Sophisticated search engines such as Google are being used to legally seek out and uncover confidential information and documents--credit card numbers, spreadsheets, Social Security numbers, etc.--and Computer Sciences researcher Johnny Long reports than "tens of thousands" of Web sites are vulnerable to such "Google hacking." Google and other search engines traverse or "crawl" the Internet, collating and cataloguing data and links stored in tens of thousands of servers; on each server the crawler can find any public Web page, with the exception of those in directories listed in a robots.txt file. However, such files could be unintentionally accessible because a server is misconfigured or confidential directories are unwittingly left off robots.txt files. Once a search engine scans a file, the file can remain stored on the engine's server even if the original file is taken off the server where it originally resided, which means removing the file completely off the Web once the search engine finds it is almost impossible. Search-engine operators cannot measure the frequency with which private documents are accessed via their sites, or how many are removed because of security issues. "The scariest thing is that this could be happening to the government and they may never know it was happening," notes Long. "If there's a chink in the armor, [the hackers] will find it." Government officials claim to be aware of the problem, and are collaborating with businesses and federal agencies to secure confidential material on Web servers. Google hacking has grown increasingly popular as the technique has spread through the underground hacking community. Security consultant Edward Skoudis says, "It's the easiest point-and-click hacking--it's fun, it's new, quirky, and yet you can achieve powerful results." Google CTO Craig Silverstein says Web masters need to be careful, and notes that the company provides guidelines for removing Web sites from its system.
Click Here to View Full Article

A breakthrough in microchip technology could significantly lower the cost of PCs in China and help remove Asia's dependence on Western high-tech. Culturecom Holdings researcher Chu Bong-foo has developed a chip that is responsive to the myriad characters of Chinese and other Asian languages. Culturecom chief strategist Benjamin Lau believes this innovation will enable developers to write software in Asian languages instead of English, thus obviating the need for translation components in digital devices. This would reduce their costs and make the products perform faster. Culturecom has designed circuit boards for cheaper PCs that incorporate an IBM PowerPC microprocessor enhanced with Bong-foo's technology. The machine's design employs a modified version of the Linux operating system licensed from Transmeta. Culturecom intends to debut the first products to use the new chip--a DVD player and a word processing device--on Feb. 9. Meanwhile, China, Japan, and South Korea have teamed up in an attempt to break away from Asia's reliance on proprietary Microsoft software by promoting open-source software.

A recent review of Diebold Election Systems' electronic voting machines commissioned from Raba Technologies by the Maryland legislature indicates that the systems' software suffers from vulnerabilities that would allow votes to be manipulated. The researchers reported that they altered voting cards used with touch-screen e-voting systems to vote more than once, and successfully hijacked the vote-counting computer by downloading malware off the Internet. Raba report author Michael Wertheimer, formerly with the National Security Agency, said the most recent version of the Diebold software was tested, and attributed most problems to Diebold's failure to implement 15 security patches to the Microsoft operating system the software depends on. One in four California voters is expected to cast ballots in the March presidential primary on Diebold machines, and on Feb. 5 California Secretary of State Kevin Shelley advised Diebold to allow its software code to be audited by a panel of independent experts. He also called for random state testing of all e-voting systems on election day to ensure accurate recording of ballots, and required counties to publish election results from each touch-screen machine at each precinct following the closing of the polls, as well as sever the machines' link to the Internet. So far, only one out of 14 county registrars who responded to Shelley's request has said she will follow the Raba researchers' recommendations to patch major security vulnerabilities in the e-voting machines and limit outside access to vote-counting computers. California Voter Foundation President Kim Alexander declared that registrars too readily dismiss computer scientists' warnings of insecurity, and have become too reliant on voting-machine companies to guarantee secure voting.
Click Here to View Full Article

To learn about ACM's activities and concerns regarding e-voting, visit http://www.acm.org/usacm/Issues/EVoting.htm.

MIT graduate student Sommer Gentry is investigating how dancing partners communicate haptically (through movement) to perform coordinated actions, and the insights she is drawing from her experiments could be applied to human-robot collaboration. She says that robotic surgical assistants already in use could be upgraded to understand and respond to the user's haptic signals, while Roderick Murray-Smith of the National University of Ireland-Maynooth's Hamilton Institute believes Gentry's research could be valuable for sports training or rehabilitation engineering. Professor Eric Feron, Gentry's faculty advisor, notes that unmanned systems that execute collaborative, rapid, and coordinated actions could benefit from her work. "Urban warfare, for example, requires people and systems to conduct very closely coordinated actions to detect danger and eliminate it," he adds. In her first experiment, Gentry had two partners dance while blindfolded to prove that a follower with enough experience can accurately interpret the leader's haptic cues and perform corresponding moves. This gave Gentry the idea that dancing partners use a shared vocabulary of known moves in addition to picking up aural signals from the music. She then repeated the experiment, only replacing one of the dancing partners with a robot; the robot led while the human partner followed, and the results showed that the person was for the most part able to follow the device's random leads. Murray-Smith comments that Gentry's research is relevant to the evolution of human-machine interaction: He muses, "In a few years, we might not view interacting with computers as a 'command and control' scenario, but rather more like a waltz, where sometimes the computer leads the user and other times the user leads the computer, with smooth transfers of who is leading."
Click Here to View Full Article

The Mercury system currently under development at IBM could enable people to seamlessly switch between communications modes without interrupting the flow of discussion, using a combination of location-aware and context-aware methods. Mercury was devised by IBM's Hui Lei and the University of Illinois at Urbana-Champaign's Anand Ranganathan as a follow-up project to Hui's Intelligent Notification System (INS). INS monitors software that is currently running and checks a person's electronic calendar to determine that person's current activity, and then combines this data with location data extracted from GPS receivers to choose whether email, voicemail, or a pager message is the best delivery mode for incoming messages. Mercury will track where the person is and open up communications in the preferred medium for that location. When a person wishes to contact another user, Mercury determines their location and activity, and chooses the optimal mode, be it instant messaging, cell phone, email, pager, or landline phone. At least three years will pass before Mercury is complete, while phone companies, equipment providers, and computer manufacturers will need to settle on a set of universal protocols if the technology is to be commercialized.
Click Here to View Full Article

Jonathan Love, a computing student at Imperial College, London, claims that software innovation is dead, arguing that software developers are no longer motivated to pursue innovative projects. He reports that security software has experienced the largest amount of growth in the last several years, chiefly because of the growing frequency of hacker attacks. Many respectable software engineers, especially the younger ones, prefer making a name for themselves by inventing malware, Love contends. The student also observes an increase in the copying of features from competing products, which is an easier strategy for developers than inventing completely new features. "And what incentive is there for a developer to implement a new feature when said developer knows that any good feature will be copied by his competitors?" he adds. Love writes that an innovative software developer has two choices: He can release his software free online, or attempt to market it. Selling his software is a difficult proposition because there are so many licenses to choose from. Love asserts that creating truly innovative software will be beyond the abilities of next-generation developers. "If I am going to spend three or four years at university studying computer science, yet not be able to offer any significant advantage to a major software development house compared to a simple 'code-monkey' who can churn out lots of code at a very low wage, where is my incentive to do software development?" he writes.
Click Here to View Full Article

Legislative attempts to control spam, such as the recently passed CAN-SPAM Act, are unlikely to significantly impede the deluge of junk email, partly because the amount of spam originating outside the United States is growing. Anti-spam advocates gathered at MIT's Spam Conference in January expressed hope that overhauling the fundamental workings of email would be a more effective measure, but author Simson Garfinkel thinks the odds are stacked against them. His argument is based on indications of an alliance between hackers, spammers, and organized crime. Brightmail estimates that 56 percent of all Internet email is spam, but Garfinkel cites personal experience to give credence to his belief that the spam situation is far worse; he found that spam constituted 94 percent of all email he received on Jan. 26, accounting for legitimate email, spam blocked by his filter, and emails automatically rejected by his server because they were sent to invalid addresses at his domain. Worse, spam originating from Asia exceeds legitimate email by almost 10 to 1, while spam from the United States runs approximately 50/50 with legitimate email. The growing sophistication of spam attacks is spurring email providers to roll out more advanced countermeasures such as Yahoo!'s Domain Key, but these products could cement the providers' market supremacy, thus making it harder for small businesses to maintain their own email systems. Garfinkel doubts that these next-generation tools will be effective in the long term, and is concerned that biotechnology and nanotechnology, like email, could be harnessed by just a few people as weapons against most users. "If we can't tackle the spam problem, then the future may be quite bleak," he warns.
Click Here to View Full Article

The Bush administration needs to strengthen its plans for cybersecurity, data collection, and related fields as it works to fight terrorism, says Randall Yim, General Accounting Office managing director of homeland security and justice issues. "We're moving to the implementation stage, and strategies need to be firmed up," Yim states, adding that more needs to be done, such as Congress forming legislation to mandate goals for the strategies. A report by the agency shows that the administration needs to strengthen its strategies and work on defining purpose, scope, and methodology as well as assess risks and threats, define objectives and performance measures, and integrate initiatives with other agencies. Yin says that integration and implementation are most important, and good data concerning critical infrastructure and financial markets is needed. The GAO found that the administration's strategies for cybersecurity were the most developed, while Yim said that technological barriers to sharing intelligence between federal, state, and local authorities would soon be overcome, unleashing a flood of data.
Click Here to View Full Article

The Voice XML 2.0 specification took the next-to-last step towards becoming an official World Wide Web Consortium (W3C) standard with its publication as a Proposed Recommendation by the W3C. The consortium declared that the Voice XML standard will provide access to Web-based services to an unparalleled number of telephone and mobile phone users; Motorola's Jonathan Englesma commented that Voice XML 2.0 is already virtually everywhere. The W3C's Voice XML group noted that developers will be able to make audio dialogs with synthesized speech, spoken-word recognition, digitized audio, touch-tone key input, telephony, and mixed-initiative conversations via Voice XML 2.0. "Voice XML 2.0 has the power to change the way phone-based information and customer services are developed," explained W3C voice browser activity lead Dave Raggett. "We will be able to make selections and provide information by speech." He also pointed out that Voice XML 2.0 will be advantageous to the visually handicapped or people who need Web access while keeping their eyes and hands free for other activities. Voice XML Forum Chairman Jim Ferrans, also with Motorola, reported that the transition of the Voice XML 2.0 standard to a Proposed Recommendation takes patent issues into account and validates the ability to deploy it. Englesma noted that companies are already switching from legacy interactive voice response systems to Voice XML, while hosting service providers and their customers are leveraging the technology's flexibility by putting voice applications on servers to run their call-process platforms.
Click Here to View Full Article

Uncertainty abounds when the topic is the immediate future of the Internet, and while the subject is debated regularly on email lists, Web sites, and discussion groups, corporations and individuals will have a hand in shaping the technology. Hackers have stepped up their attacks, prompting concerns from security experts that a major attack is on the horizon, but terrorism concerns have given government agencies and companies more of an incentive to shore up their networks and install backup systems. Howard Schmidt, former deputy cybersecurity czar and eBay's chief information security officer, says, "Even though we have greater reliance on the technology, we have greater resiliency." Companies are focusing more on the online search, which trails email as the most popular Internet activity, as keyword search advertising and personalized searching continue to emerge, and new players developing search technology include Microsoft and Amazon. State and local officials have not given up the fight with the federal government over Internet taxation, and the two sides remain at odds over online privacy and unsolicited commercial email. The proliferation of high-speed Internet access and the excitement over blogs could turn entertainment into a big revenue producer for the Web. Computer users are responding to intrusive ads, including spyware and programs that move animated objects across computer screens, by avoiding certain sites and using ad-blocking software. The Internet also could become more of a battleground for companies that are seeking to protect their software and ways of doing business, such as the "name-your-own-price" system, from competitors.

People have failed to recognize the significance of the 802.11 communications standard, considering the impact Wi-Fi will have on the wireless communications industry, writes Benchmark Capital's J. William Gurley. Although some vendors are pushing competing technologies, 802.11b can already be found in more than 50 million devices, and another 50 million devices will have the 802.11b radio chip by next year. The 802.11 open standard architecture will come to dominate wireless computing in the same way that the x86 computing architecture is everywhere in computing, and like the Ethernet networking standard is synonymous with networking, the author predicts. The 802.11 radio chip will gain even more momentum as consumers purchase peripherals and applications that support the standard, and competing technologies will have a hard time convincing consumers to incur the cost of switching to alternative architectures. Moreover, 802.11 benefits from the collective research and development of Intel, Broadcom, Cisco Systems, Motorola, and the entire venture capital community, and their continued innovation of the standard will lessen the concerns about its support for mobility or voice, small range, and lack of channels. The increase in volume of 802.11 has the radio chips nearing $5 price points, increasing the likelihood that it will be embedded in every electronic product, and more vendors will make their applications and peripherals Wi-Fi-ready. More than 115 vendors support 802.11, and offer more than 900 certified products. Over the next 10 years, 802.11, or one of its backwardly compatible descendants, will be the open-standard radio that rules the wireless communications sector, Gurley forecasts.
Click Here to View Full Article

The secure Web mail technology sector is trending toward appliances that serve other email infrastructure security purposes besides Web mail protection, but they require some knowledge of how to handle Web mail security, writes information security professional Keith Pasley. Web-based email is a good way to distribute information to workers outside the office, but the perceived security risk makes many businesses reluctant to deploy it. Most such systems use a multitiered architecture and separate databases for mail and user authentication information, raising security issues for identity management, availability, privacy, and data integrity. Many systems support a variety of authentication methods, and cryptography is usually used to ensure privacy and data integrity; redundant servers and load balancing can increase availability. The management of session cookies is a main issue of Web mail session management; if they are not erased at user logoff and the browser is not closed, an attacker can get in, but countermeasures are available. Management commitment to using secure methodologies helps counter flaws, as does a secure software development philosophy and proper training. Security technology or outsourcing or hosting the service can increase security as well.
Click Here to View Full Article

Apple has rolled out Safari version 1.2, an upgrade to its Safari platform whose features include built-in Google search; a new technique for naming, organizing, and presenting bookmarks; tabbed browsing; a SnapBack tool that allows users to return to search results instantaneously; and automatic blocking of pop-up ads. Safari 1.2 supports authentication through personal certificates rather than passwords, and is freely available for downloading on the Apple Web site or via Apple's Software Update Service. The updated Safari platform supports full keyboard access for users who prefer not to use a mouse for navigation. Apple's caching technology is also supported by the browser, giving users the ability to resume partial downloads without having to re-download the entire file. "Our goal with Safari all along was to have the best browser on any platform," explains Apple Internet Product Manager Kurt Knight. "We wanted to make a browser that was fast, standards compliant, and one that featured the innovation that Apple is known for." However, the Safari upgrade cannot function without the Panther operating system, which orphans users running even the latest permutation of the Jaguar operating system. Version 124 of the Safari Web kit has also been released, so now developers can embed the Safari rendering engine within their applications.
Click Here to View Full Article

Open systems storage lags behind the standards compliance and interoperability expectations of open systems networking, and catching up may ultimately prove impossible. To appease customers' desire to retain vendor value-added features and establish interoperability, the open systems industry is apparently elevating standards functionality. Although FCIP, iFCP, and iSCSI are all opens systems standards, that openness only exists at the protocol definition level, which means that practical interoperability for actual products and customers may not necessarily be supported. Open systems standardization for storage virtualization is also an iffy prospect, since commonly accepted virtualization techniques and processes may be deployed differently by individual vendors. Storage virtualization is based on an open systems infrastructure, but compatible virtualization programs will probably be insupportable. SAN technology's complexity is one of the chief reasons why SAN market openness is so hard to realize. Ethernet and IP networks assume intelligence in end systems and little intelligence in the network, while the reverse is true for SANs, and this translates into formidable interoperability and standards compliance challenges. Furthermore, storage targets may be less intelligent than the fabric, but customers tend to attach greater importance to them because they cost so much more.
Click Here to View Full Article

There is a flaw in the Homeland Security Department's virus alert system, according to Sen. Charles Schumer (D-N.Y.), who contends that the announcement of the email alert system last month by the agency's National Cyber Security Division (NCSD) was a challenge to hackers to mimic the agency email warnings. "If I were a betting man, I'd put a few dollars down that the next virus that clogs computer networks is going to be transmitted through an email that looks like one of these [agency] alerts," Schumer warns. The system will also issue regular informational bulletins for technical readers and consumers. Schumer wants a centralized plan for a government response to cyberthreats, as well as mandatory virus reporting when attacks reach a certain level through secure channels instead of emails. "If NCSD is going to be the lead agency for combating cyberterrorism, it needs to become the functional equivalent of the Centers for Disease Control," he notes, saying he would make the NCSD the primary federal agency to deal with computer viruses.
Click Here to View Full Article

Linux creator Linus Torvalds expects the recently released Linux v2.6 kernel to be a significant driver of Linux's migration into the corporate datacenter. "The greatest impact is really how we've extended the reach of the kernel; both up through scalability to enterprise hardware, and down to the embedded space," he explains. Linux 2.6 supports 64 CPUs, 64 GB of RAM, and non-uniform memory access, which expands the operating system's support of symmetric multiprocessing systems. Whereas the 2.4 kernel can only support about 1,000 devices, 2.6 can support as many as 1 million devices, according to SuSE developer Chris Mason. Scott Lewis of UMB Bank reports that a new process scheduler in 2.6 will be a major boost, while the kernel's Native POSIX Thread Library will support improved performance of heavily threaded applications. Linux 2.6's modular security architecture will give privileged user management a higher level of granularity than standard root server systems. Lewis is hopeful that the increasing scalability and growing sophistication of Linux will inspire confidence among IT managers, while Torvalds thinks that Linux will be especially interesting for applications outside the kernel, such as games, graphical user interfaces, and office tools. He says, "Most people...should take [kernels] for granted and find them mind-numbingly boring."
Click Here to View Full Article

The emerging Session Initiation Protocol (SIP) standard is designed to facilitate real-time multimedia communications on the Internet, but unanticipated interoperability problems are holding up the rollout of commercial Voice over Internet Protocol (VoIP) services. These problems are the result of vendors following disparate strategies to deploy SIP capabilities. Most interoperability troubles can be traced to end-user devices that fail to comply with the SIP specification: Some SIP phones, for example, cannot accommodate a failed device registration; other problem areas include transferring SIP calls outside the corporate network, which can be blocked by firewalls or network address translators at the networks' edge. Dynamicsoft software engineer Robert Sparks says the biggest interoperability problem SIP currently faces is the failure of SIP mechanisms for dealing with server failover to be deployed universally, which hinders failover across disparate systems or networks. IBM, Reuters, Monster.com, and the many other companies initiating SIP-based VoIP applications could face serious impediments because of interoperability problems, and experts recommend that companies planning to implement SIP should set aside more time for troubleshooting, especially if they intend to deploy more sophisticated SIP applications. SIP interoperability issues should become less difficult through several developments slated for this year, among them: The release of interoperability tests by the SIP Forum at the upcoming 14th annual SIPit event; the creation of a "torture test" by the IETF's Session Initiation Proposal Investigation working group that SIP product developers can employ to determine whether products adhere to the SIP specification; and the advent of third-party organizations offering SIP product certification.
Click Here to View Full Article

Yuqing Gao of IBM's Watson Research Center has set the ambitious goal of developing universal translation software that uses semantic analysis in which meaning is extrapolated from phrases in one language and converted into any other language; the progress toward universal translation is being partially spurred by global business and security requirements. Christian Rehtanz of ABB in Switzerland aims to make power grids more efficient and responsive to problems by developing real-time control algorithms that can instantly identify impending outages and take preventative steps. Synthetic biology researchers such as Princeton University's Ron Weiss are focusing on cellular programming, whose potential benefits include biosensors that detect biological weapons or land mines, and the even loftier goal of synthetic tissue generation for replacing damaged organs. MIT's Hari Balakrishnan and others are working on distributed storage, a data filing methodology designed to ease file maintenance and access while boosting security; Balakrishnan asserts that with distributed storage, "You can now move [files] across machines...replicate them, remove them, and the way in which [you] get them is unchanged." Foreign-language translation, microchip fabrication, drug discovery, and robot mapping are just some of the areas that could benefit from research into Bayesian machine learning, in which programs based on Bayesian statistics autonomously extract likely relationships from a large body of data. Nanotechnology cannot succeed without the refinement of nanowires, surmises Peidong Yang of the University of California, Berkeley; Mitre's James Ellenbogen says Yang's work in building large structures out of nanowires has been instrumental to the development of lasers, transistors, memory arrays, and biosensors, while further research into tweaking nanowires' properties could lead to even greater advancements. University of Illinois physicist John Rogers' prototype microfluidic optical fibers could accelerate data transmission and boost network reliability, because research has shown that droplets of fluid in fiber-optic pipelines can improve the flow of data-laden photons.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)