On D-Wave and Quantum Computing

Posted on by

I have been following at a distance since a few years the development of Quantum Computers. One of the more controversial approaches to Quantum Computing is the one proposed by D-Wave. D-Wave is also the only company which claims to have a specialized version of Quantum Computer ready to sell, and actually they did sell at least one Quantum Computer to a consortium made by Google, NASA, and the Universities Space Research Association.

What it is not yet clear is if it is really a Quantum computer, and even if it is, if it gives any advantages with respect to traditional computers. There are quite some different opinions about this, and this IEEE Spectrum article tries to understand where we stand now.

 

How to Abuse Your Customers

Posted on by

This is a 1 Million USD settlement in a consumer fraud against the on-line video gaming company E-Sports Entertainment, LLC. On top of its online gaming business, the company found quite profitable to use the customer PCs to mine for Bitcoins and to monitor the customers’ use of the PC even when they were not running the E-Sports’s program.

Managing a Large ICT Implementation is Hard

Posted on by

Recently there have been quite some news about failed large ICT projects, starting from the Obamacare rollout and so on. One of the latest news is that Bridgestone is suing IBM for fraud for $600 Million over a failed IT implementation (see here for details).

We know since at least 20 years that large ICT projects are hard and that quite often they fail, at least as far as they do not deliver what has been agreed at the beginning. (A very easy and often adopted way of guaranteeing that an ICT project is succesful, is to change the its requirements and goals at the end.)

What seems new to me is the fact that the news about these failures are becoming more and more public, probably because they affect more and more people, and that someone is starting to complain, in this case to the point that the customer thinks that there has been a fraud against him.

Actually this trend could help the ICT business in the long run, since it will force us to learn how to manage large ICT projects and implementations and to produce (at last) higher quality ICT software products.

Diverting and Tampering with Internet Traffic

Posted on by

This is really a disturbing news. Renesys has announced that this year there have been many cases of traffic redirection via BGP which look suspicious at the least.

Without entering in details of how BGP works, it suffices to say that BGP is (together with DNS) the hardcore infrastructure protocol which makes the global Internet working. BGP is used to build traffic routes so that the data can flow from one network to another. Each Internet provider (ISP) uses BGP to announce his own networks to the other ISPs and to learn where and through whom to send data to other destinations.

It is well-known that BGP has some weaknesses in particular due to its trusting that every ISP would not try to cheat. Indeed it possible in some particular situations that an ISP could announce the networks of another ISP and manage to receive all traffic for these networks. In this way, it could be possible to divert the traffic and possibly read it (if it is not encrypted) and tampering with it.

From the Renesys blog entry it seems that this has actually happened this year and that those involved claimed that these incidents have been due to “bugs” in some “vendor BGP software” and that there were no malicious intentions. Let’s just hope that this is true and that there will be introduced soon ways to prevent this to happen in the future.

Internet, Privacy and Televisions

Posted on by

It seems that television (hardware) makers do not have very clear ideas (or have understood it too well) of which kind of information one can extract from private people when their televisions are connected to internet. Here is a possibly disturbing but not surprising story.

Obviously the televisions will ‘call home’ for a variety of reasons and purposes, and this is part of having the television connected to internet. What it should also be spelled out clearly, is what the television reports back about its owner.

A new way of authenticating yourself

Posted on by

We all know very well that username+password is a very weak form of authentication. Unfortunately alternative universal and more secure methods are not available.

Some researcher (see here for example) are proposing to use our mobile phones as pencils to draw our signature in the air and to use this movement as our password. This approach has many interesting characteristics, from the hardware-set used, to the movement itself which can be extremely difficult to replicate, much more difficult than a fingerprint, and a few drawbacks like the obvious need of space to do it.

There is already an App for Android that you can download here. In any case, more research is needed in particular in the full evaluation of the security features of this almost biometric authentication method.

Cyber Readiness Index of Countries

Posted on by

It has just been presented here a study about the “Readiness” of Countries with respect to all what is “Cyber”.

It is difficult to comment on the data presented, but it is surely of interest. Personally I love slide 21 which has just the following in it:

No Index Measures Security

Not much else to add.

ENISA Publishes Guidelines on the Use of Cryptography

Posted on by

ENISA just published a report with recommendations on the use of crypto algorithms, keysizes and parameters.

Crypto elements are classified in primitives, schemes, protocols ad key sizes and for each of them it is stated if it is:

  • Legacy not adequate, to be replaced immediately
  • Legacy adequate but with better existing alternatives
  • Future proof and expected to remain secure for 10 to 50 years.

Following the NSA saga and the state of uncertainty we are living in right now, this is a must read.