Patch for Web Security Hole Has Some Leaks of Its
Own
New York Times (08/09/08) P. B1; Markoff, John
A Russian physicist has demonstrated that the emergency patch for the flaw
found in the Domain Name System (DNS) is itself vulnerable. In a blog
posting, physicist Evgeniy Polyakov wrote that he managed to get the
patched DNS software to return an incorrect address in just 10 hours using
two standard desktop computers and a high-speed network link. Internet
experts who have reviewed Polyakov's work say the approach appears to be
effective. The vulnerability of the DNS has been a hot topic since
security researcher Dan Kaminsky notified a number of Internet companies
about the flaw earlier this year. Kaminsky recently said the DNS flaw also
could affect other Web services, including email. Although the risk of
such a flaw has been known for some time, last month security engineers
repeatedly stated that it is only a matter of time before financial
organizations and others are attacked through the flaw. Packet Clearing
House research director Bill Woodcock says there will almost certainly be
an escalating number of attacks. "We have already been seeing attacks in
the wild for the past two weeks," Woodcock says. Experts say the root of
the problem is that modern networks are relying on an addressing system
that was invented in 1983 and was not meant for services such as electronic
banking that require strict identity verification. "They are relying on
infrastructure that was not intended to do what people assume it does,"
says University of Southern California Center for Computer Systems Security
director Clifford Neuman. "What makes this so frustrating is that no one
has been listening to what we have been saying for the past 17 years."
Click Here to View Full Article
to the top
ACM Electronic Voting Expert Named to Key Federal
Advisory Committee
AScribe Newswire (08/07/08)
Computer scientist and founder of ACM's U.S. Public Policy Committee
(USACM) Barbara Simons has been appointed to the Election Assistance
Commission (EAC) Board of Advisors, which oversees voting and technology
standards. Simons, an encryption and privacy expert who previously served
as president of ACM, will hold a seat that is allocated for science and
technology professionals. "With the increasing use of technology in the
voting process, it is important for the EAC to have the benefit of strong
scientific knowledge and advice," says USACM chair Eugene H. Spafford.
"Dr. Simons brings valuable technical expertise to the Board of Advisors to
help inform the commission's focus on the intersection between voting
issues and computing technologies. Her extensive experience with USACM as
well as her advisory roles in high-profile national voting groups qualifies
her as an expert on voting systems, election technology, and election
processes." Simons was a member of the National Workshop on Internet
Voting, held at the request of President Clinton, and participated on the
Security Peer Review report that resulted in the cancellation of the U.S.
Department of Defense's Internet voting project due to security concerns.
Simons also co-chaired the ACM study of statewide registered voter
databases, and served on a subcommittee of the President's Export Council
for Encryption. Simons is currently co-authoring a book on voting machines
with University of Iowa computer scientist Douglas W. Jones.
Click Here to View Full Article
to the top
Computing Squared
AlphaGalileo (08/07/08)
For computing to become ubiquitous and useful, the emerging technology
will have to adapt to the way humans live, communicate, and work, according
to new research in the International Journal of Autonomous and Adaptive
Communications Systems. The next-generation computer interfaces must be
able to understand and emulate people, and recognize behavioral cues such
as body language, facial expressions, and tone of voice. Maja Pantic of
Imperial College London, Anton Nijholt of the University of Twente in the
Netherlands, Alex Pentland of MIT's Media Lab, and Thomas Huanag of the
University of Illinois at Urbana-Champaign assess the progress that has
been made in the areas of human-centered computing and Human-Centered
Intelligent Human-Computer Interaction (HCI-squared). A paradigm shift in
computing is necessary to move toward HCI-squared, considering current
machine analysis of human behavior is not context-sensitive and is unable
to handle long timescales. "The focus of future research efforts in the
field should be primarily on tackling the problem," the researchers
conclude. "This problem should be treated as one complex problem rather
than a number of detached problems in human sensing, context sensing and
human behavior understanding."
Click Here to View Full Article
to the top
NSF Hosts the Second U.S.-China Computer Science
Leadership Summit
National Science Foundation (08/06/08) Cruikshank, Dana W.
Approximately 15 professors, deans, and other computer science
professionals from China recently gathered with their U.S. counterparts in
Arlington, Va., for the second U.S.-China Computer Science Leadership
Summit. The one-day meeting gave participants an opportunity to discuss
the challenges and opportunities facing computing scholars. The summit
reflects the growing level of cooperation between the academic research
communities in both countries. The DIMACS Center at Rutgers University
organized the National Science Foundation-sponsored event. China is
quickly becoming a world leader in information technology research, with
many Chinese universities rivaling American universities in the development
of new patents and other innovations. Some believe that China's
advancements threaten the U.S. economy, while others argue that creating
stronger bonds between researchers in both countries will be mutually
beneficial. "Science and technology have always been a powerful force for
social and economic progress and for international diplomacy," says
National Science Foundation director Arden L. Bement. "At no time has that
been more true than today." DIMCAS Center director Fred Roberts says that
one topic that generated heavy discussion was the increasingly
multidisciplinary nature of modern science and the growing connections
between computer science and other disciplines such as biology and social
science. Another area of interest was the role of computer science in
solving some of humanities' biggest challenges, including energy shortages,
climate change, health care, and natural disaster response.
Click Here to View Full Article
to the top
MIT Students Ordered to Halt Report on Hacking Subway
System
Wall Street Journal (08/11/08) P. A4
A federal U.S. district judge in Massachusetts ordered three Massachusetts
Institute of Technology students to cancel a presentation at a computer
hackers' conference in which they were to announce security flaws they
discovered in the automated fare system used in Boston's subway system.
The temporary restraining order prevented Zack Anderson, R.J. Ryan, and
Alessandro Chiesa from demonstrating how to use the vulnerabilities to get
free rides. The Electronics Frontier Foundation (EFF), which is
representing the students, plans to fight the order, says EFF's Jennifer
Granick. The Massachusetts Bay Transpiration Authority's complaint says
the students planned to show others how to use the hacks before giving the
transit system time to fix the flaws. Granick says the students were
simply trying to share their research and planned to omit key information
that would make things easier for someone attempting to hack the payment
system. The researchers say the presentation would have demonstrated how
to generate fare cards, reverse engineer magnetic stripes on cards, and
hack radio frequency identification. "It is extremely important to
maintain the security and integrity of the Fare Media systems," says
transit system's Gary Foster. "With an insecure, compromised system, even
basic revenue controls, to name one example, become significantly
challenging." Granick says ordering the students to not share their
findings will have a negative impact of legitimate researchers who want to
expose flaws to improve systems.
Click Here to View Full Article
to the top
Judge Rejects Student Visa Injunction Sought by H-1B
Opponents
Computerworld (08/07/08) Thibodeau, Patrick
The lawsuit filed against the Department of Homeland Security for
extending student visas appears unlikely to succeed after a U.S. district
court judge in New Jersey denied a preliminary injunction to halt the move.
Judge Faith Hochberg addressed whether the Programmers Guild, the
Immigration Reform Law Institute, and other opponents of H-1B visas had
legal standing to bring the lawsuit, adding that they were unable to show
that the extension from one year to 29 months directly hurts U.S.
technology workers. "Instead of alleging concrete injury, plaintiffs
assert a generalized grievance with a particular government policy,"
Hochberg wrote. The groups, which can appeal the injunction, believe the
Bush administration used the extension as a back door to increase visas.
The Bush administration says it extended student visas to give guest
students more time to secure a H-1B visa. New graduates have a difficult
time obtaining a H-1B visa because the program's 85,000-visa cap is being
reached in early April each year. H-1B opponents and the Bush
administration have to file briefs as to "whether this case should be
dismissed for lack of standing" by Nov. 14, 2008.
Click Here to View Full Article
to the top
Sifting the Data: $3 Million Award Will Build a
Foundation for New Ways to Analyze Massive Data Sets Using Visual
Analytics
Georgia Institute of Technology (08/06/08) Vogel, Abby
The Georgia Institute of Technology has received a five-year grant to lead
and coordinate a new initiative that will work to develop foundational
research in large-scale data analysis and visual analytics. The research
team will investigate ways of improving the visual analytics of massive
data sets through machine learning, numerical algorithms and optimization,
computational statistics, and information visualization. Research leader
Haesun Park says developing new and improved mathematical and computational
methodologies will allow systems developers, intelligence analysts,
biologists, and health care workers to deploy new methods of detecting and
discovering both expected and unexpected trends in massive data sets. The
$3 million joint National Science Foundation and Department of Homeland
Security grant places Georgia Tech at the head of the Foundations of Data
and Visual Analytics (FODAVA) research effort. Seven other FODAVA
Partnership Awards will be announced this year, with each recipient working
with Georgia Tech to advance the field. Over the next five years, Georgia
Tech and other researchers will work to establish FODAVA as a distinct
research field and build a community of top-qualified researchers that will
collaborate on research workshops and conferences, industry engagement, and
technology transfer.
Click Here to View Full Article
to the top
Web Privacy on the Radar in Congress
New York Times (08/11/08) P. C1; Clifford, Stephanie
Questions surrounding online data collection and Internet user privacy are
starting to attract the attention of Congress. Currently, there is no
broad privacy legislation governing advertising on the Internet, and how
companies use personal information collected from Internet users' Web
habits is largely unknown. Even some in the government admit that they do
not have a thorough understanding of what companies are able to do with the
amount of data available to them. "That is why Congress, at this point, is
wanting to gather a lot more information, because no one knows," says
Vanderbilt University professor Steven A. Hetcher. "That information is
incredibly valuable; it's the new frontier of advertising." Many believe
that companies should tell Internet users how their information is being
tracked and used, but what area of the law covers this problem, and what
regulation would look like, is still undecided. As advertisers become more
sophisticated, and online privacy standards become increasingly varied,
regulators and privacy advocates are becoming more concerned. Some
companies have responded to concerns and criticisms, with Yahoo! and Google
giving users the opportunity to opt out of targeted ads, but such a small
change may not be enough. Rep. Edward J. Markey (D-Mass.) says some type
of omnibus electronic privacy legislation is needed, regardless of the
technologies or companies involved. The Federal Trade Commission has
proposed creating standards for behavioral-advertising practices in which
companies would provide a clear notice to consumers that lets them choose
not to be tracked, notify consumers if the company changes how it uses
data, and requires companies to deploy reasonable security measures.
Click Here to View Full Article
to the top
Ohio Official Sues E-Voting Vendor for Lost Votes
IDG News Service (08/08/08) Gross, Grant
Premier Election Solutions defended its electronic-voting machines after
Ohio Secretary of State Jennifer Brunner sued the vendor for dropping votes
during the state's primary election in March. Although Premier did not
respond directly to the lawsuit, a spokesman for the company formerly known
as Diebold Election Systems said it offers high-quality voting systems that
have had tremendous success in the state. The lawsuit is a counterclaim to
a suit filed by Premier in May seeking a judgment that the company did not
violate any contracts or warranties. After Butler County discovered that
150 votes were dropped, a statewide investigation found that hundreds of
votes were dropped in 11 other counties. Brunner is suing Premier for
failing to fulfill its contracts, and for breach of warranty and fraud.
Her office issued a report in December that says the state should abandon
touch-screen e-voting machines because of the "critical security failures"
of the products of Premier and two other vendors. Premier blamed the
problems on human error or conflicts with antivirus software in its own
report in May.
Click Here to View Full Article
to the top
Researchers Develop Next-Generation Antivirus
System
University of Michigan News Service (08/05/08) Moore, Nicol Casal
CloudAV, a new cloud computing approach to malicious software detection
developed at the University of Michigan (UM), could eliminate the need to
install and update antivirus software on personal computers. CloudAV moves
antivirus functionality into the network cloud and off of personal
computers, and analyzes suspicious files using multiple antivirus and
behavioral detection programs simultaneously. "CloudAV virtualizes and
parallelizes detection functionality with multiple antivirus engines,
significantly increasing overall protection," says UM professor Farnam
Jahanian. To develop CloudAV, the researchers evaluated 12 traditional
antivirus programs against 7,220 malware samples. Traditional antivirus
software checks documents and programs as they are accessed, and because of
performance constraints and program incompatibilities, typically only one
antivirus program is used at a time. However, CloudAV can support a
variety of malicious software detectors running in parallel to analyze a
single incoming file. Each detector acts as its own virtual machine, so
technical incompatibilities and security issues are not a problem. CloudAV
is accessible to any computer or mobile device operating on the network
that runs a simple software agent, and each time a computer or device
receives a new document or program, the item is automatically detected and
sent to the antivirus cloud for analysis.
Click Here to View Full Article
to the top
Beyond 3G--Ultra-Fast Mobile Radio Networks of the
Future
ICT Results (08/06/08)
European researchers are treading a path toward ultra-fast Internet access
available from all mobile devices through projects such as WINNER II, a
follow-up initiative to WINNER, which developed the initial concept of a
new infrastructure based on the assessment of promising digital wireless
technologies. WINNER II involved the development, optimization, and
validation of that technology as an investigation into the possible
deployment of the International Telecommunication Union's IMT-Advanced
global standard for furnishing a coherent architecture for all kinds of
digital wireless technologies. "The project has developed an entire system
concept and a related reference design for a future air interface," says
Werner Mohr with project coordinator Nokia Siemens Networks. "This can be
used as input for the standardization process that is now starting." The
38 WINNER II partners have made contributions to the Long-Term Evolution
intermediate standard, which will fill the void until IMT-Advanced is
ready. The WINNER II team tested technologies that will enable
communication of up to 100 Mbps by future mobile devices, and the projects'
results will now be developed by the WINNER+ effort. Ultra-fast Internet
access from mobile devices may not emerge in Europe until 2015, although it
may be rolled out earlier in some countries depending on market needs and
conditions in those countries, according to Mohr.
Click Here to View Full Article
to the top
Creating a Computer Game Is Child's Play
New Scientist (08/02/08)No. 2667, P. 26; Fleming, Nic
The Massachusetts Institute of Technology's Mitchel Resnick developed
Scratch, a programming language that children around the world are using to
create interactive stories, videos, music, animations, and games. Inspired
by Lego bricks, Scratch allows users to drag and "snap together" graphical
building blocks, which each represent a simple programming instruction,
into sequences that build up into games and animations. Resnick says the
idea behind Scratch is to fill a void in children's activities, namely
creating the interactive media that they spend so much time playing with.
Since its launch in May 2007, the Scratch software has been downloaded by
more than 300,000 children, and nearly 180,000 projects have been uploaded
onto the Scratch Web site for comment or use by visitors. Scratch has been
used to create the Scratch News Network, an animated newscast where
community developments are related by a cartoon cat used as the software's
logo. "Children are creating whole new genres of projects that we had not
even imagined," Resnick says. Scratch is being used in more than 100
countries, with the biggest communities located in the United States and
Britain. Teachers are using the program to teach students programming
basics, among other things.
Click Here to View Full Article
- Web Link May Require Paid Subscription
to the top
Indiana University Department of Computer Science Study
Shows Popular Web Sites at Risk for Phishers
Indiana University (07/30/08)
Indiana University School of Informatics researchers recently found that
nearly 2.5 million Web pages on some of the Internet's most trusted and
recognizable sites have 128,000 links that could be manipulated by
phishers. Doctoral students Craig Shue and Andrew Kalafut, along with
their advisor, professor Minaxi Gupta, developed a program that crawled
tens of thousands of sites searching for and identifying open redirects,
which are applications that take a parameter and redirect the user to the
parameter value without any validation. These redirects serve a legitimate
purpose, but they lack security controls and can be manipulated by phishers
to send visitors to any site on the Internet. "We were surprised by the
number of these open redirects on sites that people trust implicitly," Shue
says. "When considering whether to click on links in email, users often
look at whether the link goes to a trusted site. However, with redirects,
phishers can manipulate the links to defraud these users." Shue presented
the study's findings at the Usenix Workshop of Offensive technology.
Click Here to View Full Article
to the top
EU Reserves Spectrum for 'Talking' Cars
InformationWeek (08/06/08) Perez, Marin
The European Commission has agreed to set aside 30-MHz spectrum of the 5.9
GHz band for use in an initiative designed to reduce congestion and save
lives by enabling vehicles to communicate with one another about hazardous
conditions and other traffic impediments. By using the wireless spectrum,
a vehicle would be able to "tell" nearby vehicles if, for example, a
slippery patch is detected, or, warned by a traffic management center of a
sudden road closure, could pass on the information to other affected cars.
"Today's Commission decision is a decisive step towards meeting the
European goal of reducing road accidents," says Viviane Reding, the
European Union's telecommunications commissioner. "Getting critical
messages through quickly and accurately is a must for road safety." Though
technology already exists to make the endeavor possible, the initiative
aims to develop a standard unionwide system.
Click Here to View Full Article
to the top
A Quant's Quest
Conde Nast Portfolio (07/30/08) Duncan, David Ewing
Former Columbia University computer scientist David E. Shaw, who made a
fortune using complex algorithms on Wall Street, is close to completing
Anton, a new supercomputer that he says will be the most powerful ever
built. Shaw hopes Anton will help solve some of the most difficult
problems in biology, such as how the molecules that comprise life function
and interact at the most basic level. Shaw says that a clearer
understanding of such complex interactions could lead to better and more
efficacious drugs, develop computer models that can simulate what happens
at the atomic level of life, and lead to new ideas for developing computers
and other machines based on cells and molecules. Shaw retired from the
day-to-day management of his derivatives firm several years ago to become
chief scientist at his own computer laboratory, D.E. Shaw Research. Shaw
has been mostly quiet about Anton, though it is known that the
supercomputer uses the passively parallel computing technology Shaw helped
develop at Columbia in the 1980s, and that the computer simultaneously runs
512 application-specific integrated circuits. Anton's processors are
specifically designed to calculate the three-dimensional characteristics of
molecules.
Click Here to View Full Article
to the top
Will Robots Care for You Later in Life?
Nikkei Weekly (07/28/08) Vol. 46, No. 2347, P. 17
Forty percent of the Japanese population will consist of senior citizens
by 2055, and domestic robots are envisioned as important tools for caring
for elderly people, especially those who live alone. The University of
Tokyo's Information and Robot Technology (IRT) Research Initiative seeks to
develop robots that can assist with housework and perform other menial
chores. The 2005 Aichi Expo showcased innovative machines that come when
called, avoid objects, and are capable of other jobs that could aid people
with daily living. Robots outfitted with sensor counterparts to the five
human senses can safely interact physically with people, distinguish
between objects and carry food on trays, to name a few tasks. A research
group led by University of Tokyo professor Isao Shimoyama has devised
miniature tactile sensors capable of detecting pressure and friction from
various objects and that fit into a robot's "skin." The technology gives
the robot a precise sense of touch, and the IRT project team will create
new control systems and infrastructure based on machines developed by
Toyota, Mitsubishi Heavy Industries, and other companies. The strategy is
to look for machine designs that match function, which makes it unlikely
that every robot will be mobile or humanoid in form.
Click Here to View Full Article
to the top