Thursday, May 31, 2007

Good buying ?

Don't know why i've been blogging about Google too much lately, or why i am blogging at the middle of the day.

Anyways, Google has bought another company. This time, it is the security company GreenBorder. This is strange, as comparing to its previous buys, most of them are entertainment and advertising companies.

Does it realise some long-term security flaws in the systems needed to be repaired ? Firstly, let have a look at GreenBorder first. This California-based company is believed to help cooperate to create a sort of sandbox environement that detects and keeps all the malicious codes/software out. In principle, it works like a very big (operating system-wise) Java Virtual Machine used for Java applets. If i undrestand correctly, then it differs to the currently popular solutions of Virtualization (like Xen or VMWare). GreenBorder looks to provide security at the outter layer, and all the operating systems inside are independent. With virtualization software, it allows multiple copies of an operating systems working on the same set of hardware, and not interfereing with each other. Thus, it provides security at the inner layers, from inside out.

Not sure about how GreenBorder's detection of malicious codes work though. But it must be efficient and good enough to charge $100 per customer.

So how Google would benefit from GreenBorder's technology. Its spokeman said that it can be used in many services, but didn't reveal what and how. The first thing that came to my mind when reading this acquisition was that Google was going to use it for an overdue enhanced version of its search engine. Not long ago, an article in BBC mentioned the need of eliminating malicious websites (containing virus, worms) in search results. So for example, there are websites (adult content, ...) that when you click on it, strange things would happen to your PC. Annoyingly enough, you found most of those sites via Google search.

It's not really straightforward to incoporate the filtering mechanism to Google's search engine. Basically, Google downloaded (mostly) the entire websites in the Internet and ran a PageRank algorithm to rank the popularity of the page. The most popular sites would come up first in the search results. The information that determine the ranks are links from other sites, which look rather static to me. Scanning through the entire sites looking for malicious codes require much, much more work than simply looking for hyperlinks information. That may be where GreenBorder's technology comes to handy.

If Google can make its search engine to do that, well, we no longer need any sort of firewall or antivirus software installed in our machine. And those antivirus companies wouldn't like that a bit.

Google's repsonse

Google has responsed to the written letter from the EU commissioning group concerning its privacy policy. Google raised concerns over its habit of keeping user's data (search patterns, ...) for more than 2 years.

The answer was good, as Google admitted that their policy was vague (from BBC):

1. When we use third parties to assist us in processing your personal information, we require that they comply with our Privacy Policy and any other appropriate confidentiality and security measures.

2. We may also share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.


The first one is OK, as it does not reveal anything about Google's policy. The second point is however, more important. So as the matter of fact, it does share our data to third parties. Google spokeman explained later that those parties are mostly the polices.

On one hand, it sounds reasonable. After all, Google can't not facilitate and allow crimes to thrives. Should they had done that, they wouldn't have survived in America. And don't tell me that you can easily get billions of dollars from online services/advertising from anywhere else like Asian or Europe.

On the other hand, it raises questions over freedom of speech and censorship. The worse news is that, your emails (which is supposed to be private) can also be censored. Even though we are facing the fact that there is no such thing in a centralized network like Google, we still expect some level of it. Google has been known of censoring search data in China. Not until all users being aware of such problems or actually experiencing it, does it matter become more serious. Most users in Asia (China) wouldn't be very happy with it. And can Google risk loosing that many users?




Tuesday, May 29, 2007

It finally comes

The rule that asks online companies like Google to delete user's data after a maximum of 2 years.

According to BBC, a data protection group in EU has finally decided to voice their concerns over online users' privacy. Google appear as the first target, unsuprisingly. The gaint online search engine is believed to keep track of every single search queries via its services. Moreover, it technically has all the access to your Gmail, Google Calendar, blog ... Believe me, it knows you better than you know yourself.

It wouldn't become a big deal if it wasn't for the AOL scandal last August, that claimed accidentally leaking millions of records of user's searching activities. It is suprisingly easy for a determined attacker to identify the exact identity of a particular user from such seemingly junk data.

It is obvious that Google can keep track of your data forever. It's not the problem with storage anymore (it gives everyone at least 2GB of online storage for free, for crying out loud). So according to that EU group, Google could have to delete all these valuable information (for them) within 2 years. The problems are:

1. Will Google agree to do it or not ?

2. Should the law be passed, what effect would it have on other online services ? One thing for sure, though, all of our school emails that are more than 2 years old may also be deleted forever. The Support Team is more than happy to do that.

Saturday, May 19, 2007

Trouble for quantum cryptography researchers ?

It isn't too late for me to realize that success of one field of science may sometimes have detrimental effect on another.

One can realize the conflict between security researchers and computer forensic researchers. One is devoted to make things completely secure from outsiders, while the other desires to peek into users' data as much as possible. I met one guy during a Trusted Computing (TC) workshop, who was researching computer forensic. After attending some talks, he was worried that success of the TC platform could mean insurmoutnable challenge to his field.

Recently, i was made aware of quantum cryptography, wherein quantum mechanic is utilised to make man-in-the-middle attack impossible. Quantum particle can be used to provide absolute secrecy for key transportation. Basically, a quantum particle can be in a bizzare state call superposition, which means being in two states (A and B) at the same time. However, this state will collapse to a classical, physical state (A or B) when we measure or look into it, and it will stay there forever.

Cryptography researchers exploit this properties to transport encryption key between two participants (namely Alice and Bob). The current transportation means is electronic bit, which is either 0 or 1. An eavesdropper Eve can intercept the bits without being noticed by either Alice or Bob. Using a quantum bit (or qBit) being in the superposition state to transfer data, if Eve intercept the qBit (i.e. look/measure it), the qBit would collapse into one state, and will be easily recognized by both Alice and Bob. As the consequence, they are now aware of the eavesdropper's activity and would be likely to stop the transaction. With quantum mechanics, no one can peek into the particle's state without destroying it.

It all sounds like the ultimate solution for cryptography. Until recently, some scientists at the University of California, Santa Barbara revealed the possibility of conducting a weak measurement of quantum particles without destroying its superposition state. They realized that the collapsing process happens in a finite period of time, rather than absolutely instant. Weak measurement can undo any damange.

If this proves successfull, it may signal the end to quantum cryptographic science. An eavesdropper could intercepts messages without being notice. Well, we are back to the first place again !!