Atrocities
The United Nations proposed 8 Millennium Development Goals, toward which they challenged the world to work. Microsoft's Imagine Cup student competition requires entries to contribute a tech solution that works toward achieving one or more of these goals, at least partially. Numerous charities try to make assisting the neediest in the world an easy part of our daily lives, such as practicing vocabulary or math on the Free Rice website.
Amidst all of this positive development, we still have atrocities committed in what are commonly referred to, passively, as "the most troubled areas of the world." The point is that there is a natural, human right to life and, to a great extent, peace. The current Israeli offensive in Gaza is one of those uses of excessive force that is condemned internationally, and constitutes a tremendous crime against the dignity and natural rights of the people who live there.
The most that most of us can do it raise awareness, to make it known that these actions are not tolerated by the rest of the world, and if enough people are talking about it, the government which we have put in place and empowered for ourselves will take notice and respond in the power it has at the international level.
Registered Linux User #370740 (http://counter.li.org)
Modern Information Security
I recently read about the FireGPG extension for Firefox. This extension allows one to interact with encrypted or digitally-signed data included on web pages, using a separately-installed GnuPG installation on the local machine. It also provides tight integration with Gmail, adding a drop-down box that provides digital signature and encryption options for email messages and automatically verifying any signatures that it encounters in viewed messages.
Presently, this extension is a great step toward ease of use for the GPG tool set to allow ordinary computing users to add some security to their communications. It is possible to sign or encrypt a message on the side, and then copy or attach that secured message to the email, but this is a very clumsy process and requires knowledge of many different tools, which is often impractical for the masses.
It is always a concern to look for security leaks in this type of software, but since FireGPG basically provides a parameterized interface to the GPG installed on the user's system, and uses the system keyrings, and prompts the user for the key's passphrase, there is really very little room for a breach of this kind. Personally, I do not let FireGPG cache my passphrase, even for the session, because that is one piece of data in memory that should not see the light of day, and I would prefer it to be overwritten and discarded immediately after it is no longer needed by the encrypting or signing function.
The other element of security in this particular application is open source. FireGPG is open source; the developers provide Subversion repository access to it directly, and provide snapshot tarballs, all cryptographically signed, of course. The point is that you can verify that FireGPG only references the system utilities and does not leak any information back to its creators or other hackers. The possibility of a utility such as this one doing that is reason enough to verify with absolute certainty that the version one installs is authentic, which is why it is imperative that the download be re-hashed on the end-user's system to check it against its md5sum and also the digital signature; any alteration can be fatal.
What the world needs now, with regard to information technology, is strong and easy-to-use security solutions. It turns out that security is never something we can take lightly. The user is the weakest link in the developer-marketer-user chain, and unless the user is strengthened (average people know about how their security works), no method of security will ever be good enough. Currently, the AES encryption algorithms, the GnuPG encryption and digital signature algorithms (RSA/DSA), and the United States National Security Agency's SHA-256/384/512 hashes make the technology strong enough, though it will take some very careful planning to integrate security based on these technologies into the daily lives of individuals.
See Wikipedia for more information on any topic listed here; the information there is very accurate and current.
Registered Linux User #370740 (http://counter.li.org)
Presently, this extension is a great step toward ease of use for the GPG tool set to allow ordinary computing users to add some security to their communications. It is possible to sign or encrypt a message on the side, and then copy or attach that secured message to the email, but this is a very clumsy process and requires knowledge of many different tools, which is often impractical for the masses.
It is always a concern to look for security leaks in this type of software, but since FireGPG basically provides a parameterized interface to the GPG installed on the user's system, and uses the system keyrings, and prompts the user for the key's passphrase, there is really very little room for a breach of this kind. Personally, I do not let FireGPG cache my passphrase, even for the session, because that is one piece of data in memory that should not see the light of day, and I would prefer it to be overwritten and discarded immediately after it is no longer needed by the encrypting or signing function.
The other element of security in this particular application is open source. FireGPG is open source; the developers provide Subversion repository access to it directly, and provide snapshot tarballs, all cryptographically signed, of course. The point is that you can verify that FireGPG only references the system utilities and does not leak any information back to its creators or other hackers. The possibility of a utility such as this one doing that is reason enough to verify with absolute certainty that the version one installs is authentic, which is why it is imperative that the download be re-hashed on the end-user's system to check it against its md5sum and also the digital signature; any alteration can be fatal.
What the world needs now, with regard to information technology, is strong and easy-to-use security solutions. It turns out that security is never something we can take lightly. The user is the weakest link in the developer-marketer-user chain, and unless the user is strengthened (average people know about how their security works), no method of security will ever be good enough. Currently, the AES encryption algorithms, the GnuPG encryption and digital signature algorithms (RSA/DSA), and the United States National Security Agency's SHA-256/384/512 hashes make the technology strong enough, though it will take some very careful planning to integrate security based on these technologies into the daily lives of individuals.
See Wikipedia for more information on any topic listed here; the information there is very accurate and current.
Registered Linux User #370740 (http://counter.li.org)
Subscribe to:
Posts (Atom)