All your computer security precautions are worthless
Tue Nov 3, 2009 7:08PM EST
See Comments (8)
Install your Windows Updates. Update your antivirus software. Scan your system regularly. Keep religious backups. It's all good advice -- and it's advice that I give to readers on a near-daily basis.
And maybe it's all meaningless.
MIT researchers are warning that it doesn't matter much what security measures you take with your computer. If someone wants in, they're getting in.
The latest concern/attack involves data "leakage," the idea that no matter how secure your data might be in storage (even if it's encrypted), once it's in actual use, it's fair game. One area of research involves cached data: Say you decrypt your secret spreadsheet outlining your plans for world domination and have it open on your desktop. Other programs running in the background uses that same working area (the cache) on the machine... and, coded properly, one such program could relatively easily "steal" what else is going on in the cache at that time.
A variation on such an attack has been used to break otherwise rock-solid AES encryption keys. Called "cache timing," the attack determines which specific portions of a computer's memory are used during a decryption process, and can rebuild the key -- in seconds -- just by looking at the pattern of those memory accesses.
Up next: Researchers are investigating whether these attacks can be applied to so-called cloud computing situations. It's one thing to get a piece of malicious software installed on your personal computer (where you might find it easily), but what if you're sharing time on a server on the net? Attackers could run programs on shared servers that watch the cache on that server for other people's data. Just watch for busy servers and run your app when something good is going on, and you're none the wiser... Kind of scary stuff. Read all the details on MIT's news site.
How you feeling about your spyware security system now?
Top 5 Posts
More About Miscellaneous
Comments on All your computer security precautions are worthless
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by spegeo on Wed Nov 4, 2009 8:59AM EST Report Abuse
Okay, so do you have anything to offer regarding a solution, or do you just enjoy spreading bad news and moving on?
-
3 Posted by levi.bakker on Wed Nov 4, 2009 2:27PM EST Report Abuse
@spegeo: I think the point of the article was that there isn't really a solution... "If someone wants in, they're getting in." I guess you could always stop using a computer, and then you just need to worry about the CIA reading your brainwaves...but I hear that can be defeated easily with a tinfoil hat.
-
4 Posted by pierino_velvetine on Wed Nov 4, 2009 3:40PM EST Report Abuse
Maybe... maybe... maybe. The average user has nothing worth the expense of this hack to steal. Who's this column for, anyway?
-
5 Posted by nighteye19 on Wed Nov 4, 2009 3:51PM EST Report Abuse
no, their new tech allows them to read it through a tinfoil hat now! Beware!
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
1 Posted by ruffshelly on Wed Nov 4, 2009 5:07AM EST Report Abuse
Dude, I just got done doing all that stuff, not just to my own computer, but to several "less savvy" friends computers. Last night was the first decent nights sleep I got in a week, thinking everyone's info and and data was well protected, just to wake up to your bright and sunny article! Way to muck up my week! Thanks for the tips, though, this is exactly why I read your blog every morning. Good job!