NSA / Tory / NHS disaster

Okay so we have an exploit captured or created by the NSA that is added to some ransom ware probably in less then 10 minutes and its now wreaking havoc across the globe and most worryingly the NHS.

Basically this shows a number of things

1) exploits should always be reported back to the OS manufacturers not be used by government organizations otherwise they have the potential to hit other government organizations. Adding to this the reasoning is exploits can be harvest by anyone who knows what they are doing, and these can be reused and weaponized.

2) The Tory government should fund the NHS properly security should not be done piecemeal and have someone like me or Lauri Love with oversight to check out their security. People like us think outside of the box.

3) The case against Lauri Love SHOULD BE DROPPED IMMEDIATELY !!!! We should not be torturing him with this threat of extradition to an unknown future in an American jail.

4) This is a continual battle that will probably never end. There is just today an email based virus that can take over a machine via local machine Outlook without even having to have the email opened.

5) The government are guilty not ensuring the security of its organizations like the NHS should be a top down solution from a centralized team and not done piece meal; this is for many reasons.

Advertisements

Implementation of Units and Dimensional Analysis in Programming Languages

The only real correct way that I can see to implement Units such as SI Units and Imperial Units in a computer language is to employ dependant types. This would allow seamless integration into the type system without requiring anything more than library support for unit systems.

TOR was initially funded, developed, and unleashed on the world by DARPA; just sayin

The initial funding, development, and implementation for the TOR project was provide by United States Naval Research Laboratory and DARPA. So you can blame them for letting the dark web out onto the internet with all the clandestine behaviour that that resulted in.

It has taken the CIA and FBI years to get to the point where they can detect traffic and end points; and they were complaining, along with the governments of this world about the use of TOR and the little known I2P.

Securing unknown machines by BIOS content

UEFI is broken, by a leak from MicroPoodle, sorry Microsoft, sorry that’s a heart bleed. Anyway by examining a machine BIOS and knowing the size of the machine BIOS storage device (usually some form of EEPROM) device we can check the SHA512 sum and we can check content. With no other permanent storage devices or open communication devices (which if exist on board then employment of a Faraday cage can close this communication vector) then we can establish by exhaustion of both the individual BIOS’es contents and the configuration space of all existing BIOS’es and BIOS updates; this space will probably never be able to be completed so only true positive can be established.

Microsoft’s security failures

BIOS – Basic Input/Output System Integrity Check

First the BIOS (Basic Input/Output System) machine firmware is not checked by the the Windows operating system for unauthorised modifications. This is simple to do and just involves what is called a SHA512 hash checksum.

The basic Control Panel\System and Security\System page that states “View basic information about your computer” as it title has nothing about the BIOS at all. No date, version, or whether it is secure or not.

There should also be a simple way to update BIOS’es provided by the operating system which should come down to at the minimum a single update button press and maybe a payment.

Further levels of security for the BIOS are also possible…

Operating System Integrity Check

By using no more than booting off of a DVD or Pen Drive the integrity of an operating system can be checked. This would be done by a closed loop zero knowledge system over the internet.

By booting externally and having a secured checksummed BIOS the system can be assured to a high level to be secure and integral.

Citation Graph or Network

By mapping citations of scientific papers into a graph database it is possible to be able to generate a graph or network which as well as revealing the connections between papers will give the reverse dependency mapping giving the historic evolution of a field.

Also by looking at who wrote papers and their connections in papers it can establish the inherent schools of thought and research.

Looking at what papers do not cite other papers and particular terms it is possible to find whole new regions of areas for discovery or possible discovery and folly.

Hopefully a whole new tool set or tools will become available.

 

Aaron’s Challenge

Can we bound Gödel’s arguments of the inconsistency and incompleteness of mathematics and axiomatic systems with a stochastic argument, theory or system ?

The bounds set on this are the halting problem and the foundation of the of the stochastic system in physics. So do we have a circular problem domain or is there a way of jumping out of this system and rebounding mathematics and physics ?

Was Gödel’s argument the ultimate bounding theory in mathematics ?

Prove or disprove ?

http://www.nature.com/news/paradox-at-the-heart-of-mathematics-makes-physics-problem-unanswerable-1.18983

Argument established 1988/1989