tag:blogger.com,1999:blog-8150340806781551727.post242920819595626366..comments2024-03-28T16:08:53.493+00:00Comments on ToughSF: Physical Data SecurityMatter Beamhttp://www.blogger.com/profile/16721504049578296529noreply@blogger.comBlogger62125tag:blogger.com,1999:blog-8150340806781551727.post-42325622184905851752019-04-19T15:26:31.948+01:002019-04-19T15:26:31.948+01:00That does mean that you have a physical device tha...That does mean that you have a physical device that must be carried around and secured using physical means, even if you don't have to worry as much if it ends up in the hands of someone else... but not with complete certainty.<br /><br />Implied within that situation is that the pad itself is secure, that any steps between the decryption and the viewing, from the screen display to the decryption device, are not compromised. The only way to be sure is to make one yourself from scratch, but that is only an option for an extreme minority of people interested in truly secure communications. Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-39280825622598061812019-04-18T19:09:38.196+01:002019-04-18T19:09:38.196+01:00Why wouldn't people just use one time pads in ...Why wouldn't people just use one time pads in this situation? It's fairly cheap to get a 100TB pad from Alice to Bob, and it allows them to talk without *any* possibility of decryption, as long as the pad is truly random.Cerereanhttps://www.blogger.com/profile/14935694167944319731noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-40647437333563539112019-03-08T21:42:30.767+00:002019-03-08T21:42:30.767+00:00Hi Spencer! Sorry for the late reply.
Money is a ...Hi Spencer! Sorry for the late reply.<br /><br />Money is a public item. It belongs to the state ultimately. Owning money in society is the equivalent of screaming that fact to every bank and government institution. So, you have a very large number of 'witnesses' that can verify ownership and transactions. It is unlikely that you can fool all of them into thinking you have more or less than what you really do.<br /><br />This allows money to be rather immune to the effects of most hacking (impersonators can still do damage).<br /><br />Personal or sensitive data cannot be shouted from the rooftops for everyone to know about. You cannot protect your ownership of it by having a large number of witnesses watch and track it for you. Therefore, it is much more vulnerable. Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-72011623908241590832019-03-05T15:43:14.440+00:002019-03-05T15:43:14.440+00:00I've read this post several times over the las...I've read this post several times over the last year or two and its got me thinking; How would money in such a distributed society work? I am not well versed on the actual transfer of money in the real world, but I would assume a lack of encrypted communications would disrupt its flow. In addition, would physical money make a comeback? Potentially carrying quantum bits for 100% secure data transfer like a USB stick loaded with money could be an option.Spencerhttps://www.blogger.com/profile/02574609311830751232noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-25194748667766001542019-01-26T13:34:50.502+00:002019-01-26T13:34:50.502+00:00Thanks for taking the time to discuss that, I feel...Thanks for taking the time to discuss that, I feel strongly about this and so really like getting to know more on this kind of field. Do you mind updating your blog post with additional insight? It should be really useful for all of us. <a href="https://usprotectionagency.com/houston-security-guard-company-bodyguards" rel="nofollow">bodyguard services Houston TX</a><br />FAFREEDhttps://www.blogger.com/profile/03604647749984943887noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-13748814468690992832018-06-21T04:27:37.372+01:002018-06-21T04:27:37.372+01:00NSA Global Security Consultants headquarters are b...NSA Global <a href="http://www.nsa-global.com" title="Corporate Security" rel="nofollow"><strong>Security Consultants</strong></a> headquarters are based in Johannesburg, South Africa, with additional operational offices throughout Africa, India and the Middle East and partnerships in the Americas, United Kingdom and EuropeNSA Globalhttps://www.blogger.com/profile/01146918058799012056noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-78615073298618461482018-04-06T09:50:49.466+01:002018-04-06T09:50:49.466+01:00Useful post!
I really appreciate this blog.
You sh...Useful post!<br />I really appreciate this blog.<br />You share important data in this blog about network security.<br />Thank you so much for sharing this.<br /><a href="https://www.smsaz.com/" rel="nofollow">Network Security Company Phoenix AZ</a><br />SMS AZhttps://www.blogger.com/profile/05179657252297184301noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-28176087534921470342018-03-08T09:30:47.959+00:002018-03-08T09:30:47.959+00:00This comment has been removed by a blog administrator.Anonymoushttps://www.blogger.com/profile/08164770788367307077noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-32256582849836702522018-02-15T06:20:21.455+00:002018-02-15T06:20:21.455+00:00A good blog always comes-up with new and exciting ...A good blog always comes-up with new and exciting information and while reading I have feel that this blog is really have all those quality that qualify a blog to be a one. <a href="http://getsnaptubefree.jigsy.com/entries/general/experience-youtube-video-downloading-with-snaptube" rel="nofollow">http://getsnaptubefree.jigsy.com/entries/general/experience-youtube-video-downloading-with-snaptube</a><br />FAFREEDhttps://www.blogger.com/profile/03604647749984943887noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-69946815977587244912018-01-20T00:03:03.438+00:002018-01-20T00:03:03.438+00:00Sorry it took me so long to loop back around on th...Sorry it took me so long to loop back around on this! I'm unsettled by just how challenging it is to understand machine self-directed development and adaptation; HAL 9000 and Cylon use cases aside, it's a real problem for testers and applications of such self-directed or obfuscated systems.<br /><br />For one, like when applied to military problems like ballistic missile defense, identifying where blind spots, edge cases, and departures from expected performance and/or behavior in a decision system can be important. We don't need some Forbin Project level of learned machine to have bad outcomes. There are enough problems with "conventional" code in and with complex systems. In my day job, it's the unexpected consequences that are most worrisome (imaging seekers on strike missiles are one recent case - adaptive coatings and materials able to change the target signature(s) from what is in the attacker's threat library were an area neural nets where suggested ... but as a design engineer a trade-off is whether my seeker will make an appropriate red/white/blue categorization and target as desired especially when communications to some controlling authority are denied - we spend a lot of time and treasure ensuring adaptive "learning" and correlation work as expected).<br /><br />BT<br /><br />Great point about custom/proprietary systems and their inherent security - at least first order. As others noted here, a driver exists to really work at both securing your own designs and designers, and work to learn as much as you can - or deny to your opposition - the architectures and details of others' systems.<br />Very Cyberpunk/Shadowrun in how it might play out. Often the emphasis might be denial of assets and/or information and/or access to others, not just securing ones own systems or actively taking information about the systems of others.<br /><br />Lots of story potential there. Even more so if there's an escalating tech or technique battle of encryption/decryption. It might be even more critical to obfuscate own sources/methods than "defending" ones own information.<br /><br />BT <br /><br />Yep, I too expect a political & military mandate to stay with conventional rockets and their limitations, at least while under the guise of commercial and/or civilian systems. Government high-energy systems are going to be destabilizing and invite preemptive actions.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-12863156074990765772018-01-02T19:20:35.921+00:002018-01-02T19:20:35.921+00:00An interesting concept for sure. It's saner th...An interesting concept for sure. It's saner than the NSWR, in that it doesn't explode as part of its normal mode of operation. You can switch off the neutron source and reaction dies down quickly.<br /><br />However, it still has issues. The neutron flux is enough to turn any nozzle material into putty. There's the issue of containing the reaction products, but like everything else, it might be solvable. <br /><br />Nice find!Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-90565610255340341792018-01-01T20:10:04.518+00:002018-01-01T20:10:04.518+00:00OT: Clean Lithium Fission Rocket(https://forum.nas...OT: Clean Lithium Fission Rocket(https://forum.nasaspaceflight.com/index.php?topic=39844.0, https://www.linkedin.com/pulse/20140724165847-39571567-nuclear-salt-water-rockets-revisited/)<br />Are any of you familiar with this?<br />This seems interesting, but I lack the engineering expertise to see if the points raised are valid.Keith Halperinhttps://www.blogger.com/profile/09841504651752178493noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-50552177970045876072018-01-01T19:52:52.808+00:002018-01-01T19:52:52.808+00:00I believe that this aspect has been well-covered i...I believe that this aspect has been well-covered in Atomic rockets- the more powerful a given system is (i.e. the more damage it can do if weaponized) the more tightly regulated it will (or at least SHOULD) be.Keith Halperinhttps://www.blogger.com/profile/09841504651752178493noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-31024684700866741232017-12-28T23:35:35.109+00:002017-12-28T23:35:35.109+00:00Hi Bryan!
It's great to have you share your te...Hi Bryan!<br />It's great to have you share your technical expertise and experience here!<br /><br />I'm sorry for the late reply - here is what I have to say:<br /><br />The meaning of 'quantum' used in this post is in reference to the revolutionary potential of quantum computing, that could theoretically un-do any sort of cryptography in a matter of minutes, however long and complex it is. It would be a hard counter to any sort of digital protection. Of course, there are other meanings of 'quantum', but this is the most worrying one.<br /><br />You raise an interesting point on how using publicly available information, software and hardware gives a pretty good idea on how your operation is set up and what vulnerabilities exist. I believe the problem grows hand-in-hand with budget restrictions. Smaller operations are forced to use off-the-shelf computers and commercial software, exposing them to known vulnerabilities being attacked right from the start. The USA has a much bigger budget, and for critical operations where security really matters, it has the possibility to custom-build hardware, use 'clean' software and even develop entirely new components that no-one knows of.<br /><br />A counter-point to consider is the growing presence of machine learning and neural networks, that are by definition impossible to deconstruct or even understand at any detail beyond general principles. This CGP Grey video on the subject (https://www.youtube.com/watch?v=R9OHn5ZF4Uo) described the process in which allowing machines to control the development of their own software quickly creates unreadable, yet effective, code. The smaller budget operations might soon be naturally protected against many attacks by the simple virtue of running unreadable software that can only perform a single task. <br /><br />With regards to laser-launch systems... there has been some debate on the dangers unintended use could have. The consensus is that there are ways to mitigate the dangers, but no way to strictly prevent it from being weaponized with cheap additions or modifications.<br /><br />Lasers are dangerous because of their intensity. With the power levels involved in the launch of even moderately sized rockets, there is no way to prevent the laser launch facility from reaching destructive intensities even at great distances (1000+ of km). However, the beaming mirror can be forced to have a very restricted range of motion, such as only being able to traverse 60 degrees from straight up to the horizon, and have a limited ability to deviate the beam, such as +/- 5 degrees. The beaming station might be placed only in empty areas or in places where ground obstacles prevent the beam from propagating very far. For example, facing the sea or behind a mountain range. These are precautions that are considered when placing rocket launch facilities today.<br /><br />However, even with these precautions, anyone with a mirror mounted on a plane or drone can fly into the beam and reflect in any other direction. This can even be done by hostile forces - they wait for a laser launch and repurpose the beam into a weapon with a simple parabolic mirror. Or, if the beam is able to lock onto a Low Earth Orbit satellite, then it can wide an entire altitude clear of satellites within an hour and a half. <br /><br />'Common sense' restrictions, such as reduce beam power or creating a minimum intensity, would be very effective, but also make the laser launch facility rather pointless. <br /><br />In the short-term, sticking to cheap reusable chemical-fuel launchers might be the most politically acceptable option!Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-81345761751635656982017-12-28T00:30:25.112+00:002017-12-28T00:30:25.112+00:00Sorry to jump in late, though I've just recent...Sorry to jump in late, though I've just recently made headway in the archives.<br /><br />I come here from a background doing data and information exploitation for some three-letter American agencies. <br /><br />"Quantum" means a lot of different things to different vendors/agencies/implementations. A former employer is not very concerned about "quantum" codebreaking for the near-future. <br /><br />We are concerned about exploitation of a lot of things we put in the public domain with respect to hardware and to some lesser extent software; the American government acquisition process specifies a lot of things & particulars that pretty much any potential adversary might know from budget and other publically available documents.<br /><br />Give a decent exploitation engineer some fundamental components specs, and at least part of your architecture, probable implementation path(s), general capabilities, and likely limitations are laid out. Issues with commercial equipment (COTS) include [usually] shipping with well-identified-by-others real and potential exploits. <br /><br />Even where not freely available from the public domain, there've been quite a few examples of systems exploitation going back a long way. Recent examples include injection of manufactured data into integrated air defense systems (some exploits using RF and other wireless data links), sending location data from opponent's smartphones to artillery direction systems (Russian-modified app distributed to Ukrainian and other adversaries), and exploiting hostile fire direction systems to both identify artillery maneuver areas (making them killboxes) and directing adversary fires where own forces are not.<br /><br />A pretty key area already touched on this site and in this thread is exploiting smartphones and any follow-ons. More than a few Ukrainians died from Russian fires directed to locations identified by the targets' own smartphones.<br /><br />This thread reminded me of an article on commercial systems exploitation at sea:<br />http://seapowermagazine.org/stories/20171221-cyber.html<br /><br />BT<br /><br />The mentions here and elsewhere of laser or microwave launch/propulsion systems really should drive home the need for enhanced security in many facets of operation and control. Lots of ways to put such systems to bad uses.<br /><br />In fiction, I find it challenging to get the polities lined up such that weapons-grade emitters/arrays and accelerators get to make sense. Even in the "right" hands there are risks. Sure, risks are part of life, but your laser launch system might be someone else's way to sweep the sky clear of other people's stuff. Other entities might just view that microwave power array as your way of sweeping other people's things out of your way. <br /><br />With great power comes great responsibility, and for high-energy systems even greater fear, uncertainty, and doubt. You'll likely get hyperloop/maglev/trains before a set of independent polities sharing the same planet/sky/orbitals willingly allow someone else to put weaponizable arrays into play <br />(OK, I've underestimated greed and stupidity as factors ).<br /><br />V/R<br />Bryan (site admin - credentials available on request)<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-34097820718927173032017-10-28T11:12:56.958+01:002017-10-28T11:12:56.958+01:00Distribute the key while all the ships are at the ...Distribute the key while all the ships are at the home base.Kasparnoreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-66036604974813906242017-10-23T21:13:24.308+01:002017-10-23T21:13:24.308+01:00I think spaceships would be the most vulnerable in...I think spaceships would be the most vulnerable in terms of data security. It would be extremely hard for them to establish a communication based on physical handling of a key.Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-49133083617918778362017-10-19T16:43:23.264+01:002017-10-19T16:43:23.264+01:00One-time encryption pads need to be mentioned too....One-time encryption pads need to be mentioned too. If the key is truly random, the encryption is unbreakable without compromising one of the ends.<br /><br />With near future computer tech it should be easy to generate terabytes worth of keys and deliver them with a trusted courier.<br /><br />For spaceship squadrons in particular it makes sense to handle all communications this way.Kasparnoreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-7059340082398902452017-08-30T21:27:07.323+01:002017-08-30T21:27:07.323+01:00No necroposts here! You can write a comment on the...No necroposts here! You can write a comment on the first blog post ever and I'll still be happy to discuss there :). I'm actually considering different ways to bring older posts back to the limelight. <br /><br />AdNauseam seems like a decent concept. It hits advertizers and Google where it hurts most: in the pocket. But, a cynical view would be that Google would just implement a a filter that distinguishes between robot and human clicks, and thatsuch an app doesn't protect from government and criminal surveillance - the forces that pose the real threat. <br /><br />But as always, it's a give and take game. They gave us pop-up ads and autoplay videos, we hit back with adblock, they starting tapping the ISP history, we now need AdNauseam and so on. Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-19516535777796481382017-08-30T19:42:17.417+01:002017-08-30T19:42:17.417+01:00Bit of a necropost, but one way to mess with big d...Bit of a necropost, but one way to mess with big data that I recently discovered is to automate the process of flooding data collection with nonsense results. <br /><br />The app is called "AdNauseam" (https://adnauseam.io/), which automatically "clicks" every ad. Advertisers who are forced to pay millions to Google will become irate that their ad buys are generating thousands or millions of clicks with no purchases, and hopefully will stop trying to buy ads on google or mine your personal data from Google, Facebook and other services.<br /><br />If you don't want to be the product, things like this let you fight back.Thucydideshttps://www.blogger.com/profile/09828932214842106266noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-42756858257159521562017-08-02T00:31:04.112+01:002017-08-02T00:31:04.112+01:00Once the moral and partisan quandaries are dismiss...Once the moral and partisan quandaries are dismissed, implementation has never been an obstacle for governments. Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-87025895315346526012017-08-01T21:06:16.085+01:002017-08-01T21:06:16.085+01:00Governments might just either offer you a "ca...Governments might just either offer you a "carrot", https://fee.org/articles/creepy-canadian-app-gives-citizens-points-for-making-government-approved-choices/<br /><br />but if you read the linked article you'll notice there is a catch:<br /><br />"In order to use the app, users are giving Carrot Insights and the federal government permission to “access and collect information from your mobile device, including but not limited to, geo-location data, accelerometer/gyroscope data, your mobile device’s camera, microphone, contacts, calendar and Bluetooth connectivity in order to operate additional functionalities of the Services.”<br /><br />How long before Canadians discover all new mobile phones and devices have this pre installed as a prerequisite for being sold in Canada? How long before access to government programs and services is contingent upon the amount of data you provide to the system (including daily logins?). "Engaging in Government Approved Messages" is Orwellian enough.........<br /><br />Thucydideshttps://www.blogger.com/profile/09828932214842106266noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-83399342827906499822017-07-28T23:20:28.674+01:002017-07-28T23:20:28.674+01:00@Law Wong, @Keith Halperin:
Welcome to the blog! ...@Law Wong, @Keith Halperin:<br /><br />Welcome to the blog! <br /><br />I imagined the impetus for such a drastic change would be due to great loss of money due to cyber-attack, causing a confidence crisis in traditional digital security measures. Something like the 2008 crisis, but I hadn't thought to draw parallels with a historical crisis!<br /><br />However, as I mentioned in the post, things aren't all bad. Forcing the need for human supervision would provide a healthy counter to job losses caused by increased automation. You'd need a researcher in every laboratory and a financial technician in every regional headquarters because you'd can't just share data between a single team - this would create a multiplied demand for high-skilled jobs. <br /><br />As for a future Smart Trump... that's a human constant throughout history. They'll come and go and we'll pick up the pieces. Matter Beamhttps://www.blogger.com/profile/16721504049578296529noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-48819495695400247432017-07-28T16:32:17.752+01:002017-07-28T16:32:17.752+01:00Indeed. I can imagine a scenario like this occurri...Indeed. I can imagine a scenario like this occurring after one or more 9/11- or Pearl Harbor-type cyber attacks or some things which re-create an early 1950's Cold War/McCarthy era fearful national mood. I could see this fearful national mood forming and strengthening over the next 20-30 years, particularly as large numbers of (largely) young men are made unemployable by increasing automation and AI, worsening climate-change effects create further instability, and a "Smart Trump" comes to power naming enemies and promising great things to those who follow/obey. I really hope I'm totally wrong- it could make for some great writing, but not great living..... Keith Halperinhttps://www.blogger.com/profile/09841504651752178493noreply@blogger.comtag:blogger.com,1999:blog-8150340806781551727.post-83510849397814927602017-07-28T07:03:03.527+01:002017-07-28T07:03:03.527+01:00Hmmm... sounds like a war economy to me. Additiona...Hmmm... sounds like a war economy to me. Additional costs imposed by security risks, and enormous sums spent on security. Security-centric society. Interesting. Thank you. Law Wonghttps://www.blogger.com/profile/16627278931006086881noreply@blogger.com