Welcome to the April 14, 2014 edition of ACM TechNews, providing timely information for IT professionals three times a week.
Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).
HEADLINES AT A GLANCE
Obama Lets NSA Exploit Some Internet Flaws, Officials Say
The New York Times (04/13/14) David E. Sanger
Senior Obama administration officials say the president has asked the U.S. National Security Agency (NSA) to reveal any cybersecurity flaws instead of concealing and exploiting them. However, Obama also has created an exception for cases with "a clear national security or law enforcement need," which would allow NSA to continue to take advantage of such flaws to crack encryption and design cyberweapons. Despite this exception, NSA and officials at the U.S. Cyber Command say giving up the ability to leave cybersecurity flaws undisclosed is the equivalent of "unilateral disarmament" because other countries--including Russia and China--will continue to exploit unknown vulnerabilities. The announcement comes as the White House denies the U.S. government had any knowledge of the Heartbleed vulnerability that has jeopardized password security for a wide range of Internet services. The announcement also is part of a larger set of recommendations issued by the president for NSA operations. Other changes ask the NSA to stop weakening commercial encryption systems and building "back doors" in software and to stop exploiting zero-day flaws. The one exception to the zero-day rule allows officials to "briefly authorize using a zero day for high priority intelligence protection."
Heartbleed Bug's 'Voluntary' Origins
The Wall Street Journal (04/13/14) Danny Yadron
Internet security is primarily managed by a small number of parties mostly made up of volunteers, a problem highlighted by the recently disclosed Heartbleed bug. A German volunteer coder has acknowledged he introduced the flaw on New Year's Eve 2011 while working on bug corrections for the OpenSSL Project, and that multiple coders also working on OpenSSL missed it. In addition to being mostly voluntary, the 11-member coding team receives less than $1 million a year in funding. Sources blame a lack of funding and manpower as factors that worsened the bug and allowed it to be overlooked for two years. OpenSSL volunteer developer Geoffrey Thorpe says he cannot spend much time on the project because of his day job. "You might say that it's like sewage processing in a way, messy, complicated and usually taken for granted right up until it goes wrong," he observes. All members of the OpenSSL team are based outside the United States to avoid arms export statutes that apply to advanced encryption. Heartbleed also provokes questions about whether the Internet should depend on a single technology to maintain secrecy. "Anytime you have a monoculture, one bug is going to make everyone insecure," says Johns Hopkins University professor Matthew Green.
Sneak a Peek Through the Mist to Technology of the Future
University of Bristol News (04/11/14)
A tabletop display system developed by researchers at the University of Bristol could change the way people interact and collaborate in the future. The MisTable combines a conventional interactive table with personal screens, built using fog, between the user and the tabletop surface. The tabletop display enables users to move images around and push through the fog-screens and onto the display. The researchers say the personal screen is both see-through and reach-through, and enables a range of customization and novel interactions such as presenting two-dimensional personal content on the screen, three-dimensional content above the tabletop, or supplementing and renewing actual objects differently for each user. "Users can be aware of each other's actions and can easily switch between interacting with the personal screen to the tabletop surface or the interaction section," says Bristol professor Sriram Subramanian. "Users can also move content freely between these interaction spaces." The researchers will present a research paper on the MisTable at this month's ACM CHI Conference on Human Factors in Computing Systems in Toronto.
UNSW Scientists Using AI to Create Elastic Cloud
CIO Australia (04/08/14) Byron Connolly
University of New South Wales (UNSW) researchers are using artificial intelligence (AI) to build a computer network they say can regulate its own consumption of public cloud services. The researchers have developed a software controller that could be used by every virtual server instance in the cloud to monitor the performance of server applications. The researchers say the controller relies on a simplified version of reinforcement learning, an AI method more commonly associated with robotics than information technology. If an application's performance becomes critical, the controller will communicate with others on the network and automatically determine how and where to source extra capacity to cope with the load. "We are trying to automate some of this and we eventually hope that a few years down the line we will have an environment that people can use," says UNSW researcher Srikumar Venugopal. He also notes the researchers already have created a software infrastructure that does decentralized scaling but it needs to be tested with actual enterprise applications.
U.S. Rallied 120 Nations in Response to 2012 Cyberattack on American Banks
Washington Post (04/12/14) Ellen Nakashima
In 2012, the Obama administration responded to a wide-ranging cyberattack campaign against U.S. banks not by attacking the problem at the source--believed to originate in Iran--but by appealing to 120 nations to block the computing traffic at nodes across the globe, according to current and former U.S. officials. A strategy for hacking directly into the adversary's network in Iran was rejected as too provocative, so the administration requested that its allies cut off the traffic locally and remove the malware from the servers being used as springboards for the assault. The U.S. State Department's Chris Painter says the administration made the argument that the countries do what they can to ameliorate the threat. "[They] have just as much of an interest in taking action because these are compromised machines," he says. The attacks subsided, and this approach yielded what officials call a response model for addressing other, similar incidents. Painter acknowledges the mobilization did not offer a complete panacea, but says it "certainly was very helpful in building that cooperative framework, and many countries were able to help."
Researchers Measure Smartphone Malware Infection Rates
University of Helsinki (04/08/14)
University of Helsinki researchers have found that Android devices have an infection rate of about 0.25 percent, which is significantly higher than the previous independent estimate. However, they say they have developed a technique to identify devices infected with previously unknown malware. The researchers based their estimate on anonymized data taken from more than 50,000 devices during a seven-month period. The researchers also hypothesized that smartphones infected with malicious apps could have other, benign apps in common, possibly because users purchase them all from the same app market. The researchers examined if it is possible to develop a technique to identify devices infected with previously unknown malware, and found this approach is up to five times more likely to identify infected devices than by choosing devices at random. The Malware Insights project is part of the research being done at the Intel Collaborative Research Institute for Secure Computing. The researchers presented their study last week at the 2014 World Wide Web conference.
Command a Glowing Robot Horde to Do Your Bidding
New Scientist (04/10/14) Paul Marks
Disney Research's Javier Alonso-Mora and colleagues have built palm-sized glowing robots that can scurry along the ground at the command of someone using a tablet or a gesture-sensing camera. Input is provided from a tablet running a drawing app or from a depth-sensing camera that discerns one's gazes. The robots can be directed by simply drawing with your finger on the tablet, or by lifting your arms up and down via the gesture sensor. A camera looks down at the platoon of dayglo pixelbots and feeds data on their formation into a computer. Commands are translated by an algorithm and transmitted to the robots. The swarm also is self-repairing and wirelessly self-organizing. The researchers say the more immediate goal is to use the robots to make images and support interaction for entertainment purposes, but in the longer term the research could help coordinate swarms in industrial settings, and aid in search and rescue surveillance and in implementing collision avoidance for driverless car fleets.
The New Pulse of Digital Music
UBC News (04/07/14) Basil Waugh
University of British Columbia (UBC) researchers have assembled the Laptop Orchestra, a digital music ensemble comprised of student musicians, dancers, composers, programmers, and hardware specialists, working to help electronic musicians find more creative and engaging ways to present their work. The Laptop Orchestra participants, led by professor Bob Pritchard, have developed software and hardware that enables performers to use their body movements to trigger programmed synthetic instruments or modify the sound of their live instruments in real time. For example, sensorUDP transforms musicians’ smartphones into motion sensors and enables performers to layer up to eight programmable sounds and modify them by moving their phone. "Emerging tools and techniques can help electronic musicians find more creative and engaging ways to present their work," Pritchard says. "What results is a richer experience, which can create a deeper, more emotional connection with your audience." He notes the system's motion technology helps non-musical collaborators feel more part of the show. "It's been a fantastic artistic and technical collaboration," Pritchard says. "We want to teach them the building blocks for successful collaborations, wherever their path takes them."
Student Devises Novel Way to Detect Hackers
Binghamton University (04/07/14) Todd R. McAdam
Binghamton University researchers are developing a real-time monitor that can identify intrusions into a computer network. They are working on technology that assesses the behavior of individual computers, instead of reviewing all programs run by a network to find the signature of one of millions of known malware programs. The technology works by monitoring system calls, which are the internal signals that accompany every computer operation and can reveal any function performed by the computer. The researchers first create a profile of the network's normal operation. When a network is attacked, a review of system calls can locate functionality that does not match the normalcy profile. The researchers say their method can identify the most advanced attacks, some of which are designed to corrupt just one specifically chosen computer system. The project is funded by the U.S. Air Force Office of Scientific Research. "This is like catching an intruder coming into your house," says Patricia Moat, a Binghamton doctoral student working on the project. "And it excites me to do something most people have never done."
Future Computers That Are 'Normally Off'
AIP Publishing (04/08/14) Jason Bardi
Japanese National Projects researchers have broadly outlined the future of spin-transfer torque magnetoresistive random access memory (STT-MRAM), which they say could radically alter computer architectures and consumer electronics. "Spintronics couples magnetism with electronics at the quantum mechanical level," says Japanese National Projects researcher Koji Ando. "Indeed, STT-MRAM no longer requires an electromagnetic coil for both writing and reading information." The researchers say STT-MRAM could lead to computers that use zero power during any short intervals when users are absent. The technology also could result in extremely energy-efficient personal devices powered by a hand crank or an embedded solar panel. These types of devices could be used in a wide range of applications, including mobile computing and wearable or embedded electronics for the healthcare, safety, and educational industries. However, some barriers still remain to fully developing the technology. "We need high-performance nonvolatile devices that don't require a power supply to retain information to create 'normally off' computers while simultaneously guaranteeing sufficiently high-speed operation to manipulate information," Ando says.
Call of Cyber Duty: Military Academies Take on NSA
Associated Press (04/10/14) Michael Hill
The U.S. National Security Agency's (NSA) annual Cyber Defense Exercise determines which of the five U.S. military service academies can create computer networks that can best withstand cyberthreats. The exercise mirrors the military's broader strategy of staying ahead of the curve in cyber operations, and motivates cadets to test their computer skills against their peers. "This is the Army-Navy game for our electrical engineering and computer science departments...this is our chance to beat the other service academies," says Army cadet Jason DeCoursey. The exercise is essentially a high-tech game of capture the flag in which the NSA team attempts to capture "tokens" embedded in the academies' networks. The academies for the Army, Navy, Air Force, Coast Guard, and Merchant Marines compete against each other, and the one that does the best job fending off the barrage of cyberattacks is declared the winner. The contest helps train cadets who want to specialize in cyber operations, a part of the military that is increasing in importance. For example, the new Army Cyber Institute aims to become a national resource for research, education, and advice on cyberdefense and operations.
A Faster Internet for Your Smartphones
Northwestern University Newscenter (04/07/14) Amanda Morris
Northwestern University researchers have developed Namehelp Mobile, a smartphone application that enables users to measure Domain Name Service (DNS) performance provided by their organizations and compare it with public DNS systems. The researchers found that users could improve their Web performance by as much as 150 percent by choosing the "right" DNS. "At first we wondered if DNS had an impact on performance," says Northwestern professor Fabian Bustamante, who developed the app along with Ph.D. candidate John Rula. "Does it matter? It turns out that it matters a lot." The researchers note cell phone carriers often lock down DNS service options on their devices, limiting consumer choice. But they hope cell phone carriers eventually will stop limiting DNS options and give customers the freedom to choose their own DNS. "Because consumers are locked into their DNS service, they don’t know what they are missing," Rula says. The researchers note that currently the only way to bypass this limitation is a rooted or "jailbroken" phone.
Abstract News © Copyright 2014 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: [email protected]
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.