Tag Archives: heartbleed

Security of Electronic Communications

One of the biggest problems facing software and technology companies as well as all major financial institutions today is the security and authenticity of electronically transmitted communications and data. When evidence of phone hacking surmounted around Piers Morgan back in Q1 2014 it was revealed that access was easily gained to victim’s voicemail recordings because they simply never changed the password (Spark, 2014). Why then do people often neglect and undermine the importance of securing their communications and what are some ways to address this? These are important cognitive, biometric, and psychological questions which must be answered in order to improve security of databases, emails, networks, and data transmission. This requires not only innovating and improving the encryption methods and techniques utilized in these systems by engineers but also changing the perception and appraisal by people, including the ordinary layman, of the problem.

During World War II the Germans used the Enigma machine to encrypt nearly all communications, which was of course until Alan Turing created the world’s first computer in the interest of automating much of the decryption process at Bletchley Park. In the process he laid the foundation of Computer Science and Artificial Intelligence positing the noteworthy Turing test as a measure of a machines intelligence. Every time you make a purchase at Amazon or Walmart.com, send a message on Facebook or Twitter your information is bounced between several servers, stored in databases on remote computers, and sometimes intercepted by even the National Security Agency, in offices and buildings occasionally not even in the same country as you. Merely opening an email attachment can compromise all of the data on your computer as attachments can be easily infected with Trojans and other viruses that can take over your computer, control system processes, or scan for files containing credit card numbers and upload them back to the intruder. Even if you consider yourself a modern Luddite of sorts, there is very little hope in escaping the arbitrarily encompassing technology of the digital age, unless of course you don’t mind not having a driver’s license and never taking out a loan for a house, car, or student loan.

Heartbleed was a major security vulnerability in OpenSSL, a popular open source socket security library, which could be used to bypass authenticity and security measures by the software and was in isolated instances. A Pew research poll indicated that only about 60% of adult internet users had heard of Heartbleed, and that even worse only 39% took additional steps to secure their online accounts (Rainie, 2014). Warnings of Heartbleed going largely unheeded Shellshock, a vulnerability in Bash a command prompt used in Mac and Linux, was just discovered with early estimates of 500 million affected computers (Lee, 2014). So it is evident the implications of data security on our jobs, lives, and basically our very way of life. But what can be done to address these issues? Well examples such as OpenSSL may actually be the solution and not just the problem. Open source software grants users special privileges including being able to read the source code easily without extensive reverse engineering, and sometimes even the rights to redistribute that code with certain caveats. For this reason not only were the hackers aware of the bug, so were other users of the software allowing the issue to be much more quickly addressed. With proprietary software this may not be the case, by the time the developers become informed it could be too late. We can also see companies like Oracle which are making a point of improving security in Java based applications. Their approach lately has been to promote wide spread adoption of new Java versions, which as a result of new features has been largely embraced by the community with Java 8 adoption up nearly 20% from previous releases (Oracle, 2014). Not only are they correcting the issues, they are giving users incentives to install and adopt these more secure versions. The now obsolete Windows XP operating system is the epitome of where this methodology could be applied as it is still used in many ATM machines today (Pagliery, 2014). They have been proven to be extremely susceptible to fraudulent attacks, even vulnerable enough to hacking from a cellphone!

New advances in physics are also creating promising solutions to encryption as well as classical computing problems. A lot of recent research has shown that lasers can be used to encrypt messages that cannot be deciphered without the original manifest, much like traditional asymmetric cryptography (Berridge, 2010). Optimizations in parallel processing that quantum mechanics is postulated to allow can also mean near instantaneous decryption of encrypted keys. This means that anybody or organization or corporation that can develop the first real quantum computer could decrypt every message using todays encryption standards instantly any time they want. It is no surprise then why the National Security Agency, NASA, Google, Microsoft and many other tech titans are clamoring to build these machines.

Another important aspect of this problem is the psychological importance of security and privacy that individuals feel. The most obvious issue here is that in order for passwords to be secure they also have to be somewhat hard to remember, and consider that usually people have more than 1 even 10 networked accounts on the internet for email, their student account, online bank account, social accounts and much more. Acronyms and anagrams can be conventionally applied as mnemonic devices for remembering passwords, but users generally prefer convenience. The most commonly used password for 2013 was, consistent with popular belief, you guessed it, “password” (Ngak, 2014). Many companies have begun to address this part of the problem in new ways, such as Apple which provides facial recognition locking for most iOS devices (Whitney, 2013). Besides facial recognition research is bringing new solutions such as fingerprint scanning, retina scanning, DNA tests, and other forms of biometric identification and authentication some of which are old and some of which are new. One of the most often utilized methods of preventing bots and spam on websites has been the contemporary use of optical character recognition or CAPTCHAS for example.

The problems of privacy and security have been perennial and persistent in many contexts and not just technology alone. Technology and science is not only expanding the issues but actively providing new and innovative solutions. The development of quantum computers seems to draw many parallels to Alan Turing’s creation of the first computer with grave implications. Millions of people are left vulnerable by security flaws and subject to attack, fraud, and other harm every single day. The problems of privacy and security are thus important matters that are frequently undermined and that must be taken more seriously and researched more thoroughly.

References

Berridge, E. (2010, September 1). Quantum encryption defeated by lasers. Retrieved October 17, 2014, from http://www.theinquirer.net/inquirer/blog-post/1730688/quantum-encryption-defeated-lasers

Lee, D. (2014, September 25). Shellshock: ‘Deadly serious’ new vulnerability found. Retrieved October 17, 2014, from http://www.bbc.com/news/technology-29361794

Ngak, C. (2014, January 21). The 25 most common passwords of 2013. Retrieved October 19, 2014, from http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/

Oracle Highlights Continued Java SE Momentum and Innovation at JavaOne 2014. (2014, September 29). Retrieved October 17, 2014, from http://www.marketwatch.com/story/oracle-highlights-continued-java-se-momentum-and-innovation-at-javaone-2014-2014-09-29

Pagliery, J. (2014, March 4). 95% of bank ATMs face end of security support. Retrieved October 17, 2014, from http://money.cnn.com/2014/03/04/technology/security/atm-windows-xp/

Rainie, L., & Duggan, M. (2014, April 30). Heartbleed’s Impact. Retrieved October 17, 2014, from http://www.pewinternet.org/2014/04/30/heartbleeds-impact/2/#main-findings

Spark, L. (2014, February 14). CNN host Piers Morgan questioned in UK hacking investigation. Retrieved October 10, 2014, from http://www.cnn.com/2014/02/14/world/europe/uk-piers-morgan-hacking-probe/

Whitney, L. (2013, December 20). How to use facial recognition on your iPhone. Retrieved October 19, 2014, from http://www.cnet.com/news/how-to-use-facial-recognition-on-your-iphone/