This Place is Taken

Monday, April 23, 2012

Make Your Email Hacker Proof

Make Your Email Hacker Proof:

April 17, 2012

It's only a matter of time until your email gets hacked. Don't believe me? Just read this harrowing cautionary tale.
When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up and looking at e‑mail, and we both quickly saw what the real problem was. In my inbox I found a message purporting to be from her, followed by a quickly proliferating stream of concerned responses from friends and acquaintances, all about the fact that she had been “mugged in Madrid.” The account had seemed sluggish earlier that morning because my wife had tried to use it at just the moment a hacker was taking it over and changing its settings—including the password, so that she couldn’t log in again.

The greatest practical fear for my wife and me was that, even if she eventually managed to retrieve her records, so much of our personal and financial data would be in someone else’s presumably hostile hands that we would spend our remaining years looking over our shoulders, wondering how and when something would be put to damaging use. At some point over the past six years, our [email] correspondence would certainly have included every number or code that was important to us – credit card numbers, bank-account information, medical info, and any other sensitive data you can imagine.
Now get everyone you know to read it, too. Please. It's for their own good.
Your email is the skeleton key to your online identity. When you lose control of your email to a hacker – not if, but when you lose control of your email to a hacker – the situation is dire. Email is a one stop shop for online identity theft. You should start thinking of security for your email as roughly equivalent to the sort of security you'd want on your bank account. It's exceedingly close to that in practice.
The good news, at least if you use GMail, is that you can make your email virtually hacker-proof today, provided you own a cell phone. The fancy geek technical term for this is two factor authentication, but that doesn't matter right now. What matters is that until you turn this on, your email is vulnerable. So let's get started. Not tomorrow. Not next week. Right. Freaking. Now.

Go to your Google Account Settings

Google-account-settings
Make sure you're logged in. Expand the little drop-down user info panel at the top right of most Google pages. From here, click "Account" to view your account settings.
Google-enable-two-factor-auth
On the account settings page, click "edit" next to 2-step verification and turn it on.

Have Your Cell Phone Ready

GMail will walk you through the next few steps. You just need a telephone that can receive SMS text messages. Enter the numeric code sent through the text message to proceed.
Google-text-email-verification

Now Log In With Your Password and a PIN

Now your password alone is no longer enough to access your email.
Google-two-factor-login
Once this is enabled, accessing your email always requires the password, and a code delivered via your cell phone. (You can check the "remember me for 30 days on this device" checkbox so you don't have to do this every time.) With this in place, even if they discover your super sekrit email password, would-be hackers can't do anything useful with it! To access your email, they'd need to somehow gain control of your cell phone, too. I can't see that happening unless you're in some sort of hostage situation, and at that point I think email security is the least of your problems.

What If I Lose My Cell Phone?

Your cell phone isn't the only way to get the secondary PIN you need to access your email. On the account page there are multiple ways to generate verification codes, including adding a secondary backup phone number, and downloading mobile applications that can generate verification codes without a text message (but that requires a smart phone, naturally).
Google-backup-email-codes
This also includes the never-fails-always-works option: printing out the single-use backup verification codes on a piece of paper. Go do this now. Right now! And keep those backup codes with you at all times. Put them in your wallet, purse, man-purse, or whatever it is that travels with you most often when you get out of bed.
Backup-verification-codes

What About Apps That Access Email?

Applications or websites that access your email, and thus necessarily store your email address and password, are also affected. They have no idea that they now need to enter a PIN, too, so they'll all be broken. You'll need to generate app-specific passwords for your email. To do that, visit the accounts page.
Google-enabling-apps
Click on authorizing applications & sites, then enter a name for the application and click the Generate Password button.
Google-generated-app-password
Let me be clear about this, because it can be confusing: enter that specially generated password in the application, not your master email password.
This effectively creates a list of passwords specific to each application. So you can see the date each one was last used, and revoke each app's permission to touch your email individually as necessary without ever revealing your primary email password to any application, ever. See, I told you, there is a method to the apparent madness.

But I Don't Use Gmail

Either nag your email provider to provide two-factor authentication, or switch over. Email security is critically important these days, and switching is easy(ish). GMail has had fully secure connections for quite a while now, and once you add two-factor authentication to the mix, that's about as much online email safety as you can reasonably hope to achieve short of going back to snail mail.

Hey, This Sounds Like a Pain!

I know what you're thinking. Yes, this is a pain in the ass. I'll fully acknowledge that. But you know what's an even bigger pain in the ass? Having your entire online identity stolen and trashed by a hacker who happens to obtain your email password one day. Remember that article I exhorted you to read at the beginning? Oh, you didn't read it? Go freaking read it now!
Permit me to channel Jamie Zawinski one last time: "OMG, entering these email codes on every device I access email would be a lot of work! That sounds like a hassle!" Shut up. I know things. You will listen to me. Do it anyway.
I've been living with this scheme for a few months now, and I've convinced my wife to as well. I won't lie to you; it hasn't all been wine and roses for us either. But it is inconvenient in the same way that bank vaults and door locks are. The upside is that once you enable this, your email becomes extremely secure, to the point that you can (and I regularly do) email yourself highly sensitive data like passwords and logins to other sites you visit so you can easily retrieve them later.
If you choose not to do this, well, at least you've educated yourself about the risks. And I hope you're extremely careful with your email password and change it regularly to something complex. You're making life all too easy for the hackers who make a fabulous living from stealing and permanently defacing online identities just like yours.
[advertisement] Hiring developers? Post your open positions with Stack Overflow Careers and reach over 20MM awesome devs already on Stack Overflow. Create your satisfaction-guaranteed job listing today!
Posted by Jeff Atwood


Linus Torvalds winner of the 2012 Millennium Technology Prize

Linus Torvalds winner of the 2012 Millennium Technology Prize:
Technology Academy Finland has today declared two prominent innovators, Linus Torvalds and Dr Shinya Yamanaka, laureates of the 2012 Millennium Technology Prize, the prominent award for technological innovation. The laureates, who will follow in the footsteps of past victors such as World Wide Web creator Sir Tim Berners-Lee, will be celebrated at a ceremony in Helsinki, Finland, on Wednesday 13 June 2012, when the winner of the Grand Prize will be announced. The prize pool exceeds EUR 1 Million.
Linus Torvalds, Finland/USA
In recognition of his creation of a new open source operating system for computers leading to the widely used Linux kernel. The free availability of Linux on the Web swiftly caused a chain-reaction leading to further development and fine-tuning worth the equivalent of 73,000 man-years. Today millions use computers, smartphones and digital video recorders like Tivo run on Linux. Linus Torvald’s achievements have had a great impact on shared software development, networking and the openness of the web, making it accessible for millions, if not billions.
Dr. Shinya Yamanaka, Japan
In recognition of his discovery of a new method to develop induced pluripotent stem cells for medical research that do not rely on the use of embryonic stem cells. Using his method to create stem cells, scientists all over the world are making great strides in research in medical drug testing and biotechnology that should one day lead to the successful growth of implant tissues for clinical surgery and combating intractable diseases such as cancer, diabetes and Alzheimer’s. Dr. Yamanaka is specifically cited for his prominent work in ethically sustainable methodology.
The Millennium Technology Prize is Finland’s tribute to life-enhancing technological innovation. The prize is awarded every second year for a technological innovation that significantly improves the quality of human life, today and in the future. It is awarded by the Technology Academy Finland, an independent foundation established by Finnish industry, in partnership with the Finnish state. The laureates were selected by the Board of the Foundation on the basis of recommendations made by the International Selection Committee.
International selection committee has broad technological experience
Eligible nominations have been examined by the International Selection Committee, a distinguished network of leading Finnish and international scientists and technologists. The final decision regarding all the laureates is made by the Board of the Technology Academy Finland on the basis of a proposal by the ISC. The Grand Prize Winner will be announced at a festive ceremony in Helsinki on 13 June 2012.
Linus Torvalds said:
“Software is too important in the modern world not to be developed through open sources. The real impact of Linux is as a way to allow people and companies to build on top of it to do their own thing. We’re finally getting to the point where “data is just data”, and we don’t have all these insane special communications channels for different forms of data.”
Dr. Yamanaka said:
“In the 21st century, medical biology will advance at a more rapid pace than before and personalised medicine will become readily available in the not distant future. iPS cell–derived differentiated cells could potentially treat sickle cell anemia and spinal cord injury. There are already plans to conduct a clinical trial on a few patients with age-related macular disease over the next few years.
“My goals over the decade include to develop new drugs to intractable diseases by using iPS cell technology and to conduct clinical trials using it on a few patients with Parkinson’s disease, diabetes or blood diseases.”
Dr Ainomaija Haarla, President of Technology Academy Finland, said:
“We had many worthy nominations that we deliberated over, but ultimately we narrowed it down to these two candidates who have made such a significant impact in the field of computing and stem cell research. I hope this announcement will lead to added recognition for these extraordinary scientists and the technologies that they have developed. These two men may well be talked about for centuries to come.”
Notes to editors:
1. For international media enquiries, please contact:
Rob Blackhurst Apollo Public Relations rob@apollopublicrelations.com 00 44 787 9423341
2. For Finnish media enquiries, please contact:
Niina Suhonen, Head of Communications & Marketing, Technology Academy Finland
firstname.lastname(at)technologyacademy.fi, tel. +358 40 8439 438
3. Contacts at Technology Academy Finland
Dr. Tech. Ainomaija Haarla, President and CEO
firstname.lastname(at)technologyacademy.fi, tel: +358 40 716 0703
Chancellor Jarl-Thure Eriksson, Åbo Akademi University, Chairman of the International Selection Committee, firstname.lastname(at)abo.fi, tel. +358 40 5012 570
Further information about the Prize and members of the International Selection Committee at: www.millenniumprize.fi
Additional information about Technology Academy Finland at:
www.technologyacademy.fi
More about the laureates and their innovations:
Case stories, interviews, photographs and videos on the laureates are available at www.millenniumprize.fi
Videos in YouTube
Linus Torvalds http://www.youtube.com/watch?v=a1MCvuDvCaQ
Dr Shinya Yamanaka http://www.youtube.com/watch?v=HXvRbffAhn8
Technology Academy Finland (TAF) is an independent foundation with a mission to support scientific research and new technologies that will benefit humanity and improve the quality of people’s lives. TAF awards the bi-annual Millennium Technology Prize and runs associated events such as the annual Millennium Youth Camp. TAF also promotes Finland as a high-tech country by actively participating in global networks in the scientific community, business and governmental organisations.
Previous winners
The Millennium Technology Prize has been awarded four times. The inaugural Prize was awarded in 2004 to Sir Tim Berners-Lee, inventor of the World Wide Web. In 2006, the Prize was awarded to Professor Shuji Nakamura, inventor of revolutionary new light sources – bright blue, green and white LEDs and a blue laser. In 2008, Professor Robert Langer won the Prize for his innovative work in controlled drug release and for developing innovative biomaterials for use in tissue regeneration. The fourth Prize was awarded to Professor Michael Grätzel in 2010 for his innovative developments in dye-sensitised solar cells. New technology will have a significant impact on the development of future energy solutions, and Grätzel cells are expected to play an important and extensive role in renewable energy applications.
What the selection committee said about this year’s Laureates
Linus Torvalds
“In recognition of the unprejudiced creation of a new open source operating system leading to the largely exploited Linux kernel. The free availability on the Web swiftly caused a chain-reaction leading to further development and fine-tuning worth the equivalent of 73,000 man-years. Today the estimated number of users is 30 million. The achievement of Linus Torvalds has had a great impact on software development and on cultural and ethical issues of networking and openness of the Web.”
Dr. Shinya Yamanka
“In recognition of the discovery of a new method and the development of necessary technical procedures in order to produce induced pluripotent stem cells from ordinary cell tissue. The achievement has great impact on research in medicine and biotechnology, pluripotent stem cells are already used for medical drug testing and the growth of implant tissues. Dr. Yamanaka’s discovery also has a fundamental ethical bearing as it eliminates the need for embryonic stem cells. He is unquestionably identified as the father of the innovation.”
Partners of the Millennium Technology Prize
Kemira, Neste Oil, Nokia, Outotec, SEB,
Cargotec, FIM, Fortum, Gasum, Halton, Lönnberg, Metso, Metsägroup, Ruukki, Vaisala, Wärtsilä

Sunday, April 22, 2012

Temporary Post Used For Theme Detection (64ed7368-32f0-4735-81c8-976d1ddcf5b8 - 3bfe001a-32de-4114-a6b4-4005b770f6d7)

This is a temporary post that was not deleted. Please delete this manually. (b2e39647-120e-41f6-975e-279675aa861a - 3bfe001a-32de-4114-a6b4-4005b770f6d7)

Friday, April 20, 2012

Why Person of Interest is one of those rare shows that deserves its popularity [Tv Recap]

Why Person of Interest is one of those rare shows that deserves its popularity [Tv Recap]:
Why Person of Interest is one of those rare shows that deserves its popularity Last week's episode of Person of Interest basically brought together everything I love about this show: the brooding paranoia, the weird alliances between criminals and cops, the strange moments of humor, and the unapologetically intense violence. Now that this series' first season is nearing its final few episodes, it's time to assess. Unlike many of the new shows that excited us this year, including The River and Awake, Person of Interest is a bona fide hit, pulling in 14.1 million viewers last week for CBS. With its jaundiced view of government agencies, and a mile-wide subversive streak, Person of Interest is the kind of show that offers escapism to audiences who cry out for justice that's even darker than what Batman dishes out.
The episode that aired Thursday, "Flesh and Blood," wrapped up two plotlines featured in several episodes this season, and it proved that Person of Interest has come into its own. Strap yourself in and get ready for gun-blasting awesomeness.
Spoilers ahead.
What I really liked about this episode was that it clarified for me the insanely complicated web of alliances controlled by brainiac Finch and his badass sidekick Reese. Basically the point of this show is that good crime fighters exist both inside and outside law enforcement agencies. And so do evil criminals. So we've spent most of the season sorting out who among the cops, spies, crime bosses, and mercenaries are good guys and who is bad. We know that up-and-coming crime boss Elias is partly good and mostly bad; we know that corrupt cop Fusco is partly bad and mostly good. We know that the CIA are selling drugs to fuel the war on terror, and that the only guys we can really trust are vigilantes Reese and Finch, two half-mad weirdos who will stop at nothing to prevent crimes.
We also know that the Machine, a device Finch invented to help US intelligence predict where crimes would happen next, is a kind of metaphor for the ambiguous nature of crime itself. Each week, the Machine spits out the social security number of a person who will be at the center of a crime. We don't know if the number is going to be a victim or perpetrator — and often, as we learned when we met Elias for the first time, the number may be both.
Anyway, on Thursday night, Elias finally made his move to wipe out most of New York's mob bosses (yes, all five of them were this week's numbers). And to make sure things would go without a hitch, Elias dumped piles of cash on NYPD's corrupt gang of cops known as "HR." Plus, he hired a bunch of low-down criminals to shadow the HR guys so that he could wipe them out once he was done with the mobsters. Elias is a purist. He loves crime, but he hates corruption. He values loyalty. And that's why he's even helped Reese in the past (though the "helping" involved a certain amount of being locked in a freezer truck, which wasn't very nice).
But last week, Elias turned up the evil knob by kidnapping non-corrupt cop Carter's son. This set up a really interesting conundrum. See, Reese and Finch forced Fusco to join HR so they could keep tabs on them. But HR wants Fusco keeping tabs on Carter, so they can figure out who those mysterious guys are that she works with (AKA Finch and Reese). And given that Finch and Reese just got all the mob bosses' numbers this week, their priority and Carter's is to protect these scumbags at all costs — mostly because if Elias becomes Big Boss things might get even more horrific in NYC. So Carter and Fusco have their mobsters in a hidden warehouse — but somehow HR gets wind of where they are and they send out some guys to help Elias and his assassin break in. As they drill their way into the door, Elias is telling Carter by cell that if she doesn't give up the mobsters her son will die.
Luckily she takes another call from Reese during this mobile phone standoff, and he assures her that he's about to fuck shit up majorly to get her son back safely. And we know he will, too.
The result of all this tangliness? A seriously awesome payoff where Finch pays a visit to the guy who heads up HR, and shows him surveillance photos OF THE SURVEILLANCE PHOTOS that Elias' paid creeps are taking of HR guy's family. See? Elias is tracking HR guy's family so that he can kill them later! Basically, Finch's meta-surveillance convinces HR guy to stop helping Elias so that the good cops can bring backup to Carter. On top of that, HR spills the location where Carter's kid is being held. Within minutes, there's this epic shootout where Reese breaks into the place where they've got the kid, and cool music plays while Reese does his stony-face "I can kill you with my elbows" routine.
Why Person of Interest is one of those rare shows that deserves its popularity And Fusco gets to be a hero when one of the mob bosses reveals that he's already in Elias' pocket and says, "Hey I know you're in HR, Fusco, shoot Carter and let's get out of here." Instead, Fusco shoots the scumbag, and the good cops come to arrest Elias. That's right — Elias is in jail! Luckily, he's still got enough corrupt cops on the inside that he's able to use his mobile to call his half-brother and evil mob boss dad to wish them goodbye before they die in the car bomb he rigged for them. Woo! Elias got his revenge for that time his dad killed his mom and tried to murder him too! I love Elias as a bad guy. How many mob bosses launch their careers by becoming high school teachers for at-risk youth, in order to befriend the children of mobsters and find out what's going on inside the crime organizations. It's like Dangerous Minds crossed with The Godfather, and I can't get enough of it.
Despite its flaws — like really clunky dialogue — I feel like Person of Interest is one of the best original ideas I've seen for a spy-fi series in forever. The Machine, with its Department of Pre-Crime capabilities, is a fantastic mystery to place at the heart of this show. The idea of a geek with a badass sidekick is terrifically appealing. But most of all, I love how this show is like 24 in reverse. In this world, some of the worst acts of terror are perpetrated by the government and its intelligence agencies. And of course one of those crimes is ignoring all the dangerous situations that Finch and Reese are trying to prevent.
I also like that this show doesn't have the mystery-wrapped-in-a-mystery format that's become frankly tiresome in the wake of shows like Lost and Fringe. Every week, we have the satisfaction of seeing the number saved or brought to justice. And the ongoing plot arcs return in order to be solved, or to advance in a meaningful way. It's interesting that a show whose DNA is basically paranoid conspiracy stories manages to deliver narrative resolution on a regular basis. Maybe that's the secret of Person of Interest's success. It manages to convey a strong sense of right and wrong, despite offering characters who come mostly in shades of gray. And it shows us a world where pervasive surveillance can be a force of justice, rather than authoritarianism.
If you haven't been watching, it's time to start tuning in. This show is the perfect dark pleasure in an age of uncertain politics and surveillance follies. And the chemistry between leads Finch and Reese is superb.

Bad movie cryptography, 'Swordfish' edition

Bad movie cryptography, 'Swordfish' edition:
Hackers are paler than the general public. Also, they use gel.
I was just working on an honest-to-god technical post when I thought: here's an idea, let's illustrate this point with a reference to the classic bad-security movie 'Swordfish'. What a terrible mistake.



In searching for a link I turned up what purports to be Skip Woods' original shooting script. And now I'm not going to get any work done until I get this off my chest: holy &#^$*&# crap the cryptography in that movie is way worse than I thought it was. 



I know, I know, it's a ten year old movie and it's all been said before. So many times that it's not even shooting fish in a barrel anymore, it's more like shooting frozen fish in a barrel.



There isn't much crypto in the movie. But what there is, whew... If you consider a modified Pritchard scale where the X axis is 'refers to a technology that could actually exist' and the Y axis is 'doesn't make me want to stab myself', Skip Woods has veered substantially into negative territory.



I know most people will say something like 'Duh' or 'It's swordfish!' or 'What do you expect from a movie where a guy breaks a password while John Travolta holds a gun to his head and Halle Berry fiddles around in his lap.' And yes, I realize that this happens. But that stuff actually doesn't trouble me so much.



What does bother me is that the DoD system he breaks into uses 128-bit RSA encryption. Does anyone really think that the NSA would validate that? And then there's this exchange (emphasis mine):



                            GABRIEL
                  Here's the deal. I need a worm,
                  Stanley. A hydra, actually. A
                  multi-headed worm to break an
                  encryption and then sniff out
                  latent digital footprints
                  throughout an encrypted network.

                                STANLEY
                  What kind of cypher?

                                GABRIEL
                  Vernam encryption.

                                STANLEY
                  A Vernam's impossible. Its key
                  code is destroyed upon
                  implementation. Not to mention
                  being a true 128 bit encryption.

                                GABRIEL
                  Actually, we're talking 512 bit.

Ok, I don't know about the stuff at the beginning -- but the rest is serious. We're not going after a mere Vernam One-Time Pad, which would just be impossible to break. Instead we're going after the Big Kahuna, the true 128-bit unbreakable Vernam One-Time Pad. No, wait, that's too easy. To do this right, we're gonna have to break the full 512-bit unbreakable Vernam One-Time Pad, which is at least 2^384 times as unbreakable as the regular unbreakable kind. Get Halle back in here!
What kills me is that if you squint a little some of this technical jargon kind of makes sense. This can only mean one thing: Skip Woods brought in a technical advisor. But having done so, he obviously took the advice he was given and let it fly prettily out the windows of his Mercedes on the way home. Then he wrote what he wanted to write. Who needs an unbreakable cipher when we can have an unbreakable cipher with a frickin' 128 512 bit key!

I thought this post would be cathartic, but the truth is I just feel dirty now. Where will this end? Will I find myself criticizing Mercury Rising and Star Trek? The thing is, I like movies, even bad ones. I don't ask for realism. I just have limits.

And Swordfish is a bridge too far. If you're a Hollywood type and you need someone to vet your scripts, I'll do it. Cheap. I won't leave you all hung up in painful details -- if your plot requirements have the main character breaking cryptography in his head, I'll find a way to make it work. But it won't be a One-Time Pad and it sure as hell won't be 128-bit RSA. It will be *ahem* realistic.