The SmartSwipe Online Security, Shopping and Technology Blog

Once upon a time, there existed this little lovely town called Cybera. People in Cybera were using open source systems happily while having trust in those systems as they could see all what is happening to their precious data. But one day, the big ugly Googa monster came into Cybera with a very very open source platform called ComatOSe. Cybera's wise guys sat together and went through the ComatOSe source code. Here is what they found there:

And here is how the wise guys changed the ComatOSe:

And then they asked all Cybera people not to use it! Why? Because the ugly Googa monster was so strong that he could break any "encrypt" function and he could also filter any noise added. Not mentioning he could monitor all the onion activities too!

Alright, I do not really know how you would feel when you read in the news something like this: "ALIBI: Facebook Status Update Saves Teen from Jail". Would such a news increase your trust in a justice system? Though, this had happened in the US court system which does not surprise me at all. I wonder if any courts in other countries would fall for such an "alibi"! This makes me so disappointed, reading news about either how someone got convicted in a trial based on cyber-evidences or got away with something based on a cyber-alibi! I believe, the application of cyber-evidences by people who are not qualified for cyber-prosecution could completely compromise a justice system. I am not against using cyber-evidences in right shape and form. What concerns me is seeing that this new field of prosecution is being very badly misused. Just enough to say that if this type of prosecution is acceptable in a court system, then in that system, we can demonstrate the truth of the biggest lies! I guess I am going to study a bit about the theory of evidence and then I might be back with a more scientific blog on this matter.

Yep! It seems like I am going to kick it for a bit without my pseudo-identity. Into the wild! Now, the only thing I need to do is to find a magic bus. Chris McCandless chose to gave them all up, but I did not have a choice. So, here I roll pseudo-identity-less!

I was just reading RSA's latest online fraud report yesterday. One very [very] interesting thing in this fraud report and similar ones is that the amount of information in them which cyber-criminals can use for their business development is crazy. Information is the most powerful tool for these criminals. Any tiny bit of information especially the ones you find in these types of reports, help them significantly to plan their future attacks in a way more efficient way. Getting feedback on the success of attacks on different geographical locations, effectiveness of different techniques on different targets, also finding information on strengths and weaknesses of competitors, are what a business development department in a cyber-crime organization would enjoy [a lot]. Sometimes, I wonder how long it takes till we see the first cyber-crime stock market online. Maybe that day we realize how vulnerable our information infrastructure is.

If you wondered what that image in my last post was, I should tell you that is a piece of disappointment. Basically, in PKI you trust a certificate authority (CA) to help you verify the trustworthiness of others. If this CA does not do a good job, then you may have ended up trusting identities you did not have a reason to. If you trust someone once and they disappoint you, it is their fault. But if you trust that party twice, then it is your fault.

However, sometimes it has nothing to do with CAs and it has more to do with the fact that hackers, crackers, and researchers are quickly catching up with cryptography technology. (i.e. MD5 considered harmful today) One of my friends believed that none of the hackers or crackers have access to enough of equipment to perform these kinds of attacks on cryptography algorithms. These guys used 200 Sony Playstations, and they ended up breaking MD5, huh? Tell me what they can do with 250,000 computers? Well, John Schiefer went to jail for owning that many zombies...

Identity – do I own my identity or does my identity own me? To be clear about the concept of identity, let’s define it as a set of features which are supposed to distinguish me from any other person. In a more simple language I would say my identity is the comprehensive answer to the question of “Who am I?” If I wanted to give an answer which I am able to prove , after a few moments of silence, I would go with: “I am who I am!” I could have started introducing myself with all those commonly known identity basics. But then the problem would be that I could not prove any of it!

Or if I could provide my proof for owning any of those features, I call them building blocks of my identity, it would be just context sensitive and nothing close to an absolute provable fact. I wish I were not identified with the identity elements which my surrounding societies attach to me. I would call my assumed identity a pseudo-identity! I do not own the elements of my pseudo-identity and I am not able to control them. And I can see that sooner or later, this pseudo-identity will take over who I am! I am not who I am, I am the truth in the silent moments before answering the question “Who am I?”