Presto, Chango, Poof It's Gone! It's Vanish!

Spy Sweeper
Image via Wikipedia

So, all thieving aside, what do you do about that on-line information that you actually want to make disappear? Call up the University of Washington and get your hands on their “Vanish” application. Vanish imposes a time limit and self-destruct on any text uploaded to any web service via web browser. What kind of communications?  Electronic communications such as e-mail, Facebook posts and chat messages. More specifically, web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, and text posted on social networking sites MySpace and Facebook. Using Vanish, they will automatically self-destruct by becoming irretrievable from all web sites, inboxes, outboxes, back up sites and home computers, lost even to the original sender.

Because web services archive indefinitely, hitting the delete button alone is not the answer for complete eradication. The implications become staggering as we move towards cloud computing, where everything resides on sites that can be accessed by the clever and quick.

Techwack explains the Vanish process:

The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

In the current Vanish prototype, the network’s computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.)

No one need act on the data to make Vanish work: its own inherent properties result in the destruction, akin to a message written in the sand washed away by the tide, as suggested in the Techwhack article. The only way to save the information is to physically print it out before the self-destruct sequence enables, or copy and paste it into a word processing document on your computer’s hard drive.

Vanish was released today. You can get it free and open source on the Firefox browser.

How should lawyers view Vanish? The closing quote from researcher Todayashi Kohno says it all:

“Today many people pick up the phone when they want to talk with a lawyer or have a private conversation,” Kohno said. “But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation.”

Check out the supporting paper and research prototype here.

Reblog this post [with Zemanta]

Presto, Chango, Poof It’s Gone! It’s Vanish!

Spy Sweeper
Image via Wikipedia

So, all thieving aside, what do you do about that on-line information that you actually want to make disappear? Call up the University of Washington and get your hands on their “Vanish” application. Vanish imposes a time limit and self-destruct on any text uploaded to any web service via web browser. What kind of communications?  Electronic communications such as e-mail, Facebook posts and chat messages. More specifically, web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, and text posted on social networking sites MySpace and Facebook. Using Vanish, they will automatically self-destruct by becoming irretrievable from all web sites, inboxes, outboxes, back up sites and home computers, lost even to the original sender.

Because web services archive indefinitely, hitting the delete button alone is not the answer for complete eradication. The implications become staggering as we move towards cloud computing, where everything resides on sites that can be accessed by the clever and quick.

Techwack explains the Vanish process:

The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

In the current Vanish prototype, the network’s computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.)

No one need act on the data to make Vanish work: its own inherent properties result in the destruction, akin to a message written in the sand washed away by the tide, as suggested in the Techwhack article. The only way to save the information is to physically print it out before the self-destruct sequence enables, or copy and paste it into a word processing document on your computer’s hard drive.

Vanish was released today. You can get it free and open source on the Firefox browser.

How should lawyers view Vanish? The closing quote from researcher Todayashi Kohno says it all:

“Today many people pick up the phone when they want to talk with a lawyer or have a private conversation,” Kohno said. “But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation.”

Check out the supporting paper and research prototype here.

Reblog this post [with Zemanta]

On-Line Transactions: Good. On-Line Insecure Transactions: Bad

ThiefIt is always nice when the hackers warn you that they are going to strike: next week, security researchers are planning on hacking into your “secure” transactions by intercepting data during an on-line transaction on a site allegedly protected by an SSL certificate.

The dirty deed will be taking place at the Black Hat Security conference in Los Vegas, reports Thomas Claburn at InformationWeek. According to the article, experts Mike Zusman, principal consultant at Intrepidus Group, and Alex Sotirov, an independent security researcher, have found and can exploit a weakness in the browser to conduct what is known as a “man in the middle” attack on sites protected by Extended Validation (EV) Secure Sockets Layer (SSL) certificates. This type of attack entails “sniffing” out the desired data as the data leaves the user’s browser or via what is called a “browser cache poisoning attack on EV SSL websites.

The browsers supporting EV SSL? Well, they include the most recent versions of Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera. I guess that means pretty much all of them.

What does it all mean? It means that while the Advocate advocates adopting the “free”-ly on-line model and the wonders that all of this great technology and access offers, we all, attorneys in particular, need to be mindful of the hazard these security breaches pose. Carefully consider the risks of sharing or storing sensitive data on-line at all times – you never know where the thieves are hiding, even Las Vegas!