, the papers detailed using "mathematical analysis to try and determine which are the more likely settings so that they can be tried as quickly as possible..."
Richard said that GCHQ had now "squeezed the juice" out of the two papers and was "happy for them to be released into the public domain".
Alan Turing papers on code breaking released by GCHQ
(via /.)
By Cory Doctorow at 6:00 am Wednesday, Mar 28
• Comments • Share
US senators are calling for action on employers' habit of demanding employees' Facebook passwords, but no one seems to notice that many companies configure their computers so that they can eavesdrop on your Facebook, bank, and webmail passwords, even when those passwords are "protected" by SSL. In my latest Guardian column, "Protecting your Facebook privacy at work isn't just about passwords," I talk about how our belief that property rights -- your employer's right to control the software load on the computer they bought for your use -- have come to trump privacy, human rights and basic decency.
Firms have legitimate (ish) reasons to install these certificates. Many firms treat the names of the machines on their internal networks as proprietary information (eg accounting.sydney.australia.company.com), but still want to use certificates to protect their users' connections to those machines. So rather than paying for certificates from one of the hundreds of certificate authorities trusted by default in our browsers – which would entail disclosing their servers' names – they use self-signed certificates to protect those connections.
But the presence of your employer's self-signed certificate in your computers' list of trusted certs means that your employer can (nearly) undetectably impersonate all the computers on the internet, tricking your browser into thinking that it has a secure connection to your bank, Facebook, or Gmail, all the while eavesdropping on your connection.
Many big firms use "lawful interception" appliances that monitor all employee communications, including logins to banks, health providers, family members, and other personal sites.
Protecting your Facebook privacy at work isn't just about passwords
Update: To everyone who says that your employer has the unlimited right to spy on your computer use because you're on company property, here's a paragraph from later in the piece:
Besides, there are plenty of contexts in which "company property" would not excuse this level of snooping. If you met your spouse on your lunchbreak to discuss a private medical matter in the break room or car park, you would probably expect that your employer wouldn't use a hidden microphone to listen in on the conversation – even though you were "on company property". Why should your employer get to snoop on your private webmail conversations with your spouse during your lunch-break?
By Cory Doctorow at 1:00 pm Friday, Feb 17
• Comments • Share
Dan Kaminsky sez,
There's been a lot of talk about some portion of the RSA keys on the Internet being insecure, with "2 out of every 1000 keys being bad". This is incorrect, as the problem is not equally likely to exist in every class of key on the Internet. In fact, the problem seems to only show up on keys that were already insecure to begin with -- those that pop errors in browsers for either being unsigned or expired. Such keys are simply not found on any production website on the web, but they are found in high numbers in devices such as firewalls, network gateways, and voice over IP phones.
It's tempting to discount the research entirely. That would be a mistake. Certainly, what we generally refer to as "the web" is unambiguously safe, and no, there's nothing particularly special about RSA that makes it uniquely vulnerable to a faulty random number generator. But it is extraordinarily clear now that a massive number of devices, even those purportedly deployed to make our networks safer, are operating completely without key management. It doesn't matter how good your key is if nobody can recognize it as yours. DNSSEC will do a lot to fix that. It is also clear that random number generation on devices is extremely suspect, and that this generic attack that works across all devices is likely to be followed up by fairly devastating attacks against individual makes and models. This is good and important research, and it should compel us to push for new and interesting mechanisms for better randomness. Hardware random number generators are the gold standard, but perhaps we can exploit the very small differences between clocks in devices and PCs to approximate what they offer.
Primal Fear: Demuddling The Broken Moduli Bug
(Thanks, Dan!)
"Encrypt Facebook is
a Chrome extension that would prevent snooping on the discussions,status updates in Facebook groups by storing it them in an encrypted format on Facebook's database instead of normal text and also it would convert encrypted format back into normal text whenever that particular group's url is accessed in Chrome."
(
Thanks, Joly!)
— Cory
By Cory Doctorow at 10:39 pm Tuesday, Feb 14
• Comments • Share
The Electronic Frontier Foundation's SSL Observatory is a research project that gathers and analyzes the cryptographic certificates used to secure Internet connections, systematically cataloging them and exposing their database for other scientists, researchers and cryptographers to consult.
Now Arjen Lenstra of École polytechnique fédérale de Lausanne has used the SSL Observatory dataset to show that tens of thousands of SSL certificates "offer effectively no security due to weak random number generation algorithms." Lenstra's research means that much of what we think of as gold-standard, rock-solid network security is deeply flawed, but it also means that users and website operators can detect and repair these vulnerabilities.
While we have observed and warned about vulnerabilities due to insufficient randomness in the past, Lenstra's group was able to discover more subtle RNG bugs by searching not only for keys that were unexpectedly shared by multiple certificates, but for prime factors that were unexpectedly shared by multiple publicly visible public keys. This application of the 2,400-year-old Euclidean algorithm turned out to produce spectacular results.
In addition to TLS, the transport layer security mechanism underlying HTTPS, other types of public keys were investigated that did not use EFF's Observatory data set, most notably PGP. The cryptosystems that underlay the full set of public keys in the study included RSA (which is the most common class of cryptosystem behind TLS), ElGamal (which is the most common class of cryptosystem behind PGP), and several others in smaller quantities. Within each cryptosystem, various key strengths were also observed and investigated, for instance RSA 2048 bit as well as RSA 1024 bit keys. Beyond shared prime factors, there were other problems discovered with the keys, which all appear to stem from insufficient randomness in generating the keys. The most prominently affected keys were RSA 1024 bit moduli. This class of keys was deemed by the researchers to be only 99.8% secure, meaning that 2 out of every 1000 of these RSA public keys are insecure. Our first priority is handling this large set of tens of thousands of keys, though the problem is not limited to this set, or even to just HTTPS implementations.
We are very alarmed by this development. In addition to notifying website operators, Certificate Authorities, and browser vendors, we also hope that the full set of RNG bugs that are causing these problems can be quickly found and patched. Ensuring a secure and robust public key infrastructure is vital to the security and privacy of individuals and organizations everywhere.
Researchers Use EFF's SSL Observatory To Discover Widespread Cryptographic Vulnerabilities
By Cory Doctorow at 6:12 am Wednesday, Jan 25
• Comments • Share
A federal judge in Colorado recently handed down a ruling that forced a defendant to decrypt her laptop hard-drive, despite the Fifth Amendment's stricture against compelling people to testify against themselves. The Electronic Frontier Foundation's Marcia Hoffman has commentary on the disappointing ruling:
In the order issued yesterday, the court dodged the question of whether requiring Fricosu to type a passphrase into the laptop would violate the Fifth Amendment. Instead, it ordered Fricosu to turn over a decrypted version of the information on the computer. While the court didn't hold that Fricosu has a valid Fifth Amendment privilege not to reveal that data, it seemed to implicitly recognize that possibiity. The court both points out that the government offered Fricosu immunity for the act of production and forbids the government from using the act of production against her. We think Fricosu not only has a valid privilege against self-incrimination, but that the immunity offered by the government isn't broad enough to invalidate it. Under Supreme Court precedent, the government can't use the act of production or any evidence it learns as a result of that act against Fricosu.
The court then found that the Fifth Amendment "is not implicated" by requiring Fricosu to turn over the decrypted contents of the laptop, since the government independently learned facts suggesting that Fricosu had possession and control over the computer. Furthermore, according to the court, "there is little question here but that the government knows of the existence and location of the computer's files. The fact that it does not know the specific content of any specific documents is not a barrier to production." We disagree with this conclusion, too. Neither the government nor the court can say what files the government expects to find on the laptop, so there is testimonial value in revealing the existence, authenticity and control over that specific data. If Fricosu decrypts the data, the government could learn a great deal it didn't know before.
In sum, we think the court got it wrong.
Disappointing Ruling in Compelled Laptop Decryption Case
By Cory Doctorow at 8:37 am Wednesday, Dec 21
• Comments • Share
The Electronic Frontier Foundation has published a new guide, "Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices," which explains how the law, good technology choices, cryptography and backups can be combined to keep your data safe while you travel, especially when crossing into the USA, where customs officials reserve the rights to search your laptop and mobile phone without a warrant and keep whatever they find.
"Different people need different kinds of precautions for protecting their personal information when they travel," said EFF Senior Staff Technologist Seth Schoen. "Our guide helps you assess your personal risks and concerns, and makes recommendations for various scenarios. If you are traveling over the U.S. border soon, you should read our guide now and get started on taking precautions before your trip."
Over the past few years, Congress has weighed several bills to protect travelers from suspicionless searches at the border, but none has had enough support to become law. You can join EFF in calling on the Department of Homeland Security to publish clear guidelines for what they do with sensitive traveler information collected in digital searches by signing our petition. You can also test your knowledge about travelers' privacy rights and help spread the word about the risks by taking our border privacy quiz.
"We store detailed records of our lives on our laptops and our phones. But the courts have diminished our constitutional right to privacy at the border," said EFF Senior Staff Attorney Marcia Hofmann. "It's time for travelers to take action and protect themselves and their private information during international trips."
Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices
By Cory Doctorow at 2:02 am Wednesday, Dec 7
• Comments • Share
The UK government has officially apologised to computing giant and war hero Alan Turing for forcing him to take hormone injections as "therapy" for being gay (driving him to suicide), but now a petition has been mounted to get an official pardon Turing's 1952 for "gross indecency."
We ask the HM Government to grant a pardon to Alan Turing for the conviction of 'gross indecency'. In 1952, he was convicted of 'gross indecency' with another man and was forced to undergo so-called 'organo-therapy' - chemical castration. Two years later, he killed himself with cyanide, aged just 41. Alan Turing was driven to a terrible despair and early death by the nation he'd done so much to save. This remains a shame on the UK government and UK history. A pardon can go to some way to healing this damage. It may act as an apology to many of the other gay men, not as well known as Alan Turing, who were subjected to these laws.
Grant a pardon to Alan Turing
By Cory Doctorow at 8:14 am Friday, Dec 2
• Comments • Share
A paper (paywalled) in the journal Digital Investigation finds that hard-drive full disk encryption works. Police and other investigators are increasingly unable to access the data on seized equipment due to the efficacy of diskwide scrambling. This is a good, research-backed contribution to the debate on whether encrypting your hard-drive is worth the trouble. If the police can't access data on accused criminals' computers, then it seems likely that criminals who steal your laptop (or snoops in totalitarian states who seize dissidents' computers) won't be able to either.
The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is a pressing need for more effective on-scene capabilities to detect and preserve encryption prior to pulling the plug. In addition, to give digital investigators the best chance of obtaining decrypted data in the field, prosecutors need to prepare search warrants with FDE in mind. This paper describes how FDE has hampered past investigations, and how circumventing FDE has benefited certain cases. This paper goes on to provide guidance for gathering items at the crime scene that may be useful for accessing encrypted data, and for performing on-scene forensic acquisitions of live computer systems. These measures increase the chances of acquiring digital evidence in an unencrypted state or capturing an encryption key or passphrase. Some implications for drafting and executing search warrants to dealing with FDE are discussed.
Research team finds disk encryption foils law enforcement efforts
(via Schneier)
(Image: Kryha-Chiffriermaschine, Kryha-Encryption Device, a Creative Commons Attribution (2.0) image from ideonexus's photostream)
By Cory Doctorow at 9:44 pm Monday, Nov 28
• Comments • Share
Avi sez, "Yale's Beinecke Rare Book and Manuscript Library has put complete high resolution scans of the enigmatic, undeciphered Voynich Manuscript online."
Written in Central Europe at the end of the 15th or during the 16th century, the origin, language, and date of the Voynich Manuscript—named after the Polish-American antiquarian bookseller, Wilfrid M. Voynich, who acquired it in 1912—are still being debated as vigorously as its puzzling drawings and undeciphered text. Described as a magical or scientific text, nearly every page contains botanical, figurative, and scientific drawings of a provincial but lively character, drawn in ink with vibrant washes in various shades of green, brown, yellow, blue, and red.
Based on the subject matter of the drawings, the contents of the manuscript falls into six sections: 1) botanicals containing drawings of 113 unidentified plant species; 2) astronomical and astrological drawings including astral charts with radiating circles, suns and moons, Zodiac symbols such as fish (Pisces), a bull (Taurus), and an archer (Sagittarius), nude females emerging from pipes or chimneys, and courtly figures; 3) a biological section containing a myriad of drawings of miniature female nudes, most with swelled abdomens, immersed or wading in fluids and oddly interacting with interconnecting tubes and capsules; 4) an elaborate array of nine cosmological medallions, many drawn across several folded folios and depicting possible geographical forms; 5) pharmaceutical drawings of over 100 different species of medicinal herbs and roots portrayed with jars or vessels in red, blue, or green, and 6) continuous pages of text, possibly recipes, with star-like flowers marking each entry in the margins.
VOYNICH MANUSCRIPT
(Thanks, Avi!)
By Cory Doctorow at 8:27 am Tuesday, Oct 25
• Comments • Share
A team of Swedish and American researchers used machine translation techniques to crack an 18th century cipher used by a secret society. The approach -- presented to the Association for Computational Linguistics in a paper called The Copiale Cipher (PDF) -- treated the encrypted text as a foreign language and used techniques similar to those employed by Babelfish and Google Translate to derive the cleartext.
Discovered in an academic archive in the former East Germany, the elaborately bound volume of gold and green brocade paper holds 75,000 characters, a perplexing mix of mysterious symbols and Roman letters. The name comes from one of only two non-coded inscriptions in the document.
Kevin Knight, a computer scientist at the Information Sciences Institute at the University of Southern California, collaborated with Beata Megyesi and Christiane Schaefer of Uppsala University in Sweden to decipher the first 16 pages. They turn out to be a detailed description of a ritual from a secret society that apparently had a fascination with eye surgery and ophthalmology.
(via Reddit)
By Cory Doctorow at 3:08 am Wednesday, Oct 5
• Comments • Share
Bletchley Park, the birthplace of modern crypto and the home of the WWII codebreaking effort, has received a £4.6m Heritage Lottery Fund grant to fund restoration efforts and new exhibits. Bletchley was broken up after the war and its work was literally buried as part of the Cold War climate of secrecy that prevailed. In the years that followed, neglect and time led to the near-destruction of many of the historic sites. The Bletchley Park trust has since done amazing work on a shoestring budget to restore and preserve Bletchley, creating a fabulous museum and rebuilding some of the most beautiful electromechanical computers I've ever seen.
But there was only so much the Trust could do with no money. This grant is sorely needed, and this news fills me with delight.
Ironically, the money to restore Bletchley has come from the lottery, a government-run system designed to reinforce and exploit statistical innumeracy of the sort that Bletchley's cryptographers overcame in order to help win the war.
The investment will enable the restoration of key codebreaking huts and create a world-class visitor centre at the Buckinghamshire site.
The HLF said new exhibitions and interactive displays will bring Bletchley's story to life...
A spokesman for the Bletchley Park Trust said: "The ambition of the Bletchley Park Trust is to complete the restoration of the site, and to tell its story to the highest modern standards."
By Cory Doctorow at 5:04 pm Friday, Sep 30
• Comments • Share
Ned Batchelder sums up a series of technique to keep spammers from attacking submission forms with automated bots (it won't work against humans, but even cheap humans are more expensive than bots). Some of these techniques look like they'll continue to work even if they're widely known, while others depend merely on exploiting vulnerabilities in spammer techniques that will be refined as soon as the exploits are widespread.
We get titanic amounts of spam to the anonymous Boing Boing submission form, and most of it gets stopped using variations on these techniques. One interesting thing about our submission spam is how indiscriminate it is: various scumbags have gone to some lengths to figure out how to send spam to a form whose output is emailed to four people, and who will never, ever accidentally post their submission to this blog -- indeed, I just bulk-delete the stuff that makes it through the filter without even opening it -- our spammers are indiscriminate enough to use spammy subject lines, which means, I suppose, that they think they're going to end up someone a human being won't see them but a search-engine might.
The comment form has four key components: timestamp, spinner, field names, and honeypots.
The timestamp is simply the number of seconds since some fixed point in time. For example, the PHP function time() follows the Unix convention of returning seconds since 1/1/1970.
The spinner is a hidden field used for a few things: it hashes together a number of values that prevent tampering and replays, and is used to obscure field names. The spinner is an MD5 hash of:
The timestamp,
The client's IP address,
The entry id of the blog entry being commented on, and
A secret.
The field names on the form are all randomized. They are hashes of the real field name, the spinner, and a secret. The spinner gets a fixed field name, but all other fields on the form, including the submission buttons, use hashed field names.
Honeypot fields are invisible fields on the form. Invisible is different than hidden. Hidden is a type of field that is not displayed for editing. Bots understand hidden fields, because hidden fields often carry identifying information that has to be returned intact. Invisible fields are ordinary editable fields that have been made invisible in the browser.
(via O'Reilly Radar)
