Computer security is as vitally important today as it ever was.  And you might have all of your passwords locked up safe inside of your head with a vow to never tell another soul, but sleep fitfully, for your computer’s keyboard has no such qualms.

No, I’m not talking about keylogging software.  Though that certainly is something to fear too, a good security sweep will keep nasty programs like that at bay.  I’m talking about the simple electromagnetic eminations over the wires that connect your wired keyboard to your computer.  (And no, wireless is most definitely not better.  By definition wireless broadcasts your keyboard’s activity.)  Be it PS/2, USB, or even your notebook computer, the data has to travel over wires to get from the keys to the computer.  And for people who know just how to listen in, your data is far from secure.

So say Martin Vuagnoux and Sylvain Pasini of the Security and Cryptography Laboratory (LASEC) at the School of Computer and Communication Sciences (I&C) at the EPFL.  (Say that five times fast.  Better yet, say it in French.)

They found four different ways to wirelessly snoop your keyboard’s activities, from a distance of up to 20 meters (65 feet) away, even through walls.  No keyboard was safe from these researchers.

And it’s not just computer security at risk.  Any key or number entry pad potentially poses the same security risk, including ATMs.

Now, while scary, this is certainly not an attack you can expect the common criminal to attempt.  For one, you need a big antenna.  John Q. Public standing next to an ATM with a huge antenna might be a bit suspect.

But professional corporate espionage is certainly game.  That white van parked in your parking lot?  That office across the street?  The apartment next door to yours?  It’s not just your wireless ethernet (and other devices) that you have to worry about anymore.  Now you have to worry about your computer itself.

Which, actually, has pretty much always been true anyway.  The only safe computer has no wireless devices, is disconnected from the internet, is running tons of security software, from a non-admin account, is unplugged, and buried twenty feet in the ground.

Or, in other words, simply the act of using a computer makes your data unsafe.  There is no such thing as a completely secure computer.

Still, there are plenty of things that one can do to keep a computer relatively safe.  And surely I’ve gone over them all before.  But there’s also a new one emerging.  It started with the advent of wireless technology, and is no doubt growing in importance day by day.  And that is blocking electromagnetic radiation.  There are more and more technologies like EM shielding paint that can be used to EM secure a room or building.  And if your data is of the utmost importance, perhaps it’s time that you looked into seperating your PC’s room (or building) from the rest of the EM world.

Cherrypal, one of the new buzzwords kicking around the geek-o-centric blogosphere. But what is it?

Unfortunately, there’s not really a good answer for that. It’s … new.

And not.

Cryptic enough? Yeah, so is Cherrypal’s website.

But here’s the scoop based on what everyone is claiming:

It’s sort of a cross between a thin client and a PC. It has a dink-o-rinko 4GB internal flash drive. It runs on a teeny-tiny 400MHz Freescale mobileGT MPC5121e chip. It has a whole thimble full of 256MB of DDR memory. It runs on some tweaked version of embedded Linux, suggested to be Debian. As you can see from the back at least we can pretty much guarantee a whole whopping two USB ports, built-in ethernet (which being so thin of a client will desperately need), and the only video-out looks to be VGA. Crap-a-logue. No digital. And strangely no composite video to hook it up to any old TV.

Why the less-than-stellar specs? So that the (insert eco-friendly buzzword here) Cherrypal can run on a total of 2 watts. Yes, you read that right. Two whole watts. Nifty. But … err … why? To cash in on the latest trend in green-ness of course.

Oh, but it’s not easy being green. Thanks to that design it pretty much leaves the Cherrypal in the realm of thin client. Oh, they can try to sell you on otherwise. But honestly. What is going to really fit into that 4GB of internal space? The OS. Some pre-installed apps like web browser and email client. And maybe if you’re really really lucky you can squeeze in something like an x86 emulator to run iTunes or something. Maybe. Can you really squeeze all of your apps onto your local 4GB? Doubtfull.

You can pretty much guarantee that all of your “storage” is actually going to be some 40 to 80 odd gigabytes networked off of some distant Cherrypal company server, probably variable based on how much of a monthly fee you want to pay them. If you’re really lucky there might also be some weird remote execution design built in so that not only do you have non-local storage, but you have non-local processing power, and your Cherrypal is really a thin client. But that part could easily be a pipe dream. In which case, you’re screwed. Because with the Cherrypal’s built-in processing power you’ll just barely be able to run your web browser whenever a flash animation comes up. Or for that matter OpenOffice.

Games? If purely local processing is in play, then maybe on the level of solitaire, minesweeper, or pinball. Definitely not anything released for Windows, since it doesn’t run Windows. And even then definitely not anything that anyone would consider modern. You’re looking at the level of gaming a cell phone can do, not a modern PC. Tetris anyone?

All-in-all, this has been done before. As a home web-browser / email device. Maybe not quite this spectacularly, but then as time marches on, technology does improve. If the thin-client portion really does have remote executing power and your Cherrypall basically amounts to a video server to display what the remote execution does, then maybe it’ll have a prayer of being more than just yet another home web browser.

And while the 2 watt usage is impressive, that’s about the only thing. The rest, just bombs its way to hell.

Sometimes going with a PC from big name brand offers advantages, like that support you just don’t get with a bargain basement find from Generico. And sometimes going with a PC from a big name brand offers disadvantages, like when the pre-installed support software is so insecure that it lets a hacker waltz through your PC with ease.

Take HP for example.

The CSIS Security Group has released the above Adobe Acrobat Reader PDF file detailing proven security holes and vulnerabilities in HP’s pre-installed ActiveX support software. HP, being a big brand name, is no doubt a nice juicy target for hackers. It’s a nice back door past so much of your security. How lovely of HP to provide it for the criminal underworld to utilize. Can I hear a “Doh!”

Fortunately it was unintentional for HP to release such bad code, and thus something they could fix. Which they have. If you own an HP computer, please oh please take a gander over here.

Because as much as we’d like any computer we buy to be absolutely secure, it just doesn’t work that way. It’s like buying a car. You can install an alarm. You can even install a GPS tracker. But it’s your own darn fault if the car gets broken into because you leave a gold brick, a diamond necklace, and a thousand dollar wad of cash plainly visible in the back seat. Or for that matter just forgot to turn on the alarm and left your door open. Give them an opportunity and criminals will gladly take it. They’ll test doors of a car that looks like it might be worth the effort. The same as they’ll test the security of PCs.

Security starts at home, doing things right. With computers that means being at least pro-active enough to not use default security settings and to install the patches provided to you.

Faithful readers may have noticed that I haven’t been writing as much as I usually do lately. The problem is, I’m burnt out. On computers.

It happens. Every so often I just go through a phase where I’m basically sick of computers. For a computer programmer, it’s not exactly conducive to work, which poses a bit of a problem. The only real solution is just to use computers as little as possible and basically do other things. You know. Life. For example during these times I love to cook and I love to read. I also like to get out and do stuff, like go for a walk, or a swim.

Only this time around I’ve been more house-bound than usual because it has also coincided with being generally sick. With my allergies combined with Pennsylvania’s rampant warm winter/spring so far, there’s been a lot of pollen, mold, mildew, and disease in the air. Viruses and bacteria didn’t get a good solid deep freeze over the winter, so they’re a little too vibrant this spring. As are the trees and plants. And with all that nice weather combined with humidity and rain, even the mildew is going strong. Most people are having a darn time of colds and flus. With my allergies on top of it (and I’m allergic to darn near everything: dust, dander, mold, mildew, pollen, etc.) I’m just happy to still be alive. But for weeks now I’ve had a rough voice from coughing a fair bit. And I don’t even smoke!

So I’ve been feeling like crap, on top of being sick of computers. Mostly that makes for a lot of reading and TV watching … when I’m not working of course. Lazy lazy. But what am I to do? It’s a good thing I just picked up The Great Book of Amber (which is basically just a reprint of all 10 of the Amber books in one big book) by Roger Zelazny. I highly recommend the read. Roger Zelazny is a genius in my opinion and the Amber books are just marvelously imaginative.

But anyway, so that’s been my sitch. I’ve just been plum burnt out on computers. I’m tired of pixels and electrons. I’m sick of staring at a screen. And I have to wonder, am I the only computer geek that gets that way? Or is it something that happens to even the best of us? Is it a geek thing? Or is it a human thing? Could it be that the human body simply doesn’t like sitting there looking at a glowing screen all day? Or even that the human brain doesn’t like something about the setup? It makes me wonder. What about you?

Through the years there has been one company I could always trust. One company that I am never disappointed by. That company is Logitech. From keyboards to speakers, mice to controllers, racing wheels to every strange gaming doo-dad under the sun, in Logitech I trust. Whenever I want a quality keyboard for my PC, I buy Logitech. Whenever I want to look for the latest strange controller to enhance my Playstation 3 gaming experience, I buy Logitech. They’ve never let me down. There’s really not much more one can say than that.