The generic zyprexa sale information CDC recommends people more likely to experience complications from the t-ject 60 prescription flu seek medical attention quickly. If this is the case, generic azor sale dangers a person can work with their doctor to try and buy nexium online identify any possible triggers and take steps to reduce the cheap flagyl on internet frequency or severity of flare-ups. A CT scan accurately captures buy cheap bentyl online a dense structure, such as bone, but soft tissue is price of flagyl more difficult to see. Some evidence suggests that raw garlic order natural ampicillin no prescription and aged black garlic produce the best reduction in a buy toradol online person's cholesterol levels. It can be nearly impossible to find cheap atenolol overnight delivery time for myself with unending doctor appointments, calls to the insurance.

The Chronicle, or Carbuncle as it is sometimes known, is the major weekly higher-ed newsletter. Today it web site features a 9-minute audio podcast with Hal and Harry, about Blown to Bits.

After yesterday’s heavy post, I thought I’d go with something lighter today. Google News accompanied a story on the conflict between Russia and Georgia with a map locating the battles in the American South!

US District Judge Douglas P. Woodlock has issued a temporary restraining order (pdf¬†here) to MIT students to prevent them from speaking at the DEFCON Conference in Las Vegas about how cracking the fare card systems used by our local mass transit system, the MBTA. According to the MBTA‚Äôs complaint (pdf¬†here), the students were working under the supervision of Professor Ron Rivest of MIT, a pioneering figure in the the modern development of cryptography. The complaint and the restraining order are directed against MIT as well as the three undergraduates, because ‚ÄúMIT has been unwilling to set limits on the MIT Undergrads‚Äô activities.‚Äù Imagine — a university not telling its students to hold their tongues about their discoveries.

The story is covered in the Boston newspapers (Herald story here, Globe story here). The most complete account is in the UK Tech site, The Register.

Prior restraint of speech is serious business, especially for the press and for academic researchers. A quick reading of the documents in this case suggests that this order is wrong. No human lives are at stake here, just the revenues of the MBTA, which are threatened not by the students’ acts but by the MBTA’s technical incompetence.

Ironically, the court has made public a document the students submitted in response to the complaint. This document (PDF here, courtesy of Wired) reveals a great deal of what the students were going to say. Similar information was apparently included in a class presentation that has been publicly available for weeks, and in materials thousands of conference registrants received on checking in. The injunction against speech is, if nothing else, moot.

Though details matter, the students seem fundamentally to have discovered a hole in the security fence and now are being taken to court for their plan to tell people about it. The most gaping hole the students report in the MBTA’s security system is that Charlie Tickets (paper tickets with a magnetic stripe) use a laughably weak form of security, which does not deserve to be called encryption. To guard against someone altering a few bits on the card to increase its value, the card includes a “checksum,” just a sum of all the bits, keeping only the lowest-significance six bits of the sum. If you imagine the data being in decimal rather than binary, this is equivalent to adding up a column of numbers and appending to the column the last two digits of the sum. Then if you wanted to check whether any of the numbers had been altered, you could compute the sum yourself and see that the last two digits matched what was on the card. Of course, if you knew how to alter the checksum too, you could easily defeat this crude check. And with only a hundred possibilities, it’s pretty easy to figure out how the checksum is computed and to forge it as well. (With six bits of checksum, there are only 64 possibilities to test.)

There will be a lot of fallout from this case. To be sure, the students might have used a more academic tease than “Want free subway rides for life?” to draw in an audience. And they may be in hot water for going into the MBTA’s network control rooms in the course of discovering that they were routinely left unlocked — a huge security problem. On the other hand, the statute the MBTA complains the students have violated — the Computer Fraud and Abuse Act — hardly seems applicable. The MBTA is claiming that the transmission of the vulnerability from the lips of the students to the ears of the listeners falls under a statute designed to outlaw fraudulent electronic attacks over computer networks.

At its core, the situation has arisen because the MBTA violated one of the basic principles explained in Chapter 5 of Blown to Bits: Kerckhoffs’s Principle. A security system is more likely to be secure if everyone knows what it is. Keeping the design secret is an invitation to crack it — if the students hadn’t done it, then criminals would. History has countless examples. What the MBTA should have done is to post its security design on its Web site and challenge all the world’s students to crack it. Technologies exist for secure data encryption. Keeping your bright idea on how to do it secret is not the way to get a good design.

The Electronic Frontier Foundation is defending the students. In the meantime, I would note one interesting detail. According to the Register’s report, when the students met with an MBTA representative earlier this week, “The MBTA official made clear the level of concern reached all the way up to the governor’s office.” Governor Patrick has styled himself a champion of personal freedom. Mr. Governor, you can call off the dogs. This is not the way to solve the state’s problems.

Bits leak. Of course that’s just a metaphor. Bits wind up where their creators didn’t intend them to be for lots of different reasons. Sometimes they are left unsecured, and sometimes security measures are overcome by determined aggressors. And sometimes there are human errors, especially in complex systems involving multiple corporations or government, where control is agreed upon among peers, not imposed by a strict command hierarchy.

The video coverage of the Olympics combines many features that make it ripe to go wandering. It’s a high-value digital asset; NBC is has paid almost a billion dollars. It’s copious, comes from decentralized sources, and is destined for multiple TV distributors around the world. Hundreds of millions of people want to see it, some of them technically savvy. And it’s on a 12-hour tape delay, which many would love to skip.

As the New York Times reports, some of the pipes have sprouted leaks. A digital plumber in Germany left a spigot open. Videos are popping up on YouTube, and being taken down quickly after NBC complains. From the sidelines, it’s fairly amusing to watch — ¬†an electronic (and much safer) version of the impoverished inhabitants of oil-producing countries such as Nigeria tapping the pipelines.

“Bits want to be free,” Nick Negroponte famously said. We are in the middle of an epic contest to defeat that will. There are another 8 days for the contest to be played out. Who will win — and who will win four years from now? This is the first digital Olympics, and it will likely be the last one where these questions have uncertain answers. As with so much else of the digital world, the arguments are going to be settled soon, and we’ll be living with the resolution for a long time.

One of the repeated lessons of Blown to Bits is that metaphors matter. We use them to describe digital phenomena, and then we use our intuitions based on the metaphor to decide how things should work or what should be prohibited.

Under the federal Wiretap Act, it is illegal to “intercept” an email. But what does that mean in a digital world in which messages are repeatedly stored momentarily in one computer and forwarded to another computer? Does “intercepting” just mean catching the bits in transit between computers? If you snarf a copy from an intermediary computer during the milliseconds while the bits are stored there, is that “interception” too?

Not according to a district judge in California. The case of Bunnell et al v. the Motion Picture Association of America involves a hacker named Anderson who was hired by the MPAA to obtain records from a file-sharing service that was distributing digital movies. Anderson managed to gain access to the service’s email server and have copies of emails forwarded to him, which he then passed on to the MPAA in exchange for $15,000. The company complained that this constituted an illegal theft of its corporate email. The judge ruled no, as reported by the Washington Post.¬†”Anderson did not stop or seize any of the messages that were forwarded to him. Anderson’s actions did not halt the transmission of the messages to their intended recipients. As such, under well-settled case law, as well as a reading of the statute and the ordinary meaning of the word ‘intercept,’ Anderson’s acquisitions of the e-mails did not violate the Wiretap Act.”

The case is being appealed, and the Electronic Frontier Foundation filed an amicus brief asking that the judge’s interpretation of “interception” be reversed. Were it allowed to stand, the EFF points out, the Wiretap Act would become meaningless as it applies to email in a store-and-forward network. The government could have lawful access to any email at all, without bothering with search or wiretap warrants.

That’s the name of a “crowdsourcing” Web site, whoissick.org. It’s a work in progress, so slow, but go try it. You type in a zip code and you find out the symptoms of people in your neighborhood. And the data comes from you too; you submit your observations of your own symptoms, or those of someone you know. Weird. The origin tale is peculiar too — the site’s creator waited with his sick wife for four hours in an emergency room, only to be told that she had the same symptoms as lots of other people in the area. He wouldn’t have bothered if he knew what was going around.

The site illustrates two developing trends. The ease with which mashups can be thrown together (including this one, from the Huffington Post site, with wonderful depictions of your neighbors’ political allegiances, drawn from public databases). And the ease with which we can now try to channel large numbers of voluntary, amateur observations into widely useful knowledge.

For reasons I can’t really explain, our standard metaphor for surveillance is the eye. Big Brother is watching. “Surveillance” itself means watching over.

But being listened to is probably more intrusive than being watched. What you say in your relaxed moments is a read-out of what is going on in your brain, revealing plans and abstract thoughts far better than watching your physical movements.

That’s why we worry so much about surveillance of email. But what about our normal bit stream, the one that comes out of our mouths rather than from our fingertips on the keyboard?

Voice recognition has been just around the corner for decades, but two recent stories suggest that the digital explosion is not only making it a reality, but poised to be a tool of public security — or oppression — ¬†almost immediately.

A story by Shai Oster and Gordon Fairclough in the Wall Street Journal yesterday reports that as part of its “security” preparations for the Olympics, China has equipped 70,000 taxis with microphones that can be turned on remotely. The Journal reports, “Security experts say there is little likelihood that all conversations in taxis are monitored.” That is doubtless correct, but remember what we say in Blown to Bits: “Computers will get powerful enough if you wait.”

Today’s New York Times has a glowing review of Dragon NaturallySpeaking, a PC voice recognition package. The reviewer, David Pogue, reports that it is extremely accurate even without training. It’s designed as office software, to transcribe dictation to Microsoft Word or to help RSI-afflicted computer users browse the Web. But the same technology could, of course, be used for other applications, such as the screening of 70,000 audio streams from taxis listening for conversations about Tibet or demonstrations. The review notes that this particular package is not unique in its accuracy.

Given the aggressiveness with which U.S. officials screen bits, even domestic emails, can there be any doubt that this country is considering large-scale automated eavesdropping?

And even if not, think of the corporate uses. Financial services firms already closely monitor email into and out of their buildings, looking for evidence of shady transactions. It would be such a boon to be able to listen in on every outside call placed by an employee …. Maybe even the only fiduciarily prudent thing to do, once it becomes feasible.

Bits are bits, and the limitation that only email bits are easily monitored is a temporary and rapidly fading inconvenience. Voice screening will soon be coming to a theater near you.

Every major news source is carrying the story of the indictment of 11 persons for a massive data theft, in which more than 45 million credit card records were stolen — perhaps many more. We explain on page 176 of Blown to Bits that part of the problem was that in 2005 TJC was still using WEP encryption for its wireless communications, even though WEP had been known to be insecure for three years by that time, and a substitute was widely available.

Today’s accounts indicate that the alleged crimes go much beyond that business of the 45 million credit card records. It is a bit hard to discern what actually happened, however. The Wall Street Journal describes the defendants as having “hacked into a wireless computer system at an unidentified BJ’s Wholesale Club store.” “Hacked” is one of those portmanteau words which journalists use to describe almost anything. In its original sense it isn’t even derogatory — it just meant a clever, contrarian piece of programming. “Hacked into” suggests something quite aggressive and destructive, but it seems that what really happened may be nothing more than someone driving around listening for wireless routers and finding one that hadn’t upgraded its encryption software — and then using the by then well known methods for decrypting WEP. (I am not defending it — it’s a crime, and should be — but the language would then be a bit like saying that someone had “broken into” a house by opening the door and walking in. Bad thing to do, but not the way it sounds.

But this was far from the end of the story. The defendants in this action are alleged to have “gained access to the computer system used at a Marshall’s department store” and then, “With access to the server, the defendants installed ‘sniffer programs’ that captured data.” At that point they could, and allegedly did, pretty much help themselves to whatever the company had in the way of customer financial data.

It’s the “gained access” that interests me. It could be a software error, but my gut tells me: inside job. The easiest way to “gain access” to a computer system is to have someone give you a password, or give you physical access to the machine. It’s not the only way, but if I were bent on “gaining access” to a computer, I’d try the easy way first — perhaps bribing someone using the money I’d already made with those credit card numbers.

Finally, all this data wound up on international servers, as part of a shadowy underground bits economy. This fascinating report by Symantec details the operation of these sites from which credit card numbers and and other sensitive data can be bought in bulk. The table on page 32 reports that US credit card numbers cost $1-$6, UK credit card numbers twice as much (apparently the return on the investment is better). Email addresses, by the way, go for $5 per 20,000. Lots of other good information about the ways that computers can be compromised, and where the attacks seem to be coming from.

No, not John McCain, the candidate; “John McCain,” the words. Politico reports that it costs twice as much to buy “John McCain” on Google AdWords as “Barack Obama.”

As we explain in Chapter 4 of Blown to Bits, the text ads that appear on the right of a page of Google searches are brought up in response to the words you’ve searched for. Since there is only so much real estate on the screen, there is a continuous auction for words, with the ads for the highest bidders being displayed. The advertisers set a budget and every time one of their ads is clicked on, the budget is decremented by the bid amount. That’s how Google makes its money. Particular terms can go for anywhere from a buck a click, to thousands.

According to the story, McCain’s name costs up to $470 per click, while Obama’s tops out at $250. Why? Perhaps because McCain’s campaign is itself bidding up the price. Apparently it also buys “Barack Obama” clicks — with ads reading “Obama for president? Why not learn more about John McCain for president?”

Delta Airlines will offer wireless Internet access on its airplanes, the Wall Street Journal reports. It will cost about what hotels charge, $10 or so. The motivation is customer demand only secondarily; primarily Delta, which is pretty much broke like most airlines, hopes it will be a money-maker.

It will be interesting to see how this works out — will the cabin attendants help passengers get their software settings right? Will the bandwidth be good enough for streaming video?

I think it’s great, though I’m finding that the seat rows are packed so close together these days that it’s hard even to open a laptop. And no Skype, please. I don’t want to listen to my neighbor’s VoIP telephone calls while I am trapped in midair.