Tuesday, September 13, 2011

Physicists reaches milestone towards optical computing

Physicists at Aarhus University, Denmark have proven that the methods for slow light can be used for creating optical transistors, an important milestone they say.

The scientists use a method known as electromagnetically induced transparency, which is the same that Danish physicist Lene Vestergaard Hau from Harvard University uses in her experiments concerning slow light.

A crystal of cold calcium ions can be utilized as an optical transistor, where the photons (light) can check and control the amount of other photons that can escape the crystal - the same way that the voltage of a gate-electrode in a transistor can control the current running through the transistor, writes physicists at Aarhus University in a new article in Nature Photonics.

Professor Michael Drewsen and two of his coworkers from Aarhus University have taken this research a step further by controlling the transmission of photons through a Coulomb crystal. A Coulomb crystal is a collection of ions, in this case calcium ions that are cooled down to only a thousands of a degree above absolute zero.

The typical distance between these ions is 10 micrometers, which is 100.000 times longer than the distance between atoms in a normal solid. That means that the Coulomb crystal is both a solid and a collection of free particles at the same time, which gives the crystal a bunch of special properties.
  One of which is that the transmission of photons through the crystal can be adjusted with the principle of electromagnetically induced transparency by tuning the properties of photons and ions in the crystal in relation to each other.

Through an experiment, the scientists have shown that they can turn on and off for a passage of light with a wavelength of 866 nano meters through the crystal by sending a switching signal consisting of photons with a wavelength of 850 nano meters.

In a purely optical quantum computer they would have to be able to control the passage of a single photon by using another single photon. Currently they use 150.000 controlled photons for their experiment, but they say that they are already working on ideas to decrease the amount of photons needed by a factor of 100.

Sunday, September 11, 2011

Angry Birds, now a theme park attraction

The popular game Angry Birds for smartphones, such as the iPhone and Android phones, have been turning out profit of everything from t-shirts and teddy bears to board games and is now also a theme park attraction.

The goal of the Angry Birds stall is to shoot down balloon pigs with the use of a giant slingshot and those well known little birds as ammunition. So far the idea is a huge success and has attracted a lot of visitors since it's opening last Wednesday, and it has also made it to one of the theme parks more popular attractions.
   But just as with many other Chinese products the people behind this stall have not gotten permission to use the Angry Birds name or idea from Finnish Rovio who created Angry Birds.

A spokesperson from the amusement park said,
This is just a way for people to have fun and let off steam.
Usually when the Chinese copies Western products the procedure is to sue them and close down the copyright infringement, but instead the Finnish company has chosen not to. According to Rovio's Chinese spokeswoman Daisy Chang, the company will examine if they can cooperate with the amusement park. She states,
We would welcome a partnership, but Rovio would need to give them permission to use the Angry Birds game.
Rovio currently has a goal of reaching a 100 million downloads in China before the end of this year and the attraction could help them achieve this goal so it is also in their interest to spread awareness of their game.

Friday, September 9, 2011

Google arms HTC for Apple patent war

Google's latest buy of Motorola brought with it some very interesting patents. Among those there is the patent for running software on mobile hardware and also a patent for hidden antennas on mobile phones.

HTC has brought up a bunch of patents and is currently suing Apple for multiple infringements. It's a total of 9 patents that HTC has bought from Google during the last two weeks that are being used to fend of Apple, which currently has been dominating the courtroom in many different countries, namely the world wide cases against Samsung's phones and tablets. But also in their attempts to bring the Android OS down.

Google has been criticized before for not taking action against Apples attacks on several Android phone manufacturers, but Google have not had a very threatening patent catalog in the past. In the last year Google has been working hard to get as many patents as possible by buying companies like Openwave Systems, Palm and as mentioned earlier, Motorola.

According to All Things Digital HTC has paid an unknown amount to Google for the patents that will help them in the battle against Apple.

Thursday, September 8, 2011

Privacy Policy

I have added a privacy policy to the blog, since in the very near future such a policy might be a requirement by the European Union (EU).

The EU introduced a bill earlier this year as an effect of the privacy debate concerning tracking cookies placed by companies like Google and other similar services that track a users actions and pages they visit. Later it evolved into that all cookies should be included by the bill which suggested that websites that used cookies should actively get a users permission to every cookie that would be set in the users browser.
This bill was under massive critique since many websites use cookies for common functionality such as a cart on a webshop or simple login systems.
The law was supposed to take effect this year, but because of disagreement on how this law was supposed to be upheld and interpreted many countries in the EU has just chosen to wait until all the confusion has settled and a more reasonable law negotiated.
Following other websites footsteps, I have chosen to add a privacy policy that will explain what cookies are, what specific cookies are used by this blog, and just in case, how to disable them.

The policy can be found in the bottom of the page, and also here.

Tuesday, September 6, 2011

Audit of hacked Certificate Authority reveals poor security

Recently, the Dutch Certificate Authority (CA) DigiNotar was hacked and brought with it a huge scandal since it was proven that hackers had successfully created fake Google SSL certificates.


It began with a fake Google certificate that had been used by someone to impersonate Google. SSL certificates are used to verify a domains ownership but are also used to encrypt the data sent between the client and the certificate holder. The fake certificate caused some stir within the IT community and raised the question whether or not to trust CA's since this is a second CA that has been hacked in the past year. The false certificate was traced back to DigiNotar and was discussed on the web and also in news stories but DigiNotar first admitted they have had a security breach a couple of days after this was revealed.

DigiNotar stated that the attack happened on July 19th and all the affected certificates had been withdrawn. But clearly their own audit of the security breach had not been thorough enough since the faked Google certificate suddenly appeared. And later there had been found more certificates in the wild and it quickly revealed that more serious certificates had been compromised including CIA, MI6 and Mossad. All major browsers have stated that they will issue an update blocking all of DigiNotar's certificates.

With the scandal that hit the CA the Dutch government chose to do an external audit of the breach to determine how this could have happened. The security auditors Fox-IT who where hired to examine the compromised servers revealed that the level of security within DigiNotar's system had been ridiculously low and pointed out such insecurities as,

  1. A single administrator account on a windows machine owned all the certificates.
  2. The administrator account was protected by a weak password that was easily brute-forced.
  3. The tools used by the hacker would have been detected by anti-virus, had it been present.
  4. The software running on the server was outdated and unpatched.

Those are some of the problems listed by Fox-IT and it really shows the lack of DigiNotar's responsibility and common sense. A Certificate Authority provides a service of security that is used to verify a website is what it claims to be and is used to encrypt credit card information on payments and to encrypt the data sent between citizens and public institutions and much more. I only ask, how can there be such an insecure system to govern the certificates? One would expect such companies to at least know common practices when guarding data you don't want to be compromised.

As of now almost 99% of the queries to the false certificates have originated from Iran which make the Iranian government prime suspect of this attack. Iran was also one of the suspects when Comodo (a South-American CA) was hacked earlier this year.

Filth - Requiem For A Dream (Dubstep Remix)

Awesome dubstep track I found today. The Original song is the theme song of the movie Requiem For A Dream - also an awesome movie that I would recommend everyone to watch.

But listen to this masterpiece!

Saturday, September 3, 2011

Dutch journalist hacks transit card

In Netherlands, a reporter has been trying to stress out the outrageously insecure card software that the Dutch subway system uses for their transit cards. The transit card is designed as a kind of debit card where one can add money to the card and then travel with the subway system by paying with the card.

The card is delivered by the company Trans Link Systems that also oversees the transit card system. It functions by using a RFID chip that you wave in front of a proximity sensor that registers a travels start and stop, and then withdraws the amount of money according to the distance traveled. The main security issue exists in the encryption that the card is protected by, namely the Crypto-1 algorithm which was cracked in 2008, for more information see this.
   Now, armed with a cheap RFID reader/writer, which you can get for less than $40, you can easily access the information stored on the card and edit it as you wish. Moreover, the software that is used for monitoring the cards is not designed to detect unusual activity or even tampering with the card. That was exactly what the reporter/hacker Brenno de Winter proved by using a hacked card for 3 weeks without being detected even though he intentionally tried to get caught by inserting mutliple check-outs from the same airport with a 3-minute interval, which is practically impossible without some sort of teleportation. And that's not even the worst part. The technique not only allows you to insert checkouts but you could also add an unlimited amount of money to the card which means one could travel for free within the Dutch subway system with a hacked card. A potential exploiter could also use a portable RFID reader that would steal the information on other peoples cards just by walking past them and then print the information to his own card.
   You don't even have to be a hacker, let alone a techsavvy person,  to successfully hack your card since the tools needed only includes the cheap RFID reader/writer and software that easily can be downloaded from the internet.

Now the reporter Brenno de Winter, is being sued by the transportation companies for fraud, and his goal of getting the vulnerabilities fixed is being draned down the toilet. The company only stated that it is illegal to hack your card and that there will be taken legal actions against exploiters.

Even though the cards security flaws are well known, the same solution is being implemented into the bus and subway system in Denmark, which already is many years behind schedule and many millions of dollars over budget because of adjustments that needed to be made so it would adapt to the already established systems in Denmark.

At time of writing, there still hasn't been taken any action nor is there any information available that they intend to fix the vulnerabilities in the current card software.