Tuesday, October 28, 2014

Justification for Your Paranoia

This week is dedicated to some Splunk training...nothing like week-long webinars to wake you up...

On the plus side, I kindof love this secondary company motto for Splunk that I found buried in their website. This should not be construed as a plug for the product. If you have enough data that you need something like splunk to navigate it, you'll know.

Now for things...

1) So-called tamper resistant voting booths are so hard to use that most votes don't get cast...
Researchers at Rice Univerity conducted a study of three different end-to-end voting machines: one web-based, one which scans paper forms, and one that uses ye-olde scantron bubble-sheets (as any elementary student from the last 30 years will be painfully familiar with). While these things are supposed to solve problems with security, ballot stuffing, or 'voter fraud', the end result of the study was that only 58% of the ballots run through the machines were successfully cast.
Put another way, that means that 42% of voters using the machines were effectively disenfranchised. I'll just let you people mull over that number for a while.
Is it worth knowing that you have a 42% chance of your vote not being cast at all to have the peace of mind from knowing that no one altered that vote after it was cast?

 2) You really can track anything with a smart phone...
In this case, by "anything" we're talking about cosmic radiation. With a simple app addition, Android phones can be turned into detectors to capture the light particles created when cosmic rays crash into Earth's atmosphere.
To turn your phone into a cosmic ray detector you need to download the app and cover the phone's camera lens with duct tape. The phone can then be placed screen up just about anywhere, even in a desk drawer as muons can penetrate matter much like X-rays.
I don't care what other data they might be collecting...this is just cool. On par with SETI@home. Sometimes, but rarely, awesomeness supersedes security concerns.
You can get more details and download the DECO (Distributed Electronic Cosmic-Ray Observatory) app HERE.

3) A new way to keep web-sites from leaking sensitive information?
The system, 'Confinement with Origin Web Labels,' or COWL, works with Mozilla's Firefox and the open-source version of Google's Chrome web browsers and prevents malicious code in a web site from leaking sensitive information to unauthorised parties, whilst allowing code in a web site to display content drawn from multiple web sites -- an essential function for modern, feature-rich web applications.
Testing of COWL prototypes for the Chrome and Firefox web browsers shows the system provides strong security without perceptibly slowing the loading speed of web pages. COWL is freely available for download and use as a DOM-level API (ye web-developers can get it here). 
Currently, web users' privacy can be compromised by malicious JavaScript code hidden in seemingly legitimate web sites. The web site's operator may have incorporated code obtained elsewhere into his or her web site without realising that the code contains bugs or is malicious. Such code can access sensitive data within the same or other browser tabs, allowing unauthorised parties to obtain or modify data without the user's knowledge.
The research team describe COWL in a paper that appears in the Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation. There is also a video presentation.

4) Now there is a mobile App to unlock the doors of your house...
The August Smart Lock can make it so you never have to carry your keys again as long as you carry a smartphone when you leave the house. And for iPhone owners, you never even have to take your phone out of your pocket. You can also use the August app to grant access to people who’d you would normally give a spare key to and they can get in as well. The lock connects to your phone via Bluetooth. Thus, you can use your phone to unlock your door. If your phone is dead or not on you, you can use your key, since the you only replace the inside portion of the deadbolt with the August lock. The outside remains the same.
This is a lock, so let's skip the usability/convenience piece and get strait to security: the firm which makes August hired a security firm to try to hack the lock, although it hasn’t disclosed which firm it used. The registration process requires many-factor authentication to set up the lock, although anyone who steals your phone could get access to your home if you use the NFC auto-unlock feature or don't put a passcode on your handset. However, you can also go to the August website and revoke your stolen device’s authentication. Given how easy it is to open any traditional key-lock these measures seem pretty reasonable. 
This is a lock that provides the same illusion of security as most installed locks while adding more convenience, plus additional features that actually enhance your security. Not bad!

5) Lastly...
A Google Street-view Camel...
The Google Camel carries the camera on top of its hump to capture panoramic views through the desert around Liwa Oasis. The use of the animal was meant to avoid having any kind of impact on the surrounding environment.
...Even the CAMELS are watching you now...