Archive for the ‘Security’ Category

Protecting your privacy online: review coming soon

July 2, 2013


I’ve been interested in computer security for a few years, partly because I want my data to be safe and because I believe in the right to privacy, and party because I find it fun to learn about the technologies involved.

So I’ve been using whole-disk encryption for a few years (see Filevault, Truecrypt), strong passwords with a password manager (1Password), encrypted connections whenever possible (HTTPS Everywhere is a good extension for Firefox and Chrome), etc. That provides some safety if someone steals my computer and tries to read what’s on the hard-drive, and some online security, but I didn’t feel it was enough (especially with everything that’s in the news lately).

So I did a lot of research on VPN services, and subscribed to the best one that I could find:

I’ll be doing a full review soon, but in short, the main benefit is that my ISP now only sees an encrypted connection to the VPN, and the sites that I connect to see the geographical location of the VPN’s server that I choose (they have a bunch around Europe and North-America, with new locations coming soon I’m being told). On top of that, IVPN is registered in Malta, and doesn’t keep logs on their servers.

I’m not under the illusion that this is a bullet-proof setup. I know that a well-organized attacker could find a way to get at my data, especially if they are a national intelligence agency that gets its info directly from some of the services I use (Google, Facebook, Apple, Skype, etc), or even a criminal group that figures out how to hack a service that I use or my computer. But it should still be a big security and privacy improvement my previous setup.

It’s a bit like putting curtains on your windows and a stronger lock on your doors. It doesn’t make it impossible to spy on you or get in and steal your things, but it’s a common sense thing to do to protect your safety and privacy.

So I’ll keep testing IVPN a bit longer, and then will do a full review here. Stay tuned.

Doomsday Predictions

April 18, 2010

By definition, all but the last doomsday prediction is false. Yet it does not follow, as many seem to think, that all doomsday predictions must be false; what follow is only that all such predictions but one are false.

-Richard A. Posner, Catastrophe: Risk and Response, p. 13.

For more on existential risks, check out Nick Bostrom’s paper explaining what they are.

I Don’t Want To Live in a Post-Apocalyptic World

February 23, 2009

Image from The Road film, based on Cormac McCarthy's book

How About You?
I’ve just finished reading Cormac McCarthy’s The Road at the recommendation of my cousin Marie-Eve. The setting is a post-apocalyptic world and the main protagonists – a father and son – basically spend all their time looking for food and shelter, and try to avoid being robbed or killed by other starving survivors.

It very much makes me not want to live in such a world. Everybody would probably agree. Yet few people actually do much to reduce the chances of of such a scenario happening. In fact, it’s worse than that; few people even seriously entertain the possibility that such a scenario could happen.

People don’t think about such things because they are unpleasant and they don’t feel they can do anything about them, but if more people actually did think about them, we could do something. We might never be completely safe, but we could significantly improve our odds over the status quo.

Danger From Two Directions: Ourselves and Nature.

Human technology is becoming more powerful all the time. We already face grave danger from nuclear weapons, and soon molecular manufacturing technologies and artificial general intelligence could pose new existential threats. We are also faced with slower, but serious, threats on the environmental side: Global warming, ocean acidification, deforestation/desertification, ecosystem collapse, etc.


Overestimating the CIA?

December 29, 2008

Kryptos Sculpture by James Sanborn

Hiding in Plain Sight
Kryptos is a sculpture created by James Sanborn in 1990. It’s located at the CIA headquarters in Langley, Virginia, and it’s mostly known for the four encrypted messages on it.

Three of them have been decrypted (it took almost 10 years), but one has endured what is probably the biggest non-covert attempt at code-breaking in the world for almost 20 years. CIA analysts have been working on it, of course, but like Fermat’s Last Theorem, Kryptos has attracted the attention of amateurs all around the world. If you’re interested in throwing your hat into the ring, there’s a pretty active Krytpos Yahoo Group you can join.

Does This Tell Us Anything About the CIA?
But what I find most interesting about the Kryptos code is that its creator didn’t expect things to unfold that way:

Sanborn, who has had no training in cryptography, says that he collaborated with a prominent fiction writer in composing the text to be encoded, and then worked with a retired CIA encryption official for four months to create the code. He insists that the code can be solved and says that when he placed the sculpture at Langley, in the thick of the world’s best code-breakers, he thought it would take only months for them to solve Kryptos.

So he had no training in cryptography, but he worked with a CIA cryptographer so we can assume that the strength of the code mostly comes from that person. Yet even after getting counsel from him or her, he still expected the code to last only a few months. If someone with inside information and professional help overestimated the CIA by that much, chances are that people without inside access are overestimating the capabilities of the CIA by even more (when it comes to code-breaking, at least, but probably also for other things). And that’s not even counting the fact that in the past 20 years code-breaking techniques and computers have gotten better; Sanborn expected people to break his code with 1990 tools and knowledge.


The Risks of Failure of Nuclear Deterrence

November 26, 2008

Nuclear Warheads photo

Martin Hellman is a professor at Stanford, one of the co-inventors of public-key cryptography, and the creator of He has recently published an excellent essay about the risks of failure of nuclear deterrence: Soaring, Cryptography and Nuclear Weapons. (also available on PDF)

I highly recommend that you read it, along with the other resources on, and also subscribe to their newsletter (on the left on the frontpage).

There are also chapters on Nuclear War and Nuclear Terrorism in Global Catastrophic Risks (intro freely available as PDF here).

Update: Here’s a Martin Hellman quote from a piece he wrote called Work on Technology, War & Peace:

You have a right to know the risk of locating a nuclear power plant near your home and to object if you feel that risk is too high. Similarly, you should have a right to know know the risk of relying on nuclear weapons for our national security and to object if you feel that risk is too high. But almost no effort has gone into estimating that risk. To remedy that lack of information, this effort urgently calls for in-depth studies of the risk associated with nuclear deterrence.

While this new project may seem to have a much more modest goal than Beyond War, there is tremendous hidden potential: My preliminary analysis indicates that the risk from relying on nuclear weapons is thousands of times greater than is prudent. If the results of the proposed studies are anywhere near my preliminary estimate, those studies then become merely the first step in a long-term process of risk reduction. Because many later steps in that process seem impossible from our current vantage point, it is better to leave them to be discovered as the process unfolds, thereby removing objections that the effort is not rooted in reality.

Automatically Duplicating Keys from Photos

October 29, 2008

Duplicating Keys

This is one of those ideas that once you see you wonder why it hasn’t been done before. Well, it certainly was done often, but probably by expert locksmiths doing it manually… This software could simplify the whole procedure by an order of magnitude, making it accessible to any amateur.

UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key. […]

In one demonstration of the new software system, the computer scientists took pictures of common residential house keys with a cell phone camera, fed the image into their software which then produced the information needed to create identical copies. In another example, they used a five inch telephoto lens to capture images from the roof of a campus building and duplicate keys sitting on a café table more than 200 feet away. […]

“If you go onto a photo-sharing site such as Flickr, you will find many photos of people’s keys that can be used to easily make duplicates. While people generally blur out the numbers on their credit cards and driver’s licenses before putting those photos on-line, they don’t realize that they should take the same precautions with their keys” said Savage.

It will take a little while before this technology is used by the common thief, but it’s only a matter of time before the software is freely available online and key-making machines that can take digital input are available, making duplicating keys easier (and safer) than other ways of breaking into houses.

If you liked this post, please consider subscribing to my RSS feed. Thanks.

Source: Physorg

See also: Overestimating the CIA?

Seminar on Global Catastrophic Risks

October 8, 2008

November 14, 2008
Computer History Museum, Mountain View, CA

Organized by: Institute for Ethics and Emerging Technologies, the Center for Responsible Nanotechnology and the Lifeboat Foundation

A day-long seminar on threats to the future of humanity, natural and man-made, and the pro-active steps we can take to reduce these risks and build a more resilient civilization. Seminar participants are strongly encouraged to pre-order and review the Global Catastrophic Risks volume edited by Nick Bostrom and Milan Cirkovic, and contributed to by some of the faculty for this seminar.

This seminar will precede the futurist mega-gathering Convergence 08, November 15-16 at the same venue, which is co-sponsored by the IEET, Humanity Plus (World Transhumanist Association), the Singularity Institute for Artificial Intelligence, the Immortality Institute, the Foresight Institute, the Long Now Foundation, the Methuselah Foundation, the Millenium Project, Reason Foundation and the Accelerating Studies Foundation.


  • Nick Bostrom Ph.D., Director, Future of Humanity Institute, Oxford University
  • Jamais Cascio, research affiliate, Institute for the Future
  • James J. Hughes Ph.D., Exec. Director, Institute for Ethics and Emerging Technologies
  • Mike Treder, Executive Director, Center for Responsible Nanotechnology
  • Eliezer Yudkowsky, Research Associate. Singularity Institute for Artificial Intelligence
  • William Potter Ph.D., Director, James Martin Center for Nonproliferation Studies

Register here

Nanotube-Based Chemical Sensors to Defend Against Chemical Attacks

September 16, 2008

Chemical Sensor based on Nanotubes photo

I’ve written a fair bit about detection mechanisms (see links at the end of this post) because, as the old saying goes, an ounce of prevention is worth a pound of cure. Making our society more robust is the best way to reliably improve outcomes.

Nanotube-Based Chemical Sensors
Nanotubes strike again (what can’t we do with them?):

What is needed is a cheap way of detecting such gases and, having raised the alarm, of identifying which gas is involved so that anyone who has inhaled it can be treated. And that is what a team of chemical engineers at the Massachusetts Institute of Technology, led by Michael Strano, think they have created. Not only can their new sensor distinguish between chemical agents, it can detect them at previously unattainable concentrations—as low as 25 parts in a trillion.

The core of Dr Strano’s invention, which he recently described in the journal Angewandte Chemie, is an array of treated carbon nanotubes [and a micro gas chromatograph].

Gases are identified by the way they change the electrical signature of the nanotubes, and because of the way they are made, gas molecules don’t ‘stick’ very long to the nanotubes (less than a minute) and so the sensor has a long useful life.

Part of a Technological Immune System
At first, these sensors will probably be used in relatively enclosed public places, where gas attacks are more probably, and to track the movements of pollutants. But as the cost of these sensors go down, they could be integrated into a large distributed “technological immune system” (I previously wrote about putting radiation sensors in cellphones).


Metabolomics Could be Part of a BioShield

July 11, 2008

What are metabolomics?

Genes are similar to the plans for a house; they show what it looks like, but not what people are getting up to inside. One way of getting a snapshot of their lives would be to rummage through their rubbish, and that is pretty much what metabolomics does. […]

Metabolomics studies metabolites, the by-products of the hundreds of thousands of chemical reactions that continuously go on in every cell of the human body. Because blood and urine are packed with these compounds, it should be possible to detect and analyse them. If, say, a tumour was growing somewhere then, long before any existing methods can detect it, the combination of metabolites from the dividing cancer cells will produce a new pattern, different from that seen in healthy tissue. Such metabolic changes could be picked up by computer programs, adapted from those credit-card companies use to detect crime by spotting sudden and unusual spending patterns amid millions of ordinary transactions.

This could be used for traditional medicine, both to prevent pathologies and to detect those that are already present so they can be treated. But another use would be as part of an early-detection system to defend against pandemics and biological attacks. As mentioned previously, network-theory can help us better use vaccines. But once you have a cure or antidote, you also need to identify people that are already infected but haven’t died yet, and the earlier you can do that after the infection, the more chances they have to live.

Once the techniques of metabolomics are sufficiently advanced and inexpensive to use, they might provide better data than simply relying on reported symptoms (might be too late by then), and might scale better than traditional detection methods (not sure yet – something else might make more economic sense). It’s a bit too early to tell, but it’s a very promising field.

For more information, see Douglas Kell’s site or Wikipedia: Metabolomics.

Source: The Economist. See also Lifeboat’s BioShield program.

This was cross-posted on the Lifeboat Foundation blog.

Using Vaccines more Effectively to Stop Pandemics

July 5, 2008

If a pandemic strikes and hundreds of millions are at risk, we won’t have enough vaccines for everybody, at least not within the time window where vaccines would help. But a new strategy could help use the vaccines we have more effectively:

Researchers are now proposing a new strategy for targeting shots that could, at least in theory, stop a pandemic from spreading along the network of social interactions.Vaccinating selected people is essentially equivalent to cutting out nodes of the social network. As far as the pandemic is concerned, it’s as if those people no longer exist. The team’s idea is to single out people so that immunizing them breaks up the network into smaller parts of roughly equal sizes. Computer simulations show that this strategy could block a pandemic using 5 to 50 percent fewer doses than existing strategies, the researchers write in an upcoming Physical Review Letters.


So you break up the general social network into sub-networks, and then you target the most important nodes of these sub-networks and so on until you run out of vaccines. The challenge will be to get good information about social networks, something not quite as easy as mapping computer networks, but there is progress on that front.

In one of the most dramatic illustrations of their technique, the researchers simulated the spread of a pandemic using data from a Swedish study of social connections, in which more than 310,000 people are represented and connected based on whether they live in the same household or they work in the same place. With the new method, the epidemic spread to about 4 percent of the population, compared to nearly 40 percent for more standard strategies, the team reports.

Source: ScienceNews. See also Lifeboat’s BioShield program.

This was cross-posted on the Lifeboat Foundation blog.

The Global Viral Forecasting Initiative

March 8, 2008

Diseased monkeys

The Economist has a piece on the Global Viral Forecasting Initiative (GVFI):

Dr [Nathan] Wolfe, [a virologist at the University of California, Los Angeles], is attempting to create what he calls the Global Viral Forecasting Initiative (GVFI). This is still a pilot project, with only half a dozen sites in Africa and Asia. But he hopes, if he can raise the $50m he needs, to build it into a planet-wide network that can forecast epidemics before they happen, and thus let people prepare their defences well in advance. […]

The next stage of the project is to try to gather as complete an inventory as possible of animal viruses, and Dr Wolfe has enlisted his hunters to take blood samples from whatever they catch. He is collaborating with Eric Delwart and Joe DeRisi of the University of California, San Francisco, to screen this blood for unknown viral genes that indicate new species. The GVFI will also look at people, monitoring symptoms of ill health of unknown cause and trying to match these with unusual viruses.

More here. See also the Lifeboat Foundation’s BioShield program.

This was cross-posted on the Lifeboat Foundation blog.

Target Earth

January 31, 2008


One hundred years ago, a large meteoroid or comet exploded in the sky over Tunguska, Siberia. We don’t know that much about it: Estimates on size vary from 30 to 1,200 meters in diameter, and estimates on the force of the blast are in a range of 3 to 30 megatons of TNT (“about 1,000 times more powerful than the bomb dropped on Hiroshima”). But we do know that the explosion leveled trees over 2,150 square kilometers (830 square miles)…

Tunguska Event
Photograph from the Soviet Academy of Science 1927 expedition led by Leonid Kulik. Public domain.

To coincide with this anniversary, the Planetary Society has launched the Target Earth project, a year-long focus on “on Near Earth Objects (NEOs) and the hazards that marauding space-rocks pose to our planet.”

Target Earth encompasses The Planetary Society’s three-pronged approach to NEO research: funding researchers who discover and track asteroids, advocating greater NEO research funding by the government, and helping spur the development of possible ways to avert disaster should a potentially dangerous asteroid be discovered.

You can learn more about the Gene Shoemaker NEO Grants here. Some quick facts:


Promising Anti-Radiation Drug Based on Carbon Nanotubes

January 31, 2008


The Defense Advanced Research Projects Agency (DARPA) gave a $540,000 grant to researchers from Rice University to do a fast-tracked 9-month study on a new anti-radiation drug based on carbon nanotubes:

“More than half of those who suffer acute radiation injury die within 30 days, not from the initial radioactive particles themselves but from the devastation they cause in the immune system, the gastrointestinal tract and other parts of the body,” said James Tour, Rice’s Chao Professor of Chemistry, director of Rice’s Carbon Nanotechnology Laboratory (CNL) and principal investigator on the grant. “Ideally, we’d like to develop a drug that can be administered within 12 hours of exposure and prevent deaths from what are currently fatal exposure doses of ionizing radiation.” […]

The new study was commissioned after preliminary tests found the drug was greater than 5,000 times more effective at reducing the effects of acute radiation injury than the most effective drugs currently available. […]

The drug is based on single-walled carbon nanotubes, hollow cylinders of pure carbon that are about as wide as a strand of DNA. To form NTH, Rice scientists coat nanotubes with two common food preservatives — the antioxidant compounds butylated hydroxyanisole (BHA) and butylated hydroxytoluene (BHT) — and derivatives of those compounds.

An interesting side benefit of the drug might be that it could also potentially help cancer patients who are undergoing radiation treatment.

Source: Feds fund study of drug that may prevent radiation injury

See also: Creating a Technological Immune System

This piece was cross-posted on the Lifeboat Foundation Blog.

Creating a Technological Immune System

January 27, 2008

Cell Phones
Photo by Prateek Karandikar. GFDL and Creative Common (BY-SA) licenses.

Using already existing networks to create inexpensive and vast early-detection systems is simply brilliant.

Researchers at Purdue University are working with the state of Indiana to develop a system that would use a network of cell phones to detect and track radiation to help prevent terrorist attacks with radiological “dirty bombs” and nuclear weapons.

Such a system could blanket the nation with millions of cell phones equipped with radiation sensors able to detect even light residues of radioactive material. Because cell phones already contain global positioning locators, the network of phones would serve as a tracking system, said physics professor Ephraim Fischbach. […]

Tiny solid-state radiation sensors are commercially available. The detection system would require additional circuitry and would not add significant bulk to portable electronic products, Fischbach said. […]

“It’s impossible to completely shield a weapon’s radioactive material without making the device too heavy to transport,” Jenkins said.

Of course, participation would need to be voluntary for it to be ethical, but I’m sure that there would be more than enough volunteers to make it work.

Think of the possibilities of such a vast network of sensors: How about detecting certain chemicals? With the right technology, it could even detect biological and viral threats. I know they’re already working on sensors that can monitor air quality. What else can we think of?


See also:

Stealing Artificial Intelligence: A Warning for the Singularity Institute

July 2, 2007

Maybe it’s because I’ve been reading a Bruce Schneier book lately (he’s a security expert), but I think that the Singularity Institute for Artificial Intelligence is facing a very real threat.

It is easy to imagine at some point in the future, when the Institute is well into the implementation phase, that many countries will consider AI a national security issue and that they will use their intelligence agencies to spy on work done in the field.

It can be extremely hard to defend yourself against such well funded attackers; they can try to steal or hack hardware or software, bug your offices and homes, infiltrate your team, bribe employees, use social engineering, make things look like an accident or petty crime, etc.

One tactic might be to wait for the Singularity Institute to be almost done (in the pre-launch testing/auditing phase, for example), steal the code and throw a lot of resources at it to be the first who launches a recursively improving artificial general intelligence. This could lead to disaster if whoever does this does not have benevolent intentions or is not as careful as the Institute would be.

My recommendation to the Singularity Institute is to make sure to have top security experts on the team and to prepare well in advance for the future when security might become critical.