A hot topic in security research communities as of late is the Conficker B worm. This worm has infected nearly 10 million computers around the globe, and doesnt seem to be slowing down. The worm uses several different technologies to secure its payload, obscuring its contents and its intentions from researchers who wish to disable it. One of these technologies is RSA 4094, which is a very strong flavor of public key encryption. This encryption is used to obscure the contents of software delivered to infected machines, which seem to include updates to the worms code, and command and control information relayed from whoever is responsible for the worm. The encryption, however, has a unique weakness.
RSA’s security lies in the difficulty of factoring extremely large composite numbersSemi-Prime numbers quickly. A semi-prime compsite number is the product of 2 primes. Semi-prime Composite numbers have a unique property in that they only have 4 factors, 1 and itself, and each of the prime numbers used to create it.
The semi-prime modulus of Conficker is known, and so far its only known weakness is the inability of researchers to crack the encryption on the payload of the worm. If we could crack the encryption, we may be able to provide a payload for conficker that disables the worm all together. Some may note that cracking RSA 4094 is currently thought to be unfeasible, but I say it is only unfeasible if you don’t try. Without further adue, the Modulus of conficker:
According to smashingpumpkins.com, Jimmy Chamberlain has leftThe Smashing Pumpkins. No word is out yet on why, but my educated guess is that it is more of a hiatus for the well known drummer than a “goodbye forever”. Billy Corgan, the lead singer/guitarist/creative force behind TSP, is well known for calling Jimmy “His Best Friend”, and it is unlikely that the two have severed ties. Jimmy also has a couple kids, so he will probably be using some of his time off to spend more time with the family, rather than be out on tour grinding away like the good old days. Other speculation is that Jimmy may want to continue with his side project “The Jimmy Chamberlain Complex”.
The Smashing Pumpkins just recently finished a 20th anniversary tour following the release of their most recent album Zeitgeist. The news follows an announcement that Billy and crew will be headed to the studio this spring for an as yet unnamed new Smashing Pumpkins album. The preceding smashing pumpkins album “MachinaII/Friends and Enemies of Modern Music” was distributed free and legal on the internet, gaining much press for being one of the first bands to do so.
I hope for everyone’s sake that this is not the end of the relationship between Billy and Jimmy, and my intuition says it is not. Comments? post it up..
Drinking Water Is Safe, and News Companies Love Sensationalism
I came to read the latest in journalistic sensationalism the other day when I visited reddit.com. The hot news of the day is the story run by the AP about the purity of tap water, and the existence of pharmaceuticals in said water. The study, actually conducted by the AP, reviewed water quality reports put out by the EPA. The AP managed to find quite a lot of different drugs in the documentation available on the EPA’s web site, and brought them to light in a way that would make any news agency proud. In the midst of all the shody journalism that doesn’t even quote actual numbers for the quantity of pharmaceuticals found in the water, I found myself wondering “If they did include numbers, what would they mean, in the context of the volume of tap water I drink in a day.” Some of you may recognize this as a hypothesis of sorts. Well, here are my results…
I drink about three 20oz glasses of water a day. So lets immediately convert that to metric, so no one goes insane. That is 1.774 L/day. The molarity of pure water is 55.346 mol/L at 25 degrees C. A mole(mol) is a number invented to facilitate counting of molecules, and its value is 6.022*1023. That means I consume approximately 591.258*1023 molecules of water a day. This number is obviously approximate, given that there are other compounds added to normal tap water which would affect the quality of this number. For this study I am not going to worry about the molarity of actual drinking water, because the numbers probably won’t be straightforward since drinking water is not 100% pure water, and because we are just looking for ballpark numbers. The logical next step is to figure out how much of a drug I am consuming by drinking the quantity of water I do daily. This number proves to be much harder to find, because in the entire article, the quantity of different drugs found was NOT MENTIONED. At this point, alarm bells should be going off in your head. I decided to hunt down the information myself, so I focused this section of the article:
Researchers at the U.S. Geological Survey analyzed a Passaic Valley Water Commission drinking water treatment plant, which serves 850,000 people in Northern New Jersey, and found a metabolized angina medicine and the mood-stabilizing Carbamazepine in drinking water.
I went to the Passaic Valley Water Commission website to see what I could find in terms of a water quality report, and immediatly discovered the 2006 water quality report in PDF. I specifically looked for any chemical that a journalist might think is Carbamazepine, and of course there aren’t any in the PDF. At this point, I am a little stumped, because the news report states the data is recent, but it does not appear available to the public. It does seem to suggest that the water quality report given to the public and the report given to the EPA are different. Not quite the level playing field I was hoping for.
At this point, I need to find a number that I can respect as possibly being representative of a good number for the quantity of Carbamazepine in the water. Looking through the water quality report, I noticed Chromium is in there. Chromium is a byproduct of steel and pulp mills, and also occurs naturally in the ground, AND is used in a dietary supplement in the form of Chromium(III) picolinate. In reality, there are 3 sources of this contaminate, as opposed to our Carbamazepine’s 1 method of introduction, that being from human ingestion and excretion. In theory, it is probably more abundant in our water supply than Carbamazepine, but it will work for this “study”. In the most current document available from the PVWC, the quantity detected in the drinking water is .001 parts per billion in 2006 at the Newark plant only. So lets do the math:
Above I calculated the number of molecules of water I intake to be 591.258*1023 molecules per day. I need to figure out how many molecules per day I consume of Chromium, to figure out whether I need to run screaming into the hills with my tinfoil hat firmly equipped. The calculation should be 591.258 x 1023 * (.001/1,000,000,000) that gives me 59,125,800,000,000 molecules of Chromium per day. That works out to be 9.81 x 10-11 moles of Chromium. Therefor, the amount of Chromium I consume in a day is 9.81×10-11 moles * 51.9961 g·mol which is 5.1 x 10-9 grams per day. Written in a form that is a little easier to understand, my intake would be .0000000051 grams of Chromium.
Now, if we go back to the idea that Carbamazepine in the drinking water supply exists in similar concentrations to Chromium, which is most likely an overstatement to begin with, then it is easy to see why these reports are nothing but stories to scare people and get them all riled up. Tegretol, one of the drugs based on Carbamazepine, comes in 100mg and 200mg normal release and 400mg extended release form. Now, to write that out in decimal comparison, that would be 0.1 gram, 0.2 grams, and 0.4 grams. The math shows that the amount ingested daily is 8 orders of magnitude smaller than the clinically approved effective dose. I think that if you are comfortable with the assumption that the amount of Chromium in drinking water is similar to the amount of Carbamazepine, then you should have nothing to worry about.
As a final note, the bioavailability of Carbamazepine is 80%, which means that 20% of the drug is simply excreted without being synthesized. This means that, theoretically, an additional 20% of the .0000000051 grams of Carbamazepine is essentially non-effective in the event you actually consume it.
As you can see by the numbers and by a very specific assumption, there really is not anything to worry about. Our drinking water in the US is very clean, and the concentrations of chemicals that are not water are so low that our bodies will easily filter them out, and are not present in high enough doses to warrant the fear and unrest that the Associated Press tried to stir up with their article. Additionally, this math is not hard to do. If someone tracks down a report detailing the level of Carbamazepine in the drinking water as quoted by the AP, I would love to see it, because I would then happily perform calculations on the real numbers, just for my own interest, and for my readers sake. For now though, I will be enjoying a nice glass of Colorado tap water.
According to 