The Electronic Frontier Foundation, long-time defenders of the common man’s rights in the electronic realm, has published a guide to keeping your digital devices private when entering the United States. It seems the defenders of freedom and liberty (ICE, DHS, TSA, and CBP) are able to take a few freedoms with your liberty at a border crossing by seizing your devices and copies of the data they store for up to five days. This requires no suspicion of wrongdoing, and copies of this data may be shared with other agencies thereby negating the five day limit.
Do you have a reason to protect your digital property? This is discussed in the paper. It may be confidential information, by way of a business contract or professional relationship (Doctors, Lawyers, Journalists, etc.). Or you may just want to keep your privacy on principle. No matter what your stance, the EFF has covered all the bases in this intriguing read. We think the best advice they give is to make an encrypted backup of your data on the internet, blank your computer before the border crossing, and restore it when you get to your destination. If you don’t have the data with you, it can’t be compromised. It that’s not an option, they have plenty of guidelines on cryptographic techniques.
Continue reading “EFF on securing digital information when crossing the border”
Honey, would you like some cheese? WHIRRRRRRRRR
[The Timmy] broke his manual cheese grater. It would be a waste to throw away a perfectly functional tool that’s only missing a handle, so he kicked it up a notch with a cordless drill. Now [Tim], “can grate with incredible speed and power for even the toughest of cheeses.” Anyone have a broken pepper mill?
The most adorable oscilloscope
We’re not much for plugging products, but this scope is really cool. It’s designed to fit on a breadboard and is smaller than some ICs we’ve seen (68000, so yes, it is). We’re wondering why there hasn’t been a homebrew version of this yet.
Now do an R/C castle
Here’s a minifig-sized R/C LEGO car made by [brickmodder]. It has a custom drive train and steering mechanism that uses the smallest servos [brickmodder] could find. How about an R/C pirate ship next?
It’s probably an ad for something
Here’s some sort of code thing that asks the question, “Can you crack it?” Apparently, it’s for UK cryptanalyst recruiting. You won’t get a 00-designation, but woo Bletchley Park.
Inverting an inverter
[Manfred] is putting an alternative energy setup on his land. Of course he needed an inverter to charge his batteries, so he went with a highly regarded (high price) box. What he got was anything but. You’re going to need at least ten minutes to go through this hilariously sad teardown of a high quality Taiwanese inverter. Oh, [Manfred] is awesome. Just look at his microhydro plant.
This toy has some upgraded internals that turn it into an Enigma machine. We absolutely love the idea, as it takes a toy that your child may have grown out of, and uses it to provide teachable moments dealing with both history and mathematics. But who are we kidding? We want to make one just because it’s a fun project.
[Sketch] grabbed this toy from a thrift store because it has a full keyboard that he can use to make his own machine. It’s powered by an Arduino, with a four-line character LCD display taking the place of the original. His post covers the methods he used to figure out the keyboard wiring, and also contains a cursory overview of how the Enigma Machine functions. See a video of the finished project after the break.
If this wet your appetite, also check out the paper Enigma Machine we covered during Hackaday’s first year.
Continue reading “WWII’s top cryptography comes to a child’s toy”
Trusted Platform Module based cryptography protects your secrets as well as your government’s secrets. Well, it used to. [Christopher Tarnovsky] figured out how to defeat the hardware by spying on its communications. This requires physical access so it’s not quite as bad as it sounds, but this does reach beyond TPM to many of the security chips made by Infineon. This includes peripheral security chips for Xbox 360 and some chips used in cell phones and satellite TV.
[Christopher] revealed his hack during his presentation at Black Hat 2010. The method is wicked-hard, involving removal of the chip’s case and top layer, then tapping into a data bus to get at unencrypted data. The chip still has some tricks up its sleeve and includes firmware traps that keep a look out for this type of attack, shutting down if it’s detected. Infineon commented that they knew this was possible but regard it as a low threat due to the high skill level necessary for success.
The Polytechnic Institute of NYU is hosting an interesting embedded systems contest. They’ve constructed a solid state cryptographic device that uses a 128-bit private key. Contestants will be tasked with designing and implementing several trojans into the system that will undermine the security. The system is built on a Digilent BASYS Spartan-3 FPGA board. The trojans could do a wide variety of things: transmitting unencrypted, storing and transmitting previously entered plain text, or just shutting down the system entirely. The modified devices still need to pass the factory testing procedure though, which will measure power consumption, code size, and function. After a qualification round, participants will be given the necessary hardware to compete.
[via NYC Resistor (Happy Birthday!)]
Google has released keyCzar, a cryptographic toolkit that supports encryption and authentication for both symmetric and public-key algorithms.
Cryptography is a common problem area for web programmers. keyCzar aims to help alleviate some of the issues by supplying safe defaults, tagging versions, and a simple interface.
[via Zero Day]
Honestly, we were originally sent this Q&A with famed cryptographer [Bruce Schneier] as a restaurant recommendation (112 Eatery, Minneapolis). Posted last fall on NYTimes’ Freakonomics blog it covers [Bruce]’s opinion on nearly everything. Here are a few items in particular that really stuck out to us:
The most immediate threat to the average person is crime – in particular, fraud. And as I said before, even if you don’t store that data on your computer, someone else has it on theirs. But the long-term threat of loss of privacy is much greater, because it has the potential to change society for the worse.
What you’re really asking me is about the security. No one steals credit card numbers one-by-one, by eavesdropping on the Internet connection. They’re all stolen in blocks of a million by hacking the back-end database. It doesn’t matter if you bought something over the Internet, by phone, by mail, or in person – you’re equally vulnerable.
We already knew he doesn’t secure his WiFi (neither do we) and you’ll find many other interesting discussions in the article. If you want Bruce Schneier facts though, you’ll have to look elsewhere.