Archive for December, 2013

audio quality

Thursday, December 26th, 2013

192kHz digital music files offer no benefits. They’re not quite neutral either; practical fidelity is slightly worse. The ultrasonics are a liability during playback.

Such realities are ignored by many, as we’re routinely taught these days that More Is Better.

side channel attacks

Tuesday, December 24th, 2013

Researchers at Tel Aviv University and the Weizmann Institute of Science have successfully extracted 4096-bit RSA encryption keys using only the sound produced by the target computer.

More detail:

The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

Such attacks aren’t really new: monitors, and in particular CRTs, have been susceptible to such attacks for nearly three decades, and it’s something that various security agencies around the world have taken seriously in that time.

Clearly, moving to newer systems hasn’t diluted the attack.

the large head, and the long tail

Sunday, December 22nd, 2013

The Internet took off nearly 20 years ago with the wide dissemination of Netscape, the first web browser. Among the founding myths of this new economy was the belief that it would do away with intermediaries placing buyers and sellers face to face. Far from disappearing, new overpowerful intermediaries have actually emerged.

It’s my belief that all we’re seeing here is an artefact of people’s laziness: people can find whatever they want on the Internet; the Internet does allow the Long Tail — here, of creators — to be more successful than they could be in its absence. Finding “whatever they want” is however the problem! To that end, distribution channels which allow such retailers to find their customers will necessarily do well… forming a new point of focus, and a new winner-take-all point, one level back from product creation.

It’s important to note that none of the organisations mentioned in Rizos’ article are content creators: they’re distributors, par excellence. And in turn, I’m confident that these will eventually have had their day in the sun.

airport security

Sunday, December 22nd, 2013

[Airport security] couldn’t protect you from a 6-year-old with a water balloon.

Of course, while airport security is about perception rather than reality, nothing’s going to change in this regard. Ben Gurion needed to get good at security; they’re dealing with real threats on a regular basis. This is categorically not the case in much of the western hemisphere.

solar

Sunday, December 22nd, 2013

The annual energy potential from solar energy is 23,000 TWy. Energy potential from total recoverable reserves of coal is 900 TWy. For petroleum, it’s 240 TWy; and for natural gas, it’s 215 TWy. Wind energy’s yearly energy potential is 25–70 TWy.

Now all we need is efficient, low-impact energy storage to go with this.

ten million

Saturday, December 21st, 2013

Troubling:

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

The RSA deal shows one way the NSA carried out what Snowden’s documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools.

And all for $10M, which — relative to RSA’s value — is a paltry sum.

the value of backups

Friday, December 20th, 2013

CryptoLocker, a piece of malicious software which runs on Windows operating systems, is a major concern, says Sean Kopelke, director of technology at computer security company Symantec.

“It encrypts your files and then demands a modest ransom in return for a unique key to unlock the files,” Mr Kopelke told the ABC’s 7.30 program.

The bonus of a good backup routine – offline, of course – is not needing to care so much if this kind of ransomware takes over your computer.