Welcome to the November 7, 2014 edition of ACM TechNews, providing timely information for IT professionals three times a week.
Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).
HEADLINES AT A GLANCE
Governance Advocates See Crowdsourcing as Way to Fix Internet Ills
Reuters (11/06/14) Eric Auchard
Three leading governance entities--the Internet Corporation for Assigned Names and Numbers (ICANN), the World Economic Forum (WEF), and Brazil's Internet Steering Committee--announced the foundation of NETmundial, a new group to outline best practices for addressing complex Internet issues that will enable action through crowdsourcing and crowdfunding. NETmundial's goal is to promote solutions developed by existing technical bodies, government-led organizations, and national regulators, while aiming to include those bodies in its own Web governance strategy. The group plans to exchange ideas with organizations worldwide, with a particular focus on developing countries that lack Internet expertise. "Many solutions exist and sometimes, where there are no solutions, NETmundial will coalesce to help create solutions from the bottom up," says ICANN CEO Fadi Chehade. NETmundial's organizers say the group will serve as a base for participation, offering individuals, organizations, and governments tools for resolving non-technical issues that dog and fragment the Internet's operations. WEF managing director Richard Samans says his group's participation will complement its own initiative to prioritize Internet issues in government and corporate leaders' agendas. Organizers say NETmundial is designed to support any aspiring participants via its website, including individuals and organizations. The coordination council running the group will make decisions through rough agreement instead of voting.
New Research Shows Vulnerability in Mobile Phones' Applications Offering Voice Communication Security
UAB News (11/05/14) Katherine Shonesy
Researchers at the University of Alabama at Birmingham (UAB) are studying the security vulnerabilities of video- and voice-over-Internet Protocol communications. The researchers developed attacks that uncovered vulnerabilities in a currently used security scheme, and once those weaknesses were identified, the team suggested alternatives that may protect against potential attacks, focusing on a peer-to-peer mechanism known as Crypto Phones. Crypto Phones is a security measure claiming to completely address the problem of wiretapping, in which users orally exchange information resulting from a cryptographic protocol employing Short Authenticated Strings to confirm each other's identity. The researchers found this security tool is vulnerable to automated voice mimicry attacks. One potential defense to these attacks could be the integration of an automated voice recognition or voice biometrics system into Crypto Phones, according to the researchers. "The results bring to light the threats of conceived voice privacy, and should serve as notice to users to pay careful attention to the potential security weaknesses in the future," says UAB Ph.D. student and project leader Maliheh Shirvanian. The researchers presented their findings this week at the 21st ACM Conference on Computer and Communications Security in Scottsdale, AZ.
18F Hackathon Aims to Involve More Women in Civic Tech
Federal Computer Week (11/06/14) Colby Hochmuth
The U.S. General Services Administration's (GSA) 18F innovation hub is hosting the federal government's first female-centric hackathon today at its offices at GSA headquarters. The Women in Tech and Data event will be equal parts hackathon and training day, with participants working on various projects, such as the government's Midas government improvement marketplace and a hub for Freedom of Information Act requests. Participants also can attend training sessions on advanced open source technology, user-centered design, and other topics. The event is the brainchild of 18F project manager Leah Bannon, who was dismayed by how few women she saw at the hackathons she was attending. "I was going to a lot of hackathons, and I felt like they were really good, valuable learning and networking opportunities, and I was the only woman at a lot of them," Bannon says. "I didn't like that women were missing out on that opportunity." The event is being targeted at women in government and women who would like to work in government, but it will not be closed to men; several of 18F's male team members are helping to administer the event.
From Quantified Self to Personalized Medicine
HPC Wire (11/06/14) Tiffany Trader
California Institute for Telecommunications and Information Technology (Calit2) founding director Larry Smarr recently discussed a potentially transformative approach to living things that could significantly impact health care and medicine during the University of Washington Computer Science and Engineering Distinguished Lecture series. Smarr hypothesized that sensor miniaturization could enable people to obtain reads-outs of their bodies in real time to help improve their well-being. He said such an approach would tap data related to nutrition, exercise, sleep, and stress. Smarr is a participant in a nine-month study undertaken by the Institute for Systems Biology concentrating on predictive, personalized, preventive, and participatory medicine. The data sets the wellness project will assess include self-tracking devices, medical history and lifestyle, food journals, bodily fluid testing, gut microbiome, and whole genome sequencing. As part of the initiative, Smarr is probing microbiome ecology variances across healthy and sick populations, and his team has already used 25 central processing unit (CPU) years on the San Diego Supercomputing Center's Gordon supercomputer and another 35,000 cores on Dell's Sanger cluster. The researchers are seeking an additional 1 million or 2 million CPU hours to round out the experiment, and the project is set to transfer data from R Systems/Dell in Urbana Champaign, IL, to Calit2 on a dedicated 10 GB connection.
UW Study Shows Direct Brain Interface Between Humans
UW Today (11/05/14) Michelle Ma
Researchers at the University of Washington say they have replicated a direct brain-to-brain connection they first demonstrated in August, enabling someone to move the hand of another person just by thinking about it. The researchers used a pair of non-invasive instruments and software to carry out the brain-to-brain communication. One participant, the sender, was connected to an electroencephalography machine, which recorded the electrical activity of their brain, which was then sent via the Internet to a transcranial magnetic stimulation coil worn by the other participant, the receiver. The participants were located in separate buildings and were unable to communicate with each other any other way. The sender was watching a computer game that involved firing a cannon to intercept rockets being launched at a city, but was unable to interact with the game, while the receiver's hand was poised over the touchpad that controlled the cannon. The sender would think about clicking the touchpad to fire the cannon and in another building the receiver's hand would twitch accordingly. During testing with six participants, the researchers achieved accuracy rates ranging from 25 to 83 percent. They plan to continue their research and hope to develop methods of transmitting not just motor commands, but concepts, thoughts, and rules.
Hour of Code to Launch in U.K.
ComputerWeekly.com (11/06/14) Kayleigh Bateman
Code.org wants to expand its worldwide campaign to 100 million people, and is now focusing on the United Kingdom. The organization's Hour of Code encourages individuals to learn the basics of computer programming in 60 minutes. The U.K. campaign will run Dec. 8-12 and will feature tutorials such as creating an Angry Bird app. In the United States, the campaign estimates it has reached nearly 20 million students. Hour of Code U.K. head Avid Larizadeh says the campaign wants to ensure the next generation recognizes the potential of the digital world and how to succeed in it. Hour of Code U.K. is being supported by Baroness Martha Lane Fox, Ian Livingstone, Sherry Coutu, Karen Price, and digital adviser to the prime minister Baroness Joanna Shields. Code.org also has launched a crowd-funding initiative to raise $5 million to train 10,000 computer science teachers worldwide. Code.org donors, including Microsoft, Google, Bill Gates, and LinkedIn co-founder Reid Hoffman have agreed to match donations up to $2.5 million. Separately, a coalition of teachers, industry, and the U.K. government launched the Year of Code initiative in early 2014 to boost computer training for teachers to ensure students are enthusiastic about computer science year-round.
Contactless Cards Fail to Recognize Foreign Currency
Newcastle University (United Kingdom) (11/01/14)
Newcastle University researchers say a flaw in Visa's Europay-MasterCard-Visa (EMV)-based contactless payment card system could enable hackers with Android smartphones to approve unlimited cash transactions without a PIN when the amount is requested in a foreign currency. The researchers say they have generated a proof-of-concept attack with a near-field communications-enabled Android smartphone, used in tandem with a rogue app that can masquerade as a point-of-sale (POS) terminal and deceive contactless cards into authorizing payments of less than $1.3 million. The hackers would then send those transactions to a rogue merchant account created in one of the dozens of EMV payment-accepting countries. "With just a mobile phone, we created a POS terminal that could read a card through a wallet," says Newcastle's Martin Emms, the project's lead researcher. He notes since all checks are performed on the card and not the terminal, there is nothing to provoke suspicions at the POS. "By presetting the amount you want to transfer, you can bump your mobile against someone's pocket or swipe your phone over a wallet left on a table and approve a transaction," Emms warns. The research was presented this week at the 21st ACM Conference on Computer and Communications Security in Scottsdale, AZ.
Extracting Data From Air-Gapped Computers Via Mobile Phones
Help Net Security (11/04/14)
Ben-Gurion University researchers have developed a technique to secretly extract data from an air-gapped computer by assuming an attacker has already compromised a computer containing sensitive data, and is now seeking to extract it without anyone noticing. The researchers demonstrated a mobile phone with an FM radio receiver can be used to withdraw the data by collecting radio signals emitted by the compromised computer. The research shows textual and binary data can be transferred from a physically isolated computer to mobile phones at a distance of from one to seven meters. The transfer is relatively slow at 13 Bps to 60 Bps, but still fast enough to extract data such as passwords. The researchers believe this type of attack already is being performed by intelligence agencies, including the U.S. National Security Agency. The researchers note there are ways to prevent this type of attack, such as "physical insulation, software-based reduction of information-bearing emission, and early encryption of signals." They also note that although "it is known that software can intentionally create radio emissions from a video display unit, this is the first time that mobile phones are considered in an attack model as the intended receivers of maliciously crafted radio signals."
How to Exchange Encrypted Messages on Any Website
Technology Review (11/05/14) Tom Simonite
A new prototype Web browser extension called ShadowCrypt has been created by researchers at the University of California, Berkeley and the University of Maryland. Users of ShadowCrypt and the intended recipient of tweets or email see normal text, while site operators or anyone else looking at or intercepting a posting would see a garbled string of letters and numbers. "We wanted to show how you could make a practical, fast mechanism that is easy to use," says Devdatta Akhawe, who helped develop ShadowCrypt as a graduate student at Berkeley. Akhawe and colleagues tested ShadowCrypt on 17 different major Web services, and found the technology worked on 14, including Facebook, Twitter, and Gmail. ShadowCrypt can be used by installing the extension and then creating encryption keys for each website. A small padlock icon at the corner of every text box indicates ShadowCrypt is hiding the garbled encrypted version that will be submitted when the send or post button is hit. Other people can read that text if they are provided with the encryption key, and multiple keys can be generated for any one site.
Giving Robots a (Better Than) Human Touch
Government Computer News (11/04/14) Patrick Marshall
In order to further automate assembly lines, hospitals, and data centers, researchers need to develop machines that can perform certain actions as well as humans, such as manipulating objects. To meet this need, researchers at the Massachusetts Institute of Technology (MIT) and Northeastern University have demonstrated a robot that can grasp an unattached USB cable and insert it into a USB port. The device's tactile sensor uses optics instead of pressure sensitivity to guide the connector into the port. The GelSight sensor has a layer of transparent synthetic rubber on one side, which conforms to the object it is pressed against; light that bounces off the magnetic paint that covers the layer is gauged to identify shape and the amount of pressure being applied to an object. "The GelSight sensor...has high resolution in sensing," says Northeastern professor Robert Platt. "It detects a lot of detail in the surface texture of the things that it is touching." The researchers note the sensor is about 100-times more sensitive than a human finger. Algorithms developed by MIT professor Edward Adelson are fast enough to give the robot feedback in real time, enabling it to make adjustments for a successful insertion. Platt says the technology also is comparatively inexpensive, lending itself to commercialization.
Students Get Hands-on Experience With Open Testbed for Cybersecurity Research
Campus Technology (11/04/14) Dian Schaffhauser
The University of Southern California's Cyber Defense Technology Experimental Research (DETER) Project oversees the DETERLab Education Site, a free worldwide resource. About 600 researchers in 16 countries currently use the lab to advance their work in security fields, while 67 institutions use the testbed to run cybersecurity activities as homework or semester-long labs in their computer science courses. Students can work through the exercises without breaking or attacking "something for real," notes DETER principal investigator Terry Benzel. The lab's activities include buffer overflows, man-in-the-middle attacks, worm modeling and detection, denial-of-service attacks, forensics, and monitoring. One professor from Washington State University doing work in power grids has developed exercises for securing distributed systems. Students can create and manipulate an experiment by using a Web-based interface to request, reconfigure, or release lab resources. They also can launch their own variations in network setup or computing components. Once an instructor has access to the site, they create an educational project in DETERLab and assign exercises to the students. All network communication is isolated to enable the exercises to run malicious code and perform destructive actions that simulate real-life situations.
New Tech Aims to Improve Communication Between Dogs and Humans
NCSU News (10/30/14) Matt Shipman
North Carolina State University (NCSU) researchers have developed a suite of technologies that can be used to enhance communication between dogs and humans. "We've developed a platform for computer-mediated communication between humans and dogs that opens the door to new avenues for interpreting dogs' behavioral signals and sending them clear and unambiguous cues in return," says NCSU professor David Roberts. The platform is a harness, worn by the dog, which is equipped with a variety of technologies, including one that enables humans to communicate with dogs, and another that enables dogs to communicate with humans. "Dogs communicate primarily through body language, and one of the challenges was to develop sensors that analyze this behavior by observing their posture remotely," says NCSU Ph.D. student Rita Brugarolas. "We developed software to collect, interpret, and communicate those data, and to translate human requests into signals on the harness." The platform also includes physiological sensors that monitor heart rate and body temperature, offering information on a dog's emotional state, such as whether it is excited or stressed. "This platform is an amazing tool, and we're excited about using it to improve the bond between dogs and their humans," says NCSU professor Barbara Sherman.
Casting Light on the Internet's Shadows (and Shadowing)
Princeton University (11/05/14) Catherine Shen
In an interview, Princeton University professor Arvind Narayanan and the Center for Information Technology Policy's (CITP) Solon Barocas discuss the ethical and social ramifications of online tracking. Barocas says his focus at CITP is applying his expertise to the ethics of data mining on the Web, which feeds into the Web Transparency and Accountability Project (WebTAP) Narayanan founded to address complex issues related to online privacy. Narayanan says WebTAP's operating precept is greater transparency is always better in the long term, and he notes "even if only a fraction of consumers makes choices based on privacy, it can exert a significant pressure on companies to change their practices." He cites a study finding the practice of cookie syncing, which enables different tracking firms to match Web user identities with each other and share user-related data beyond the reach of WebTap transparency tools, is rampant. Barocas warns differential treatment of users stemming from data use can harm regular Web users; for example, contextual ads for arrest records returned by Google searches for black-sounding names. Narayanan notes Web transparency research has reached a critical point with the integration of online and offline tracking, and there must be more transparency about targeting to deal with its potential for further profiling and manipulation.
Abstract News © Copyright 2014 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: [email protected]
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.