Association for Computing Machinery
Welcome to the January 26, 2015 edition of ACM TechNews, providing timely information for IT professionals three times a week.

Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).


How Can We Protect Our Information in the Era of Cloud Computing?
University of Cambridge (01/26/15) Sarah Collins

University of Cambridge researchers believe private information would be much more secure if individuals moved away from cloud-based storage and toward peer-to-peer systems, in which data is stored in a variety of ways and across a variety of sites. Although cloud-based systems offer convenience to the user because the data can be accessed from anywhere with an Internet connection, the centralized nature of the cloud makes the data vulnerable to attack. The strength of a peer-to-peer system is that its value grows as the number of users increases, because all producers also are potential consumers, so each added node gives the new producer as many customers as already are on the network. "Since all the members of a peer-to-peer network are giving as well as consuming resources, it quickly overtakes a centralized network in terms of its strength," says the University of Cambridge's Jon Crowcroft. He notes the higher reliability and performance of fiber to the home, the availability of 4G networks, and IPv6 are all helping to make peer-to-peer networks viable. "Essentially, data is encoded redundantly, but rather than making many copies, we weave a tapestry using the bits that represent data, so that threads making up particular pieces of information are repeated but meshed together with threads making up different pieces of information," Crowcroft says.

Verizon's Mobile 'Supercookies' Seen as Threat to Privacy
The New York Times (01/25/15) Natasha Singer; Brian X. Chen

Long-standing concerns about identifying the codes Verizon Wireless uses to tag its users for advertising purposes have resurfaced after revelations an advertising software company was using the codes without Verizon's knowledge. The codes used by Verizon, known as "supercookies," have been criticized in the past because, unlike normal cookies that track and record certain information about Internet users' browsing activity, users cannot delete them. The ID codes enable Verizon to track its users and sort them into categories that are useful for targeted advertising. However, Stanford University graduate student Jonathan Mayer reported that Turn was using Verizon's unique ID headers not just to identify and sort users, but to regenerate its own tracking cookies after users deleted them. Turn immediately backed down after Mayer's report, but Verizon said Turn had been repurposing their tracking codes without their knowledge, which has many privacy advocates concerned. Critics say the incident shows unauthorized third parties could use Verizon's tracking codes to monitor its users without their or the carrier's knowledge. Some have used the revelation to renew calls that Verizon and other wireless carriers be reclassified as common carriers, which would require them to follow much more stringent privacy regulations.
View Full Article - May Require Free Registration | Return to Headlines | Share Facebook  LinkedIn  Twitter 

NIST Reveals Crypto Standards Guide (01/23/15) Eric Chabrow

The U.S. National Institute of Standards and Technology (NIST) has published a substantially revised proposal for changes to the way it develops cryptographic standards, nearly a year after publishing an initial draft. The original draft was a response to revelations of espionage efforts by the U.S. National Security Agency (NSA), in particular that NSA, which NIST is required by law to collaborate with on certain issues, may have subverted a cryptographic algorithm, Dual_EC_DRBG, produced by NIST. Analysts say this subversion could have given NSA a "backdoor" into any system using Dual_EC_DRBG for encryption. The new draft, which was released Jan. 23, has received a mixed reception. Privacy advocates welcomed new measures that require NIST and NSA to be transparent about NSA's contributions to any NIST publications. However, Amie Stepanovich of advocacy group Access says the new draft should have required NIST to work only with NSA's information assurance directorate, not its intelligence-gathering operations, a criticism echoed by the Center for Democracy and Technology. Consultant George Willingmyre also says the new draft should refer more specifically to international standards and the need to conform to them.

3D Transistors Made With Molecular Self-Assembly
Technology Review (01/23/15) Katherine Bourzac

IBM researchers have developed a new way to rapidly manufacture three-dimensional transistors, which are used in high-end integrated circuits due to their faster switching ability and low power consumption. Typically such circuits are made using photolithography, but IBM's group used an approach known as directed self-assembly, which involves synthesizing molecules so they automatically assemble into complex structures. The researchers used a class of materials called block copolymers whose length, size, and other characteristics are altered, like changing how two blocks attract and repel each another. Patterns made in this way can be much denser than what is possible using lithography, indicating this approach can be used to create the smallest, most densely packed, and uniform parts of an integrated circuit. The remaining portion of the circuit would still be formed using conventional methods. The researchers used existing photolithography methods to prepattern a photoresist coating to form a series of deep, parallel trenches. The trenches then help direct the assembly of block copolymers, which are arranged in patterns required to etch transistor fins that are smaller and more densely packed together than is possible solely with photolithography. The resulting devices had features as close together as 29 nanometers, compared to the 80 nanometers that is currently possible.

Symposium to Focus on Future of Voting Systems
NIST Tech Beat (01/21/15) Jennifer Huergo

A symposium on emerging trends in voting has been scheduled for Feb. 9-10 in Washington, D.C. Sponsored by the Election Assistance Commission and the U.S. National Institute of Standards and Technology (NIST), the symposium will focus on people, processes, and technology on the first day. The second day will feature ongoing activities in interoperable systems and a series of breakout sessions that will engage participants in identifying forward-looking technologies in areas such as usability, accessibility, auditing, and testing. The symposium will be attended by election officials, academics, and representatives of voting system manufacturers, voting system test laboratories, and standards development organizations, as well as local, state, and federal government officials. "Our goal is to foster an inclusive and informative conversation about trends in voting affected by technology, as well as how people interact with that technology," says NIST's Mary Brady. Tammy Patrick, senior adviser to the Bipartisan Policy Center's Democracy Project, will deliver the keynote address.

Wi-Fi and Neighborhood Conflicts: An Algorithm to Keep the Peace
Swiss Federal Institute of Technology in Lausanne (01/23/15) Cecelia Carron

An algorithm developed by a doctoral student at the Swiss Federal Institute of Technology in Lausanne (EPFL) promises to improve the quality of wireless networks. The algorithm is designed to automatically select the best frequency band based on the usage of neighboring networks. Neighboring wireless networks currently often borrow the same frequency bands and create caps, while other routes remain free. The frequency band is divided into 13 channels, and the algorithm shares the channels between different users according to their needs at a specific moment. "It's about compromise," says Julien Herzen, the algorithm's developer. "This works best if everyone is using it, but the impact is also positive for a single user. The system optimizes the free frequency band without interfering with the networks of neighbors." Herzen says automating bandwidth sharing can increase the amount of data that passes at a specific time by up to seven times. He also notes manufacturers would be able to easily implement the algorithm on existing systems.

Computer Scientists From Saarbruecken Improve the Privacy of the Internet Currency Bitcoin
Saarland University (01/22/15)

Researchers have long known the anonymity of Bitcoin can be compromised, says Saarland University's Aniket Kate. He notes the anonymity of the virtual currency currently relies on Bitcoin addresses. "They are pseudonyms through which users perform and publicly record transactions," Kate says. "If those pseudonyms can be tracked back to the real initiators, the anonymity of Bitcoin is broken." In collaboration with two doctoral students, Kate has developed a method dubbed CoinShuffle that protects the user's anonymity, prevents fraud, and can be incorporated into current Bitcoin programs. The approach is similar to the Tor network, which enables anonymous access to the Internet. CoinShuffle requires participants to decode the list of recipient addresses they receive, add their own to it, and forward the encrypted list to the next participant. The process is repeated with every participant, thereby shuffling the order of the addresses and as a result concealing the traces to the recipient. "Currently, several developers are reprogramming our approach to incorporate it into their Bitcoin clients," says Saarland University doctoral student Tim Ruffing.

Profitable Phishing Schemes Slyly Tinker With Our Heads, Then Rip Us Off
University at Buffalo News (01/22/15) Pat Donovan

The use of information-rich phishing scams can alter recipients' cognitive processes, making them more likely to fall victim to the emails, according to a study led by University at Buffalo professor Arun Vishwanath. The study involved 125 undergraduate university students who received an experimental phishing email from a Gmail account prepared for use in the study. The message's reply-to address and sender's address both included the name of the university. The email emphasized urgency and fear by saying there was an error in the recipient's email account settings that required them to use an enclosed link to access their settings in order to resolve the problem. The recipient had to do so within a short time period or they would no longer have access to the account. Vishwanath says 49 participants replied to the phishing request immediately and another 36 replied after a reminder. The phishing attack had an overall success rate of 68 percent. Vishwanath says information-rich emails include graphics, logos, and other brand markers that suggest authenticity and also create a feeling of social presence. He notes such social presence makes a message appear more personal and curbs distrust, while also encouraging "heuristic processing, marked by less care in evaluating and responding to it."

Diverse White Hat Community Leads to Diverse Vuln Disclosures
Dark Reading (01/22/15) Sara Peters

Pennsylvania State University researchers say security firms should employ more new people to strengthen their ability to uncover vulnerabilities. A study led by Jens Grossklags examined 3.5 years of activity on Wooyun, an online platform in China used to report vulnerabilities. Overall, 3,254 researchers disclosed 16,446 vulnerabilities via Wooyun during that period. The study found as the number of active users on Wooyun increased, the number of high-severity bugs reported began to exceed low-severity ones. Meanwhile, reports of weaknesses on low-traffic websites started to outnumber those on the most popular websites. Grossklags says they also sought to examine "to which degree less prominent participants of the white hat community can provide similar contributions [as the] most prolific contributors." They divided the pool of active disclosers on Wooyun into a head group and a tail group, each of which were responsible for about half of the total vulnerabilities. The head group comprised 191 super-productive researchers who averaged 43 bug reports each over the time studied, in particular SQL injection and cross-site scripting vulnerabilities. The tail group consisted of 3,063 people who only averaged three vulnerability reports. Nevertheless, the tail group was important because they tended to discover less common vulnerabilities.

Twitter Can Predict Rates of Coronary Heart Disease, According to Penn Research
Penn News (01/21/15) Evan Lerner

University of Pennsylvania researchers have demonstrated that Twitter can serve as a dashboard indicator of a community’s psychological well-being and can predict rates of heart disease. The researchers note Twitter can capture more information about heart disease risk than many traditional factors combined because it also characterizes the psychological atmosphere of a community. For example, they found expressions of negative emotions such as anger, stress, and fatigue in a county’s tweets were associated with higher heart disease risk, while positive emotions such as excitement and optimism were associated with lower risk. The researchers collected a set of public tweets made between 2009 and 2010 and used established emotional dictionaries, as well as automatically generated clusters of words reflecting behaviors and attitudes, to analyze a random sample of tweets from individuals who had made their locations available. "The relationship between language and mortality is particularly surprising, since the people tweeting angry words and topics are in general not the ones dying of heart disease," says Pennsylvania professor H. Andrew Schwartz. "But that means if many of your neighbors are angry, you are more likely to die of heart disease." The study mirrors existing sociological research that suggests the combined characteristics of communities can be more predictive of physical health than the reports of any one individual.

New Computation Method Helps Identify Functional DNA
Cornell Chronicle (01/20/15) Krishna Ramanujan

Cornell University scientists have created a computational method to identify biologically significant DNA in the human genome. The method combines two techniques to pinpoint signals of selective pressure in DNA--one that looks for divergence and another that looks for mutations in DNA between individual humans. The new method clusters functionally similar markers in the genome into groups, and subsequently estimates the probability of whether a group is contributing to the fitness of the species based on associated patterns of divergence and genomic polymorphisms. Researchers generated a fitness consequence (fitCons) score that predicts which genetic material might be under selective pressure and therefore biologically significant. Compared to conventional techniques, fitCons scores demonstrated a much greater power to predict which genetic material regulates the expression of genes. In addition, fitCons scores indicate 4.2 to 7.5 percent of nucleotides in the human genome have influenced fitness since humans likely diverged from chimpanzees. "What makes our approach unique is the straightforward combination of DNA biochemistry with recent evolutionary pressures," says Cornell graduate student Brad Gulko. "Our method allows other scientists not only to use the results, but to readily understand them."

UBC's Robotic Sailboat Attempts to Cross Atlantic Alone
Saskatoon StarPhoenix (Canada) (01/21/15) Gillian Shaw

University of British Columbia (UBC) engineering and computer science students will launch a robotic sailboat off the coast of Newfoundland this summer, hoping it will be the first sailbot to complete a transatlantic race that started in 2010. UBC has had success at the International Robotic Sailing Regatta, winning the 8-to 12-kilometer race three straight years. However, no sailbots have ever finished the transatlantic race. Sailbots usually get lost at sea, a few have run into islands, and some have been picked up by other boats, notes Josh Andrews, head of the software group that is part of the 66-person UBC sailbot team. Sailbots must autonomously navigate more than 2,500 kilometers across the Atlantic Ocean and do so totally under wind power provided by their Kevlar-reinforced sails. UBC's 5.5-meter sailbot is equipped with the latest marine technology, from satellite navigation to thermal imaging. A website will enable viewers from around the world to follow its trek to Dingle, an island off the coast of Ireland.

Abstract News © Copyright 2015 INFORMATION, INC.
Powered by Information, Inc.

To submit feedback about ACM TechNews, contact:
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.
Non-Members: Unsubscribe