from:"Jim"

https://phys.org/news/2023-08-scientists-nonlinear-circuit-harvest-power.html

Windows Central: ULTRARAM could change the PC landscape forever

https://www.windowscentral.com/hardware/cpu-gpu-components/ultraram-could-potentially-revolutionize-the-pc-landscape-as-we-know-it

Ars Technica: SanDisk Extreme SSDs are “worthless,” multiple lawsuits against WD say

https://arstechnica.com/gadgets/2023/08/sandisk-extreme-ssds-are-worthless-multiple-lawsuits-against-wd-say/

Ars Technica: Google announces new algorithm that makes FIDO encryption safe from quantum computers

https://arstechnica.com/security/2023/08/passkeys-are-great-but-not-safe-from-quantum-computers-dilithium-could-change-that/

Pi formula

2023-08-19 Thread jim bell

Read "Formula Calculates Any Digit Of Pi, Nobody Noticed For Centuries" on 
SmartNews: https://l.smartnews.com/p-NFxsZ/FSO79I

ULTRARAM may be a silly name but it's the holy grail for memory tech and means your PC could hibernate for over 1,000 years

2023-08-15 Thread jim bell

: ULTRARAM may be a silly name but it's the holy grail for memory tech and 
means your PC could hibernate for over 1,000 years 
https://share.newsbreak.com/4ovo7rns

Intel Downfall: Severe flaw in billions of CPUs leaks passwords, more | PCWorld

2023-08-15 Thread jim bell

https://www.pcworld.com/article/2025589/downfall-serious-security-vulnerability-in-billions-of-intel-cpus-how-to-protect-yourself.html

AnandTech: Kioxia's CD8P SSD Unveiled: Up to 30.72 TB, PCI 5.0 x4 Interface

2023-08-11 Thread jim bell

30 terabytes. A million times larger than the biggest I ever sold, in 1992.  31 
years ago.  Inventor of the SSD, 1980.  43 years ago.Jim Bell, 
SemiDisk 
Systemshttps://www.anandtech.com/show/19998/kioxias-cd8p-ssd-unveiled-up-to-3072-tb-pci-50-x4-interface

CoinDesk: SEC Asked Coinbase to Stop Trading in all Cryptocurrencies Other Than Bitcoin Before Suing: Report

2023-08-01 Thread jim bell

https://www.coindesk.com/policy/2023/07/31/sec-asked-coinbase-to-stop-trading-in-all-cryptocurrencies-other-than-bitcoin-before-suing-report/

Re: Cryptocurrency: Superconductor Mining Chips... First To Fab, First To Profit, FTW

2023-07-26 Thread jim bell

That report of a room-temp, ambient pressure superconductor is amazing

         Jim Bell 
 
  On Wed, Jul 26, 2023 at 2:52 PM, grarpamp wrote:   
Superconductors, Aliens, AI, Genetic Compilers, Quantum... Singularity.

https://arxiv.org/pdf/2307.12008.pdf
https://arxiv.org/pdf/2307.12037.pdf

For the first time in the world, we succeeded in synthesizing
the room-temperature superconductor (Tc  400 K, 127 oC)
working at ambient pressure with a modified lead-apatite (LK-99) structure.

A material called LK-99®, a modified-lead apatite crystal structure with
the composition (Pb10-xCux(PO4)6O (0.9

BBC News: The tech flaw that lets hackers control surveillance cameras

2023-06-26 Thread jim bell

BBC News - The tech flaw that lets hackers control surveillance cameras
https://www.bbc.co.uk/news/technology-65975446

Re: My apologies to Professor Rat, although I don't recall what I did years ago.

2022-09-02 Thread jim bell

 I think I should provide some context to what I've previously said.  It 
occurred to me that I should actively attempt a little peace, and who knows 
maybe even a reconciliation with Professor Rat.  Or, at least, offer a mutual 
'detente', a word from the 1970's, describing a lessening of that era's 
tensions during the Cold War.   Use a little respect and tolerance, which we 
should all be able to give.  The results, you saw, but at least I tried.  
Nothing ventured, nothing gained, as they say. No reason to regret the attempt. 
The Cypherpunks list always had a very good reason to exist. And it can still 
do that, today, as long as we try.

Re: My apologies to Professor Rat, although I don't recall what I did years ago.

2022-09-02 Thread jim bell


 On Fri, Sep 2, 2022 at 2:57 PM, professor rat

 wrote:Nothing personal Gym - its business - that's all

And going by your receptions in Prague and Acapulco I might even be doing you a 
favor.

Some things only your friends will tell you.

As for the politics - if the Right don't kill you for being a Left-anarchist 
provocateur ( deviationist )

the Left will kill you for your Right opportunism - but you claimed you knew 
this going in.

That your last best hope was virality.  Lately all you blabber about is Black 
Box solutions and quantum FUD.

Have you had your cognition tested lately?

Maybe you're overdue to join dear old Mom and Dad. 

Goodnight - and may your Anarcopulco God go with you.


 
  

On Fri, Sep 2, 2022 at 2:57 PM, professor rat wrote:
"the Left will kill you for your Right opportunism - but you claimed you knew 
this going in."
Okay, I don't quite remember the conversation, it may have been years.  But 
yes, everything seems to turn into a "political" dispute, especially these 
days.  Every faction has its enthusiastic opponents. 
BTW, my references to quantum have nothing to do with politics:. It is just 
that for years, we have seen it said that quantum techniques may help break 
RSA.  While that might not happen for a decade or longer, messages generated 
today may be recorded and vulnerable later. ('Venona')
 So there should be pressure to replace RSA with 'quantum resistant' 
algorithms.  Fortunately, they exist or are being developed.

My apologies to Professor Rat, although I don't recall what I did years ago.

2022-09-02 Thread jim bell

 For the last few years, I've seen negative comments by Professor Rat, against 
me.  I have been perplexed.   Well, the saying "bury the hatchet" comes to 
mind.  I don't think I've ever said a word against you.  If I did something 
wrong, again I apologize.  Perhaps I crossed an 'invisible line' at some point. 
MAYBE this started back about 2017 (?) when I attended the Anarchapulco 
conference.  I was  not aware of any problem with going. It has been so long, 5 
years, so I don't recall if announced my intention on the CP list, or recall 
getting any negative feedback.  
I do rather little ideological discussion on the Internet.  I don't understand 
the intricacies of alternative politics.   (Nor non-alternative politics, 
either.)    My understanding was that Anarchapulco was, in large part, a 
meeting for the discussion of crypto-currencies, so I went primarily for that 
purpose, and to visit an interesting prominent destination.    
I was invited to go, so I did.  I didn't see any harm at the time.  Generally, 
I go when I am invited, and so far quite rarely.  I don't seek out such events, 
and never have. 
So, having not intended to offend you,  I have been and remain very, very 
sorry.   Could you accept these apologies?  Peace.  
Jim Bell

The Hill: The mother of all ‘zero-days’ — immortal flaws in semiconductor chips

2022-08-29 Thread jim bell

The Hill: The mother of all ‘zero-days’ — immortal flaws in semiconductor chips.
https://thehill.com/opinion/cybersecurity/3617715-the-mother-of-all-zero-days-immortal-flaws-in-semiconductor-chips/

The CHIPS Act of 2022 was signed into law on Aug. 9. It provides tens of
billions of dollars in public support for revitalization of domestic
semiconductor manufacturing, workforce training, and “leap ahead” wireless
technology. Because we outsource most of our device fabrication — including the
chips that go into the Navy’s submarines and ships, the Army’s jeeps and tanks,
military drones and satellites — our industrial base has become weak and
shallow. The first order of business for the CHIPS Act is to address a serious
deficit in our domestic production capacity.

Notoriously absent from the language of the bill is any mention of chip
security. Consequently, the U.S. is about to make the same mistake with
microelectronics that we made with digital networks and software applications:
Unless and until the government demands in-device security, our competitors
will have an easy time of manipulating how chips function and behave. Nowhere
is this more dangerous than our national security infrastructure.

For the first quarter-century of ubiquitous internet access, policy makers and
industry leaders did not imagine — literally could not conceive — a deliberate
electronic intrusion from an ideological adversary.

Now they hit us almost at will.

Deterrence has proven to be an obviously insufficient policy alternative.
Western civil societies — our power stations, waste processing facilities, and
hospitals — are paying a heavy price for their porous defenses and cyber
naivete.
Every chip starts life as a software program before it is fabricated, mostly in
Asia, and mostly in Taiwan, into a chip. The process that transforms design
code into “sand in the hand” silicon is just as vulnerable today as consumer
applications were in the early 2010s, and for all the same reasons. The impact
is deeper and more penetrating because once a chip is compromised, it is nearly
impossible to patch. It might be in space or under an ocean. Our enemies know
this too.

Satellite Quantum key distribution.

2022-08-23 Thread jim bell

https://phys.org/news/2022-08-compact-qkd-paves-cost-effective-satellite-based.html

Researchers experimentally demonstrated a space-to-ground QKD network using a 
compact QKD terminal aboard the Chinese Space Lab Tiangong-2 and four ground 
stations. Credit: Cheng-Zhi Peng, University of Science and Technology of China

Researchers report an experimental demonstration of a space-to-ground quantum 
key distribution (QKD) network using a compact QKD terminal aboard the Chinese 
Space Lab Tiangong-2 and four ground stations. The new QKD system is less than 
half the weight of the system the researchers developed for the Micius 
satellite, which was used to perform the world's first quantum-encrypted 
virtual teleconference.The demonstration represents an important step toward 
practical QKD based on constellations of small satellites, a setup considered 
one of the most promising routes to creating a global quantum communication 
network.

"QKD offers unconditional security by using single photons to encode 
information between two distant terminals," said research team member Cheng-Zhi 
Peng from the University of Science and Technology of China. "The compact 
system we developed can reduce the cost of implementing QKD by making it 
possible to use small satellites."

Peng and researchers from other institutions in China describe their new system 
and experimental results in Optica. They also found that QKD performance can be 
boosted by building a network of satellites orbiting at different angles, or 
inclinations, in relation to the equator.

"Our new work demonstrates the feasibility of a space-ground QKD network based 
on a compact satellite payload combined with constellations of satellites with 
different orbit types," said Peng. "In the near future, this type of QKD system 
could be used in applications that require high security such as government 
affairs, diplomacy and finance."
The researchers created the compact payload—shown here in ground experiments— 
that allowed the Tiangong-2 Space Lab to act as a satellite QKD terminal. It 
included a tracking system, QKD transmitter and a laser communication 
transmitter. Credit: Cheng-Zhi Peng, University of Science and Technology of 
China
Shrinking the QKD system

QKD uses the quantum properties of light to generate secure random keys for 
encrypting and decrypting data. In previous work, the research group 
demonstrated satellite-to-ground QKD and satellite-relayed intercontinental 
quantum networks using the Micius satellite. However, the QKD system used 
aboard that satellite was bulky and expensive. About the size of a large 
refrigerator, the system weighed around 130 kg and required 130 W of power.

As part of China's quantum constellation plan, the researchers sought to 
develop and demonstrate a more practical space-ground QKD network. To do this, 
they developed a compact payload that allowed the Tiangong-2 Space Lab to act 
as a satellite QKD terminal. The QKD payload—consisting of a tracking system, 
QKD transmitter and a laser communication transmitter—weighed around 60 kg, 
required 80 W of power and measured about the size of two microwave ovens."This 
payload was as integrated as possible to reduce volume, weight and cost while 
achieving the high performance necessary to support space-to-ground QKD 
experiments," said Peng. "It also had to be very durable to withstand harsh 
conditions such as the severe vibration experienced during launch and the 
extreme thermal vacuum environment of space."

The researchers performed a total of 19 QKD experiments during which secure 
keys were successfully distributed between the Space Lab terminal and four 
ground stations on 15 different days between October 2018 and February 2019. 
These experiments were conducted at night to avoid the influence of daylight 
background noise.

The researchers found that the medium (~42°) inclination orbit of the space lab 
allowed multiple passes over a single ground station in one night, which 
increased the number of keys that could be generated. They also built a model 
to compare the performance of satellite-based QKD networks with different orbit 
types. They found that combining satellites with a medium-inclination orbit 
like the space lab with a sun-synchronous orbit that travels over the polar 
regions achieved the best performance.

Satellite-based QKD transmission could be used to create a highly secure global 
quantum communication network. Credit: Cheng-Zhi Peng, University of Science 
and Technology of China

Next steps

The researchers are now working to improve their QKD system by increasing the 
speed and performance of the QKD system, reducing cost, and exploring the 
feasibility of daytime satellite-to-ground QKD transmission. "These 
improvements would allow a practical quantum constellation to be created by 
launching multiple low-orbit satellites," said Peng. "The constellation could 
be combined with a medium-to-high-orbit quantum

Re: Anti War: Thread

2022-08-21 Thread jim bell

On Fri, Jul 15, 2022 at 12:53 AM, grarpamp 
wrote:https://nitter.net/pic/media%2FFXVNIJgXwAAUV-F.jpg

Ukrainians are selling WEAPONS on the BLACK MARKET!
Javelin, NLAW and AT4 launchers are for sale by Ukrainian arms
dealers. Ukrainian generals and soldiers are underpaid and sell US and
UK weapons on the black market. Every wannabe terrorist can now
destroy civilian aircraft and kill hundreds for just $20k.

I suppose it should be possible to geo-limit these weapons to prevent them from 
being used outside a pre-defined area.

IEEE Spectrum: “Quantum-Safe” Crypto Hacked by 10-Year-Old PC

2022-08-19 Thread jim bell

IEEE Spectrum: “Quantum-Safe” Crypto Hacked by 10-Year-Old PC.
https://spectrum.ieee.org/quantum-safe-encryption-hacked

Future quantum computers may rapidly break modern cryptography. Now researchers 
find that a promising algorithm designed to protect computers from these 
advanced attacks could get broken in just 4 minutes. And the catch is that 
4-minute time stamp was not achieved by a cutting-edge machine but by a regular 
10-year-old desktop computer. This latest, surprising defeat highlights the 
many hurdles postquantum cryptography will need to clear before adoption, 
researchers say.

In theory, quantum computers can quickly solve problems it might take classical 
computers untold eons to solve. For example, much of modern cryptography relies 
on the extreme difficulty that classical computers face when it comes to 
mathematical problems such as factoring huge numbers. However, quantum 
computers can in principle run algorithms that can rapidly crack such 
encryption.

To stay ahead of this quantum threat, cryptographers around the world have 
spent the past two decades designing postquantum cryptography (PQC) algorithms. 
These are based on new mathematical problems that both quantum and classical 
computers find difficult to solve.

“What is most surprising is that the attack seemingly came out of nowhere.”
—Jonathan Katz, University of Maryland at College Park

For years, researchers at organizations such as the National Institute of 
Standards and Technology (NIST) have been investigating which PQC algorithms 
should become the new standards the world should adopt. NIST announced it was 
seeking candidate PQC algorithms in 2016, and received 82 submissions in 2017. 
In July, after three rounds of review, NIST announced four algorithms that 
would become standards, and four more would enter another round of review as 
possible additional contenders.

Tom's Hardware: Tachyum Submits Bid to Build 20 Exaflops Supercomputer

2022-08-16 Thread jim bell

Tom's Hardware: Tachyum Submits Bid to Build 20 Exaflops Supercomputer.
https://www.tomshardware.com/news/tachyum-submits-bid-to-build-20-exaflops-supercomputer
"Tachyum on Tuesday said that it had submitted a bid to the Department of 
Energy to build a 20 exaflops supercomputer in 2025. The machine would be based 
on the company's next-generation Prodigy processors featuring a proprietary 
microarchitecture that can be used for different types of workloads.

"The U.S. DoE wants a 20 exaflops supercomputer with a 20MW–60MW power 
consumption to be delivered by 2025. The system is set to be installed at Oak 
Ridge National Laboratory (ORNL) and will complement the lab's Frontier system 
that went online earlier this year.

"Tachyum does not disclose which hardware it proposed to the DoE, but only says 
that it has its 128-core Prodigy processor today as well as a higher-performing 
Prodigy 2 processor in its roadmap, so it is safe to say that by 2025 it will 
have the latter on hand and it could be able to address the upcoming system.

"Tachyum's Prodigy is a universal homogeneous processor packing up to 128 
proprietary 64-bit VLIW cores that feature two 1024-bit vector units per core 
and one 4096-bit matrix unit per core. Tachyum expected its flagship Prodigy 
T16128-AIX processor(opens in new tab) to offer up to 90 FP64 teraflops for HPC 
as well as up to 12 'AI petaflops' for AI inference and training (presumably 
when running INT8 or FP8 workloads). Prodigy consumes up to 950W and uses 
liquid cooling.

"That was all before Tachyum sued Cadence, its intellectual property provider, 
for lower-than-expected performance of its Prodigy processor. We have no idea 
what the current performance expectations are for the chip.

"In theory, Tachyum could power an exaflops system using over 11,000 of its 
Prodigy processors, though power consumption of such a machine would be 
gargantuan. Presumably, Prodigy 2 has a better chance to meet the needs of a 
next-generation exascale system than the original Prodigy.

"There is currently one exaflops-class supercomputer in the U.S., the 1.1 
exaflops Frontier system at Oak Ridge National Laboratory (ORNL) that is based 
on AMD's 64-core EPYC CPUs as well as Instinct MI250X compute GPUs. There are 
two more exascale systems being built in the USA, the 2 exaflops Aurora machine 
powered by Intel's 4thGeneration Xeon Scalable processors and Xe-HPC compute 
GPUs (aka, Ponte Vecchio) as well as the ">2 exaflops" El Capitan supercomputer 
based on AMD's Zen 4 architecture EPYC CPUs and Instinct MI300 GPUs.

"One of the interesting things about the DoE's supercomputing plans is that 
from now on it wants to upgrade its high-performance compute capabilities every 
12–24 months, not every 4–5 years. As a result, the DoE will be more eager to 
adopt exotic architectures like Tachyum's Prodigy than it is today.

Google Program to Free Chips Boosts University Semiconductor Design

2022-08-13 Thread jim bell

https://www.hpcwire.com/2022/08/11/google-program-to-free-chips-boosts-university-semiconductor-design/

August 11, 2022

A Google-led program to design and manufacture chips for free is becoming
popular among researchers and computer enthusiasts.

The search giant’s open silicon program is providing the tools for anyone to
design chips, which then get manufactured. Google foots the entire bill, from a
chip’s conception to delivery of the final product in a user’s hand.

Google’s Open MPW program includes an open-source design toolkit from a company
called EFabless, which also manages the program.

Enthusiasts and researchers have to submit their chip design, which then gets
manufactured in the factories of SkyWater on the 130nm process. The submission
deadline for the latest Open MPW program is September 12.

Open MPW’s popularity can be measured by the number of projects using Efabless’
EDA tools. Chips from about 240 open-source silicon projects via Efabless’
tools will be manufactured in Skywater’s factories, Mike Wishart, CEO of
Efabless.

“The total projects posted on our site are like 570. That has gone extremely
well. It’s diverse, from 25 countries,” Wishart said.

Efabless had about 160 tapeouts in 2021, and had no tapeouts in 2020.

Efabless provides a simple design EDA tool to make chips, which is mostly about
dragging and dropping the core elements inside a chip. An open-source PDK
(process design kit) prepares the chip for fabrication in factories.

The Open MPW program added recent partners, including the U.S. Department of
Defense, which last month poured $15 million into the project to get
open-source chips made on SkyWater’s 90nm process. GlobalFoundries also joined
the alliance and will also manufacture chips on the 180nm node.

The manufacturing technology provided through the project is very old, but it
is cost-effective. Intel, Apple and others make expensive chips on the more
advanced processes such as 5nm, which uses cutting-edge technology and provides
the fastest computing in devices.

Open MPW is popular in academia and research, and for those experimenting or
testing chips and need small batches, Wishart said.

“Our incentive is to make it simple for more and more people and grow a
community around those executing designs… [on] nodes that are more accessible
to them and therefore lower costs,” Wishart said.

Typically, chips can be expensive to manufacture, and factories are open to
corporations. But Open MPW makes factories available to researchers and
students.

“There was an unmet need in academia, that was overwhelming and not appreciated
because they didn’t know what they could get,” Wishart said.

The open-source toolkits cover the full concept of chip development, from
conceptualization to delivery of parts. Some universities may have deals with
chip factories, but students at the undergraduate, master’s and PhD programs
still have poor awareness of chip fabrication.

The Hacking of Starlink Terminals Has Begun | WIRED

2022-08-11 Thread jim bell

https://www.wired.com/story/starlink-internet-dish-hack/

Since 2018, Elon Musk’s Starlink has launched more than 3,000 small satellites 
into orbit. This satellite network beams internet connections to hard-to-reach 
locations on Earth and has been a vital source of connectivity during Russia’s 
war in Ukraine. Thousands more satellites are planned for launch as the 
industry booms. Now, like any emerging technology, those satellite components 
are being hacked.

"Today, Lennert Wouters, a security researcher at the Belgian university KU 
Leuven, will reveal one of the first security breakdowns of Starlink’s user 
terminals, the satellite dishes (dubbed Dishy McFlatface) that are positioned 
on people’s homes and buildings. At the Black Hat security conference in Las 
Vegas, Wouters will detail how a series of hardware vulnerabilities allow 
attackers to access the Starlink system and run custom code on the devices.

"To access the satellite dish’s software, Wouters physically stripped down a 
dish he purchased and created a custom hacking tool that can be attached to the 
Starlink dish. The hacking tool, a custom circuit board known as a modchip, 
uses off-the-shelf parts that cost around $25. Once attached to the Starlink 
dish, the homemade printed circuit board (PCB) is able to launch a fault 
injection attack—temporarily shorting the system—to help bypass Starlink’s 
security protections. This “glitch” allows Wouters to get into previously 
locked parts of the Starlink system."

TC BioPharm Says It Aims To Deliver A Big Breakthrough In Cancer Treatments

2022-08-09 Thread jim bell

 TC BioPharm Says It Aims To Deliver A Big Breakthrough In Cancer Treatments 
https://share.newsbreak.com/1k9e54im

Russian Hacker Warns Cyberwarfare Will Turn Deadly

2022-08-09 Thread jim bell

Russian Hacker Warns Cyberwarfare Will Turn Deadly 
https://share.newsbreak.com/1k9dxeho

group Killnet has stated that cyberwarfare will result in casualties, just days 
after threats against a major American weapons manufacturer reportedly came to 
fruition.

On Sunday, that hacker, Killmilk, told the Russian news site Gazeta.Ru that he 
has helped galvanize countless other hackers who "for one reason or another, 
support Russia in the NWO [New World Order]," pledging to "be a pioneer" if 
pro-Russian and pro-Ukrainian hackers confront one another to the point where 
deaths occur.

"In Russia, I will become a hero, and abroad, a criminal," said Killmilk, who 
launched Killnet on November 1, 2021. "Soon, I and Killnet will launch powerful 
attacks on European and American enterprises, which will indirectly lead to 
casualties. I will do my best to make these regions and countries answer for 
each of our soldiers," he said, according to an English translation.

Quantum Computation and Its Possible Effects on Society

2022-08-08 Thread jim bell

Quantum Computation and Its Possible Effects on Society 
https://share.newsbreak.com/1k522vw8

Abstract

Quantum computation is slowly becoming mainstream, as research on it is picking 
up pace, but can it really become part of our everyday life given how much our 
society depends on classical computation? This paper will discuss what quantum 
computation is and the effects it can have on the way our society works.

Introduction

Quantum computation is a new domain of computation techniques that has been 
slowly setting its roots in the world of science over the past few decades. 
Rather than improve upon what already exists, it is a completely new domain 
that works on several new principles. Since it will directly affect the 
societies we live in, it is important to consider just how it would do so.




How will quantum computation bring change to the society we live in?




Before delving into what quantum computation is, and what it is capable of, we 
must understand what classical computation is and what advancements have come 
to light since its first instance.

Classical Computation

Classical computation is the computation done through means termed “classical” 
as they have been used for quite some time. Classical computation is quite 
limited in physical terms. As classical computation is done using discrete 
states i.e., which can either be on or off, we cannot do everything with a 
limited set of states unless we increase the number of states.




If we use finite automata to compute something then we can only do so till our 
physical limitations allow us to i.e., we cannot have an infinite number of 
states. The idea of Turing Machines came from this concept, as that gives us an 
infinite tape on which to carry out the computations. However, it is infinite 
only in theory as it cannot physically exist. So, in order to make classical 
computation more powerful and efficient, there have been several enhancements 
to it that have been modeled in interesting ways. These include the idea of 
reversibility and probabilistic logic. These ideas were still inherently 
limited and so came the concept of Quantum Computation.

Family Shocked by Ford Focus Electric Battery Replacement Costing More Than the Car

Family Shocked by Ford Focus Electric Battery Replacement Costing More Than the 
Car 
https://share.newsbreak.com/1jzjzwot

Asymmetric cryptosystem based on optical scanning cryptography and elliptic curve algorithm

 Asymmetric cryptosystem based on optical scanning cryptography and elliptic 
curve algorithm 
https://share.newsbreak.com/1jyqtw88   
   - Open Access
   - Published: 11 May 2022

Asymmetric cryptosystem based on optical scanning cryptography and elliptic 
curve algorithm
   
   - Xiangyu Chang, 
   - Wei Li, 
   - …
   - Ting-Chung Poon 
Show authors
Scientific Reports volume 12, Article number: 7722 (2022) Cite this article
   
   -
359 Accesses

   -
Metricsdetails


Abstract

We propose an asymmetric cryptosystem based on optical scanning cryptography 
(OSC) and elliptic curve cryptography (ECC) algorithm. In the encryption stage 
of OSC, an object is encrypted to cosine and sine holograms by two pupil 
functions calculated via ECC algorithm from sender’s biometric image, which is 
sender’s private key. With the ECC algorithm, these holograms are encrypted to 
ciphertext, which is sent to the receiver. In the stage of decryption, the 
encrypted holograms can be decrypted by receiver’s biometric private key which 
is different from the sender’s private key. The approach is an asymmetric 
cryptosystem which solves the problem of the management and dispatch of keys in 
OSC and has more security strength than the conventional OSC. The feasibility 
of the proposed method has been convincingly verified by numerical and 
experiment results.

Introduction

Optical image encryption has attracted much attention in recent years because 
of its inherent capability of high parallelism and multidimensional freedoms 
(amplitude, phase and polarization). Since Refrégiér and Javidi first proposed 
the double random phase encoding (DRPE) technique1, researchers have introduced 
many extended optical encryption methods such as a series of optical 
transforms2,3,4,5, digital holography6,7,8, joint transform correlator9,10,11 
and ghost imaging12,13,14, etc. Furthermore, optical scanning cryptography 
(OSC)15,16,17,18,19 envisioned by Poon has become a prospective technology. 
Different from that of other CCD-based hologram acquisition systems, it can 
capture the hologram of a physical object with a fast scanning mechanism along 
with single-pixel recording. Indeed, some encryption systems have been proposed 
based on OSC. Yan et al. obtained experimental results of encryption using 
fingerprint keys18. Furthermore, they first demonstrated optical cryptography 
of 3-D object images in an incoherent optical system with biometric keys19

A CPU world record has been broken by dousing a $6,000+ AMD chip in liquid nitrogen

 A CPU world record has been broken by dousing a $6,000+ AMD chip in liquid 
nitrogen 
https://share.newsbreak.com/1juy5ego

It's a shame that AMD's Threadripper processors are no longer in the reach of 
most enthusiast gamers because the AMD Ryzen Threadripper Pro 5995WX just 
crushed a Cinebench run to net itself the world record. Proving once again that 
AMD's mammoth chip is not to be trifled with.

With a multithreaded score of 116,142 in Cinebench R23, overclocker TSAIK has 
net themselves the world number one spot (spotted by 9550pro on Twitter ), 
beating out user blueleader with two AMD Epyc 7763 server chips at 113,566.

A fearsome new botnet is rapidly gaining momentum

 A fearsome new botnet is rapidly gaining momentum 
https://share.newsbreak.com/1juxwgz5

An old, infamous trojan has been forked, with the new variant being used to 
attack Linux SSH servers, experts have warned.

However, unlike the original malware, whose purpose was quite clear, 
researchers are not yet sure what the operators are up to this time around.

Cybersecurity researchers from Fortinet detected IoT malware with unusual 
SSH-related strings, and after digging a bit deeper, discovered RapperBot, a 
variant of the dreaded Mirai trojan.

Access for sale?

RapperBot was first deployed in mid-June 2022, and is being used to brute-force 
into Linux SSH servers and gain persistence on the endpoints.

RapperBot borrows quite a lot from Mirai, but it does have its own command and 
control (C2) protocol, as well as certain unique features.

But unlike Mirai, whose goal was to spread to as many devices as possible, and 
then use those devices to mount devastating Distributed Denial of Service 
(DDoS) attacks, RapperBot is spreading with more control, and has limited 
(sometimes even completely disabled) DDoS capabilities.

The researchers’ first impression is that the malware might be used for lateral 
movement within a target network, and as the first stage in a multi-stage 
attack. It could be also used simply to gain access to the target devices, 
access which could later be sold on the black market. The researchers came to 
this conclusion, among other things, due to the fact that the trojan sits idly, 
once it compromises a device.

Scientists say they've debunked Google’s quantum supremacy claims once and for all

2022-08-06 Thread jim bell

 Scientists say they've debunked Google’s quantum supremacy claims once and for 
all 
https://share.newsbreak.com/1joxv01w

A team of scientists in China claim to have replicated the performance of 
Google’s Sycamore quantum computer using traditional hardware, thereby 
undermining the suggestion the company has achieved quantum supremacy.

As reported by Science magazine, the scientists used a system comprised of 512 
GPUs to complete the same calculation developed by Google to demonstrate it had 
passed the quantum supremacy milestone back in 2019.

The endeavor was led by statistical physicist Pan Zhang, who said his team’s 
supercomputer performed the calculation 10 billion times faster than Google had 
thought possible.

Quest for quantum supremacy

Quantum supremacy (or quantum advantage) can be defined as the point at which 
quantum computers can outstrip the maximum potential performance of classical 
supercomputers in a particular discipline.

Three years ago, Google announced it had achieved this feat with Sycamore, 
which it said took just 200 seconds to complete a statistical mathematics 
problem that would take a supercomputer 10,000 years to solve.

The problem was architected in such a way as to accentuate both the attributes 
of quantum computers, which exploit a phenomenon known as superposition to 
speed up calculations, and the limitations of traditional systems.

SciTechDaily: The Million Dollar Problem That Could Break Cryptography

2022-08-04 Thread jim bell

SciTechDaily: The Million Dollar Problem That Could Break Cryptography.
https://scitechdaily.com/the-million-dollar-problem-that-could-break-cryptography/
Usually, you can verify a solution to a problem. Whether it’s using 
multiplication for division or plugging the answer in for a variable, math 
teachers tell you to check your work using your answer in every school math 
class.


But let’s say you can verify a solution easily, is it just as easy to solve for 
that solution?

This is the P versus NP problem, a Millenium Prize Problem where the solver 
will receive a million dollars if valid proof is provided.

What is P versus NP?

In computer science, the efficiency of algorithms is very important. Most 
algorithms are believed to be “fast” if solvable in a standard called 
polynomial time. Polynomial time is when a problem is solvable in steps scaled 
by a factor of a polynomial given the complexity of input. So let’s say the 
complexity of input is some number n, a polynomial time algorithm will be able 
to solve a problem in nk steps.



Essentially, P vs NP is asking the question: Are problems that can have 
solutions verified in polynomial time, also have their answers solved in 
polynomial time?

NP-Completeness

An Euler Diagram showing the cases for NP-Completeness for P ≠ NP and P = NP. 
Credit: Behnam Esfahbod, Wikimedia Commons (CC

Intel is working on a new type of processor you've never heard of

2022-08-03 Thread jim bell

 Intel is working on a new type of processor you've never heard of 
https://share.newsbreak.com/1j8gblhk

Intel has let slip information about a new type of processor soon to make its 
way into the company’s portfolio: the versatile processing unit, or VPU.

Although no formal announcement has been made, written materials published by 
Intel alongside a new Linux driver confirmed the existence of the processor, 
which is designed to accelerate AI inference workloads.

According to the documentation, the VPU will feature inside Intel’s 14th Gen 
Core CPUs (also known as Meteor Lake) and will improve inference performance 
across “computer vision and deep learning applications”. It is most likely the 
brainchild of the team behind Movidius, an AI acceleration company acquired by 
Intel in 2016.

TechRadar Pro asked Intel for further details, but did not receive an immediate 
response.

Accelerating AI

With rivals like Nvidia fighting to establish themselves as the leading chip 
maker of the AI era, Intel will be thinking hard about how to demonstrate its 
own credentials in the space.

Broadly speaking, there are two types of AI workload: training and inference. 
The former refers to the use of large-scale datasets to develop AI applications 
with specific capabilities, while the latter refers to the feeding of new data 
into these systems to generate a result.

Vicious beatings, possibly in retaliation for lawsuits, claimed at Oregon’s federal prison

Jim Bell's comment:. I spent about 1.5 years here.  June 2010-March 12, 
2012==
Vicious beatings, possibly in retaliation for lawsuits, claimed at Oregon’s 
federal prison 
https://share.newsbreak.com/1j2kzqbb

Vicious beatings, possibly in retaliation for lawsuits, claimed at Oregon’s 
federal prison
Jefferson Public Radio | By Conrad Wilson / OPBPublished August 1, 2022 at 6:01 
PM PDT   
   - Facebook
   - Twitter
   - LinkedIn
   - Email
The Federal Correctional Institution in Sheridan, Ore.Ericka Cruz Guevarra
“I could see the blood dripping off his head onto the ground,” one witness 
inside the prison told the federal public defender’s office.

A growing number of people incarcerated at the Sheridan Federal Correctional 
Institution sent urgent notes to their attorneys last week complaining of 
guards from other federal facilities coming in to toss their cells and 
indiscriminately beat people. Several sources complained of food taken, papers 
torn up and brutal beatings.

“We were extracted the other day by [Special Operation and Response Teams] from 
across the nation and told that ‘we did this’ and ‘this is your own damn 
fault,’” wrote one unnamed person in custody at the facility, whose account was 
one of several included in court documents filed by the federal public 
defender, Lisa Hay, on Sunday.

A number of the people who were allegedly targeted have previously filed 
lawsuits over conditions inside the facility, according to Hay’s latest filing.

“So we are being RETALIATED against for filing this petition against the prison 
for mistreatment and excessive Lockdowns?” the person wrote to Hay.

The accounts from inside the prison, which is located in Yamhill County, detail 
allegations of teams of prison staff wearing “stab-vests” (a kind of body 
armor) and shirts that read “Sheridan Disruption Unit,” engaging in 
unit-by-unit, cell-by-cell violence during the last two weeks in July.

Oregon’s federal public defender’s office filed an emergency

Post-quantum encryption contender is taken out by single-core PC and 1 hour

Post-quantum encryption contender is taken out by single-core PC and 1 hour 
https://share.newsbreak.com/1j2jwill

In the US government's ongoing campaign to protect data in the age of quantum 
computers, a new and powerful attack that used a single traditional computer to 
completely break a fourth-round candidate highlights the risks involved in 
standardizing the next generation of encryption algorithms.

Last month, the US Department of Commerce's National Institute of Standards and 
Technology, or NIST, selected four post-quantum computing encryption algorithms 
to replace algorithms like RSA, Diffie-Hellman, and elliptic curve 
Diffie-Hellman, which are unable to withstand attacks from a quantum computer.
In the same move, NIST advanced four additional algorithms as potential 
replacements pending further testing in hopes one or more of them may also be 
suitable encryption alternatives in a post-quantum world. The new attack breaks 
SIKE, which is one of the latter four additional algorithms. The attack has no 
impact on the four PQC algorithms selected by NIST as approved standards, all 
of which rely on completely different mathematical techniques than SIKE.
Getting totally SIKEd

SIKE—short for Supersingular Isogeny Key Encapsulation—is now likely out of the 
running thanks to research that was published over the weekend by researchers 
from the Computer Security and Industrial Cryptography group at KU Leuven. The 
paper, titled An Efficient Key Recovery Attack on SIDH (Preliminary Version), 
described a technique that uses complex mathematics and a single traditional PC 
to recover the encryption keys protecting the SIKE-protected transactions. The 
entire process requires only about an hour’s time. The feat makes the 
researchers, Wouter Castryck and Thomas Decru eligible for a $50,000 reward 
from NIST.

“The newly uncovered weakness is clearly a major blow to SIKE,” David Jao, a 
professor at the University of Waterloo and co-inventor of SIKE, wrote in an 
email. “The attack is really unexpected.”

The New Way Police Could Use Your Google Searches Against You

 The New Way Police Could Use Your Google Searches Against You 
https://share.newsbreak.com/1j23z8tj

For millennia, we’ve been told that asking questions was the path to 
enlightenment. But in the surveillance age, it might land you in jail. That’s 
the danger of a new search tactic that police are increasingly turning to in 
their constant campaign to transform our phones and devices into evidence 
against us: keyword warrants. One Denver court may soon rule on whether they 
can continue as a policing tactic—and in the post-Roe era, the wrong decision 
could put abortion seekers in unprecedented danger

Police have used web browser history and search engine data in their 
investigations for about as long as the data has existed, but keyword warrants 
are different—a digital dragnet to find every user who searches for a specific 
person, place or thing. We don’t know how often they are used, but we the 
number of publicly known examples is only growing. And soon a Denver judge will 
provide one of the first decisions on their constitutionality.

As far back as 2009, police would ask Google for a user’s search history for 
use in investigations, viewing a single account at a time. Where there was 
probable cause that someone had committed an offense, officers could compel 
Google to provide a list of every search a user had entered. And when 
individuals weren’t logged into Google, they could still search by their 
individual IP address, the unique identifier every internet-connected computer 
uses to communicate with servers at companies like Google.

CNBC: Hacktivist group Anonymous is using six top techniques to 'embarrass' Russia

CNBC: Hacktivist group Anonymous is using six top techniques to 'embarrass' 
Russia.
https://www.cnbc.com/2022/07/28/how-is-anonymous-attacking-russia-the-top-six-ways-ranked-.html

Hacktivist group Anonymous is using six top techniques to 'embarrass' Russia
PUBLISHED THU, JUL 28 2022 6:00 PM EDTUPDATED FRI, JUL 29 2022 4:09 AM 
EDTMonica Buchanan Pitrelli@MONICAPITRELLIWATCH LIVEKEY POINTS   
   - Anonymous uses many strategies in its digital fight against Russia, the 
most effective being hacking into databases and leaking the information online, 
according to cybersecurity specialist Jeremiah Fowler.
   - The size of the leaked data will take years to process.
   - The hacks have also exposed Russia's cybersecurity defenses to be far 
weaker than previously believed, say cybersecurity researchers.

In this article
   
   - NES.N-CHMembers of the loosely connected collective known as Anonymous are 
known for wearing Guy Fawkes masks in public.
Jakub Porzycki | Nurphoto | Getty Images
Ongoing efforts by the underground hacktivists known as Anonymous are 
"embarrassing" Russia and its cybersecurity technology. 

That's according to Jeremiah Fowler, co-founder of the cybersecurity company 
Security Discovery, who has been monitoring the hacker collective since it 
declared a "cyber war" on Russia for invading Ukraine.
"Anonymous has made Russia's governmental and civilian cyber defenses appear 
weak," he told CNBC. "The group has demystified Russia's cyber capabilities and 
successfully embarrassed Russian companies, government agencies, energy 
companies and others."
"The country may have been the 'Iron Curtain,'" he said, "but with the scale of 
these attacks by a hacker army online, it appears more to be a 'paper curtain.'"

The Russian embassies in Singapore and London did not immediately respond to 
CNBC's request for comment.

Ranking Anonymous' claims

Though missile strikes are making more headlines these days, Anonymous and its 
affiliate groups aren't losing steam, said Fowler, who summarized many of the 
collective's claims against Russia in a report published Friday.

CNBC grouped Anonymous' claims into six categories, which Fowler helped rank in 
order of effectiveness:

Yahoo News: High-risk Colombians say GPS devices only add to dangers

Yahoo News: High-risk Colombians say GPS devices only add to dangers.
https://news.yahoo.com/high-risk-colombians-gps-devices-140636081.html

The bulletproof vehicles that Colombia’s government assigns to hundreds of 
high-risk individuals are supposed to make them safer. But when an 
investigative reporter discovered they all had GPS trackers, she only felt more 
vulnerable — and outraged.

No one had informed Claudia Julieta Duque — or apparently any of the 3,700-plus 
journalists, rights activists and labor and indigenous leaders who use the 
vehicles — that the devices were keeping constant tabs on their whereabouts. In 
Duque’s case, it happened as often as every 30 seconds. The system could also 
remotely cut off the SUV's engine.

Colombia is among the world’s most dangerous countries for human rights 
defenders — with more than 500 killed since 2016. It is also a country where 
right-wing extremists have a track record of infiltrating national security 
bodies. For Duque, the GPS revelation was chilling: Movements of people already 
at risk of political assassination were being tracked with technology that bad 
actors could weaponize against them.It’s something super invasive,” said Duque, 
who has been a persistent target of rogue security agents. “And the state 
doesn’t seem to care.”

The government agency responsible has said the trackers were installed to help 
prevent theft, to track the bodyguards who often drive the vehicles and to help 
respond to dangerous situations.

For a decade, Colombia had been installing trackers in the armored vehicles of 
at-risk individuals as well as VIPs, including presidents, government ministers 
and senators. The agency's director made that disclosure after Duque learned 
last year through a public records request that the system was recording her 
SUV’s location an average of five times an hour.The director dismissed privacy 
concerns and called the practice “fundamental” to guaranteeing security.

Considering the tracker a danger to her and her sources, Duque pressed for 
details on its exact features. But the National Protection Unit, known as UNP 
in Spanish, offered little. She then demanded the agency remove the device. It 
refused. So in February, Duque returned the vehicle, left the country and filed 
a legal challenge.

Now back in Bogotá, she is hoping for satisfaction when Gustavo Petro, 
Colombia’s first leftist president, takes office Aug. 7.

Petro’s domestic security transition team did not respond to questions from The 
Associated Press on the matter.

Whatever action the new administration takes will reflect on its avowed 
commitment to human rights and its ability to reform a national security 
establishment long run by bitter political foes.

The UNP is a pillar of that establishment. It employs, mostly as bodyguards, 
dozens of ex-agents of the disgraced DAS domestic security agency, which was 
dissolved in 2011 after the government of former President Alvaro Uribe abused 
it to spy on Supreme Court justices, journalists and political opponents.

Prominent among them were Petro himself – and Duque.

She was surveilled, threatened and bullied by DAS operatives after uncovering 
evidence that the 1999 assassination of beloved humorist and peace activist 
Jaime Garzon was a crime of the state. Duque's reporting eventually helped 
convict a former DAS deputy director in the killing, and three other ex-DAS 
officials have been convicted of psychological torture for threatening the 
lives of Duque and her daughter.

Trials against eight others are pending. Through it all, threats forced her 
into temporary exile nearly a dozen times.

The questions about the GPS devices added to growing concerns about an agency 
that once ranked among Latin America’s most effective in human rights 
protection. Adam Isacson, an analyst with the Washington Office on Latin 
America, said the UNP became less responsive, more politicized and more 
penetrated by criminality under the outgoing conservative government.

“With social leaders being killed nearly every other day during the past four 
years, this was the worst time for the unit to fall into disarray,” he said. 
Right-wing death squad activity spiked following a historic 2016 peace pact 
with leftist rebels.

Duque says she was tipped to the GPS trackers in early 2020 when she learned of 
a planned attempt on her life, but when she asked about them, the government 
stonewalled for a year.

When she finally got documents with the aid of the InterAmerican Human Rights 
Commission, they showed her location was recorded 25,183 times over 209 days 
from February to August of last year alone. A software manual described a 
panoply of other control options, including remotely operating cameras and door 
locks managed through vehicles' computers.

Duque asked if any such features were active in the government-leased vehicles 
but said she got no answer. The general manager of the company that provides 
the GPS

USB Drive Keeps Your Secrets… As Long As Your Fingers Are Wet? | Hackaday

2022-07-31 Thread jim bell

https://hackaday.com/2022/07/30/usb-drive-keeps-your-secrets-as-long-as-your-fingers-are-wet/

Walker] has a very interesting new project: a completely different take on a
self-destructing USB drive. Instead of relying on encryption or other “visible”
security features, this device looks and works like an utterly normal USB
drive. The only difference is this: if an unauthorized person plugs it in,
there’s no data. What separates authorized access from unauthorized? Wet
fingers.

It sounds weird, but let’s walk through the thinking behind the concept. First,
encryption is of course the technologically sound and correct solution to data
security. But in some environments, the mere presence of encryption technology
can be considered incriminating. In such environments, it is better for the
drive to appear completely normal.
Toggling the chip enable (CE) pin will hide the drive’s contents.
The second part is the access control; the “wet fingers” part. [Walker] plans
to have hidden electrodes surreptitiously measure the resistance of a user’s
finger when it’s being plugged in. He says a dry finger should be around 1.5
MΩ, but wet fingers are more like 500 kΩ.

But why detect a wet finger as part of access control? Well, what’s something
no normal person would do right before plugging in a USB drive? Lick their
finger. And what’s something a microcontroller should be able to detect easily
without a lot of extra parts? A freshly-licked finger.

Of course, detecting wet skin is only half the equation. You still need to
implement a USB Mass Storage device, and that’s where things get particularly
interesting. Even if you aren’t into the covert aspect of this device, the
research [Walker] has done into USB storage controllers and flash chips,
combined with the KiCad footprints he’s already put together means this open
source project will be a great example for anyone looking to roll their own USB
flash drives.

Regular readers may recall that [Walker] was previously working on a very
impressive Linux “wall wart” intended for penetration testers, but the chip
shortage has put that ambitious project on hold for the time being. As this
build looks to utilize less exotic components, hopefully it can avoid a similar
fate.

Daily Mail: Fibre-optic cables may be used to eavesdrop up to 1km away, study says

2022-07-30 Thread jim bell

Daily Mail: Fibre-optic cables may be used to eavesdrop up to 1km away, study 
says.
https://www.dailymail.co.uk/sciencetech/article-11057699/Fibre-optic-cables-used-eavesdrop-1km-away-study-says.html

21st Century wire tap? Spies could use fibre-optic broadband cables to 
EAVESDROP on people from over half a mile away, study shows

By Jonathan Chadwick For Mailonline14:24 28 Jul 2022, updated 15:02 28 Jul 202
 
54
 
comment
Scientists have developed a system that picks up sound from fibre-optic cables  
  
   - Fibre-optic cables use light pulses to transmit data and are used for 
broadband
   - But they are sensitive to changes in environmental pressure caused by sound
   - This security flaw may let snoopers eavesdrop on confidential conversations

Fibre-optic cables could be used to eavesdrop on people over half a mile away 
by detecting changes in light that occur when they speak, a new study shows. 

Researchers in China have developed a system that picks up sound at one end of 
a fibre-optic cable and transmits the audio at the other end. 

But they're sensitive to changes in environmental pressure, which could be 
caused by acoustic waves, such as sound from someone speaking – a potential 
security risk.Modern fibre optic cables, which use pulses of light to transmit 
data, deliver full fibre broadband (file photo)

The new study was conducted by researchers at Tsinghua University, Beijing and 
published on the pre-print server arXiv. 

'Optical fibre networks are widely deployed all over the world, which not only 
facilitates data transmission but also provides an opportunity to obtain 
additional information,' they say in their paper.

Phys.org: Quantum cryptography: Making hacking futile

2022-07-30 Thread jim bell

Phys.org: Quantum cryptography: Making hacking futile.
https://phys.org/news/2022-07-quantum-cryptography-hacking-futile.html

The Internet is teeming with highly sensitive information. Sophisticated 
encryption techniques generally ensure that such content cannot be intercepted 
and read. But in the future high-performance quantum computers could crack 
these keys in a matter of seconds. It is just as well, then, that quantum 
mechanical techniques not only enable new, much faster algorithms, but also 
exceedingly effective cryptography.

Quantum key distribution (QKD)—as the jargon has it—is secure against attacks 
on the communication channel, but not against attacks on or manipulations of 
the devices themselves. The devices could therefore output a key which the 
manufacturer had previously saved and might conceivably have forwarded to a 
hacker. With device- independent QKD (abbreviated to DIQKD), it is a different 
story. Here, the cryptographic protocol is independent of the device used. 
Theoretically known since the 1990s, this method has now been experimentally 
realized for the first time, by an international research group led by LMU 
physicist Harald Weinfurter and Charles Lim from the National University of 
Singapore (NUS).

For exchanging quantum mechanical keys, there are different approaches 
available. Either light signals are sent by the transmitter to the receiver, or 
entangled quantum systems are used. In the present experiment, the physicists 
used two quantum mechanically entangled rubidium atoms, situated in two 
laboratories located 400 meters from each other on the LMU campus. The two 
locations are connected via a fiber optic cable 700 meters in length, which 
runs beneath Geschwister Scholl Square in front of the main building.

To create an entanglement, first the scientists excite each of the atoms with a 
laser pulse. After this, the atoms spontaneously fall back into their ground 
state, each thereby emitting a photon. Due to the conservation of angular 
momentum, the spin of the atom is entangled with the polarization of its 
emitted photon. The two light particles travel along the fiber optic cable to a 
receiver station, where a joint measurement of the photons indicates an 
entanglement of the atomic quantum memories.

Tech Xplore: Twin physically unclonable functions (PUFs) based on carbon nanotube arrays to enhance the security of communications

2022-07-30 Thread jim bell

Tech Xplore: Twin physically unclonable functions (PUFs) based on carbon 
nanotube arrays to enhance the security of communications.
https://techxplore.com/news/2022-07-twin-physically-unclonable-functions-pufs.html

As the amount of data stored in devices and shared over the internet 
continuously increases, computer scientists worldwide are trying to devise new 
approaches to secure communications and protect sensitive information. Some of 
the most well-established and valuable approaches are cryptographic techniques, 
which essentially encrypt (i.e., transform) data and texts exchanged between 
two or more parties, so that only senders and receivers can view it in its 
original form.Physical unclonable functions (PUFs), devices that exploit 
"random imperfections" unavoidably introduced during the manufacturing of 
devices to give physical entities unique "fingerprints" (i.e., trust anchors). 
In recent years, these devices have proved to be particularly valuable for 
creating cryptographic keys, which are instantly erased as soon as they are 
used.

Researchers at Peking University and Jihua Laboratory have recently introduced 
a new system to generate cryptographic primitives, consisting of two identical 
PUFs based on aligned carbon nanotube (CNT) arrays. This system, introduced in 
a paper published in Nature Electronics, could help to secure communications 
more reliably, overcoming some of the vulnerabilities of previously proposed 
PUF devices.

"Classical cryptography uses cryptographic algorithms and keys to encrypt or 
decrypt information, and the most popular strategies are Rivest, Shamir, and 
Adleman (RSA) encryption," Zhiyong Zhang, one of the researchers who carried 
out the study, told TechXplore. "In an asymmetric algorithm, the public key can 
be accessed by anyone, but the public key cracking requires factoring a very 
large number, which is extremely difficult for a classical computer. This task 
has, however, been shown mathematically to be accomplishable in polynomial time 
using a quantum computer."

One of the most employed cryptographic strategies today is symmetric 
encryption, which shares the same "secret keys" for encryption and decryption 
with all users participating in a specific conversation. These strategies 
generally store secret keys in a non-volatile memory, which is vulnerable to 
physical and side-channel cyber-attacks.

In recent years, researchers have thus been exploring alternative cryptographic 
approaches, including quantum key distribution (QKD). QKD methods exploit 
concepts rooted in quantum theory to protect communications. Specifically, they 
leverage the intrinsic disturbances affecting quantum systems while they are 
being measured.

The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe

The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe.
https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/

Actual quantum computers don't exist yet. The cryptography to defeat them may
already be here

NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+
algorithms
Thomas Claburn in San FranciscoTue 5 Jul 2022 // 22:36 UTC43
The US National Institute of Standards and Technology (NIST) has recommended
four cryptographic algorithms for standardization to ensure data can be
protected as quantum computers become more capable of decryption.

Back in 2015, the NSA announced plans to transition to quantum-resistant
cryptographic algorithms in preparation for the time when quantum computers
make it possible to access data encrypted by current algorithms, such as AES
and RSA.

No one is quite sure when that may occur but it depends on the number of qubits
– quantum bits – that a quantum machine can muster, and other factors, such as
error correction.

Researchers at Google and in Sweden last year suggested it should be possible
to factor a 2,048-bit integer in an RSA cryptosystem in about eight hours,
given a 20 million-qubit quantum computer. Researchers in France claim it
should be possible to factor 2,048-bit RSA integers in 177 days with 13,436
qubits and multimode memory.

Current quantum computers have orders of magnitude fewer qubits than they need
to be cryptographically relevant. IBM recently unveiled a 127-qubit quantum
processor. The IT giant says it is aiming to produce a 1,000-qubit chip by the
end of 2023 and its roadmap places machines of more than 1 million qubits in an
unidentified time period. The Jülich Supercomputing Center (JSC) and D-Wave
Systems have a 5,000-qubit machine.

Not all qubits are equal however. The JSC/D-Wave machine relies on a quantum
annealing processor and is adept at solving optimization problems. IBM's
machine is gate-based, which is better suited for running Shor's algorithm to
break cryptography.I

n any event, the expectation is that quantum computers, eventually, will be
able to conduct practical attacks on data protected using current technology –
forcibly decrypt data encrypted using today's algorithms, in other words.
Hence, the

The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe

The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe.
https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/

IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe

Big Blue says it helped developed the algos, so knows what it's doing
Simon Sharwood, APAC EditorWed 27 Jul 2022  //  06:30 UTC5 
IBM has started offering quantum-resistant crypto – using the quantum-resistant 
crypto recommended by the US National Institute of Standards and Technology 
(NIST).

Quantum computers are expected to be so powerful they’ll carve through 
conventional encryption, exposing secrets in seconds. China is felt to be 
stealing data today, safe in the knowledge its future quantum computers will be 
able to decrypt it in the near future. Other data, such as health information, 
is required to be kept for decades and the encryption used to protect it 
probably won’t survive the advent of quantum computers.

To prevent such scenarios and offer long-term data security, NIST in 2017 
initiated a post-quantum crypto project to develop ciphers that can be used 
with classical computers and survive decryption attempts made with quantum 
computers.

As a result of those efforts, NIST selected two algorithms and two signature 
schemes as suitable to become standards.

IBM today revealed it had a hand in the development of three of the four 
algorithms chosen by NIST, “along with partners from industry and academia.”
   
   - AWS buys before it tries with quantum networking center
   - Protecting data now as the quantum era approaches
   - Biden orders new quantum push to ensure encryption isn't cracked by rivals

Big Blue also revealed that the Z16 mainframe it unveiled in April 2021 can use 
the CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms approved by NIST to create 
quantum-resistant digital signatures.

To do so, the mainframe needs to include the Crypto Express 8S card, a device 
that IBM proclaimed was ready for post-quantum crypto because it employs 
lattice-based cryptography.

News that IBM contributed to the NIST-approved algos, which use lattice-based 
cryptography, suggests Big Blue’s claim the Z16 was read for post-quantum 
crypto was no mere puffery.

However IBM arrived at its April assertions, it’s now made them real and given 
all of us the chance to protect data more robustly than was previously possible 
which is surely welcome. And will be more welcome still once the same offering 
reaches more common and gently-priced machines than the Z16. ®

BleepingComputer: Hackers scan for vulnerabilities within 15 minutes of disclosure

BleepingComputer: Hackers scan for vulnerabilities within 15 minutes of 
disclosure.
https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/

System administrators have even less time to patch disclosed security 
vulnerabilities than previously thought, as a new report shows threat actors 
scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly 
disclosed.

According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are 
constantly monitoring software vendor bulletin boards for new vulnerability 
announcements they can leverage for initial access to a corporate network or to 
perform remote code execution.However, the speed at which threat actors begin 
scanning for vulnerabilities puts system administrators in the crosshairs as 
they race to patch the bugs before they are exploited.

"The 2022 Attack Surface Management Threat Report found that attackers 
typically start scanning for vulnerabilities within 15 minutes of a CVE being 
announced," reads a companion blog post.

Since scanning isn't particularly demanding, even low-skilled attackers can 
scan the internet for vulnerable endpoints and sell their findings on dark web 
markets where more capable hackers know how to exploit them.

Then, within hours, the first active exploitation attempts are observed, often 
hitting systems that never had the chance to patch.

Unit 42 presents CVE-2022-1388 as an example, a critical unauthenticated remote 
command execution vulnerability impacting F5 BIG-IP products.

IEEE Spectrum: Micron Is First to Deliver 3D Flash Chips With More Than 200 Layers

IEEE Spectrum: Micron Is First to Deliver 3D Flash Chips With More Than 200
Layers.
https://spectrum.ieee.org/micron-is-first-to-deliver-3d-flash-chips-with-more-than-200-layers

Boise, Idaho–based memory manufacturer Micron Technology says it has reached
volume production of a 232-layer NAND flash-memory chip. It’s the first such
chip to pass the 200-layer mark, and it’s been a tight race. Competitors are
currently providing 176-layer technology, and some have said they are on track
to follow Micron’s skyward move or already have working chips in hand.

The new Micron tech as much as doubles the density of bits stored per unit area
versus competing chips, packing in 14.6 gigabits per square millimeter. Its
1-terabit chips are bundled into 2-terabyte packages, each of which is barely
more than a centimeter on a side and can store about two weeks worth of 4K
video.

With 81 trillion gigabytes (81 zettabytes) of data generated in 2021 and
International Data Corp.
(IDC) predicting 221 ZB in 2026, “storage has to innovate to keep up,” says
Alvaro Toledo, Micron’s vice president of data-center storage.

The move to 223 layers is a combination and extension of many technologies
Micron has already deployed. To get a handle on them, you need to know the
basic structure and function of 3D NAND flash. The chip itself is made up of a
bottom layer of CMOS logic and other circuitry that’s responsible for
controlling reading and writing operations and getting data on and off the chip
as quickly and efficiently as possible. Improvements to this layer, such as
optimizing the path data travels and reducing the capacitance of the chip’s
inputs and outputs, yielded a 50 percent improvement in the data transfer rate
to 2.4 Gb/s.

Above the CMOS are layers upon layers of NAND flash cells. Unlike other
devices, Flash-memory cells are built vertically. They start as a (relatively)
deep, narrow hole etched through alternating layers of conductor and insulator.
Then the holes are filled with material and processed to form the bit-storing
part of the device. It’s the ability to reliably etch and fill the holes
through all those layers that’s a key limit to the technology. Instead of
etching through all 232 layers in one go, Micron’s process builds them in two
parts and stacks one atop the other. Even so, “it’s an astounding engineering
feat,” says Alvaro. “That was one of the biggest challenges we overcame.”

According to Toledo, there is a path toward even more layers in future NAND
chips. “There are definitely challenges,” he says. But “we haven’t seen the end
of that path.”

In addition to adding more and more layers, NAND flash makers have been
increasing the density of stored bits by packing multiple bits into a single
device. Each of the Micron chip’s memory cells is capable of storing three bits
per cell. That is, the charge stored in each cell produces a distinct enough
effect to discern eight different states. Though 3-bit-per-cell products
(called TLC) are the majority, four-bit products (called QLC) are also
available. One QLC chip presented by Western Digital researchers at the IEEE
International Solid State Circuits Conference earlier this year achieved a 15
Gb/mm2 areal density in a 162-layer chip. And Kioxia engineers reported 5-bit
cells last month at the IEEE Symposium on VLSI Technology and Circuits. There
has even been a 7-bit cell demonstrated, but it required dunking the chip in
77-kelvin liquid nitrogen

Semiconductor bill unites Sanders, the right — in opposition

2022-07-26 Thread jim bell

 Semiconductor bill unites Sanders, the right — in opposition 
https://share.newsbreak.com/1hx0vuzi

WASHINGTON (AP) — A bill to boost semiconductor production in the United States 
has managed to do nearly the unthinkable — unite the democratic socialist Sen. 
Bernie Sanders and the fiscally conservative right.

The bill making its way through the Senate is a top priority of the Biden 
administration. It would add about $79 billion to the deficit over 10 years, 
mostly as a result of new grants and tax breaks that would subsidize the cost 
that computer chip manufacturers incur when building or expanding chip plants 
in the United States.Supporters say that countries all over the world are 
spending billons of dollars to lure chipmakers. The U.S. must do the same or 
risk losing a secure supply of the semiconductors that power the nation’s 
automobiles, computers, appliances and some of the military’s most advanced 
weapons systems.

Sanders, I-Vt., and a wide range of conservative lawmakers, think tanks and 
media outlets have a different take. To them, it’s “corporate welfare.” It’s 
just the latest example of how spending taxpayer dollars to help the private 
sector can scramble the usual partisan lines, creating allies on the left and 
right who agree on little else. They are positioning themselves as defenders of 
the little guy against powerful interest groups lining up at the public trough.

Sanders said he doesn’t hear from people about the need to help the 
semiconductor industry. Voters talk to him about climate change, gun safety, 
preserving a woman’s right to an abortion and boosting Social Security 
benefits, to name just a few.

CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications

2022-07-25 Thread jim bell

 CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment 
could disrupt US nuclear arsenal communications 
https://share.newsbreak.com/1hlpc2u2

On paper, it looked like a fantastic deal. In 2017, the Chinese government was 
offering to spend $100 million to build an ornate Chinese garden at the 
National Arboretum in Washington DC. Complete with temples, pavilions and a 
70-foot white pagoda, the project thrilled local officials, who hoped it would 
attract thousands of tourists every year.

But when US counterintelligence officials began digging into the details, they 
found numerous red flags. The pagoda, they noted, would have been strategically 
placed on one of the highest points in Washington DC, just two miles from the 
US Capitol, a perfect spot for signals intelligence collection, multiple 
sources familiar with the episode told CNN.

Also alarming was that Chinese officials wanted to build the pagoda with 
materials shipped to the US in diplomatic pouches, which US Customs officials 
are barred from examining, the sources said.

Federal officials quietly killed the project before construction was underway.

The canceled garden is part of a frenzy of counterintelligence activity by the 
FBI and other federal agencies focused on what career US security officials say 
has been a dramatic escalation of Chinese espionage on US soil over the past 
decade.

Since at least 2017, federal officials have investigated Chinese land purchases 
near critical infrastructure, shut down a high-profile regional consulate 
believed by the US government to be a hotbed of Chinese spies and stonewalled 
what they saw as clear efforts to plant listening devices near sensitive 
military and government facilities.

Among the most alarming things the FBI uncovered pertains to Chinese-made 
Huawei equipment atop cell towers near US military bases in the rural Midwest. 
According to multiple sources familiar with the matter, the FBI determined the 
equipment was capable of capturing and disrupting highly restricted Defense 
Department communications, including those used by US Strategic Command, which 
oversees the country’s nuclear weapons.

Surveillance is pervasive: Yes, you are being watched, even if no one is looking for you

2022-07-22 Thread jim bell

 Surveillance is pervasive: Yes, you are being watched, even if no one is 
looking for you 
https://share.newsbreak.com/1h6myng5

Surveillance is pervasive: Yes, you are being watched, even if no one is 
looking for you
By Peter Krapp, Professor of Film & Media Studies, University of California, 
Irvine, 5 hrs agoMost Americans are aware of video surveillance of public 
spaces. Likewise, most people know about online tracking – andwant Congress to 
do something about it . But as a researcher who studies digital culture and 
secret communications , I believe that to understand how pervasive surveillance 
is, it’s important to recognize how physical and digital tracking work together.
Databases can correlate location data from smartphones , the growing number of 
private cameras, license plate readers on police cruisers and toll roads, and 
facial recognition technology , so if law enforcement wants to track where you 
are and where you’ve been, they can. They need a warrant to use cellphone 
search equipment: Connecting your device to a mobile device forensic tool lets 
them extract and analyze all your data if they have a warrant .

However, private data brokers also track this kind of data and help surveil 
citizens – without a warrant. There is a large market for personal data, 
compiled from information people volunteer, information people unwittingly 
yield – for example, via mobile apps – and information that is stolen in data 
breaches. Among the customers for this largely unregulated data are federal, 
state and local law enforcement agencies .

Russia Delivers a Scathing Setback to Crypto

 Russia Delivers a Scathing Setback to Crypto 
https://share.newsbreak.com/1gp0afkg

Hardly a week goes by without the young crypto industry receiving some bad news.

The industry is currently playing a guessing game which consists of trying to 
guess which crypto company or crypto platform is next to be impacted by the 
liquidity crisis affecting prominent crypto lenders like Celsius Network, 
Voyager Digital and BlockFi.

This cash crunch crisis comes from the fall in cryptocurrency prices that led 
to a collapse of more than $2 trillion in the crypto market since November. The 
damages are substantial. Celsius and Voyager have filed for Chapter 11 
bankruptcy and their customers don't even know if they will be able to get 
their money back.

Other platforms like Babel Finance, CoinLoan or CoinFlex have suspended 
withdrawals, thus preventing their customers from having access to their funds. 
BlockFi was bailed out by cryptocurrency exchange FTX.com.

Another difficulty for the sector is how to bring back retail investors, many 
of whom fled the crypto sector after suffering colossal losses? Some investors 
even lost everything following the crash of sister tokens Luna and UST in May. 
Three Arrows Capital, also known as 3AC, a crypto hedge fund was forced into 
liquidation.

As if that were not enough, bad news has just arrived from Russia. Indeed, 
President Vladimir Putin has just signed a tougher law against cryptocurrencies 
after it was passed by the Russian National Assembly or Duma on July 8.

This law banned any payment for assets, goods, products and services with 
digital means or any utility tokens. It is the latest legal arsenal adopted by 
Moscow to prevent cryptocurrencies from being used as a means of payment.

Crypto and Sanctions

The Minister of Finance Anton Siluanov had introduced a draft On Digital 
Currency in parliament for regulation of the sector in February.

The Russian government, however, didn't follow the recommendation of the 
Central Bank of Russia, which called in March for an outright ban on 
cryptocurrencies and the entire crypto industry in the country. The institution 
recommended a ban on trading, mining, and paying for goods and services with 
cryptocurrencies.

The Russian war in Ukraine may play a big role here. In the face of NATO 
sanctions, there has been a surge of interest in how Russia might use 
cryptocurrencies to sidestep sanctions. Selected Russian banks were 
disconnected from the SWIFT, a secure messaging system used by financial 
institutions, brokers, and investment firms.

Russia's economy has suffered under the sanctions with the ruble's value 
plummeting.

According to government figures,

SATAn hack can steal data directly from your SATA cable

 SATAn hack can steal data directly from your SATA cable 
https://share.newsbreak.com/1gozsduo

Researchers at the University of the Negev, Israel, have published a paper that 
demonstrates how a hacker could extract data from an otherwise secure system 
via its SATA cable. The attack uses the SATA cable itself as a form of wireless 
transmitter, and the data it carries can be intercepted as a form of radio 
signal in the 6GHz band. The attack is appropriately referred to as SATAn.

The researchers published a paper here (opens in new tab) (via Tom’s Hardware 
(opens in new tab)). They successfully demonstrated the technique and showed it 
in a video that’s included above. It has to be said that this kind of attack is 
complicated and requires specific malware to be installed on the target 
machine. It requires specialized shellcode to modify file system activity that 
generates identifiable radio signals from SATA cables.The electromagnetic 
leakage of the cables can be intercepted by a wireless receiver and replicated 
on a second device. The researchers entered the word ‘secret’ on the target 
machine, which was picked up by a second machine. It’s just a simple demo but 
there’s no reason that targeted malware couldn’t be used to extract passwords 
or other sensitive text information.

It’s a complicated method as it would require access to the target computer. An 
air gapped system without any network access would require malware to be 
directly installed. There’s also the problem that the SATA signal emission is 
weak and requires the receiving antenna to be around 1 meter away. It’s not 
easy to just walk up to a secure system and say hi.

A Beginner’s Guide to Quantum Programming

A Beginner’s Guide to Quantum Programming 
https://share.newsbreak.com/1govv8d9

A new guide on programming quantum algorithms leads programmers through every 
step, from theory to implementing the algorithms on IBM’s publicly accessible 
5-qubit ibmqx4 quantum computer and others.

The guide covers the fundamentals, along with a summary of the main quantum 
algorithms and instructions on how to implement them on publicly available 
quantum computers


As quantum computers proliferate and become more widely available, would-be 
quantum programmers are left scratching their brains over how to get started in 
the field. A new beginner’s guide offers a complete introduction to quantum 
algorithms and their implementation on existing hardware.“Writing quantum 
algorithms is radically different from writing classical computing programs and 
requires some understanding of quantum principles and the mathematics behind 
them,” said Andrey Y. Lokhov, a scientist at Los Alamos National Laboratory and 
lead author of the recently published guide in ACM Transactions on QuantAnother 
section looks at the various types of quantum algorithms. From there, the guide 
dives into the 20 selected algorithms, with a problem definition, description, 
and steps for implementing each one on the IBM or, in a few cases, other 
computers.




Extensive references at the end of the guide will help interested readers go 
deeper in their explorations of quantum algorithms.

The study was funded by the Information Science and Technology Institute at Los 
Alamos National Laboratory through the Laboratory Directed Research and 
Development program.

Reference: “Quantum Algorithm Implementations for Beginners” by Abhijith J., 
Adetokunbo Adedoyin, John Ambrosiano, Petr Anisimov, William Casper, Gopinath 
Chennupati, Carleton Coffrin, Hristo Djidjev, David Gunter, Satish Karra, 
Nathan Lemons, Shizeng Lin, Alexander Malyzhenkov, David Mascarenas, Susan 
Mniszewski, Balu Nadiga, Daniel O’malley, Diane Oyen, Scott Pakin, Lakshman 
Prasad, Randy Roberts, Phillip Romero, Nandakishore Santhi, Nikolai Sinitsyn, 
Pieter J. Swart, James G. Wendelberger, Boram Yoon, Richard Zamora, Wei Zhu, 
Stephan Eidenbenz, Andreas Bärtschi, Patrick J. Coles, Marc Vuffray and Andrey 
Y. Lokhov, 7 July 2022, ACM Transactions on Quantum Computing.
DOI: 10.1145/351734
   
   - 
   - 
   - 
   -

Homeland Security Is Buying Its Way Around the Fourth Amendment

 Homeland Security Is Buying Its Way Around the Fourth Amendment 
https://share.newsbreak.com/1goc7w5v

American taxpayers pay to be spied upon. That's one takeaway from new documents 
obtained by the American Civil Liberties Union (ACLU), which has been examining 
how federal agents spent millions to purchase massive troves of cellphone 
location data and dodge Fourth Amendment requirements.

As part of a lawsuit against the Department of Homeland Security (DHS), the 
ACLU obtained thousands of previously unreleased records showing how DHS 
agencies—including Customs and Border Protection (CBP) and Immigration and 
Customs Enforcement (ICE)—are purchasing and accessing "huge volumes of 
people's cell phone location information quietly extracted from smartphone 
apps."

These agencies are "sidestepping our Fourth Amendment right against 
unreasonable government searches and seizures," suggests the ACLU.

In 2018, the U.S. Supreme Court held (in Carpenter v. United States) that under 
the Fourth Amendment, law enforcement must have a warrant before accessing a 
suspect's phone location data from cellular service providers. But federal 
authorities have been getting around this by purchasing aggregated cellphone 
location data from data broker firms like Venntel and Babel Street. And they're 
spending millions of taxpayer dollars doing it.

This was first revealed by the Wall Street Journal back in 2020. The ACLU then 
set out to learn more, filing a Freedom of Information Act (FOIA) request and 
later suing to force DHS, ICE, and CBP to respond.

"Although the litigation is ongoing, we are now making public the records that 
CBP, ICE, the U.S. Secret Service, the U.S. Coast Guard, and several offices 
within DHS Headquarters have provided us to date," the ACLU announced yesterday.

Cellphone location data purchased by DHS is aggregated. It doesn't directly 
link the names or personal information of cellphone users to specific location 
data. But there's still a lot of privacy-infringing information that can be 
gleaned from such information, says the ACLU:


In the documents we received over the past year, we found Venntel marketing 
materials sent to DHS explaining how the company collects more than 15 billion 
location points from over 250 million cell phones and other mobile devices 
every day.

With this data, law enforcement can "identify devices observed at places of 
interest," and "identify repeat visitors, frequented locations, pinpoint known 
associates, and discover pattern of life," according to a Venntel marketing 
brochure. The documents belabor how precise and illuminating this data is, 
allowing "pattern of life analysis to identify persons of interest." By 
searching through this massive trove of location information at their whim, 
government investigators can identify and track specific individuals or 
everyone in a particular area, learning details of our private activities and 
associations.

Homeland Security records show 'shocking' use of phone data, ACLU says

2022-07-18 Thread jim bell

Homeland Security records show 'shocking' use of phone data, ACLU says 
https://share.newsbreak.com/1gj8uwno
In just three days in 2018, documents show that the CBP collected data from 
more than 113,000 locations from phones in the Southwestern United States — 
equivalent to more than 26 data points per minute — without obtaining a 
warrant. | Lindsay Whitehurst/AP Photo
Updated: 07/18/2022 03:30 PM EDT

The Trump administration’s immigration enforcers used mobile location data to 
track people’s movements on a larger scale than previously known, according to 
documents that raise new questions about federal agencies’ efforts to get 
around restrictions on warrantless searches.

The data, harvested from apps on hundreds of millions of phones, allowed the 
Department of Homeland Security to obtain data on more than 336,000 location 
data points across North America, the documents show. Those data points may 
reference only a small portion of the information that CBP has obtained.These 
data points came from all over the continent, including in major cities like 
Los Angeles, New York, Chicago, Denver, Toronto and Mexico City. This location 
data use continued into the Biden administration, as Customs and Border 
Protection renewed a contract for $20,000 that ended in September 2021.

The American Civil Liberties Union obtained the records from DHS through a 
lawsuit it filed in 2020 . It provided the documents to POLITICO and separately 
released them to the public on Monday .

The documents highlight conversations and contracts between federal agencies 
and the surveillance companies Babel Street and Venntel. Venntel alone boasts 
that its database includes location information from more than 250 million 
devices. The documents also show agency staff having internal conversations 
about privacy concerns on using phone location data.

New documents reveal ‘huge’ scale of US government’s cell phone location data tracking

2022-07-18 Thread jim bell

New documents reveal ‘huge’ scale of US government’s cell phone location data 
tracking 
https://share.newsbreak.com/1gh2bhod

"It’s no secret that U.S. government agencies have been obtaining and using 
location data collected by Americans’ smartphones. In early 2020, a Wall Street 
Journal report revealed that both Immigration and Customs Enforcement (ICE) and 
Customs and Border Protection (CBP) bought access to millions of smartphone 
users’ location data to track undocumented immigrants and suspected tax dodgers.

"However, new documents obtained by the ACLU through an ongoing Freedom of 
Information Act (FOIA) lawsuit now reveal the extent of this warrantless data 
collection. The 6,000-plus records reviewed by the civil rights organization 
contained approximately 336,000 location points across North America obtained 
from people’s phones. They also reveal that in just three days in 2018, CBP 
obtained records containing around 113,654 location points in the southwestern 
United States — more than 26 location points per minute.

"The bulk of the data that CBP obtained came from its contract with Venntel, a 
location data broker that aggregates and sells information quietly siphoned 
from smartphone apps. By purchasing this data from data brokers, officials are 
sidestepping the legal process government officials would typically need to go 
through in order to access cell phone data.

"Documents also detail the government agencies’ efforts to rationalize their 
actions. For example, cell phone location data is characterized as containing 
no personally identifying information (PII) in the records obtained by ACLU, 
despite enabling officials to track specific individuals or everyone in a 
particular area. Similarly, the records also claim that this data is “100 
percent opt-in” and that cell phone users “voluntarily” share the location 
information. But many don’t realize that apps installed on their phones are 
collecting GPS information, let alone share that data with the government.

Ghacks: Facebook has started to encrypt links to counter privacy-improving URL Stripping

2022-07-17 Thread jim bell

Ghacks: Facebook has started to encrypt links to counter privacy-improving URL 
Stripping.
https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/

Facebook has started to encrypt links to counter privacy-improving URL Stripping
MARTIN BRINKMANN Jul 17, 2022Facebook | 10 
Facebook has started to use a different URL scheme for site links to combat URL 
stripping technologies that browsers such as Firefox or Brave use to improve 
privacy and prevent user tracking.

Some sites, including Facebook, add parameters to the web address for tracking 
purposes. These parameters have no functionality that is relevant to the user, 
but sites rely on them to track users across pages and properties.Mozilla 
introduced support for URL stripping in Firefox 102, which it launched in June 
2022. Firefox removes tracking parameters from web addresses automatically, but 
only in private browsing mode or when the browser's Tracking Protection feature 
is set to strict. Firefox users may enable URL stripping in all Firefox modes, 
but this requires manual configuration. Brave Browser strips known tracking 
parameters from web addresses as well.

BleepingComputer: Tor Browser now bypasses internet censorship automatically

2022-07-16 Thread jim bell

BleepingComputer: Tor Browser now bypasses internet censorship automatically.
https://www.bleepingcomputer.com/news/security/tor-browser-now-bypasses-internet-censorship-automatically/

The Tor Project team has announced the release of Tor Browser 11.5, a major 
release that brings new features to help users fight censorship easier.

The Tor Browser has been created specifically for accessing sites through The 
Onion Router (Tor) network to offer users anonymity and privacy when accessing 
information on the internet.It achieves this by routing traffic through nodes 
on the network and encrypting it at every step. The connection reaches the 
destination through an exit node that is used to relay the information back to 
the user.

Auto block bypassing

The updates in Tor Browser 11.5 focus on circumventing censorship, a process 
that started a year ago in version 10.5 with improving the Tor connection 
experience.

In the new version, users no longer have to manually try out bridge 
configurations to unblock Tor.

Tor Browser version 11.5 comes with a new feature called “Connection Assist”, 
which assigns automatically the bridge configuration known to work best for the 
user’s location.

“Connection Assist works by looking up and downloading an up-to-date list of 
country-specific options to try using your location (with your consent),” 
explains the release announcement.

DARKReading: Fake Google Software Updates Spread New Ransomware

2022-07-13 Thread jim bell

DARKReading: Fake Google Software Updates Spread New Ransomware.
https://www.darkreading.com/attacks-breaches/attacker-using-fake-google-software-update-to-distribute-new-ransomware

Fake Google Software Updates Spread New Ransomware
"HavanaCrypt" is also using a command-and-control server that is hosted on a 
Microsoft Hosting Service IP address, researchers say.Jai VijayanContributing 
Writer, Dark ReadingJuly 11, 2022 actors are increasingly using fake Microsoft 
and Google software updates to try to sneak malware on target systems.The 
latest example is "HavanaCrypt," a new ransomware tool that researchers from 
Trend Micro recently discovered in the wild disguised as a Google Software 
Update application. The malware's command and-control (C2) server is hosted on 
a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, 
according to Trend Micro.
Also notable, according to the researchers, is HavanaCrypt's many techniques 
for checking if it is running in a virtual environment; the malware's use of 
code from open source key manager KeePass Password Safe during encryption; and 
its use of a .Net function called "QueueUserWorkItem" to speed up encryption. 
Trend Micro notes that the malware is likely a work-in-progress because it does 
not drop a ransom note on infected systems.

Ars Technica: New working speculative execution attack sends Intel and AMD scrambling

2022-07-12 Thread jim bell

Ars Technica: New working speculative execution attack sends Intel and AMD
scrambling.
https://arstechnica.com/information-technology/2022/07/intel-and-amd-cpus-vulnerable-to-a-new-speculative-execution-attack/

Some microprocessors from Intel and AMD are vulnerable to a newly discovered
speculative execution attack that can covertly leak password data and other
sensitive material, sending both chipmakers scrambling once again to contain
what is proving to be a stubbornly persistent vulnerability.

Researchers from ETH Zurich have named their attack Retbleed because it
exploits a software defense known as retpoline, which was introduced in 2018 to
mitigate the harmful effects of speculative execution attacks. Speculative
execution attacks, including one known as Spectre, exploit the fact that when
modern CPUs encounter a direct or indirect instruction branch, they predict the
address for the next instruction they’re about to receive and automatically
execute it before the prediction is confirmed. Spculative execution attacks
works by tricking the CPU into executing an instruction that accesses sensitive
data in memory that would normally be off-limits to a low-privileged
application. Retbleed then extracts the data after the operation is canceled.

Is it a trampoline or a slingshot?

Retpoline works by using a series of return operations to isolate indirect
branches from speculative execution attacks, in effect erecting the software
equivalent of a trampoline that causes them to safely bounce. Stated
differently, a retpoline works by replacing indirect jumps and calls with
returns, which many researchers presumed weren’t susceptible. The defense was
designed to counter variant 2 of the original speculative execution attacks
from January 2018. Abbreviated as BTI, the variant forces an indirect branch to
execute so-called “gadget” code, which in turn creates data to leak through a
side channel.

Some researchers have warned for years that retpoline isn’t sufficient to
mitigate speculative execution attacks because the returns retpoline used were
susceptible to BTI. Linux creator Linus Torvalds famously rejected such
warnings, arguing that such exploits weren’t practical.

Hackaday: Why You Should Totally Roll Your Own AES Cryptography

2022-07-12 Thread jim bell

Hackaday: Why You Should Totally Roll Your Own AES Cryptography.
https://hackaday.com/2022/07/11/why-you-should-totally-roll-your-own-aes-cryptography/

WHY YOU SHOULD TOTALLY ROLL YOUR OWN AES CRYPTOGRAPHY
 24 Comments   
   - by:
 Maya PoschJuly 11, 2022   
   - 
 - 
 - 
 - 
 - 

Software developers are usually told to ‘never write your own cryptography’, 
and there definitely are sufficient examples to be found in the past decades of 
cases where DIY crypto routines caused real damage. This is also the 
introduction to [Francis Stokes]’s article on rolling your own crypto system. 
Even if you understand the mathematics behind a cryptographic system like AES 
(symmetric encryption), assumptions made by your code, along with side-channel 
and many other types of attacks, can nullify your efforts.

So then why write an article on doing exactly what you’re told not to do? This 
is contained in the often forgotten addendum to ‘don’t roll your own crypto’, 
which is ‘for anything important’. [Francis]’s tutorial on how to implement AES 
is incredibly informative as an introduction to symmetric key cryptography for 
software developers, and demonstrates a number of obvious weaknesses users of 
an AES library may not be aware of.

This then shows the reason why any developer who uses cryptography in some 
fashion for anything should absolutely roll their own crypto: to take a peek 
inside what is usually a library’s black box, and to better understand how the 
mathematical principles behind AES are translated into a real-world system. 
Additionally it may be very instructive if your goal is to become a security 
researcher whose day job is to find the flaws in these systems.

Essentially: definitely do try this at home, just keep your DIY crypto away 
from production servers :)

SciTechDaily: MIT Quantum Sensor Can Detect Electromagnetic Signals of Any Frequency

2022-07-11 Thread jim bell

SciTechDaily: MIT Quantum Sensor Can Detect Electromagnetic Signals of Any
Frequency.
https://scitechdaily.com/mit-quantum-sensor-can-detect-electromagnetic-signals-of-any-frequency/

MIT engineers expand the capabilities of these ultrasensitive nanoscale
detectors, with potential uses for biological sensing and quantum computing.

With the ability to detect the most minute variations in magnetic or electrical
fields, quantum sensors have enabled precision measurements in materials
science and fundamental physics. However, these sensors have limited usefulness
because they are only been capable of detecting a few specific frequencies of
these fields. Now, MIT researchers have developed a method to enable such
sensors to detect any arbitrary frequency, with no loss of their ability to
measure nanometer-scale features.

The new method is described in a paper published in the journal Physical Review
X by graduate student Guoqing Wang, professor of nuclear science and
engineering and of physics Paola Cappellaro, and four others at MIT and Lincoln
Laboratory. The team has already applied for patent protection for the new
method.

Although quantum sensors can take many forms, at their essence they’re systems
in which some particles are in such a delicately balanced state that they are
affected by even tiny variations in the fields they are exposed to. These can
take the form of neutral atoms, trapped ions, and solid-state spins, and
research using such sensors has grown rapidly. For example, physicists use them
to investigate exotic states of matter, including so-called time crystals and
topological phases, while other scientists use them to characterize practical
devices such as experimental quantum memory or computation devices. However,
many other phenomena of interest span a much broader frequency range than
today’s quantum sensors can detect.

Hackaday: Lift The Veil On RSA With This RSA Calculator

2022-07-10 Thread jim bell

Hackaday: Lift The Veil On RSA With This RSA Calculator.
https://hackaday.com/2022/07/08/lift-the-veil-on-rsa-with-this-rsa-calculator/

Encryption algorithms can be intimidating to approach, what’s with all the math 
involved. However, once you start digging into them, you can break the math 
apart into smaller steps, and get a feel of what goes into encryption being the 
modern-day magic we take for granted. Today, [Henry Schmale] writes to us about 
his small contribution to making cryptography easier to understand – lifting 
the veil on the RSA asymmetric encryption technique through an RSA calculator.

With [Henry]’s calculator, you can only encrypt and decrypt a single integer, 
but you’re able to view each individual step of an RSA calculation as you do 
so. If you want to understand what makes RSA and other similar algorithms tick, 
this site is an excellent starting point. Now, this is not something you should 
use when roll your crypto implementations – as cryptographers say in unison, 
writing your own crypto from scratch is extremely inadvisable. [Henry] does say 
that this calculator could be useful for CTF players, for instance, but it’s 
also undeniably an accessible learning tool for any hacker out there wishing to 
understand what goes on under the wraps of the libraries we use.

In modern day, cryptography is instrumental to protecting our freedoms, and 
it’s a joy to see people work towards explaining the algorithms used. The 
cryptography tools we use day-to-day are also highly valuable targets for 
governments and intelligence agencies, willing to go to great lengths to 
subvert our communication security – so it’s even more important that we get 
acquianted with the tools that protect us. After all, it only takes a piece of 
paper to encrypt your communications with someone.

Tom's Hardware: U.S. Wants China's SMIC to Stop Making 14nm Chips

2022-07-10 Thread jim bell

Tom's Hardware: U.S. Wants China's SMIC to Stop Making 14nm Chips.
https://www.tomshardware.com/news/us-wants-china-smic-to-stop-making-14nm-chips

When the U.S. Department of Commerce (DOC) restricted access of China's largest 
contract chipmaker Semiconductor Manufacturing International Corp. (SMIC) to 
fab equipment used to make10nm-class chips, it was considered a tough but not 
too severe move. Now the U.S. government is mulling restricting China from 
producing logic chips using a 14nm-class fabrication process.

 The DOC is examining the possibility of prohibiting the exportation of 
chipmaking tools to companies in China that can make logic chips using 
14nm-class manufacturing nodes and thinner, according to a Reuters report that 
cites five people familiar with the matter. The only company in China currently 
producing chips using its 14nm fabrication process is SMIC, which has been 
doing so since late 2019. 

What is not completely clear from the report is whether the DOC wants to ban 
SMIC from getting tools used to make semiconductors on its 14nm node and 
thinner, or if it wants to ban SMIC from getting any tools at all because it is 
capable of making chips using its 14nm technology.

Uber bosses told staff to use ‘kill switch’ during raids to stop police seeing data

2022-07-10 Thread jim bell

 Uber bosses told staff to use ‘kill switch’ during raids to stop police seeing 
data 
https://share.newsbreak.com/1f0rpzek

Uber bosses told staff to use ‘kill switch’ during raids to stop police seeing 
data
By Rob Davies and Simon Goodley, 5 hrs agoThe GuardianFollow


Senior executives at Uber ordered the use of a “kill switch” to prevent police 
and regulators from accessing sensitive data during raids on its offices in at 
least six countries, leaked files reveal.

The instructions to block authorities from accessing its IT systems were part 
of a sophisticated global operation by the Silicon Valley company to thwart law 
enforcement.

The Uber files, a cache of confidential company data leaked to the Guardian, 
reveal how the company deployed its kill switch at least 12 times in France, 
the Netherlands, Belgium, India, Hungary and Romania.



The Uber files is a global investigation based on a trove of 124,000 documents 
that were leaked to the Guardian. The data consist of emails, iMessages and 
WhatsApp exchanges between the Silicon Valley giant's most senior executives, 
as well as memos, presentations, notebooks, briefing papers and invoices.

The leaked records cover 40 countries and span 2013 to 2017, the period in 
which Uber was aggressively expanding across the world. They reveal how the 
company broke the law, duped police and regulators, exploited violence against 
drivers and secretly lobbied governments across the world.

To facilitate a global investigation in the public interest, the Guardian 
shared the data with 180 journalists in 29 countries via the International 
Consortium of Investigative Journalists (ICIJ). The investigation was managed 
and led by the Guardian with the ICIJ.

In a statement , Uber said: "We have not and will not make excuses for past 
behaviour that is clearly not in line with our present values. Instead, we ask 
the public to judge us by what we’ve done over the last five years and what we 
will do in the years to come."

In era of transparency, Arizona law limits filming police

2022-07-08 Thread jim bell

 In era of transparency, Arizona law limits filming police 
https://share.newsbreak.com/1epq2b9e

PHOENIX (AP) — Arizona’s governor has signed a law that restricts how the 
public can video police at a time when there’s growing pressure across the U.S. 
for greater law enforcement transparency.

Civil rights and media groups opposed the measure that Republican Gov. Doug 
Ducey signed Thursday. The law makes it illegal in Arizona to knowingly video 
police officers 8 feet (2.5 meters) or closer without an officer’s 
permission.Someone on private property with the owner’s consent can also be 
ordered to stop recording if a police officer finds they are interfering or the 
area is not safe. The penalty is a misdemeanor that would likely incur a fine 
without jail time.

There needs to be a law that protects officers from people who “either have 
very poor judgment or sinister motives,” said Republican Rep. John Kavanagh, 
the bill’s sponsor.

“I’m pleased that a very reasonable law that promotes the safety of police 
officers and those involved in police stops and bystanders has been signed into 
law,” Kavanagh said Friday. “It promotes everybody’s safety yet still allows 
people to reasonably videotape police activity as is their right.”

The move comes nearly a year after the U.S. Department of Justice launched a 
widespread probe into the police force in Phoenix to examine whether officers 
have been using excessive force and abusing people experiencing homelessness. 
It’s similar to other investigations opened in recent months in Minneapolis and 
Louisville.

IBM’s 3D chip stacking process could revive a famous rule on computing power

2022-07-08 Thread jim bell

IBM’s 3D chip stacking process could revive a famous rule on computing power 
https://share.newsbreak.com/1epjejbm

IBM Research and Tokyo Electron (TEL) collaborated on a new breakthrough in 3D 
chipmaking that uses a novel method to keep Moore's Law in motion.

The two companies partnered on a chipmaking innovation that simplifies the 
process for producing wafers with 3D chip stacking technology, a press 
statement reveals.

They announced that they successfully implemented the new process for producing 
300 mm silicon chip wafers for 3D chip stacking technology. It is the world's 
first 300 mm level example of this technology.New chip-stacking process uses 
laser invisible to silicon

Chip stacking typically requires vertical connections between layers of 
silicon, called through-silicon vias (TSVs). The layers are usually extremely 
thin, having a thickness of less than 100 microns.

During the production process, each of these wafers is attached to a carrier 
wafer, which is usually made of glass that is temporarily bonded to the 
silicon. Once the wafer is processed, the glass carrier is then removed from 
the silicon with the use of ultraviolet lasers.

IBM and TEL's new process uses a 300 mm module with an infrared laser that 
carries out a debonding process. This process is transparent to silicon, 
meaning it allows standard silicon wafers to be used instead of glass wafers 
for the carrier. This means that silicon wafers can be bonded to other pieces 
of silicon, meaning glass carriers are no longer necessary in the manufacturing 
process.

End-to-end encryption’s central role in modern self-defense – Ars Technica

2022-07-08 Thread jim bell

https://www.wired.com/story/end-to-end-encryption-abortion-privacy/

A number of course-altering US Supreme Court decisions last month—including the 
reversal of a constitutional right to abortion and the overturning of a 
century-old limit on certain firearms permits—have activists and average 
Americans around the country anticipating the fallout for rights and privacy as 
abortion “trigger laws,” expanded access to concealed carry permits, and other 
regulations are expected to take effect in some states. And as people seeking 
abortions scramble to protect their digital privacy and researchers plumb the 
relationship between abortion speech and tech regulations, encryption 
proponents have a clear message: Access to end-to-end encrypted services in the 
US is more important than ever.

Studies, including those commissioned by tech giants like Meta, have repeatedly 
and definitively shown that access to encrypted communications is a human 
rights issue in the digital age. End-to-end encryption makes your messages, 
phone calls, and video chats unintelligible everywhere except on the devices 
involved in the conversations, so snoops and interlopers can’t access what 
you’re saying—and neither can the company that offers the platform. As the 
legal climate in the US evolves, people who once thought they had nothing to 
hide may realize that era is now over.

FBI and M15 issue rare joint warning for all iPhone and Android users over growing China cybersecurity attacks

2022-07-07 Thread jim bell

 FBI and M15 issue rare joint warning for all iPhone and Android users over 
growing China cybersecurity attacks 
https://share.newsbreak.com/1ejnpwln

"DIRECTORS from the top intelligence agencies representing the United States 
and the United Kingdom have appeared together to make a forceful statement.

"Statements indicate Western intelligence agencies are suspicious of potential 
cybercrime and espionage operations orchestrated by China.
MI5 Director General Ken McCallum and FBI Director Christopher Wray appeared 
together Credit: PAChinese President Xi Jinping had term limits scrapped so he 
could remain in power Credit: Alamy Live News
“Today is the first time the heads of the FBI and MI5 have shared a public 
platform,” MI5 general director Ken McCallum told reporters from the podium at 
the MI5 headquarters in London.

“We’re doing so to send the clearest signal we can on a massive shared 
challenge: China.”

The joint appearance denounced activity in China that could negatively impact 
the global economy.

Ars Technica: The cryptopocalypse is nigh! NIST rolls out new encryption standards to prepare

2022-07-07 Thread jim bell

Ars Technica: The cryptopocalypse is nigh! NIST rolls out new encryption 
standards to prepare.
https://arstechnica.com/information-technology/2022/07/nist-selects-quantum-proof-algorithms-to-head-off-the-coming-cryptopocalypse/

In the not-too-distant future—as little as a decade, perhaps, nobody knows 
exactly how long—the cryptography protecting your bank transactions, chat 
messages, and medical records from prying eyes is going to break spectacularly 
with the advent of quantum computing. On Tuesday, a US government agency named 
four replacement encryption schemes to head off this cryptopocalypse.

Some of the most widely used public-key encryption systems—including those 
using the RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman 
algorithms—rely on mathematics to protect sensitive data. These mathematical 
problems include (1) factoring a key's large composite number (usually denoted 
as N) to derive its two factors (usually denoted as P and Q) and (2) computing 
the discrete logarithm that key is based on.

US general says Elon Musk's Starlink has 'totally destroyed Putin's information campaign'

2022-07-05 Thread jim bell

 US general says Elon Musk's Starlink has 'totally destroyed Putin's 
information campaign' 
https://share.newsbreak.com/1e7p372p
   
   - US Brigadier General Steven Butow said Starlink has "destroyed Putin's 
information campaign."
   - The internet service helped organize attacks and kept soldiers in touch 
with family, per Politico.
   - SpaceX CEO Elon Musk sent over the first Starlink terminals within days of 
Russia's invasion.

Starlink, the satellite-internet service from SpaceX, has been crucial part of 
Ukraine's defense against Russia, according to a US official and Ukrainian 
military members.From sending coordinates for artillery strikes against Russia 
to broadcasting Ukraine President Volodymyr Zelenskyy's speeches across the 
world, US Brigadier General Steven Butow told Politico that SpaceX's Starlink 
services have been indispensable to the Ukrainian military. The general has 
worked closely with SpaceX as the director of the space portfolio at the 
defense innovation unit.

"The strategic impact is, it totally destroyed [Vladimir] Putin's information 
campaign," Butow told the publication. "He never, to this day, has been able to 
silence Zelenskyy."

Starlink's capabilities are put to the test on a daily basis by Ukrainian 
soldiers. Politico reported that the satellite dish is used to plan missions 
and fight misinformation from Russia, as well as keep soldiers in touch with 
their family and provide a source of leisure activity during down times.

Drug smuggling: Underwater drones seized by Spanish police

2022-07-05 Thread jim bell

Drug smuggling: Underwater drones seized by Spanish police - 
https://www.bbc.co.uk/news/world-europe-62040790

Jim Bell's comment:I actually thought of this 30+ years ago,  unmanned, 
underwater smuggling drones, but I made no attempt to implement this.  At that 
time, GPS was very new, solar cells were weak and relatively ineffective.  
I also figured that it could be an interesting hobby, minus the drugs of 
course.  Whether this could get through the plastic trash, and 'ghost nets' I 
don't know.

IEEE Spectrum: Quantum Computing for Dummies

2022-07-04 Thread jim bell

IEEE Spectrum: Quantum Computing for Dummies.
https://spectrum.ieee.org/quantum-computing-for-dummies

Quantum computers may one day rapidly find solutions to problems no regular 
computer might ever hope to solve, but there are vanishingly few quantum 
programmers when compared with the number of conventional programmers in the 
world. Now a new beginner's guide aims to walk would-be quantum programmers 
through the implementation of quantum algorithms over the cloud on IBM's 
publicly available quantum computers.

Whereas classical computers switch transistors either on or off to symbolize 
data as ones or zeroes, quantum computers use quantum bits, or "qubits," which 
because of the peculiar nature of quantum physics can exist in a state called 
superposition where they are both 1 and 0 at the same time. This essentially 
lets each qubit perform two calculations at once. The more qubits are 
quantum-mechanically linked, or entangled (see our explainer), within a quantum 
computer, the greater its computational power can grow, in an exponential 
fashion.

Currently quantum computers are noisy intermediate-scale quantum (NISQ) 
platforms, meaning their qubits number up to a few hundred at most and are 
error-ridden as well. Still, quantum processors are widely expected to grow in 
terms of qubit count and quality, with the aim of achieving a quantum advantage 
that enables them to find the answers to problems no classical computers could 
ever solve.

Although the field of quantum programming started in the 1990s, it has to date 
only drawn a small community. "Programming quantum computers may seem like a 
great challenge, requiring years of training in quantum mechanics and related 
disciplines," says the guide's senior author Andrey Lokhov, a theoretical 
physicist at Los Alamos National Laboratory in New Mexico. "Additionally, the 
field is dominated by physics and algebraic notations that at times present 
unnecessary entry barriers for mainstream computer and mathematically trained 
scientists."

Now, with their new guide, Lokhov and his colleagues hope their new guide will 
help pave the way "for the upcoming quantum computing revolution," he says. "We 
believe that our guide fills a missing space in the field of quantum 
computation, introducing non-expert computer scientists, physicists, and 
engineers to quantum algorithms and their implementations on real-world quantum 
computers."

The new guide explains the basics of quantum computing and quantum programming, 
including quantum algorithms.

"Very much like how classical algorithms describe a sequence of instructions 
that need to be executed on a classical computer, a quantum algorithm 
represents a step-by-step procedure, where each of the steps needs to be 
performed on a quantum computer," Lokhov says. "However, the term 'quantum 
algorithm' is usually reserved for algorithms that contain inherently quantum 
operations, such as quantum superposition or quantum entanglement, which turn 
out to be computationally powerful."

BBC News: Julian Assange submits High Court appeal to fight extradition

2022-07-01 Thread jim bell

Julian Assange submits High Court appeal to fight extradition - 
https://www.bbc.co.uk/news/uk-62008245

Prosecutions against abortion providers could utilize 'mass surveillance,' experts warn

2022-06-27 Thread jim bell

https://news.yahoo.com/prosecutors-states-where-abortion-now-231745604.html



As the U.S. enters an era of diminished reproductive rights following the 
Supreme Court ruling that overturned Roe v. Wade, a path has been cleared for 
at least 13 states — those with “trigger laws” — to begin penalizing and 
prosecuting people who violate abortion bans.

Bans are already in effect in Kentucky, Louisiana, South Dakota and Missouri, 
with at least nine other states expected to follow suit in days.

While penalties vary, those states all now have laws that would charge abortion 
providers with some class of felony, with punishments that include fines, 
prison time and revocation of medical licenses.

Some legal experts fear that prosecutors will use intimate pieces of evidence, 
such as text messages, internet search history and period tracking apps to 
build their cases, as well as, perhaps, information gathered from medical 
professionals.

And, though states with abortion bans have focused punishment on the providers 
and not those seeking or self-managing an abortion, women will still be in the 
line of fire, said Farah Diaz-Tello, senior counsel and legal director of 
If/When/How, a reproductive justice group.

Engadget: Google warns internet service providers helped distribute Hermit spyware

2022-06-26 Thread jim bell

Engadget: Google warns internet service providers helped distribute Hermit 
spyware.
https://www.engadget.com/google-hermit-spyware-204549595.html?src=rss

Google is warning of a sophisticated new spyware campaign that has seen 
malicious actors steal sensitive data from Android and iOS users in Italy and 
Kazakhstan. On Thursday, the company’s Threat Analysis Group (TAG) shared its 
findings on RCS Labs, a commercial spyware vendor based out of Italy.

On June 16th, security researchers at Lookout linked the firm to Hermit, a 
spyware program believed to have been first deployed in 2019 by Italian 
authorities as part of an anti-corruption operation. Lookout describes RCS Labs 
as an NSO Group-like entity. The firm markets itself as a “lawful intercept” 
business and claims it only works with government agencies. However, commercial 
spyware vendors have come under intense scrutiny in recent years, largely 
thanks to governments using the Pegasus spyware to target activists and 
journalists.

According to Google, Hermit can infect both Android and iOS devices. In some 
instances, the company’s researchers observed malicious actors work with their 
target’s internet service provider to disable their data connection. They would 
then send the target an SMS message with a prompt to download the linked 
software to restore their internet connection. If that wasn’t an option, the 
bad actors attempted to disguise the spyware as a legitimate messaging app like 
WhatsApp or Instagram.

What makes Hermit particularly dangerous is that it can gain additional 
capabilities by downloading modules from a command and control server. Some of 
the addons Lookout observed allowed the program to steal data from the target’s 
calendar and address book apps, as well as take pictures with their phone’s 
camera. One module even gave the spyware the capability to root an Android 
device.

Google believes Hermit never made its way to the Play or App stores. However, 
the company found evidence that bad actors were able to distribute the spyware 
on iOS by enrolling in Apple’s Developer Enterprise Program. Apple told The 
Verge that it has since blocked any accounts or certificates associated with 
the threat. Meanwhile, Google has notified affected users and rolled out an 
update to Google Play Protect.

TechCrunch: Google is notifying Android users targeted by Hermit government-grade spyware

2022-06-26 Thread jim bell

TechCrunch: Google is notifying Android users targeted by Hermit 
government-grade spyware.
https://techcrunch.com/2022/06/23/hermit-zero-day-android-spyware/

Image Credits: Bryce Durbin / TechCrunch

Security researchers at Lookout recently tied a previously unattributed Android 
mobile spyware, dubbed Hermit, to Italian software house RCS Lab. Now, Google 
threat researchers have confirmed much of Lookout’s findings and are notifying 
Android users whose devices were compromised by the spyware.
Hermit is a commercial spyware known to be used by governments, with victims in 
Kazakhstan and Italy, according to Lookout and Google. Lookout says it’s also 
seen the spyware deployed in northern Syria. The spyware uses various modules, 
which it downloads from its command and control servers as they are needed, to 
collect call logs, record ambient audio, redirect phone calls and collect 
photos, messages, emails and the device’s precise location from a victim’s 
device. Lookout said in its analysis that Hermit, which works on all Android 
versions, also tries to root an infected Android device, granting the spyware 
even deeper access to the victim’s data.
Lookout said that targeted victims are sent a malicious link by text message 
and tricked into downloading and installing the malicious app — which 
masquerades as a legitimate branded telco or messaging app — from outside of 
the app store.

According to a new blog post published Thursday and shared with TechCrunch 
ahead of its publication, Google said it found evidence that in some cases the 
government actors in control of the spyware worked with the target’s internet 
provider to cut their mobile data connectivity, likely as a lure to trick the 
target into downloading an telco-themed app under the guise of restoring 
connectivity.

$100 million worth of crypto has been stolen in another major hack

2022-06-24 Thread jim bell

 $100 million worth of crypto has been stolen in another major hack 
https://share.newsbreak.com/1c424ehk
"
$100 million worth of crypto has been stolen in another major hack
PUBLISHED FRI, JUN 24 2022 6:38 AM EDTUPDATED FRI, JUN 24 2022 9:28 AM EDTRyan 
Browne@RYAN_BROWNE_WATCH LIVEKEY POINTS   
   - Hackers have stolen $100 million in cryptocurrency from Horizon, a 
so-called blockchain bridge developed by crypto start-up Harmony.
   - Bridges allow users to transfer tokens from one blockchain to another. 
They've become a prime target for hackers due to vulnerabilities in their 
underlying code.
   - It follows a series of similar attacks on blockchain bridges, including 
the $600 million Ronin Network heist and the $320 million stolen from Wormhole.

U.S. Tech Industry Frets About Handing Data to States Prosecuting Abortion

2022-06-24 Thread jim bell

 U.S. Tech Industry Frets About Handing Data to States Prosecuting Abortion 
https://share.newsbreak.com/1c3uo905

A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever Quantum Circuit

2022-06-23 Thread jim bell

 A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever 
Quantum Circuit 
https://share.newsbreak.com/1bul2vlo


A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever 
Quantum Circuit
ScienceAlert - 2 days agoAustralian scientists have created the world's 
first-ever quantum computer circuit – one that contains all the essential 
components found on a classical computer chip but at the quantum scale.
The landmark discovery, published in Nature today, was nine years in the making.

"This is the most exciting discovery of my career," senior author and quantum 
physicist Michelle Simmons, founder of Silicon Quantum Computing and director 
of the Center of Excellence for Quantum Computation and Communication 
Technology at UNSW told ScienceAlert.

Not only did Simmons and her team create what's essentially a functional 
quantum processor, they also successfully tested it by modeling a small 
molecule in which each atom has multiple quantum states – something a 
traditional computer would struggle to achieve.

This suggests we're now a step closer to finally using quantum processing power 
to understand more about the world around us, even at the tiniest scale.

"In the 1950s, Richard Feynman said we're never going to understand how the 
world works – how nature works – unless we can actually start to make it at the 
same scale," Simmons told ScienceAlert.

"If we can start to understand materials at that level, we can design things 
that have never been made before.

Mega says it can’t decrypt your files. New POC exploit shows otherwise – Ars Technica

2022-06-21 Thread jim bell


https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

"In the decade since larger-than-life character Kim Dotcom founded Mega, the 
cloud storage service has amassed 250 million registered users and stores a 
whopping 120 billion files that take up more than 1,000 petabytes of storage. A 
key selling point that has helped fuel the growth is an extraordinary promise 
that no top-tier Mega competitors make: Not even Mega can decrypt the data it 
stores.

"On the company's homepage, for instance, Mega displays an image that compares 
its offerings to Dropbox and Google Drive. In addition to noting Mega's lower 
prices, the comparison emphasizes that Mega offers end-to-end encryption, 
whereas the other two do not.Over the years, the company has repeatedly 
reminded the world of this supposed distinction, which is perhaps best 
summarized in this blog post. In it, the company claims, "As long as you ensure 
that your password is sufficiently strong and unique, no one will ever be able 
to access your data on MEGA. Even in the exceptionally improbable event MEGA's 
entire infrastructure is seized!" (emphasis added).

"Third-party reviewers have been all too happy to agree and to cite the Mega 
claim when recommending the service.

A decade of assurances negated

"Research published on Tuesday shows there's no truth to the claim that Mega, 
or an entity with control over Mega's infrastructure, is unable to access data 
stored on the service. The authors say that the architecture Mega uses to 
encrypt files is riddled with fundamental cryptography flaws that make it 
trivial for anyone with control of the platform to perform a full key recovery 
attack on users once they have logged in a sufficient number of times. With 
that, the malicious party can decipher stored files or even upload 
incriminating or otherwise malicious files to an account; these files look 
indistinguishable from genuinely uploaded data.

"We show that MEGA's system does not protect its users against a malicious 
server and present five distinct attacks, which together allow for a full 
compromise of the confidentiality of user files," the researchers wrote on a 
website. "Additionally, the integrity of user data is damaged to the extent 
that an attacker can insert malicious files of their choice which pass all 
authenticity checks of the client. We built proof-of-concept versions of all 
the attacks, showcasing their practicality and exploitability."

This 1.5TB microSD is surely witchcraft

2022-06-21 Thread jim bell

This 1.5TB microSD is surely witchcraft 
https://share.newsbreak.com/1bhubzb6

Kentucky court rules police violated robbery suspect’s rights by pulling from his cellphone without warrant

 Kentucky court rules police violated robbery suspect’s rights by pulling from 
his cellphone without warrant 
https://share.newsbreak.com/1b052vco

A sharply divided Kentucky Supreme Court ruled Thursday that police violated a 
robbery suspect’s constitutional protections by accessing his cellphone without 
a warrant, calling use of the phone as a tracking device “profoundly invasive.”

In the 4-3 decision, the court’s majority said the robbery suspect was 
subjected to a warrantless search when police obtained his real-time cellphone 
location information. They ruled that the information was illegally acquired 
and should be excluded from evidence.At issue was whether there’s a “reasonable 
expectation of privacy” regarding a person’s real-time cell-site location 
information, also known as CSLI, under federal Fourth Amendment protections 
against unreasonable searches and seizures. Such information can be used to 
determine a cellphone’s location with “near perfect accuracy” when the phone is 
powered on, the court noted.

“In obtaining an individual’s cell phone’s real-time CSLI, police commandeer 
the cell phone and its transmissions for the purpose of locating that 
individual,” Chief Justice John D. Minton Jr. said in writing for the majority. 
“We find this usurpation of an individual’s private property profoundly 
invasive, and we liken it to a technological trespass.”

The ruling stems from a case in Kentucky’s Woodford County involving robbery 
suspect Dovontia Reed. One of his attorneys hailed it a far-reaching victory 
for civil liberties.

Hertzbleed Is A New CPU Hack Affecting Just About Everybody

Jim Bell's note:
In late 1977, I built a single board microprocessor trainer called a Dyna-Micro.
https://www.google.com/search?q=%22dyna+micro%22=%22dyna+micro%22=chrome..69i57j46i175i199i512j0i22i30l5j0i10i22i30.8593j1j16=ms-android-motorola-rvo3=chrome-mobile=UTF-8#imgrc=TPvWtUel0XoNkM

  At the time, I noticed that if I turned on the AM radio, running the computer 
caused varying bleeps and bloops to be received.  Probably then and before, 
owners of primitive PCs like Altair noticed the same thing.  
A few years later, I first heard of the idea called tempest, the practice of 
shielding computers to avoid transmitting information by radio.
Even later, in the early 2000s, I read a (even then, old) book by ex MI-5 
person Peter wright, called Spycatcher, that described how they could remotely 
determine what radio station a radio was receiving, by detecting its local 
oscillator's frequency.  So-called heterodyne radios work by generating a local 
oscillator frequency, then nonlinearly mixing that with the signal from the 
antenna, and then filtering the difference through an IF (intermediate 
frequency) filter.
https://www.google.com/search?q=%22dyna+micro%22=%22dyna+micro%22=chrome..69i57j46i175i199i512j0i22i30l5j0i10i22i30.8593j1j16=ms-android-motorola-rvo3=chrome-mobile=UTF-8#imgrc=TPvWtUel0XoNkM

>From that:
'Wright examines the techniques of intelligence services, exposes their ethics, 
notably their "eleventh commandment", "Thou shalt not get caught." He described 
many MI5 electronic technologies (some of which he developed), for instance, 
allowing clever spying into rooms, and identifying the frequency to which a 
superhet receiver is tuned. "


---HertzBleed Is A New CPU Hack Affecting Just About Everybody 
https://share.newsbreak.com/1ay58kwf

Unlike more traditional ways to hack information, side-channel attacks rely on 
these signatures to try to infer what information was being processed. You can 
think of it kind of like guessing your presents before your actual birthday: a 
stereotypical “hacker” would think of ever-more sneaky ways to simply open the 
wrapping paper, but someone using a side-channel attack would be giving it a 
shake, feeling the edges, and estimating the weight.

Hertzbleed is not by any means the first such attack to be discovered – 
side-channel attacks have been around for more than two decades at this point – 
it has a few extra capabilities that haven’t been seen before. It can be 
deployed remotely, making it much easier to use than previous side-channel 
attacks, and it also works on “constant time” mechanisms – that is, code 
specifically designed to eliminate one of the biggest clues for a would-be 
hacker, the length of time a process takes to complete.

And the really bad news is, you’re almost certainly affected. Certainly, all 
Intel processors are susceptible to Hertzbleed, as are dozens of AMD chips. And 
even if your personal computer, laptop, tablet or phone doesn’t use those 
affected processors, thousands of servers across the planet do – servers which, 
as a matter of course, store your data, process your information, and run the 
services we depend on every day.

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs

https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html

"A newly discovered security vulnerability in modern Intel and AMD processors 
could let remote attackers steal encryption keys via a power side channel 
attack.

"Dubbed Hertzbleed by a group of researchers from the University of Texas, 
University of Illinois Urbana-Champaign, and the University of Washington, the 
issue is rooted in dynamic voltage and frequency scaling (DVFS), power and 
thermal management feature employed to conserve power and reduce the amount of 
heat generated by a chip.

"The cause is that, under certain circumstances, periodic CPU frequency 
adjustments depend on the current CPU power consumption, and these adjustments 
directly translate to execution time differences (as 1 hertz = 1 cycle per 
second)," the researchers said.

Chinese hackers attack sophos