malware & IT security
Articles on computer security in software, hardware, RFID, biometric and wi-fi systems.
1) "Experts Call for Global Data Sharing to Defend Against Cyberattacks": A new cybersecurity report highlights the need for a worldwide data clearinghouse to thwart next-generation, AI-powered hacks, for IEEE Spectrum on Apr. 17, 2018
2) "NotPetya: Latest Ransomware is Warning Note From the Future" for IEEE Spectrum on June 30, 2017.
3) "WannaCry update: Microsoft pushes "Digital Geneva Convention" to thwart future cyberattacks," for IEEE Spectrum on May 17, 2017
4) "Expert to FBI: Please Join the 21st Century, We Could Use the Help." On a plea by a cybersecurity expert to the FBI to get smart about their cyber policy. Written in the wake of the FBI's dispute with Apple over unlocking a criminal's iPhone. For IEEE Spectrum on June 16, 2016
5) "The Secrecy Cryptography Giveth to Criminals, the Internet of Things Taketh Away" for IEEE Spectrum on Feb. 8, 2016
6) "Is the Lenovo/Superfish Debacle a Call to Arms for Hactivists?" in IEEE Spectrum on Feb. 26, 2015.
7) "Rooting Out Malware with a Side-Channel Chip Defense System," in IEEE Spectrum online on Jan. 27, 2015.
8) "Cyber Espionage Malware Taps Smartphones, Sends Chills" on a new targeted phishing (aka "spearphishing") campaign dubbed 'Inception.' An article for IEEE Spectrum on Dec. 29, 2014.
9) "How to Not Be Sony Pictures" on the notorious cyber attack of the Hollywood studio -- and lessons learned for individuals, governments and enterprise. For IEEE Spectrum on Dec. 11, 2014.
10) What a WiFi Worm Outbreak Would Look Like: A future form of computer malware might infect Wi-Fi routers and steal data. For the Jan 2008 issue of IEEE Spectrum.
11) "Could an SRAM Hourglass Save RFID Chips Just in Time?" for IEEE Spectrum on Aug. 6, 2012.
12) A new chink has been found in the cryptographic armor that protects bank transactions, credit-card payments, and other secure Internet traffic. And although programmers have devised a patch for it, clever hackers might still be able to break through.
The hack, presented in March at a computer security conference in Dresden, Germany, involves lowering the input voltage on a computer’s cryptography chip set and collecting the errors that leak out when the power-starved chips try and (sometimes) fail to encode messages. Crooks would then use those errors to reconstruct the secret key on which the encryption is based. More important, say the hack’s creators, the same attack could also be performed from afar on stressed systems, such as computer motherboards that run too hot or Web servers that run too fast.
A news story for the April 2010 issue of IEEE Spectrum.
13) Industry forecasters say the market for biometric data-collection systems will double or triple in size over the next five years. The technology, which analyzes such markers as fingerprints, voice prints, face shape, palm and finger veins, and irises, is used in applications as varied as passports and Disneyland passes. But storing the data on both government and privately owned computers poses an increasing threat to individual privacy and opens up new frontiers in identity theft, say security experts.
Privacy advocates are growing concerned about biometric "function creep": A company that scans your iris for an ID badge, they say, might also allow government or commercial entities to run this biometric data against their own databases—whether for legitimate or questionable purposes—without your consent. This is why encryption of biometric data is needed, argue Canadian and European biometric experts.
A story for IEEE Spectrum on Aug. 18, 2009.
14) Quirks of RFID Memory Make for Cheap Security Scheme – On-board SRAM produces unique chip fingerprint and random numbers needed for encryption. For IEEE Spectrum on Mar. 18, 2009
15) "RFID Chips Gain Computing Skills – One way to do long computations with short bursts of power," for the May 2009 issue of IEEE Spectrum magazine
16) Crimeware Pays: Adware, phishing, and spam are a strange--and big--business. For the July 2008 issue of IEEE Spectrum magazine . Photo by Anna Demian.
17) Creative Winners in Hardware Trojan Conference:
In November, engineering students from five top universities gathered at the Polytechnic Institute of NYU, in Brooklyn, N.Y., for the Embedded Systems Challenge. The aim was to test new attacks and defenses against an underappreciated breed of Trojan horse—embedded malware built into integrated circuits.
The winning team’s results, set to appear in journals and at conference proceedings in 2010, reveal how vulnerable many systems are to "chip attacks" The contest also demonstrated the high degree of technical sophistication required for these attacks, making it more likely that attackers will pursue specialized applications, such as sensitive military equipment or high-security financial computers. Attacking Dad’s new Windows 7 PC probably isn’t worth the extreme investment of time and money—especially when cheaper and quicker phishing and software-based malware attacks still work all too well.
A news story for the Feb. 2010 issue of IEEE Spectrum
18) Attack of the Quantum Worms:
Whether dollars or pounds, you probably didn't pay more than a few hundred, maybe a thousand or so for your computer. You probably don't use it for anything out of the ordinary - games, a bit of work, email and surfing the net. And yet you've probably thought hard about protecting it from malicious software. Infection by digital worms, viruses and Trojan horses can wipe your hard drive or take over your machine, so you've no doubt spent hard-earned cash on keeping such "malware" out.
Likewise, you would imagine that the people spending decades - and billions of dollars - developing quantum computers have done the same. After all, this super-powerful technology is already being lined up for military and government code-breaking applications. The people involved will have long anticipated the havoc that quantum versions of viruses and other malware could cause, right?
"I hadn't thought of this," says David...
An article for the Oct. 29, 2005 issue of New Scientist magazine (paywall)
(cc) image by John Mosbaugh