Association for Computing Machinery
Welcome to the August 17, 2016 edition of ACM TechNews, providing timely information for IT professionals three times a week.

Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).


Powerful NSA Hacking Tools Have Been Revealed Online
The Washington Post (08/16/16) Ellen Nakashima

The online exposure of some of the most powerful hacking tools developed by the U.S. National Security Agency (NSA) in recent days could threaten the agency's operations and the security of government and corporate computers. Several former employees of NSA's Tailored Access Operations (TAO) division believe the 300-megabyte file is legitimate, and its leaking is likely the result of an error by an NSA operator and not a network hack by a foreign government. "Without a doubt, they're the keys to the kingdom," says one ex-TAO hacker. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad." Former TAO operator Blake Darche reports the exploits in the file are expensive and sophisticated software designed to hijack firewalls used "in the largest and most critical commercial, educational, and government agencies around the world." Several exploits were code that leveraged zero-day weaknesses in firewalls that remain unpatched. Attached to the file cache was an "auction" note in which the group behind the disclosure, which calls itself the Shadow Brokers, said it would sell a second set of hacking tools to the highest bidder, and threatened to release the toolset publicly if the auction raised 1 million bitcoins (about $500 million).
View Full Article - May Require Free Registration | Return to Headlines | Share Facebook  LinkedIn  Twitter 

U.S. Says Transfer of Internet Governance Will Go Ahead on Oct. 1
IDG News Service (08/17/16) John Ribeiro

The U.S. will move forward with its plan to transfer governance of the Internet domain name system (DNS) to a multi-stakeholder entity on Oct. 1. National Telecommunications and Information Administration (NTIA) administrator Lawrence E. Strickling on Tuesday said his agency notified the Internet Corporation for Assigned Names and Numbers (ICANN) that "barring any significant impediment," NTIA plans to permit its Internet Assigned Numbers Authority (IANA) contract with ICANN to expire as scheduled. ICANN last week announced that the nonprofit public benefit corporation Public Technical Identifiers had been incorporated in California to run IANA's functions after the transition was complete, which includes responsibility for the coordination of the DNS root, Internet Protocol (IP) addressing, and other IP resources. Congressional Republicans and some conservative groups have opposed the proposed transition, out of concern the transfer will turn Internet control over to foreign governments, including some reputed for impeding online activity. Twenty-five advocacy organizations last week asked the U.S. Congress to litigate to enforce riders barring the use of taxpayer money on the IANA handoff. NTIA says ICANN's transition proposal calls for governments to serve as advisers via the U.S. Governmental Advisory Committee, although there are no provisions to broaden government influence over the DNS or ICANN as an organization.

Ford Says It Will Have a Fully Autonomous Car by 2021
Associated Press (08/16/16) Dee-Ann Durbin

Ford Motor on Tuesday announced it plans to have a fully driverless vehicle on the road within five years. "This is a transformational moment in our industry and it is a transformational moment for our company," says Ford CEO Mark Fields. At first the car, which will have no steering wheel or pedals, will be used for commercial ride-hailing or ride-sharing services, with sales to consumers coming later. Other car companies plan to gradually add self-driving capabilities to traditional cars, but Ford is taking the same approach as Google, which supports moving directly to self-driving cars once the technology is perfected. Although Ford chief technology officer Raj Nair says the company will continue developing systems that assist drivers, such as autonomous emergency braking or lane-departure warning, Ford believes semi-autonomous systems that can operate the car and then give control back to the driver are more dangerous because it is difficult to ensure drivers stay engaged and ready to take over operating the vehicle. "We learned that to achieve full autonomy, we have to take a completely different path," Nair says. Ford's vehicle will be specifically designed for commercial mobility services, and will be available in high volumes.

China's Latest Leap Forward Isn't Just Great--It's Quantum
The Wall Street Journal (08/15/16) Josh Chin; Vivian Pang

China on Tuesday launched the first-ever quantum-communications satellite into orbit, the end product of a five-year project that could position China at the forefront of a key area of hard-science research and expand the range of unbreakable communication. "There's been a race to produce a quantum satellite, and it is very likely that China is going to win that race," says University of Geneva professor Nicolas Gisin. "It shows again China's ability to commit to large and ambitious projects and to realize them." Researchers say few other world powers can match China's strategic commitment to quantum technology research; U.S. federal quantum research funding is about $200 million annually, compared to China's $101-billion outlay for basic research last year. Quantum satellite project leader Pan Jianwei says a linchpin of the work has been China's attempts to entice native Chinese quantum physics experts educated abroad back to their home country. "We've taken all the good technology from labs around the world, absorbed it, and brought it back," Pan says. New America fellow John Costello says China's quantum investment is likely partly fueled by fear of U.S. cyber capabilities and the penetration of Chinese networks, as well as efforts to build quantum computers that can crack seemingly impenetrable encryption.
View Full Article - May Require Paid Subscription | Return to Headlines | Share Facebook  LinkedIn  Twitter 

Colleges Partner With Training Boot Camps and Online Course Providers for Federal Experiment
The Washington Post (08/16/16) Danielle Douglas-Gabriel

Eight public and private universities will partner with companies that run computer programming boot camps or online courses for an experiment that lets students pay for nontraditional training programs with federal grants and loans, according to the U.S. Department of Education (DoE). The goal of the Educational Quality through Innovative Partnerships project is to give non-affluent people access to innovative education and quality training. DoE undersecretary Ted Mitchell says providers anticipate enrolling about 1,500 students in the program's first year, with Pell grant recipients using the awards to cover the full cost of some courses. DoE plans to allocate up to $5 million in Pell grants in the program's first year. Independent, third-party organizations such as Quality Matters will vet the participating teams' initiatives for quality assurance, to make sure students' experiences and outcomes fulfill the programs' claims. "The end goal is to provide the criteria and transparency for the program to demonstrate how well it can meet rigorous standards and how it can improve on the measures that define and support student success," says Quality Matters executive director Deb Adair. Among the industries the program seeks to bolster are advanced manufacturing, coding, Web development, and business administration.
View Full Article - May Require Free Registration | Return to Headlines | Share Facebook  LinkedIn  Twitter 

Unearthing Trackers of the Past: UW Computer Scientists Reveal the History of Third-Party Web Tracking
UW Today (08/15/16) James Urton

Third-party Web tracking raises issues about privacy and profiling, and University of Washington (UW) researchers last week presented the first comprehensive history of such tracking across the last 30 years at the USENIX Security Conference in Austin, TX. They extracted and analyzed tracking behaviors on a given Web page using a new tool called TrackingExcavator. UW graduate student Adam Lerner and colleagues designed TrackingExcavator to compile data from the Wayback Machine, an open access archive of preserved websites that goes as far back as 1996. "We had to develop techniques to extract tracking information from the archive," says UW doctoral student Anna Kornfeld Simpson. "For example, we collected tracking cookies from archived HTTP headers and Javascript and then simulated the browser's cookie storage behaviors to detect tracking behavior." The historical overview found the average number of third-party requests on top websites has risen from less than one in 1996 to about 1.5 in 2016. In addition, the average top site currently has at least four third-party trackers studying user activity, on average. Moreover, prior to 2003, no one tracker could monitor browsing behavior on more than 5 percent of the most popular sites, versus at least 20 percent today.

Researchers Map Netflix's Content Delivery Network for the First Time
Queen Mary, University of London (08/16/16)

Queen Mary University of London (QMUL) researchers have determined the network infrastructure used by Netflix for its content delivery by mimicking the film request process from all over the world and analyzing the responses. The researchers found servers deployed at 233 locations across six continents, and the results show the U.S. accounts for a vast majority of the traffic, followed by Mexico, Britain, Canada, and Brazil. The findings confirm the importance of various regions as major Netflix markets, as indicated by the number of servers in them. As part of the study, which took place in April and May 2016, five QMUL researchers requested videos from university computers, localizing the requests using a browser extension. They studied the traffic delivered by the servers in each region, emphasizing the relative reliance on Internet eXchange Points and Internet Service Provider servers. In North America, Netflix is present in many locations simultaneously, but in Europe Netflix servers are deployed at only a few locations per country. "The different deployment strategies observed are caused by inherent regional differences, forcing Netflix to adapt its strategy to ensure low movie startup times and to avoid video stalling during playback," says QMUL researcher Timm Boettger.

Stanford Hosts AI Camp for Girls
Campus Technology (08/16/16) Dian Schaffhauser

Stanford University held a summer program to introduce high school girls to artificial intelligence. The two-week program covered flying drones, how autonomous cars work, diving robots, and machine learning for healthcare. The program was developed by Stanford researcher Olga Russakovsky and professor Fei-Fei Li, who were motivated by what they call a "desperate" need to bring more women into the field. The students also were introduced to the concepts of design thinking, inductive reasoning, the growth mindset, and time management. In addition, the participants met and interacted with women who work at companies such as Google, Intel, and Airbnb, and held question-and-answer sessions with industry representatives, such as former ACM president Maria Klawe, the head of Harvey Mudd College. This year's projects studied the use of natural-language processing to assist in disaster relief, using computer vision to make hospitals safer, decoding DNA, and examining personal transportation in the era of self-driving cars. In each of the first two years of the program, more than 200 students applied for 24 spots. Although 76 percent of the applicants came from California, students from around the world also applied.

New Computer Program Replicates Handwriting
UCL News (08/12/16) Tom Butler

Researchers at University College London (UCL) have developed software that can analyze and mimic a person's handwriting. They say the "My Text in Your Handwriting" program examines a sample of a person's handwriting and uses that data to generate a new text in the same handwritten style. The machine-learning algorithm learns an individual's pattern of writing and replicates the author's specific character choices, pen-line texture, the connecting strokes between characters, and spacing. The researchers tested the program's accuracy by asking people to distinguish between handwritten envelopes and ones forged by the software, and people were fooled by the software 40 percent of the time. "Our software has lots of valuable applications," says UCL's Tom Haines. "Stroke victims, for example, may be able to formulate letters without the concern of illegibility, or someone sending flowers as a gift could include a handwritten note without even going into the florist." Although the method could be used to forge documents, UCL's Gabriel Brostow says it also could help detect forgeries by quantifying the odds that something was forged.

World Should Consider Limits to Future Internet Expansion to Control Energy Consumption
Lancaster University (08/11/16)

Researchers at Lancaster University think the world should consider ways to limit data growth on the Internet in order to prevent runaway energy consumption and help limit carbon emissions. In their discussion paper, the researchers argue the growth of the Internet of Things (IoT) has the potential to bring unprecedented and, in principle, almost unlimited rises in energy consumed by smart technologies. The paper highlights the fact that Internet usage has increased significantly in recent years as users watch more video, stream programs on smart TVs, check their social media accounts, and track their fitness. They say this increase in data use has brought with it a rise in energy use, despite energy efficiency improvements. The researchers contend until this point, there has always been a potential ceiling for increases in data on the Internet. However, autonomous streaming of data by billions of sensors built into a range of IoT devices removes the existing potential constraints to the growth in Internet energy consumption. "The Internet of Things is still in the making and it is important to consider existing ideas for a 'speed limit' to the system, especially in comparison to having to retrospectively reduce Internet traffic in the future," says Lancaster University researcher Mike Hazas.

Robot Octopus Points the Way to Soft Robotics With Eight Wiggly Arms
IEEE Spectrum (08/15/16) Cecilia Laschi

Several labs from European and Israeli universities came together in 2009 to build a robot replica of an octopus. The researchers wanted to demonstrate the many advantages of a machine that could flex and squish as needed. For the Octopus Integrating Project, the team constructed a prototype arm using shape-memory alloy springs to stand in for the longitudinal and transverse muscles found in the limbs of a real octopus, and sent current through different sets of springs to make the underwater arm bend at multiple points, shorten, elongate, and grasp objects. The researchers developed mathematical models to test various aspects of the arm's design, added hydrodynamic factors, considered the texture and composition of the surfaces over which the octo-bot would crawl, used an evolutionary algorithm to explore movement, and then identified an arrangement that would generate the correct amount of propulsive force to produce the desired crawling movement. The octo-bot proved simple to control and could mimic the four-step crawling observed in the real animal. As part of a related project called PoseiDrone in 2012, a prototype was tossed into the Mediterranean Sea, where it responded accurately to user commands.

New Hacking Technique Imperceptibly Changes Memory Virtual Servers
Vrije University Amsterdam (08/11/16)

Vrije University Amsterdam researchers have developed a method to alter the memory of virtual machines in the cloud without a software bug, using a new attack technique. The researchers say the technique enables an attacker to crack the keys of secured virtual machines or install malware without being noticed. They say it is a new deduplication-based attack in which data can be viewed and leaked, as well as modified, using a hardware glitch, enabling an attacker to order the server to install malicious and unwanted software or to allow logins by unauthorized persons. With the new attack technique Flip Feng Shui, an attacker rents a virtual machine on the same host as the victim. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. This merges identical pages in order to save space, and that page is stored in the same part of the memory of the physical computer. An attack can now modify the information in the general memory of the computer by triggering a hardware bug called Rowhammer, which causes bits to flip from 0 to 1 or vice versa, to find the vulnerable memory cells and change them.

UMD Researchers Develop Tool to Counter Public Health IT Challenges
UMD Right Now (08/09/16)

Researchers at the University of Maryland studying the rollout of an electronic health records system in Maryland say a new tool can help public health officials better understand their information technology (IT) capabilities. The observed shortcomings of the system prompted the team to develop the Public Health Information Technology Maturity Index. "We uncovered a host of barriers and obstacles to effective use of information, including the complexity and usability of the software, the inability of the software to support certain unique public health reporting needs, the learning curve for public health workers, and the lack of standards for effective data exchange," says Ritu Agarwal, Robert H. Smith Dean's Chair of Information Systems. The researchers say the findings do not bode well, either for crisis response or for proactive crisis anticipation. The team collected data via staff interviews, staff observations, patient focus groups, and staff surveys to create the index with a questionnaire and scoring guide. The index is divided into four IT-based categories: Scale and scope of use; quality; human capital, policy, and resources; and community infrastructure. The researchers say seamless information sharing between public health officials and doctors will be needed for effective crisis response.

Abstract News © Copyright 2016 INFORMATION, INC.
Powered by Information, Inc.

To submit feedback about ACM TechNews, contact: [email protected]