When the National Security Administration (NSA) — or any government agency — discovers a vulnerability in a popular computer system, should it disclose it or not? The debate exists because vulnerabilities have both offensive and defensive uses. Offensively, vulnerabilities can be exploited to penetrate others’ computers and networks, either for espionage or destructive purposes. Defensively, publicly revealing security flaws can be used to make our own systems less vulnerable to those same attacks. The two options are mutually exclusive: either we can help to secure both our own networks and the systems we might want to attack, or we can keep both networks vulnerable. Many, myself included, havelongarguedthat defense is more important than offense, and that we should patch almost every vulnerability we find. Even the President’s Review Group on Intelligence and Communications Technologiesrecommended in 2013 that “U.S. policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on U.S. Government and other networks.”
The National Security Agency is advising US agencies and businesses to prepare for a time in the not-too-distant future when the cryptography protecting virtually all e-mail, medical and financial records, and online transactions is rendered obsolete by quantum computing.
The advent of practical quantum computing will break all commonly used public key cryptographic algorithms. In response, NIST is researching cryptographic algorithms for public key-based key agreement and digital signatures that are not susceptible to cryptanalysis by quantum algorithms. NIST is holding this workshop to engage academic, industry, and government stakeholders. The Post Quantum Workshop will be held on April 2-3, 2015, immediately following the 2015 International Conference on Practice and Theory of Public-Key Cryptography. NIST seeks to discuss issues related to post-quantum cryptography and its potential future standardization.
Paul Lopata Laboratory for Physical Sciences Topic: Experimental Quantum Computing Progress in a Pre-Quantum World
ABSTRACT: The anticipated promise of the field of quantum computing depends upon two major theoretical results: the construction of high-quality quantum algorithms; and the development of reasonable methods for noise-reduction through fault-tolerant operations. In addition, the continued success of the field relies on steady progress in experimental demonstrations of quantum computing primatives. This talk provides a survey of recent experimental successes, and places these results in the context of what needs to be achieved to someday experimentally demonstrate fault-tolerant operations and demonstrate quantum algorithms.
David McGrew Cisco Systems Topic: Living with Post-Quantum Cryptography
ABSTRACT: This presentation outlines a systems engineering approach that makes it easier to live with postquantum cryptography. There are asymmetric encryption and signature algorithms that will be secure even in the postquantum era, but they bring baggage: big signatures and ciphertexts, really big keys, costly key generation, and stateful signing. Adopting these algorithms into standard protocols in a straightforward way is possible, but is suboptimal. A better approach is to consider the overall security goals and adapt protocols to make good use of the capabilities of postquantum algorithms. This approach brings an important benefit: it eliminates the pressure to trade off security against systems constraints like computation and communication cost.
Michele Mosca Institute for Quantum Computing, University of Waterloo, Canada Topic:Cybersecurity in a quantum world: will we be ready?
ABSTRACT: Emerging quantum technologies will break currently deployed public-key cryptography which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that are quantum-safe before large-scale quantum computers are built. For systems protecting medium-term or long-term secrets, this migration should occur sufficiently many years before the current quantum-vulnerable tools are broken.
Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat.
There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. A broad community of stakeholders will need to work together to quantum-proof our cyber systems within the required timeframe.
Bart Preneel Electrical Engineering Department, Katholieke Universiteit Leuven, Belgium Topic:Public Key Cryptography: the next 4 decades
Quantum computing studies theoretical computation systems (quantum computers) that make direct use of quantum-mechanicalphenomena, such as superposition and entanglement, to perform operations on data.[1]Quantum computers are different from digital computers based on transistors. Whereas digital computers require data to be encoded into binary digits (bits), each of which is always in one of two definite states (0 or 1), quantum computation uses quantum bits (qubits), which can be in superpositions of states. A quantum Turing machine is a theoretical model of such a computer, and is also known as the universal quantum computer. Quantum computers share theoretical similarities with non-deterministic and probabilistic computers. The field of quantum computing was initiated by the work of Yuri Manin in 1980,[2]Richard Feynman in 1982,[3] and David Deutsch in 1985.[4] A quantum computer with spins as quantum bits was also formulated for use as a quantum space–time in 1968.[5]
As of 2015, the development of actual quantum computers is still in its infancy, but experiments have been carried out in which quantum computational operations were executed on a very small number of quantum bits.[6][citation needed] Both practical and theoretical research continues, and many national governments and military agencies are funding quantum computing research in an effort to develop quantum computers for civilian, business, trade, and national security purposes, such as cryptanalysis.[7]
Senior Attorney, Bureau of Consumer Protection, FTC
Are you a nanny or caregiver who lists your services on sites like care.com, sittercity.com, or craigslist.com? A few months ago, we warned about a scam that targets caregivers like you. Here’s a reminder: a con artist emails or texts an offer to hire you. The scammer also sends you a check and asks you to deposit it, keep some money for your services, and send the rest to someone else to — supposedly — pay for special items or medical equipment. But the check is fake, and it can take weeks for a bank to discover the forgery. If you deposit the check and withdraw the funds, you’ll wind up owing the bank all that money.
After the last post, we heard back from many people with great ideas to help avoid this scam:
Don’t deposit a check from — or send money to — anyone you don’t know.
Never share your bank account number — including with a potential client.
Be careful with potential clients who claim to be out of town or pressure you to deposit their check.
Check out your potential clients. Search online for their names, email addresses, phone numbers, and even the text of the message you received. Many people said that an easy search told them they were dealing with a scammer.
Call MoneyGram (1-800-666-3947) or Western Union (1-800-448-1492) if you were tricked into transferring money.
I want you to look at GoPro ( NASDAQ:GPRO ), and here’s why: there’s no momentum in this stock other than down. Make no mistake. But, this was where support was before. Extend it out, this was where support was, again, in March, and this is where the stock is trading right now. You can say, “But Dan, but it’s a lower high here.” Why, yes it was, it was a lower high from here. But I’m not talking about what’s going to happen in October, November, December, or any of that, which is where this is actually relevant.
What I’m talking about is this; this is actually a low-risk buy point. What I mean by low-risk is, your idea, MY idea is that the stock is down at a level where buyers have come in before. It’s had massive selling here. You look at the big red spikes here; it’s had massive selling. It was up a bit, not a big deal, almost 2 percent today, which on any other day would be awesome. But every single stock, it seemed like, other than Netflix, was up and so I would kind of expect this to be up. I just like the fact that it’s down at support.
So what you do is, if the stock starts trading up tomorrow. Notice I said “if”, I really mean this, I was going to say, “I totally mean this,” but that would put me back about four decades into the San Fernando Valley. Look for a bounce here. If the stock bounces then you buy the stock, you keep a stop say underneath $36.00. This was the low, 36.38; shoot, put your stop at 36.25 or so. The idea is that the stock’s down here. Again, if it bounces, if it’s moving up tomorrow you take your trade, you’ve got your stop in and you figure out what you’re going to do with it when it gets up to about $50.00 or so.
Look, as strange as it sounds we’re coming into the holiday season already. Everybody wants to be a hero, everybody wants a hero, that’s what these guys are selling, and they’re doing drones too. How could it get better than drones and helmet cams? I can’t think of a way. So I think this could ultimately turn into an opportunity for you to be in GoPro ( NASDAQ:GPRO ). But I’m going to say it once again, as long as you have your stop defined; if you don’t, you’re out there on the wild frontier all alone, good luck to you.
Although details may vary between packages, anti-virus software scans files or your computer’s memory for certain patterns that may indicate the presence of malicious software (i.e., malware). Anti-virus software (sometimes more broadly referred to as anti-malware software) looks for patterns based on the signatures or definitions of known malware. Anti-virus vendors find new and updated malware daily, so it is important that you have the latest updates installed on your computer.
Once you have installed an anti-virus package, you should scan your entire computer periodically.
Automatic scans – Most anti-virus software can be configured to automatically scan specific files or directories in real time and prompt you at set intervals to perform complete scans.
Manual scans – If your anti-virus software does not automatically scan new files, you should manually scan files and media you receive from an outside source before opening them. This process includes:
Saving and scanning email attachments or web downloads rather than opening them directly from the source.
Scanning media, including CDs and DVDs, for malware before opening files.
How will the software respond when it finds malware?
Sometimes the software will produce a dialog box alerting you that it has found malware and ask whether you want it to “clean” the file (to remove the malware). In other cases, the software may attempt to remove the malware without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.
Which software should you use?
There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. Anti-virus software typically performs the same types of functions, so your decision may be driven by recommendations, particular features, availability, or price. Regardless of which package you choose, installing any anti-virus software will increase your level of protection.
How do you get the current malware information?
This process may differ depending on what product you choose, so find out what your anti-virus software requires. Many anti-virus packages include an option to automatically receive updated malware definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing alarmist emails claiming that the “worst virus in history” or the “most dangerous malware ever” has been detected and will destroy your computer’s hard drive. These emails are usually hoaxes. You can confirm malware information through your anti-virus vendor or through resources offered by other anti-virus vendors.
While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect malware that has known characteristics. It is important to keep these signatures up-to-date. You will still be susceptible to malware that circulates before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.
![[Star]](file:///C:\Users\Lyle\AppData\Local\Temp\msohtmlclip1\01\clip_image001.gif)
8:30
AM ET![[djStar]](file:///C:\Users\Lyle\AppData\Local\Temp\msohtmlclip1\01\clip_image002.gif)
10:00
AM ET
