Quantum Computing at Room Temperature — Now a Reality!

Quantum Computing at Room Temperature — Now a Reality

TIME / Techland
by Matt Peckham
July 6, 2012
Georg Kucsko is a graduate student and one of the lead authors of a paper that describes a technique that could one day lead to the creation of a quantum computer at room temperature. Professor Mikhail Lukin (from left), Georg Kucsko, and Christian Latta are pictured looking at their lasers in the LISE Building at Harvard University.

You’ve read about the world’s first quantum network built from two atoms and one proton. You’ve heard about the quantum computer someone plonked inside a diamond to grapple with something called “quantum decoherence.” I mean, who hasn’t?

But it’s all crazy Futurama science, right? You’d need costly equipment capable of cooling those quantum bits (aka “qubits”) to about the temperature of outer space vacuum, which is to say near absolute zero (-459.67 F), to get even a primitive quantum computer working, wouldn’t you? Also: laser beams and mirrors and springs made of light?

(MORE: World’s First Quantum Network Built with Two Atoms, One Photon)

Maybe not. In fact, maybe all you need is a team of intrepid researchers and a little ingenuity to prod a qubit into controlled, quantifiable action without special cooling.

Like: a group of Harvard scientists, who’ve apparently managed to create qubits and get them to store information for nearly two seconds at ambient temperatures. Two seconds may not sound like much, but we’re talking about a timeframe that the researchers claim is six orders of magnitude greater than prior attempts.


Diamond Days

How’d they do it? With one of the world’s hardest materials, of course. Like the international team of scientists that recently fiddled with a tiny diamond chip to get qubits to perform rudimentary calculations, the Harvard research team, led by physics professor Mikhail Lukin, employed a custom-crafted diamond to create quantum bits that were able to store information for nearly two seconds, and — incredibly — do it at room temperature.

“What we’ve been able to achieve in terms of control is quite unprecedented,” said Lukin in a story by Harvard Gazette. “We have a qubit, at room temperature, that we can measure with very high efficiency and fidelity. We can encode data in it, and we can store it for a relatively long time. We believe this work is limited only by technical issues, so it looks feasible to increase the life span into the range of hours. At that point, a host of real-world applications become possible.”

Getting a quantum computer working is like pulling off the world’s least forgiving Cirque de Soleil act flawlessly. Quantum particles are susceptible to outside influence. Persuading them to store information, then measuring that information — much less at room temperature — involves Herculean feats of isolation and control, like using extremely expensive equipment to trap particles in a vacuum, then keeping them perfectly still (as in really-truly: no atomic motion at all) to lower their temperature to somewhere in the vicinity of absolute zero.

In addition to thermal issues, qubits are prone to decoherence, losing information quickly as they’re influenced by their environment, thus the basic quantum science notion that by simply measuring a particle’s state you’re interacting with it in a way that critically influences your results.

The Harvard team opted to create an ultra-pure, lab-manufactured diamond containing nitrogen-vacancies, or NVs — impurities at the atomic level that behave like atoms, allowing them to be controlled and their spin-orientation quantified.

The trouble with NVs is that they can’t hold data long enough to function as quantum computers. Carbon-13 atoms also present in the diamond, on the other hand, are much less easily influenced and prone to hanging around longer. But the trouble with them is that those same upsides make them much more difficult to measure and manipulate.


Pure Impurities

The solution? It turns out NVs and carbon-13 atoms interact in rather fascinating ways, such that the former can indicate the state of the latter. By measuring the NVs, in other words, the team was able to gauge the spin of the carbon-13 atoms at room temperatures. And by further isolating the NVs and carbon-13 atoms using lasers, the team was able to encode information in the carbon-13 atom’s spin and raise its coherence — the time it’s holding the data — from a millisecond to over two seconds.

Why bother at all, given the effort still involved to produce the crudest of quantum calculations? Because functional quantum computers would be unbelievably fast: They take the concept of classical systems, where information is factored sequentially in “ones” and “zeroes,” and can represent those states simultaneously, a typically weird-sounding, parallelistic quantum behavior known as “superposition.”

To give you a sense of what that means, physicist David Deutsch has said that while your desktop PC today might be processing a single computation at once in sequential fashion, a quantum computer could be crunching through a million simultaneously.


The World to Come

What would we do with functional quantum computers (you know, besides insert a metal prong in the back of our heads and play fisticuffs with a bunch of Hugo Weaving clones)?

Imagine “quantum cash” channeled through a financial system encrypted for security purposes at the quantum level, suggests Lukin. Or consider a topologically quantum network, where qubits facilitate high-speed, ultra-secure transactions.

“This research is an important step forward in research toward one day building a practical quantum computer,” said Georg Kucsko, another researcher on the Harvard team. “For the first time, we have a system that has a reasonable timescale for memory and simplicity, so this is now something we can pursue.”


The Harvard team’s research was recently published in the academic journal Science.


MORE: Meet the Quantum Computer Inside a Diamond — Does It Run ‘Forever’?

Direct Link: http://techland.time.com/2012/07/06/quantum-computing-at-room-temperature-now-a-reality/#ixzz22FRJPif5

At Defcon, Hackers Show How To Bypass Android Encryption

At Defcon, Hackers Show How To Bypass Android Encryption


All Things D
by Ina Fried
July 28, 2012



If you lose your Android phone, your data could find its way into the wrong hands, even if you have encryption turned on.

A pair of security researchers have found an easy way past the encryption on many Android phones.

The method isn’t a flaw in the Linux-based encryption system used in Android itself, but rather the fact that the passwords that protect the encryption tend to be rather weak.

That’s because Android uses the same password to decrypt the data on the phone as is used to unlock the device. People tend to use either short pin numbers, simple patterns or easy to remember words. As a result, the encryption is fairly easily broken through what is known as a brute force attack.

“The encryption is good but you are able to brute force it,” said Thomas Cannon, director of research and development for Chicago-based Viaforensics. Cannon highlighted the issue during a presentation at the Defcon hacker conference on Saturday.

Once unlocked, all the information in the user data partition is easily accessible.

An easy fix, Cannon told AllThingsD, is if Android were to incorporate two passwords–a strong one for decrypting a phone at boot-up and a simpler, easy-to-remember one for unlocking the device.

“You only boot up your phone once in a while,” Cannon said.

Not all Android devices are vulnerable, Cannon said. First of all, Android didn’t even support encrypted data until Android 3.0, so there’s nothing to crack on devices before then — a user’s data is already unencrypted. The technique also relies on either devices without what’s known as a unlocked bootloader or else ones that are easily unlocked.


Direct Link:  http://allthingsd.com/20120728/at-defcon-hackers-show-how-to-bypass-android-encryption/

“ATTENTION”… IMPORTANT NOTICE That Affects YOU! : MySQL Database Flaw Leaves Passwords Vulnerable

MySQL Database Flaw Leaves Passwords Vulnerable


Major flaw in popular MySQL and MariaDB databases is trivial to exploit and leaves the databases highly vulnerable to brute-force attack.


By Mathew J. Schwartz
June 12, 2012


***   Note: Highly Vulnerable if you’re using Google’s Gmail, Microsoft’s I.E. or Microsoft Office!


MySQL and MariaDB database servers are vulnerable to a brute-force attack that can reveal admin-level passwords in just seconds. The vulnerability stems from a flaw relating to how the databases verify password hashes.

Due to the flaw, there’s a chance that MySQL/MariaDB would think that the password is correct even while it is not, and then accept any password, according to Sergei Golubchi, security coordinator for MariaDB, in a security advisory posted to the oss-sec mailing list. The post continued, “Because the protocol uses random strings, the probability of hitting this bug is about [one in] 256.”

As a result, if an attacker knows a username, bypassing the password-checking mechanism would require–at most–just seconds. “If one knows a user name to connect (and “root” almost always exists), she can connect using *any* password by repeating connection attempts. [Around] 300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent,” said Golubchi.

Both MySQL and MariaDB are two of the most popular and widely used database platforms, not least because they’re free.

Thankfully, however, just because the vulnerable code is contained in a database that uses MySQL or MariaDB code doesn’t necessarily mean the database is at risk. “Although a wide range of MySQL and MariaDB versions use the vulnerable code, only some of these systems are exploitable,” said Metasploit founder, developer, and researcher H.D. Moore, in a blog post that includes workarounds for mitigating the vulnerability in exploitable systems.

To date, Moore said, researchers have found that the following implementations are vulnerable to the exploit: Ubuntu Linux 64-bit (versions 10.04, 10.10, 11.04, 11.10, 12.04), OpenSuSE 12.1 64-bit MySQL 5.5.23-log, Debian Unstable 64-bit 5.5.23-2, Fedora, and Arch Linux (versions not known). Notably, however, official builds from MySQL and MariaDB can’t be exploited, and Moore said Red Hat confirmed that the vulnerability can’t be exploited in Red Hat Enterprise Linux 4, 5, and 6.

Oracle, which develops MySQL, has patched the related flaw via its April 2012 critical patch update, while both MySQL and MariaDB have issued their own patches.

How widespread is the vulnerability? Based on Moore’s personal research, there are “approximately 1.74 million MySQL servers across the Internet [which are] at large,” he said, and about 50% of them–869,000 databases–are vulnerable to the exploit.

“This statistic includes only MySQL instances that were on hosts publicly exposed to the Internet and not bound to localhost,” Moore explained. Binding the database server to localhost means that it can’t be accessed remotely, which thus helps mitigate the attack. Likewise, putting access controls in place can block unapproved access from the Internet, which also mitigates the vulnerability.

Since vulnerable systems are easy to exploit, and many such systems likely won’t be patched for some time, expect attackers to quickly begin targeting this vulnerability. “If you are approaching this issue from the perspective of a penetration tester, this will be one of the most useful MySQL tricks for some time to come,” said Moore.

For example, he said, if a penetration tester knows the username and password for a database, then he can access it using the attack to dump the table to a local file. “This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access,” said Moore.

Moore also noted that a related exploit module for the free Metasploit penetration testing tool that targets the MySQL and MariaDB vulnerability has already been developed and released.



More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)


Direct Link:  http://www.informationweek.com/news/security/storage/240001921


More Security Insights


More >>

White Papers


[ Should the Obama administration have confirmed its role in Stuxnet? Read more at Was U.S. Government’s Stuxnet Brag A Mistake? ]