Tag: Science

The Breakfast Club (FREAK Out)

breakfast beers photo breakfastbeers.jpgWell, I had hoped for a nice quiet discussion of wave/particle duality again because there are new developments that are worthy of note or perhaps a good chuckle at Homer Simpson predicting the GeV of the Higgs Boson to within experimental error because I’m just a sucker for the intricacies of Quantum Physics, BUT…

The big news of the day is on the technology front and particularly NSA v. Encryption.

Now I’ll take it as a given that you know thanks to Ed Snowden and Thomas Drake and subsequent public testimony that the NSA is obsessed as an organization by collecting every communication you have.  What you may not know is how far back that goal goes and why it compromises all of our security.

Way back in the days of the Big Dog when all we had to worry our pretty little heads about was blowjobs and blue dresses the Internet started gaining steam as a place to buy things.  People were rightly concerned about personal information and credit card numbers falling into the hands of thieves (though I’ll tell you quite frankly that you’re in much more danger from your food server if you’re a bad tipper because they have plenty of time alone with your card to write down all your imprint numbers as well as the ones that are just printed which is sufficient for ruining your credit by telephone, let alone computer).

Anyhow the major Internet Retailers and the companies that served them started demanding an encryption scheme to bolster public confidence that it was safe to buy things.  Thus Secure Sockets Layer (SSL).

Even this paltry (and believe me it is, though I recommend the study of The Reichenbach Fall because not everything is complicated and mysterious) level of security was deemed by the NSA “too dangerous for export” so they made an even weaker one with 40 bits of encryption instead of 128 (too hard, my brain hurts) for use overseas.

Well, Moore’s Law and all, and today even 128 bit encryption is somewhat passe and 40 bit can be cracked in 7 hours using Amazon Cloud computers.

The reason this is important is because websites, in order to be compatable globally, are designed to accept ‘export’ keys as valid along with ‘domestic’ keys.  A switch in the site software allows them to be forced into ‘export’ key mode via a third party who is not a valid client and once that is done it’s easy to conduct man-in-the-middle attacks that compromise the connection by appearing as the host site to the client and a valid client to the host.

Now I’ve been very careful to try and make it clear that this is not a bug or a flaw.  The NSA deliberately influenced the design of the standard to make this possible.

Since then there have been new standards adopted that are not subject to this type of spoofing, but adoption inertia being what it is over a third of websites worldwide are vulnerable including the NSA’s.

So what is the solution?  For a user nothing much, browsers are rightly designed to be compatible with as many sites as possible.  If you are paranoid enough you can get software plugins that ‘protect’ you from vulnerable sites, but ‘protect’ in this case means you can’t use them.  Secure browsers like Tor already do this and as I’ve said before what’s notable about them in action is how many things you used to do that you can’t anymore.

For sites there is a minor code fix that won’t allow a third party to force ‘export’ mode and we will see a rush of them implementing it.

What makes it interesting politically is context.  In recent months tech companies have been forced by public demand to implement more secure encryption schemes.  The NSA in turn has been petulantly stamping its feet and holding its breath in a tantrum insisting that these be designed with backdoors that can be accessed by State Spy Services.  They claim that this can be done so that only ‘responsible’ parties acting under the rule of law will have these abilities.

There are at least 2 problems with this.  First, a backdoor is a backdoor and anyone can use it.  It doesn’t care if you’re a White or a Black Hat, it’s just a door.  Second, other governments are demanding the same thing.  Governments like China.  If you’re the NSA it’s pretty hard to make the case that our computer communications should be less secure so that China can spy on them.

In the long run either our Representatives will put a stop to this or Engineers will make it technically impossible.  Mr. Market will be served.  In a positive sign this will happen the NSA was forced to give up crypto restrictions in 2000 because it was ruining the export business of the tech titans.  Given what we are aware of today I don’t think it will be nearly that long before the blowback begins.

FREAK: Another day, another serious SSL security hole

by Steven J. Vaughan-Nichols, ZDNet

March 3, 2015 — 22:19 GMT

It seemed like such a good idea in the early 90s. Secure-Socket Layer (SSL) encryption was brand new and the National Security Agency (NSA) wanted to make sure that they could read “secured” web traffic by foreign nationals. So, the NSA got Netscape to agree to deploy 40-bit cryptography in its International Edition while saving the more secure 128-bit version for the US version. By 2000, the rules changed and any browser could use higher security SSL. But that old insecure code was still being used and, fifteen years later, it’s come back to bite us.

The Washington Post reported today that cryptographers from IMDEA, a European Union research group; INRIA, a French research company; and Microsoft Research have found out that “They could force browsers to use the old export-grade encryption then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Websites themselves by taking over elements on a page, such as a Facebook ‘Like’ button.”



Nadia Heninger, a University of Pennsylvania cryptographer, told the Post, “This is basically a zombie from the ’90s… I don’t think anybody really realized anybody was still supporting these export suites.”

Heninger, who has been working on cracking the obsolete 40 to 512-bit RSA encryption keys, found that “she could crack the export-grade encryption key in about seven hours, using computers on Amazon Web services.” Once done, this enables hackers to easily make “man-in-the-middle” attacks on the cracked websites.

Guess what? Over a third of “encrypted” websites, according to tests made by University of Michigan researchers J. Alex Halderman and Zakir Durumeric, are open to FREAK attacks. Specifically, OpenSSL and Apple TLS/SSL clients such as the Safari Web browser are vulnerable to FREAK. When using these programs, it’s relatively simple to downgrade their “secure” connections from “strong” RSA to the easy-to-break “export-grade” RSA.

All of this has happened because as Matthew Green, a cryptographer and research professor at Johns Hopkins University, succinctly put it, the NSA made sure that the early “SSL protocol itself was deliberately designed to be broken.”

And, now, it has been. It’s just that it’s now open to being broken by anyone with basic code-breaking smarts and easily available computer resources. The key problem is that OpenSSL and Safari both contain bugs that cause them to accept “RSA export-grade keys even when the client didn’t ask for export-grade RSA.”

Websites, generally speaking only create a single export-grade RSA key per session. They, like Apache with mod_ssl, will then re-use that key until the web server is rebooted. Thus, if you break a site once, chances are you’ve broken into it for days, weeks, even months.

Many of the websites that are “FREAKable” seem to be on Content Delivery Networks (CDN)s such as Akamai. That’s the reason why, for example, the NSA site is vulnerable. Akamai is working on fixing its web servers.

Encryption Backdoors Will Always Turn Around And Bite You In The Ass

by Mike Masnick, Tech Dirt

Wed, Mar 4th 2015 10:50am

As you may have heard, the law enforcement and intelligence communities have been pushing strongly for backdoors in encryption. They talk about ridiculous things like “golden keys,” pretending that it’s somehow possible to create something that only the good guys can use. Many in the security community have been pointing out that this is flat-out impossible. The second you introduce a backdoor, there is no way to say that only “the good guys” can use it.

As if to prove that, an old “golden key” from the 90s came back to bite a whole bunch of the internet this week… including the NSA. Some researchers discovered a problem which is being called FREAK for “Factoring RSA Export Keys.” The background story is fairly involved and complex, but here’s a short version (that leaves out a lot of details): back during the first “cryptowars” when Netscape was creating SSL (mainly to protect the early e-commerce market), the US still considered exporting strong crypto to be a crime. To deal with this, RSA offered “export grade encryption” that was deliberately weak (very, very weak) that could be used abroad. As security researcher Matthew Green explains, in order to deal with the fact that SSL-enabled websites had to deal with both strong crypto and weak “export grade” crypto, — the “golden key” — there was a system that would try to determine which type of encryption to use on each connection. If you were in the US, it should go to strong encryption. Outside the US? Downgrade to “export grade.”



(T)he lesson of the story: backdoors, golden keys, magic surveillance leprechauns, whatever you want to call it create vulnerabilities that will be exploited and not just by the good guys.



Whether it’s creating vulnerabilities that come back to undermine security on the internet decades later, or merely giving cover to foreign nations to undermine strong encryption, backdoors are a terrible idea which should be relegated to the dustbin of history.

The law that entropy always increases holds, I think, the supreme position among the laws of Nature. If someone points out to you that your pet theory of the universe is in disagreement with Maxwell’s equations – then so much the worse for Maxwell’s equations. If it is found to be contradicted by observation – well, these experimentalists do bungle things sometimes. But if your theory is found to be against the second law of thermodynamics I can give you no hope; there is nothing for it but to collapse in deepest humiliation.

Sir Arthur Stanley Eddington, The Nature of the Physical World (1927)

Science News and Blogs

Science Oriented Video

Obligatories, News and Blogs below.

Harvest Super Moon

 photo 2urqj2b_zpse539d84a.jpg
The full moon will rise tonight over the east coast at 6:55 PM EDT. It is the third consecutive super moon and the 5th this year.

We in astronomy used to call them perigean new moons or perigean full moons, that is, new or full moons closely coinciding with perigee – the moon’s closest point to Earth in its orbit. But, like almost everyone else, now we enjoy calling them supermoons. The name supermoon was coined by an astrologer, Richard Nolle, over 30 years ago. It was popularized and came to be the accepted term for most people only in the past few years. Are supermoons hype? In our opinion … gosh, no, just modern folklore. And they can cause real physical effects, such as larger-than-usual tides. The year 2014 has a total of five supermoons. They are the two new moons of January, and the full moons of July, August and September.

It’s also the Harvest Moon which is the full moon closest to the autumnal equinox which falls (punny) on September 22 this year.

The super Harvest Moon and Mid-Autumn Festival of September 8-9 are early in 2014, but September equinox isn’t until September 23 at 2:29 UTC. Although the equinox happens at the same moment worldwide, the clock times vary by time zone.

In the U.S. this equinox comes on September 22 at 10:29 p.m. EDT, 9:29 p.m. CDT, 8:29 p.m. MDT or 7:29 p.m. PDT.

In the Northern Hemisphere, the sun is rising later now, and nightfall comes sooner. This is our autumn equinox, when the days are getting shorter in the Northern Hemisphere. At this equinox, day and night are approximately equal in length. For us in the Northern Hemisphere, people are enjoying the cooler days of autumn even as preparations for winter are underway. South of the equator, spring begins.

Depending on where you live the Super Harvest Moon can be on either tonight, September 8 or September 9

It happens on September 9 at 1:38 Universal Time. In North America, the crest of the moon’s full phase comes on September 8, at 9:38 p.m. EDT, 8:38 p.m CDT, 7:38 p.m. MDT or 6:38 p.m. PDT.

So the night of September 8-9 has the brightest, fullest moon for the Americas. Meanwhile, for the most of Asia, the moon turns precisely full during the daylight hours on September 9. For all of us, by the night of September 9-10, the moon will be waning. In fact, September 8, 2014 is the night of the Mid-Autumn Festival in Asia, which is linked to this full moon.

For modern Pagans and Wiccans, this moon marks the start of the second harvest which culminates on the Autumnal Equinox. The third and final harvest then begins as the nights are longer than the days and we start to prepare in earnest for winter. Samhein, or Halloween, marks the final harvest celebration with bond fires, feasts and music marking the passing of another year and the beginning of winter.

Wherever you are tonight, step outside, stand barefoot on the earth, reach up to touch the moon and breath.

Super Moon and Meteor Showers

Tonight’s Full Moon is the fourth Super Moon of the 2014 and in case you miss it, you’ll have another chance on September 9. A “super moon” occurs when the moon is new or full “at or near its closest approach to Earth in a given orbit.” Tonight’s moon is at its closest for the year, only 221,765 miles from Earth. Because of its close proximity, tides will be higher than usual, which could cause flooding in some low lying coastal areas. The National Weather Service has issues a coastal flood warning for the eastern seaboard extending from parts of New York City down to Delaware

The uniqueness of this Super Moon is that occurs in conjunction with the first night of Perseid Meteor showers:

The Perseids are a prolific meteor shower associated with the comet Swift-Tuttle. The Perseids are so-called because the point from which they appear to come, called the radiant, lies in the constellation Perseus. The name derives in part from the word Perseides, a term found in Greek mythology referring to the sons of Perseus.

The stream of debris is called the Perseid cloud and stretches along the orbit of the comet Swift-Tuttle. The cloud consists of particles ejected by the comet as it travels on its 133-year orbit. Most of the particles have been part of the cloud for around a thousand years. However, there is also a relatively young filament of dust in the stream that was pulled off the comet in 1865, which can give an early mini-peak the day before the maximum shower. [..]

The shower is visible from mid-July each year, with the peak in activity between 9 and 14 August, depending on the particular location of the stream. During the peak, the rate of meteors reaches 60 or more per hour. They can be seen all across the sky; but, because of the path of Swift-Tuttle’s orbit, Perseids are primarily visible in the northern hemisphere. As with many meteor showers, the visible rate is greatest in the pre-dawn hours, since the side of the Earth nearest to turning into the sun scoops up more meteors as the Earth moves through space. Most Perseids disappear while at heights above 80 kilometres (50 mi).

This year the showers will peak around dawn on on Monday, Tuesday and Wednesday. However, they may be hard to see because of the brightness of the super moon

Your best views are between midnight and a few hours before sunrise (around 6:30 a.m.) as Earth rotates into the stream of debris left behind by comet 109P/Swift-Tuttle. The view improves as the moon sets around 3 a.m. Wednesday morning. The moon will set about an hour later each subsequent day.

Beginning Monday, your best chances are at a more family friendly evening time from shortly after sunset (around 8:45 p.m.) through moonrise about an hour later. The moon also rises about an hour later each subsequent evening, giving more opportunity to see meteors before the nearly full moon washes out the sky. Also take a moment to look low on the southwest horizon for Saturn and just below and to the right for Mars.

Perseid Meteors vs the Supermoon

Cosmic Man, Neil deGrasse Tyson Speaks

All this week on MSNBC’s “All In with Chris Hayes,” the host of the series “Cosmos,” Neil deGrasse Tyson sat down with Chris to talk about life, the universe and everything. Here are the first three segments.

Cosmic, man

Chris talks with renowned astrophysicist and host of “Cosmos,” Neil deGrasse Tyson, about the future of science and the possibility of extra-terrestrial life.


Life, the Universe and Everything

In a multi-part series, the host of Moyers and Company, Bill Moyers and the popular astrophysicist Neil deGrasse Tyson discussed the universe, higher beings and science literacy.



Transcript can be read here



Transcript can be read here



Transcript can be read here

Don’t Pretend You Care About These Issues When Defending the President

This is an older piece of mine that appeared on Daily Kos on Thursday December 29, 2011.

 

It's an important one because it destroys the argument you hear from some Obama supporters hoping to deflect the inhumane treatment of whistle blower Bradley Manning. They say that since African Americans in our prison system suffer torture and injustice in our prison industrial complex, then that means what is happening to Bradley Manning is not really an issue. Of course what they don't mention is that yes, African Americans have been and are indeed suffering atrocities in our prison industrial complex, yet they don't want to talk about President Obama continuing this trend and even making it worse even hiring a for profit private prison lobbyists in his Justice Department where some of the worst offenses happen making him involved in the state issue and federal issue.

 

You can see the failed deflections in the comments of that diary and how the truth about this really hit a nerve with some people, whether they claim to be a fake Marxist in a past life making their support of the PIC and neoliberalism OK now under Obama or not. The facts show that they don't really care about these issues when hoping to shield Obama from them in the case of Bradley Manning.

Part of the reason the Occupy movement exists and are out in the streets is because of the massive failures of this Democratic administration and a Democratic Congress. This can’t be denied. However, because it can’t be denied there are certain implications going around in their defense by those who are in denial about this. They imply that what’s going on with Bradley Manning’s confinement and his sham of a trial doesn’t truly matter.

They imply Occupy protesters getting beaten, sprayed, and handcuffed until they get nerve damage doesn’t matter because of the fact that African Americans and Latinos have been feeling the brunt of police brutality and a corrupt racist justice system for years. It is very true that African Americans and Latinos have felt the brunt of a corrupt racist justice system for years.

However, these injustices still matter regardless, because as MLK said, “A threat to justice anywhere is a threat to justice everywhere” and that still holds true today. The issues the Occupy movement are fighting for affect all races, especially on income inequality and economic justice. That is an acknowledged fact that can’t be denied.

The people of Occupy Wall Street are protesting our country’s growing inequality–and nowhere is this inequality more acutely felt than the makeup of our prison population.

Recently at a city council meeting in my home of Jersey City, a 46-year-old formerly incarcerated man told the council, as reported in the Jersey City Independent: “I’ve served 16 years in prison. I came home three years ago and tried everything possible you can do. I got my high school diploma and a driver’s license…The job system failed me.”

When I went to Occupy Wall Street, my friend carried a sign that read: “Troy Davis would still be alive if he had been rich and white.” We had attended a protest earlier that month, when Davis was still alive, where signs and demonstrators proclaimed, “We are Troy Davis.”

We are Troy Davis. We are the 99 percent.

Pique the Geek 20130106: Magnesium — Common and Essential

Magnesium, with a Z = 12, is an extremely common element in the crust of the earth, but it is never found in nature in the elemental state.  It is the second member, after beryllium, in the alkaline earth series of elements.  It is above calcium in that same group, and has significant biological roles.

As is the general trend for elements on the left hand of periodic table, magnesium is less reactive than calcium, just as beryllium is less reactive than magnesium.  This is due to the fact that elements in the first and second columns have their electrons more tightly bound the higher in the column they appear because of less shielding from other electron shells.

Pique the Geek 20121202: Emulsification

Before we begin tonight, please join me in paying my respects to my mum, who would have been 91 years old today.  The season beginning with Thanksgiving and lasting through New Year’s Day was her favorite of the year, and she showed lots of love to everyone during this time.  But she showed lots of love all year ’round.

The definition of an emulsion is two dissimilar liquids that are dispersed into a more of less long lasting mixture that has properties different than either of the two liquids.  I say dissimilar because in most cases one of the liquids is hydrophopic (literally, “water fearing”, often an oil or hydrocarbon) and the other one hydrophilic (literally, “water loving”, often water itself).

The old adage that oil and water do not mix is only partially true.  It is possible to make them mix, and it is often done intentionally.  Sometimes it happens upon accident, and we organic chemists know that when the synthetic product that we seek to isolate forms an emulsion with the solvent and/or other materials in the separatory funnel that is easy to become piqued by that.

Pique the Geek 20121118: Scotch Whisky

Scotch whisky is quite different than most other distilled grain spirits.  First of all, it has its own spelling.  Except for Scotch, the spelling is “whiskey”.  In the case of Scotch, it is “whisky”.  I do not know if that is a Gaelic thing, but it is true.  Likewise, the plural of “whisky” is “whiskies”, whilst the plural of “whiskey” is “whiskeys”.  Actually, these distinctions are at best approximate, as some American brands of things that are not Scotch call themselves “whisky”.  But Scotch is almost always spelt “whisky”.

Actually, I am not sure if “Scotch” should even be the name for it.  Some of them call themselves “Scots’ Whisky”.  That might be a better way of saying it.

Now for the Geeky stuff.  Follow with me for several hundreds of years?

Pique the Geek 20121111: Drying Oils

I was painting a wooden basket yesterday with boilt linseed oil and thus came the inspiration for tonight’s topic.  Drying oils are very important in the coatings industry, not as much as in the past but still important.

Back in the day before high quality water based paints had been developed, oil based paints were just about the only good choice except for some specialized applications.  Before we go into detail, we should define some key terms regarding to paint.

The vehicle is the part of the paint that forms a tough, adherent film.  In oil based paints the vehicle is generally linseed oil.  In latex paints the vehicle is some type of synthetic resin.

The second component (not always in paint, but usually) is the solvent, also called the diluent.  In oil paint the solvent is now usually petroleum distillates, but before oil was discovered the solvent was almost always turpentine.  In latex paints the solvent is water.

The pigment is composed of inorganic powders, usually white or colorless.  The pigment can add to the toughness of the film.  For commercial house paints the pigment does not provide color (except for white) and usually organic dyes are added to the pigment for colors, although some other materials are also used.  For art paints, many times the pigment is also the color in many cases.  Pigments are similar for oil and water based paints.

There are also additives in small quantities in most paints to modify drying rate, viscosity, surface tension, and other properties.  Water based paint often contains ethylene glycol as an antifreeze.

Load more