James Gillies: history of the Web
We must write the story before everyone forgets. We can’t just write the story of the Web, as you’d have also to tell the story of hypertext, computers and PC. An early innovator was Vannevar Bush in “As we may think” (1945). Human mind associate things rather randomly. Then Doug Engelbart hypertext, in the 60’s with the first mouse, then at xerox parc people built it. Later paul baran contributed to arpanet, world’s first LAN, based with packet switching (1971). Then Network + Network + Network = Network. The idea was really that several different netws together form the Net. In the 80’s cam the minitel, CEEFAX, Teletext, Viewdata. In France it was different, when you subscribe to phone you can also get access to minitel, which made french much more connected than other european countries at that time. In the 70’s CERNET at CERN was also in place and many people started looking at alternative systems (in particular TCP/IP).
At that moment everything was in place for the Web to appear. Tons of data was available at CERN, but there was no way to associate the data, which was quite frustrating. Tim Berners-Lee (TBL) was interested in reuse the same way as people associate ideas in their minds. In the 1990, initial idea of the web was there he submitted his idea to internet conference, but was promptly rejected. But TBL had to share the idea around, WWWWizards 1993 public domain. He ended his talk with two quotes from TBL:
A lab which pushes the boundaries of technology as a matter of course in every aspect of its everyday work is likely to be the place where you can create a system designed for what to everyone else, is the future.
It’s not what you get out of society that matters, it’s what you put in.
Melanie Rieback: security in ubicomp
RFID & Security, a white hat hacker (paid to break systems). RFID is just the next pace in low-end computing. The IoT is going to inherit all the drawback as the internet. Attack will have a much bigger impact when they are applied to physical objects. Small devices, can’t protect themselves using standard tools, like encryption. You can read now most tags, the ones in public passes, passports. You can copy them easily, or worse, credit card hacked. Wardriving. RFID. Is your cat infected with a computer virus? Especially she wrote a virus for RFID tags. It copies itself into back end system, which is not very appealing for huge logistics system (SAP anyone?!). She tried to convince politicians about doing something about RFID security, but they don’t listen. She build the RFID Guardian, which does audit (penetration tests), and firewall for RFID systems. It’s a handheld security build into a device, it’s a software-controllable fully controllable by radio. Can also do selective RFID jamming of RFID tags, and as well as spoof tags. Now you can build a firewall but for physical, radio queries (based on policies). You can choose what type of query is it, and should be.
Of course, it can be used to hack, DOS , replay attack, relay attacks (defeats almost any cryptography). If somebody, if somebody can send a GSM near somebody who is doing a payment with a NFC payment credit card, this is very bad. Middleware back-end system can be hacked directly through RFID. Finally, can we use it to hack transportation, ccc have been working on that. crapto1 is available published on the web, we just need to implement it into RFID guardian.
Everybody, would think this is just these systems are not just broken, but they’ll be soon brokable by anyobody, as they are starting to sell it soon!
Why do I put these tools into bad guys hands? The bad guys will have the tools that anyway, so let’s put them directly in the good guys hands. If computer people would have access to the right tools, things could be different, and it’s worth thinking about that when deploying large-scale RFID systems.