Tag Archives: computer

Blog

Conficker: the new warfare

Remember the quasi-Millennial panic about the Conficker worm back in April? It turned out to be nowhere near as nasty and damaging a threat as it had been painted, but it was still unique in a number of ways – most notably in its own methodologies, and in the way the security and computer industries pulled together to defend against it. New Scientist tells the story:

… frenzied headlines were proclaiming the impending meltdown of the internet. But 1 April passed without event. This was not a total surprise. After all, it was just the first date on which the worm’s URL strategy could change – it was still up to its creators to flick the virtual switch. To the outside, it looked like a gigantic April Fool.

And indeed it may have been. In fact, the whole URL business was probably a red herring: using a centralised URL to release a worm upgrade – even one as painstakingly concealed as Conficker’s – is not a particularly sensible approach. It gives the authorities a specific target to counter-attack. From the second version onwards, Conficker had come with a much more efficient option: peer-to-peer (P2P) communication. This technology, widely used to trade pirated copies of software and films, allows software to reach out and exchange signals with copies of itself.

It’s an interesting story – one with a remarkably movie-like plot, albeit devoid of the vest-wearing tough guy heroes and big CGI explosions that you’d need to script in to sell it to Hollywood…

But what’s worth noting is that this is a new form of warfare, a bloodless and almost entirely computer-based iteration of fourth-generation insurgency that relies on subterfuge and networking to achieve its aims, and demonstrates complex strategic thinking on the part of its instigators. It’s good to see that the expertise exists to combat it, but you have to wonder what would happen if something similar was targetted specifically at a nation-state like the US, whose military brass have demonstrated a poor understanding of the web’s flat battlefield.

You can’t deploy tanks against this sort of threat; the game has changed.

Blog

Quantum superposition breakthrough

theory_actualA rich seam of technological and science-fictional ideas seem ready to be mined with the development of the first light trap that can simultaneously store different numbers of photons:

“These superposition states are a fundamental concept in quantum mechanics, but this is the first time they have been controllably created with light,” Cleland said. Martinis added, “This experiment can be thought of as a quantum digital-to-analog converter.” As digital-to-analog converters are key components in classical communication devices (for example, producing the sound waveforms in cell phones), this experiment might enable more advanced communication protocols for the transmission of quantum information.

The research is funded by IARPA. Intelligence services are understandably keen to learn more about the potential for quantum computers to break conventionally encrypted communications.

[image and story from Physorg]

Blog

Botnet blue-screens 100,000 PCs

Ye olde Blue Screen of DeathUsually, it’s in the best interests of a botnet operator to let the infection sit on the host machine until finally detected and expunged by the end user. After all, the longer you stay in, the more chance you’ve got of hoovering up useful goodies and infecting other computers.

But the worms and trojans that carry the infections often have less subtle capabilities built into them, as was demonstrated last month when the person (or persons) controlling the Zeus botnet used it to completely FuXx0r a hundred thousand windows machines:

Zeus, unlike many other malware programs, managed to make each installation appear different to virus trackers so that it would be more difficult to remove. But Zeus had another interesting feature—one that isn’t terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or “kill operating system”—and it was apparently executed some time last month.

The reason for BSODing 100,000 machines isn’t quite clear, but several security experts have offered up their opinions. S21sec wrote on its blog that those behind Zeus might have wanted more time to exploit the financial data they had harvested by removing the user’s ability to get online and see that money was being transferred.

It may even have been a momentary error, or a flashy cut-and-run. What interests me about this story is that it shows a new potential angle for so-called cyberwarfare – one that could be more easily justified as a politically motivated attack.

Let’s say you could target all the computers belonging to a specific government or corporation; that wouldn’t be too hard to do with a little research into IP numbers and so forth. If you get a good enough infection rate – and knowing how weak most computer security procedures are, even in organisations that should know better, that shouldn’t be too hard a trick either – you could then choose to deep six that organisation’s computer infrastructure at a time of your choosing with the press of a few keys. If your trojan was designed to do nothing else, or its other capabilities were left inactive, that potential could sit unnoticed for some time – until your revolution was ready, perhaps, or your planned day of protest actions, or your stock value raid. To put it in medieval terms, it would be like having a bunch of sleeper-agent sappers spread throughout your enemy’s castle, waiting for the horns of Jericho. [image by Justin Marty]

It’s probably not the sort of thing that an organisation or country with any reasonable military clout would bother deploying, but destructive botnet warfare (as opposed to corrosive attacks, fraud or espionage) will appeal to the geographically-scattered groups who lack the sort of conventional leverage that can be gathered in one place; 100,000 dead PCs won’t bring down a government or kill a company, but it’s going to make a loud and expensive statement for a very small financial outlay.

Botnets still seem predominantly the concern of criminals with a financial motivation, but as the recent Palestinian conflict demonstrated, political factions are waking up to the potentials; when the situationists and anarchists get wind of this stuff, they might start thinking bigger than smashing bank windows or releasing the penguins from your local zoo.

Blog

Happy Ada Lovelace Day

2 Comments

adaIt’s late in the day in my time zone, but maybe not too late to celebrate women’s contribution to technology.

In a nutshell:

Today has been declared Ada Lovelace Day, a celebration of women in technology named after the first computer programmer. Born Augusta Ada Byron—yes, that Byron—she was schooled in mathematics at her mother’s insistence and, as Wikipedia says, her “interest in mathematics dominated her life even after her marriage.” (OMG NO WAY. ::facepalm::)

And here’s a list of inspirations, including none other than Xeni Jardin.

The BBC also has a roundup, with a link to a swell map of the tubes.

Feministing lists some notable achievers, too.

And if this puts you in a steampunk mood, check out the Babbage Engine, or an amazing pictorial from Wired last year.

[Portrait of the lady, Wikimedia Commons]

Blog

Moore’s Law gets a new lease of life

4 Comments

digital camera CCD chipGood news for Kurzweilian Singularitarians and flop-junkies – Moore’s Law has been looking increasingly likely to derail as we approach the lowest practical limit for semiconductor miniaturization, but newly announced research means there’s life in the old dog yet:

Two US groups have announced transistors almost 1000 times smaller than those in use today, and a [nano-scale magnet-based] version of flash memory that could store all the books in the US Library of Congress in a square 4 inches (10 cm) across.

[…]

Using 3-nanometre magnets, an array could store 10 terabits (roughly 270 standard DVDs) per square inch, says Russell, who is now working to perfect magnets small enough to cram 100 terabits into a square inch.

“Currently, industry is working at half a terabit [per square inch],” he says. “They wanted to be at 10 terabits in a few years’ time – we have leapfrogged that target.”

If this were Engadget, we could squee about how we’ll have laptops the size of wristwatches by the end of the decade, but that would be to miss an important point. The ever-falling cost and size of memory and processing power will certainly mean more gadgets, but those gadgets will bring social changes along with them – as Charlie Stross pointed out a while ago, if you can read and write data at the atomic scale then physical storage capacity becomes a complete non-issue, allowing you to record everything – literally everything. [image by Fox O’Rian]

When you can record everything, how do you go about managing and using what you’ve recorded?