The Triumph of Technology

April 15th, 2005

To coincide with this year's Reith Lectures, entitled the Triumph of Technology, You and Yours (BBC4, UK) has been asking what has been the most significant technological innovation since 1800.

Here is the final ten nominations:

It's a tough choice - I guess my vote goes to the transistor and the work that Lilienfield and later Shockley, Bardeen and Brattain did to bring this device into being. Without there, of which there have been more made than all the characters ever printed, we wouldn't have much of the technology that surrounds us today.

Keyboard loggers

April 15th, 2005

It seems that keyboard loggers are becoming more and more commonplace by the day. Once they were sold discreetly and at a high price, meaning that the bar for ownership was set reasonably high. Now keyboard snooping seems to almost be accepted and these devices are low-cost and sold openly. It seems that everyone can, and should, be a snoop. I've seem some hardware keyloggers marketed as backup tools - "keep your data safe in the event of a crash".

Defense against these snoopers isn't easy. I guess that ultimately we'll see standard home and office keyboards installed with public key systems that exchange am encryption key with the PC each time the system is started or at other predefined intervals (it could act as a normal keyboard until the operating system is started and the drivers loaded). This would render hardware keyloggers useless but still puts the system at risk from software keyloggers (which are a nuisance but getting easier to detect with anti-snooping software.

The best system is vigilance. If you're worried about a hardware keylogger on your PC, your PC at work or the one that you use elsewhere there are a few things that you can do:

1 - Check the cable - if there is something that looks like an adaptor between the keyboard (about the size of a AA battery) and the PC then be suspicious. Switch the PC off, unplug it and investigate. If it's not something that usually exists on your keyboard then it's likely to be a keylogger - to be safe, destroy it if it's on your system or report it to your administrator/security people in the workplace.

Image of a keylogger

2 - Lock your office/computer room door when you're not there. Control who has a key.

3 - Use a USB keyboard connection instead of PS/2 - I've not yet seen a keylogger that works for USB.

4 - Know your system and workplace - that way you're better able to spot changes.

Security at the Papal elections

April 15th, 2005

Bruce Schneier, world renowned security expert, has an interesting post on the security behind the Papal elections. This is one of the best rundowns of the security at the Sistine Chapel that I've come across so far. It's an interesting read and even though the election itself doesn't use hi-tech it has some valuable ideas that could be applied to the hi-tech world.

I was particularly interested in how clothing played an important part in the security.

Superb read - recommended reading for all interested in security!

Move away from WEP!

April 15th, 2005

If you are using a WLAN (wireless network) that is still being protected by WEP (Wired Equivalent Privacy) then you really need to abandon it and move on to the more secure and robust WPA (WiFi Protected Access). Why? Because it is so pathetically easy to break the security - in a demonstration the FBI managed it in 3 minutes, and they didn't have to resort to some fantastic super computer or super-secret processing software, it was all done using tools freely available on the Internet (you can even download a whole CD containing hundreds of tools all integrated into a stand-alone version of Linux - you boot off of the CD and you have a complete set of tools at your disposal).

Move away from WEP!!! Instead use WPA secured with a strong password.

Bluetooth sniper rifle

April 15th, 2005

Here are instructions on how to build a Bluetooth sniper rifle that works over long distances - forget the 10 meters of 100 meters range quoted on most Bluetooth devices, this works over distances of a mile! Bruce Schneier also makes the arguement that this type of device might be used to compromise data held in RFID tags (such as thise proposed for US passports).

Now, putting on one side how long the Bluetooth sniper will survive using that on the tops of tall buildings before he attracts gunfire from the Police (sanity would suggest paining the thing orange to make it look less "tactical" but then using that logic in reverse why not paint a real sniper rifle orange), is Bluetooth now so completely and utterly riddled with flaws that it's time to stop using it and either move on to something better or fix the problems (it's hard to do this given the number of cellphones and other Bluetooth enabled devices in use, many lacking the ability to be loaded with new controlling firmware)?

See, I'm convinced that the reason we have to put up with poor Bluetooth security (in the same way that we had to put up with the poor security offered by WEP) is that it's easy to fool the public for long enough to sell them something. Having gone through the technical data on both Bluetooth and WEP it's hard to imagine that the technical brains behind it didn't see the problems of security early on - more than likely they were gagged by the executives or were overcome by arrogance.

If you use Bluetooth then my advice for staying safe is to keep it switched off until it is needed. Where possible use device pairing and a passcode and switch of the Bluetooth receiver when not needed.

While it's off you're safe!