"As I mused, the fire burned"

Reflection on life as a person of faith.

Archive for August 2013

Hacking Your Car’s Control System?

leave a comment »

I’ve been reading some technical manuals on computer forensics to support an investigation into a laptop that failed. My formation was primarily as a hardware engineer, where we were always working directly with the computer components or very closely to them (as in assembler code).

Higher levels in the computer system are more and more abstracted from the hardware. So, using a web browser involves multiple layers of software between you and the actual, physical computer components.

What has shocked me in reading the forensics manuals is how much abstraction is present in modern computing devices. We are now so far removed from the hardware it is almost as if our computers have become nothing more than user interfaces, mediating between the user and a black box that performs almost mystical feats.

All that to say, with the greater abstraction comes more paths by which computer systems can be subverted for criminal purposes.

At the latest hacker’s convention in the US, an article was presented about the failings of pseudo-random number generators (PRNG). Random numbers are the basis of all the cryptography used on the internet, what are called public key systems. Now, one of the things you learn from the hardware is that it is very challenging to make a truly random number generator (which is why these are called ‘pseudo’ random).

It is an over-simplification, but the quality of your random number generator is directly tied to the quality of your encryption scheme.  If an attacker can determine what generator was used, it can be a clue that speeds up the breaking of the key.

Now comes this other story, also from the black hat conference, about the ability to hack automobile control systems through the cellular network:

$25 gadget lets hackers seize control of a car

After journalist Michael Hastings’s death, there were rumours that his car had been hacked. Now two researchers say they can do it for real

IN THE early hours of 18 June, a Mercedes coupé travelling at extremely high speed along a Los Angeles street smashed into a palm tree. It exploded into flames, killing the driver; the impact ejected the engine 50 metres clear of the car. Was it an accident? Or was the car hacked, allowing it to be driven off the road by remote control?

The very idea might sound crazy – but it’s one that Richard Clarke, a former counterterrorism adviser to the US National Security Council, has raised after the driver was identified as Rolling Stone journalist Michael Hastings. Known for his revealing articles on the US military and its intelligence agencies, Hastings had emailed colleagues the day before he died to say that he was going “off the radar for a bit” to chase down a “big story”.

“What evidence is available publicly is consistent with a car cyberattack,” says Clarke in a Huffington Post interview. Intelligence agencies, he says, can remotely seize control of a car to make it accelerate wildly or brake suddenly, for instance.

This may be new, undeveloped technology that only works on a few vehicles (particularly those that use the cell network to communicate), but it is a troubling repeat of the history we’ve seen for the past two decades.  Modern hackers, even ethical hackers (those who are employed to find weaknesses in systems), can not resist the challenge of a system that has not yet been compromised, or a system that calls itself ‘fully secure’.

One of the security lessons I took from the military was never to trust to only one layer of security – so to always make sure there is ‘defence in depth’ or layered security.  Part of my personal approach to using the internet for transmission of sensitive data is assuming that anything I put out there will eventually be compromised – once the information crosses from a physically secure zone into a zone secured by software (like the act of taking a credit card from your pocket, physically secure, and typing the number into an internet commerce site) the chance of discovery increases dramatically.

Modern browsers are now using a 256-bit cypher for secure processing.  It wasn’t that long ago it was a 128-bit cypher (IE 4.5), and not long before that it was a 40-bit cypher.  The security is upgraded in order to deal with the increasing threat that a public-key system can be compromised.

While internet browsers are new technology, they have been around for a number of years and have a mature security framework in place.  I’m never worried about online banking or shopping as long as I stick to some basic rules:

  • only use the websites of well-established, known corporations
  • monitor my credit card account regularly for unusual activity
  • ensure I have a secure, multi-layer defence in place on my home network (including monitoring logs for attacks and unusual traffic)
  • before any online banking, ensure a secure link is in place, and that you’re on the correct website (use only your links)
  • don’t store any sensitive personal information on mobile computing devices, ever (assume you will lose it, and an identity thief will find it)

What surprises me is the number of people now using banking apps on smart phones – because the smart phone technology is nowhere near as secure as browser technology.  It’s coming along, but it will be at least a few years before a similar level of security is present.  Smart phones are also carried with you everywhere, are easy to lose or to steal.  While the iPhone is probably the most secure of the phones (due in large part to Apple’s very closed development and distribution model) it is still young technology.  A recent ethical hack revealed a problem in signing of Android apps that could have compromised all Android phones.

It leads me to add one more rule to my list:

  • Only install software (apps) from known suppliers…regardless of how good the deal looks.

Which brings me to the final point.  My forensics research has left me just stunned with the amount of information that is left on a personal computer by the user.  It is literally possible to reconstruct almost everything that has been done on a given machine…even if the person was careful to empty cookies, history, and temporary internet files, there are still digital footprints remaining.

The only way to be absolutely certain that those footprints are not left, is to never go there in the first place.  This is one of the reasons that a whole field of counter-forensics computer applications now exist, to enable crooks to cover their tracks.  It’s a complicated world.

A small bit of healthy paranoia is a good thing when it comes to computers.  I recently had a 1 TByte hard drive fail catastrophically.  That drive had a ton of personal information stored – mostly photos and letters, but lots of stuff that you wouldn’t want someone to find in a landfill.  The hardware failure meant I could not use one of the secure erase products (that over-write all sectors on the drive several times with random characters).  My only remaining option was to disassemble the drive, and to physically destroy the drive platters with a welding torch (the heat causes the magnetic dipoles to release, and also distorts the physical media to make it impossible to read).

Now we have to start worrying about our cars, as well.




Written by sameo416

August 11, 2013 at 11:50 am

Posted in Uncategorized

To Die to Christ is to Live

leave a comment »

Die to Christ 4 August 2013, SJE Col 3:1-11, Luke 12: 13-21

We’re looking at a pair of short readings from Luke’s gospel and from Paul’s letter to the Colossians. What I want to look at specifically today is a pair of ideas that link these two readings together. First, from Colossians this statement of the truth of our existence as the saved, the elect in Christ: if you have been raised with Christ, set your minds on things that are above, not on things that are on earth…because in Christ there is no longer unique self-identity, but only Christ is all and in all. Link that with Christ’s statement in Luke: “Friend, who set me to be a judge or arbitrator over you?” What is being set up here is a strong division between the way of God, and the way of the world, and it is an important lesson for we who live in the world.

Let’s start in Luke. That sentence from Jesus is, on the surface, a bit perplexing. We say in the Nicene creed that Jesus will come again to judge the living and the dead. Jesus came to earth on behalf of the Father, and will return to judge the world by fire, and yet here, when asked to settle a family dispute over the division of an inheritance, Jesus replies somewhat brusquely – Man, who set me to be a judge over you?

The context into which Jesus speaks is important. Here the great teacher has come to town, and this man sees a chance to have his case adjudicated by a higher authority – finally the unfair division of the family inheritance will be publically resolved! Jesus, however, refuses to be drawn into a debate about the things of this world, and correctly discerns that what lies at the root of this man’s request is not an injustice, but rather greed, or avarice. His desire to get ‘his fair share’ is rooted in greed. It also reflects the sometimes reality of prayer – it becomes a place to air our grievances and our hurts, to ask God to resolve things that are really the result of our own hardness of heart.

It is a sad statement about this world, and about many who call themselves Christians that there are few things like a family inheritance to cause strife and ill-will among relatives. I’ve been through this process myself, and seen others go through it, and it is sad to see the arguments and hurt that arise over things and money, and often times small amounts of money. My mother died two years ago. To address some specific concerns she had about her property, she had written into her will an extraordinary provision. I’m an only child, and my mom remarried into a family that blessed me with a step-brother and a step-sister. Her estate was to be divided among we three siblings, but the house was to be left to me alone. This she did out of a concern that I receive ‘my fair share’ of the estate.

Now, back to my story in a bit, but that idea, ‘our fair share’ of this world, is the root of many of these worldly conflicts. The reason these family inheritance stories always seem to lead to emotional hurt, and years without talking, is invariably because of someone not receiving what they considered to be ‘their fair share’. This is the exact situation that Jesus is asked by the man in the crowd – he had not received ‘his fair share’ and wanted someone else to come and agree with him so he could finally get that which was justly his. // That thought raises an even more important question: What is it that we deserve from this world?

Each of us here probably has a different answer to that question. If you ask me, and I answer without trying to place what I think is ‘my fair share’ into a Christian understanding, I might tell you something like…I work hard, and I deserve my pay; I injured myself on duty with the Canadian Forces, I deserve my pension; I fertilize and water my lawn regularly and dag-nab-it I deserve a nice green lawn without the neighbourhood kids walking all over it! I’m being a bit tongue in cheek, but the reality is that I can quite quickly get myself worked up to self-righteous lather around that question of what I deserve from this world and how hard-done by I am sometimes.

One of my former commanding officers was the commander of the United Nations relief force in Haiti in 1995. At his retirement he gave us a lesson in ethics that had risen out of his exposure to poverty of a degree that most of us can’t even imagine…he told us that the day we started to think that the military owed us something, was the day we needed to leave. That attitude, he said, one that rests in a belief that something is owed, is the start of the end. After you grasp that thought you can justify just about anything including theft and fraud, and you spend your time increasingly grasping at more and more things – after all, I’ve earned it. We’re maybe seeing a hint of that sort of thought process in what is happening in the Canadian Senate, in terms of a number of apparently fraudulent claims for a housing allowance. Literally any day you can turn on the television and see story after story about people acting out what they believe is needed to get them ‘their fair share’.

So what is it that we deserve from the world?

When I went to see the lawyer for my mom’s estate, he pointed out this provision in the will and asked me what I wanted to do about it. Although my step father is still alive, and the estate passed to him, the lawyer was concerned that I would be losing out on something I was legally promised. It was sad to witness surprise when I told him that if that provision in my mom’s will had ever been executed, I would have voluntarily split the proceeds between my two step-siblings. Sad because, as he later told me, his most common experience is the fighting of all the beneficiaries for ‘their fair share’.

Now, don’t think I’m somehow a superhuman example in this – I am guilty as most seeking my fair share in many areas of my life. I tell the tale to demonstrate that we, we Christians, do have another way to deal with these sorts of questions from the world. In fact, we’re called and charged by Jesus to be exactly that sort of an example to the world, to chose a different path. Rather than the endless grasping at things which ultimately have little value, instead we follow a different path, the path of Christ.

So what is it that we deserve from the world?

Jesus answers that question with the parable of the rich fool, as the explanation for why he won’t get sucked into debating what this man in the crowd was owed from the family inheritance. Listen, he tells the crowd. There was this rich man whose land had produced abundantly. The rich man decides that he will tear down all his out-buildings, send all his old elevators and bins for scrap and buy those nice new shiny steel grain bins. Once he has all that produce laid up he’s going to throw himself a party for one, and will eat, drink and be merry with his good fortune, forever and ever, Amen. Except – that night, he dies, leaving his great abundance for his family to fight about so they too can get ‘their fair share’. What did the rich fool receive from the world? Jesus says – just death, for that is ultimately all the world can offer us – death.

The reality from God’s perspective is that each moment we live, breath and love is a gift from God and a cause for rejoicing. If you look at the passage carefully, you discover that the great abundance this man now possesses was not the result of his cleverness or wise investment, but the result of the land producing abundantly. It’s the abundance of God through the land in the rich fool’s care, and yet he claims full credit for the success. This is the reason why in Colossians you see greed described as an idolatry – for greed is the placing of some object in a position of greater importance than God…it is the worship of that which we must not worship. So the rich fool builds great buildings to contain his treasure – presumably pulling down the perfectly functional buildings to do so. The rich fool builds a kind of church to house his land’s produce, so he may sit and worship his ample store of goods for many years to come.

The rich fool is doing that which we all tend to do –congratulating himself on his wonderful life. He even says (in the Greek) and I will say to my psyche (psoo-khay’), a Greek word that describes the vital force behind life. He is literally saying to himself – this is what I am and believe at my core and good for me! This is the all-too-worldly human urge to congratulate ourselves on our life whenever we have the opportunity, sustaining the wrongheaded struggle while trying to convince ourselves that we are the ones in control of that which we have never controlled. Who is it that makes it rain? God. And upon whom does that rain fall? Both the just and the unjust. But we’ve worked so hard, we must deserve the good weather and abundant crops. What is it that we deserve from the world? Jesus says we deserve the only thing that the world is able to give us, which is death.

We live in an era that has been called the age of anxiety. Every time you turn around there is another article about the things that will eventually kill you – radon gas seeping into your basement; black mold in your walls; cell phone towers in your neighbourhood; icecaps melting; storms brewing; either too many Grizzly bears or too few depending on who you listen to; pipelines exploding or the stock market or gold shares or platinum shares or a jar in your backyard to grasp what you deserve. A world of anxiety, a world that is focused on grabbing all it can get as quickly as it can, lest someone else get it all and we lose our fair share. And in the end, the only thing the world can promise any of us is death.

Now what did Jesus come to do about that world of death and anxiety? Jesus is the only truly rich man in the world, while we who spend our lives in an endless pursuit of life have nothing in the end but the poverty of death. But, and this is where Colossians answers the question, Jesus gives us another way – a way to “set our minds on things that are above, not on things that are on earth”. Earlier in this chapter Jesus offers some words for the apostles telling them to not be afraid of the death of the body, rather be afraid of living the lie of the world, that it is all under your control. Jesus goes on to tell them that they will be beaten and mocked for his name, but they are not to worry about any of this, because it is God that is really in control. Jesus tells us each this secret, which is foolishness to the world, that we are to be poor, and lost, and good as dead, without the benefit of a well-prepared case setting out the justness of our position, of our fair share, and certainly without the luxury of knowing what will happen next. Which person can add one centimetre to their height by worrying?

The coming of Christ, his death, resurrection and ascension bring one fundamental truth into being within the creation. God’s path of salvation for us does not involve wealth, but rather poverty; and does not use the world’s life, but rather death in Christ…for it is only in dying that we are truly saved.

Our world runs on greed. The way of this world measures value in terms of net worth, position in society, the finest seat at the banquet table. In God’s eyes, humanity as a whole are nothing but unreconstructed rich people, clutching frantically at a life that ultimately is not under our control, rather than opening our hands to the death in Christ that truly liberates us from the concerns of this world.

It sounds simple – and it is. It is at the same time our life’s primary work. While we do not have to work to re-earn that gift of salvation, it is something that we have to decide to re-commit ourselves to each morning, and with each decision and thought that we hold throughout the day. Will we chose to follow the way of this world, or the way of Christ? We are a resurrection people, raised with Christ and called to be about our Father’s business. The gift, freedom from the world, freedom from anxiety, is ours if we choose the path of Christ. Amen.

Written by sameo416

August 3, 2013 at 10:11 pm

Posted in Uncategorized

Urbane Adventurer: Amiskwacî

thoughts of an urban Métis scholar (and sometimes a Mouthy Michif, PhD)

Joshua 1:9

Reflection on life as a person of faith.

Engineering Ethics Blog

Reflection on life as a person of faith.


Today, the Future and the Past all kinda rolled up in one.


For Those Courageous in Standing for Truth


Law. Language. Culture.

Malcolm Guite

Blog for poet and singer-songwriter Malcolm Guite

"As I mused, the fire burned"

Reflection on life as a person of faith.