Home
  About
  Help
  Feedback




  

The Harrow Technology Report

  http://www.TheHarrowGroup.com

Insight, analysis, and commentary on the 
innovations and trends of contemporary computing, 
and on its growing number of related technologies.

An ongoing journey towards understanding, 
and profiting from, a world of exponential 
technological growth!

Copyright © 2001-2005, Jeffrey R. Harrow.  All rights reserved.
Email: Jeff@TheHarrowGroup.com

 

The "Security Presumption."
March 18, 2002

  • LISTEN To This Issue.
                    Give your eyes a rest.

  • A Picture Worth 1,000+ Words...
                    Are we moving forward, or returning to from whence we came...?

  • Musings on 'The Security Presumption.'
                    We "know" that Email and IM are not secure, but we tend to treat them as such...

  • Another Sci Fi Staple Bytes The Dust!
                    Did you think that direct brain-to-computer connections would remain Sci Fi?

  • Wireless Redux.

  •                 Decrypting the alphabet soup of wireless LANs, and more.

  • Innovation From A Small Red Light.
                    Your modem could be "spilling the beans" on your data!

  • The Counterfeiter's Worst Enemy?
                    If you think that TODAY'S bar codes are small...

  • About "The Harrow Technology Report"

    •

    LISTEN To This Issue.

    Do you prefer to let your ears do the work of keeping you in-touch with, and thinking about where technology is taking us?  If so, "The Harrow Technology Report" is also available in an audio-on-demand, Web-based, MP3 version. 

    If you have an MP3 player on your system (and most do, such as Window's Media Player, RealPlayer, etc.), clicking on the link below will either stream the file to you, or, depending on how your system is configured, it might download the file before playing it.  Alternatively, if you specifically want to download the file, simply right-click on the link, and choose "Save Target As..."

    Also, to learn how you can listen at whatever speed is most comfortable to you, check out the FAQ at http://www.theharrowgroup.com/help.htm .

    So, if you wish, just click on the following link to listen to this issue!  http://www.theharrowgroup.com/articles/20020318/20020318.mp3 .

     

    Back to Table of Contents

    A Picture Worth 1,000+ Words...

     

    Image - The "Evolution" of Man...? http://www.zzz.com.ru/119.html

    Are we moving forward, or returning to from whence we came...?
    (Click on the picture for a larger version.)

     

    Picture reproduced with permission from ZZZ Online
    http://www.zzz.com.ru/119.html

     

    Back to Table of Contents

    Musings on 'The Security Presumption.'

     

    We "know" that the information we transmit via Email is not secure.  Unless you use special software such as PGP to encrypt a message's contents, it's possible (if not straightforward) for anyone on your LAN, or at your ISP, or at any of the servers that your message's packets traverse on the way to their destination, or at the destination ISP, or on your recipient's LAN, to read some if not all of your message.  We all "know" this.  And it probably doesn't matter much if you're sending a note to Aunt Millie.  In fact, most of us never give this a second thought. 

    Yet as Email becomes evermore a part of how we conduct our personal and business affairs, this presumption of security in a known insecure environment can lead to problems.  And not just the obvious ones regarding things financial.  For one example, as an increasing number of physicians have begun using Email to answer patient questions, and perhaps to prescribe medication, an intercepted Email message could illuminate things you probably didn't want to be public knowledge.  And a modified Email message could be downright dangerous.

    Most of us have grown up in a written communications environment, the "mail" or "post," where the presumption of security carried the force of law.  In the U.S. and in many other countries, the sanctity of first class mail is protected by laws that carry stringent penalties for anyone tampering with a letter; which in a manner of speaking "encrypts" the contents of the envelop, even though it isn't normally practical to actually encrypt the words.  But with Email, Instant Messaging, and other forms of electronic messages, their contents don't (currently) enjoy similar legal protection.  

    This becomes even more of a potential problem when any aspect of an Internet connection "goes wireless," because at that point an interloper no longer needs physical access to your or your ISP's physical wires -- they can just pluck your messages out of thin air.  For example, the March 11 eWeek (http://www.eweek.com/article/0,3658,s=712&a=23806,00.asp) describes how someone can pick up a few parts at Radio Shack, and some free software from the Internet, and capture messages thumbed into many cellular phones or into the increasingly popular "BlackBerry Internet Edition," a wireless Email device from Research In Motion (RIM) that uses the wireless Mobitex network.)

    We might expect that once such an "opening" was discovered, the vendor would rush to close the gap.  Yet the security researcher who demonstrated this security hole, Joe Grand, explains why that isn't going to happen:

    "The problem is, this isn't a bug. Its part of the spec that data is transmitted in the clear... The risk depends on who is using the network and when and what data they're sending."

    "Executives at RIM said they don't see the attack as a problem because they have never touted the Internet Edition devices as being secure."

    Indeed, Research In Motion CEO Jim Balsillie points out that,

     "Internet traffic isn't supposed to be secure."

    The problem, in my opinion, is that it should be.

    When the Internet was born, non-trivial encryption was beyond the ability of typical hardware.  But thanks to enhanced end-to-end encryption and authentication schemes, and the results of Moore's Law on processing power, we can now easily encrypt our messages with the computational horsepower available to any of us; our PCs can encrypt and decrypt without missing a beat.

    I'm not a security expert, and so I wouldn't presume to suggest the best ways for protecting our Internet-borne missives.  But I do strongly believe that the time, and the technology, and our society's growing use of electronic messaging, have all have reached a point where we can and should "change the rules" to make our casual although incorrect presumption of security, real.

    It could only make the Internet a better, and safer, and more empowering place for individuals and businesses and commerce.

     

    Back to Table of Contents

    Another Sci Fi Staple Bytes The Dust!

     

    The idea of a "direct brain interconnect" to computers and to the world around us has shown up time and again in the annals of speculative (science) fiction, and these visionary authors are being proven right again!  Brought to our attention by reader Kenneth LaCrosse, a March 13 Brown University press release (http://www.brown.edu/Administration/
    News_Bureau/2001-02/01-098.html)     describes how John Donoghue and his team have installed a brain implant (similar to those used in people to control Parkinson's disease symptoms) to record the neural signals that control a monkey's hands as he's playing a Pong-like video game.  (Hey - monkeys need recreation too!)

    But that's just the beginning, because once they have these signals recorded and analyzed and mapped, they can disconnect the video game controller, and instead send the real-time output of the "thought processor" (for want of a better name) directly to the video game -- and the monkey simply continues playing!!  Now, even though the monkey doesn't realize it, he is controlling the computer's on-screen paddle entirely via thought control!

    The implications for paralyzed people are enormous.  As these capabilities are refined and proven safe for humans, disabled people who have active minds trapped within unresponsive bodies may first be able to communicate using on-screen keyboards, and might later be able to control powered wheelchairs.  It's also conceivable that a severed spinal cord could be bypassed, again opening the world to these victims of accident or disease. 

    And of course it could go full circle -- I know of more than a few video gamers (not to mention military pilots, and perhaps surgeons and others) who would love to bypass the slow, crude "hand link" between man and machine.  Now THAT'S a "competitive advantage."  And if this research evolves even further, to the sensory side of things, the sci fi idea of a complete, two-way neural connection to the virtual world of cyberspace might make keyboards and mice and monitors anachronisms of days gone by.  Of course, I hope they develop a wireless, rather than a wired connection...

    As we chronicle here from time to time, science fiction has a pretty good habit of predicting, and I'd say shaping and directing, the future.  May it long continue!


    Back to Table of Contents

    Your Feedback is Important!

     

    I'd like to understand your interest in The Harrow Technology Report, how you make use of it, and the value you feel it provides to you, your career, and to your company.

    Please send your comments to me at  Jeff@TheHarrowGroup.com  .

    I look forward to hearing from you!

     

    And, if you know of other folks who might find value in "The Harrow Technology Report," I'd appreciate your letting them know that they can subscribe at http://www.theharrowgroup.com/signup.asp .

    Jeff Harrow

     

    Back to Table of Contents

    Wireless Redux.

     

    Speaking of things wireless, as wireless networking struggles for its place in the sun, it has created a terribly confusing sea of acronyms and names that only "A Committee" could love.  Nevertheless, as more of us slip the surly wires of earth for ethereal communications pipes in homes and offices, a little understanding of this alphabet soup can go a long way towards helping us plan for near and farther-term wireless networking purchases.

    When it comes to office or home-office networking, today's gold standard is 802.11b, also known as Wi-Fi.  This provides 11 megabits/second of wireless Ethernet networking throughout a radius of 150-300 feet from the access point.  The nice thing about this is that from a bandwidth issue, 802.11b is a relatively no-compromise way to give up the wires, because when the signal is strong you get essentially the same throughput as on a small non-switched wired Ethernet, just sans wires! 

    (There are some security issues with 802.11b implementations at the moment, so until they're fully addressed, be sure you understand the issues before jumping into this fray - http://80211b.weblogger.com/weak.defense.html .)

    The next "802-ism" that is just beginning to show up is 802.11a, a higher speed (but for a smaller distance) variation that supplies 54 megabits/second of service in the 5 gigahertz band (which resolves the issues of conflicts with microwave ovens, portable phones, and Bluetooth -- see below).  This additional speed will be helpful for multimedia content, as well as for supporting a greater number of PCs simultaneously sucking on the wireless network pipe.  (http://www.80211-planet.com/columns/article/0,4000,1781_961181,00.html)

    There's one more variation in the wings, called 802.11g.  "g" is a compromise standard, providing 22 megabits/second of bandwidth (faster than "b" but slower than "a") which can interoperate with existing 802.11b networks.

    Although 802.11a and g should provide more than enough raw bandwidth for multimedia applications, the way that bandwidth is used and managed will have a large bearing on the overall quality of wireless multimedia applications.  Cirrus Logic has developed a new protocol called Whitecap2, which works with (not replaces) 802.11 to provide Quality of Service enhancements intended to improve wireless multimedia performance (http://www.80211-planet.com/news/article/0,4000,1481_914851,00.html and http://www.cirrus.com/press/news/index.cfm?NewsID=244).  This idea is also called 802.11e, and it would run "on top of" the other 802.11 b, a, or g standards to improve their multimedia performance.


    802.11 Vs. Bluetooth.

    By the way, don't confuse 802.11b (11 megabits/second, 150-300 foot range wireless networking) with Bluetooth (http://www.bluetooth.com/ - 1 megabit/second, 30-foot range wireless capability).  While each can perform many of the tasks of the other, they're designed to address very different needs:

    802.11 primarily provides an excellent wireless extension to a local area network (LAN), and then out to the Internet.  Think: "802.11 replaces the ETHERNET NETWORKING CABLE."

    Bluetooth, on the other hand, is primarily designed as a "CABLE REPLACEMENT FOR PERIPHERALS," banishing the rats' nest of cables and plugs needed to connect your cell phone to your notebook, your PDA to your notebook, your notebook to a printer, your music player and phone to your headset, etc.  Bluetooth's lower speed and limited range make it less suitable for "network cable replacement," but those same attributes enable it to consume far less power than the more powerful 802.11 cards, which helps preserve batteries.


    Our Wireless Future.

    Yes, this wireless landscape is complex.  (If we were to explore other emerging wireless technologies, such as the various data-over-cell-phone versions, or the forthcoming much higher speed UltraWideBand or UWB - http://www.cnn.com/2001/TECH/ptech/08/30/ultrafast.wireless.idg/ and http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2821243,00.html - it gets even more so.)  But as we now understand, no one wireless size fits all. 

    Yet even if none of today's wireless options fit your bill, it's worth keeping up on the changes, because the technologies and choices and audiences, are growing.  According to the Intermarket Group (http://www.nua.com/surveys/?f=VS&art_id=905357560&rel=true), we're not looking at just a "little pop" of a wireless explosion, but at an 18-fold increase in the number of wireless Internet users worldwide between 2000 and 2005 -- from 39 million to 729 million!  By region, Europe will be king with 194 million wireless Internet users, North America will have 89 million, Latin America will have 52 million, and Asia-Pacific will grow to 79 million wireless surfers, many driven by the higher speed "3G" cell phone wireless data implementations that are now beginning to show up.

    As we can see from where 802.11 and Bluetooth and "3G" are heading, wireless data is only going to get better.  I've used 802.11 networking for years, and I have to say that once you experience its flexibility, it's very hard to go back.  Indeed, with 802.11's new capabilities, and with Bluetooth poised to become "interesting" (I saw a Bluetooth-enabled digital camcorder at a popular consumer electronics showroom last weekend), and with "3G" finally seeing the light of day, wireless data, in its many forms, is nothing to ignore!

     

    Back to Table of Contents

    Innovation From A Small Red Light.

     

    People are endlessly inventive.  Suppose, for example, that you wanted to spy on the data going to and from somebody's PC in the building next door, right across from your office window.

    Yes, serious spies can monitor the electromagnetic emissions from a monitor and recreate what it shows, or even recover some data by capturing the monitor's light reflected off of your face.  And of course with the right physical access to your telecom network, they can tap right into your datastream.  Or, as the FBI is now doing in certain situations, a hidden software program can be surreptitiously installed on your PC which then logs every keystroke, periodically sending them all back to its master. 

    But suppose you’re an unprofessional spy.  Or, as is the case for Joe Loughry, you're a programmer at Lockheed Martin Space Systems with an insatiable curiosity.  Then, you might get to thinking about those ubiquitous flashing LEDs that festoon the front panel of so many modems, and you might wonder if the data that's passing through the modem might actually be represented in the flashes.  As it turns out, that's exactly the case.

    As described in the March 7 USA Today (http://www.usatoday.com/life/cyber/tech/2002/03/07/computer-spy-methods.htm), Joe found that,

    "In effect, LED indicators act as little free-space optical data transmitters, like fiber optics but without the fiber."

    In fact, he was able to recreate the modem's data stream from over 60 feet away by using a telescope and optical sensors!

    Which means that those innocent LEDs on modems and on other relatively low speed data equipment, which can often be seen flashing away from outside an otherwise secure area, may well be broadcasting their data to all who care to glance at their baleful red glow.

    I predict that future devices will now randomize their LED's flash patterns. 

    In these days of (long overdue) increasing attention to security, it's worth remembering that it isn't only software that can open an unnoticed door.  And that innovative people are very, very good at finding chinks in your security armor.

    Be careful.  Be very careful...

     

    Back to Table of Contents

    The Counterfeiter's Worst Enemy?

     

    Finally, speaking of security, counterfeiting is an ancient and venerable art that has long plagued governments and many industries, targeting a wide set of objects ranging from money to art objects to designer handbags to software, and far more.  This has always been a game of 'technological escalatio,' with one side coming up with a new anti-counterfeiting technology, and the other learning to "fake it."  (For example, consider the anti-counterfeiting measures in new U.S. currency (http://www.minneapolisfed.org/consumer/money/), or the holograms embedded in most Australian bills, which are now made out of plastic rather than paper!

    Image - Australian ten dollar note - it's made of plastic and contains a hologram in the lower-right corner.

    For another example, look at the surface of any recent Microsoft CD -- that full-surface hologram is very hard to replicate (although there are rumors...)   For an excellent overview of the extent to which Microsoft has had to go to make it difficult for counterfeiters to replicate their CDs, check out this link -http://www.microsoft.com/piracy/htt/os/default.asp

    Image - Microsoft hologram-protected CD - http://www.microsoft.com/piracy/htt/images/cds/retail_win2000.jpg

    Be sure to "mouse-over" the labeled blue circles in the "Edge-to-Edge Hologram" section at the bottom of that Microsoft Web page. 

    Suppose, though, that you could tag individual MOLECULES with their very own bar codes, and then embed those tagged molecules right into your CD, banknote, stock certificate, or ID card?  Now THAT would be hard to replicate!

    Yet that's just what Pennsylvania State University and SurroMed have done, according to the Feb. 11 InformationWeek.com (http://www.informationweek.com/story/IWK20020208S0016), using bands of gold and platinum to create "Nano-bar-code particles" just 300 billionths of a meter in diameter; they can be attached to individual MOLECULES of silicon (to mark, say, the authenticity of computer chips), to blood cells (to support automated testing), or embedded in products such as CDs.  The bar codes can then be read using special optical microscopes.  (http://www.surromed.com/NBCpaper.html)

    I wouldn't bet that these could never be illicitly reproduced, but it would certainly be one tiny innovation that would significantly raise the counterfeiting bar!

     

    About "The Harrow Technology Report"

     

    "The Harrow Technology Report" explores the innovations and trends of many contemporary and emerging technologies, and then draws some less than obvious connections between them, to help us each survive and prosper in the Knowledge Age. 

    "The Harrow Technology Report" is brought to you by Jeffrey R. Harrow, Principal of The Harrow Group. http://www.TheHarrowGroup.com .

    Where To Find "The Harrow Technology Report:"

    • Via Email -- Sign up for automatic delivery of this journal (which you can also use as a notification that a new issue is available on the Web, if you prefer to read it there), by one of these methods:

          - The fastest and easiest method is to go to this Web page http://www.theharrowgroup.com/signup.asp and follow its instructions.

      Or,

          - Send an Email message to TheHarrowGroup@SendMeMore.Net with the word SUBSCRIBE in the Subject line. 


    • On The Web -- You can, of course, also read this journal directly on the Web at www.TheHarrowGroup.com  .

      - Additionally, to support automated access schemes, the most current issue of the journal will always be available at this persistent link: www.TheHarrowGroup.com/current.htm  .

       

    Copyright (c) 2001-2005, Jeffrey R. Harrow. All rights reserved.

    Jeffrey R. Harrow maintains that all reasonable care and skill has been used in the compilation of this publication.  However, he shall not be under any liability for loss or damage (including consequential loss) whatsoever or howsoever arising as a result of the use of this publication by the reader, his/her/its servants, agents or any third party.

    All third-party trademarks are hereby acknowledged.

     

     
    All material on the Web site is copyright © 2001-2002, Jeffrey R. Harrow.  All Rights Reserved.   
    Site Design by Dave Sanders