Researchers at Johns Hopkins University say software in Diebold Election Systems' voting machines could allow multiple fraudulent votes or let election workers rig the systems. Johns Hopkins Information Security Institute technical director Aviel D. Rubin has published the software's long list of security shortfalls on the Web. Experts have previously called for an open review of such systems, while companies have refused to publish their proprietary technology. The research team retrieved the software code from Diebold's Web site, and a company representative said it could have been up to a year old and updated since then. Diebold is the largest provider of electronic voting machines, with approximately 33,000 machines operating in the U.S., and counts Maryland and Georgia, as well as many counties, among its customers. The system uses a smart card issued to the voter, but Rubin's work showed someone with just about $100 worth of electronic equipment could produce fake smart cards and cast multiple ballots. In addition, the system was vulnerable to rigging by election site workers. Co-researcher Adam Stubblefield said the testing was very rigorous and would have revealed flaws in all but the best software, but added that the potential threat merited the highest precautions. Still, the researchers admitted their study was limited to the software and they could not account for the overall security system, which partially depends on how elections are conducted.
http://www.nytimes.com/2003/07/24/technology/24VOTE.html
(Access to this site is free; however, first-time visitors must register.)

Lack of IT integration and official cooperation kept U.S. intelligence agencies from preventing the Sept. 11 hijacking plot, according to a joint inquiry by House and Senate Select Committees on Intelligence. Sens. Bob Graham (D-Fla.) and Richard Shelby (R-Ala.) both felt the terrorist attacks could have been prevented if proper organizational and IT systems had been in place. According to a 900-page report and testimony from intelligence agents, important clues such as email from the Phoenix FBI office that failed to reach relevant colleagues even within the same agency. Several FBI agents complained about the difficulty of cross-referencing FBI and CIA criminal databases, which still are not integrated. Even the FBI's own system was not trusted by agents, who would either restrict access to the information or leave out sensitive details for fear the system was not secure. FBI director Robert Mueller said the agency was just months away from completing a major IT overhaul that focuses on analytics desktop tools and hardware for each agent. The congressional investigators also uncovered high-level competition between National Security Agency (NSA) and CIA officials, who feared the other agency was encroaching on their roles or attempting to control key technologies. NSA director Lt. Gen. Michael Hayden said today's situation required more than an IT overhaul, and implied IT failures were an expression of deeper organizational failures.
Click Here to View Full Article

Researchers at NASA's Jet Propulsion Laboratory and the State University of New York at Buffalo are developing and experimenting with network and sensor technologies designed to allow people to experience virtual tactile sensations. Adriane Hooke of the Jet Propulsion Laboratory is spearheading an initiative to build networking protocols that could form the basis of an outer-space Internet linking satellites, robots, and other types of interplanetary equipment. The effort is part of NASA's Deep Space Network, a project involving a trio of Earth-based antenna arrays designed to communicate with spacecraft and carry out scientific probes. Hooke forecasts that the next 15 years will witness the emergence of interplanetary telepresence, and says that one day, "You can have data sent back from a robotic sensor in space and recreate the information in a virtual reality-like environment on Earth, so you could feel like you were roaming around on Mars." A key element of such a device is haptics technology, and University of Buffalo researchers led by Virtual Reality Lab director Thenkurussi Kesavadas have made a significant breakthrough with a sensor glove that allows its wearer to feel the sensations experienced by another person through an Internet connection. So far glove users can only feel hard or soft objects and the contour of specific shapes, though Kesavadas expects the next-generation Internet will help refine the glove's haptics ability so that users can feel fabrics or skin, for example. He explains that interacting with the glove is similar to showing how a child to write by guiding his or her hand, adding that "With our technology, you can do and feel, which leads to learning." Kesavadas predicts that simple Internet touch applications will find their way into the game industry within a few years.
http://www.csmonitor.com/2003/0724/p14s01-stin.html

Companies that wish to make customer service more efficient and effective are using software agents that interact with clients in order to identify and solve their problems faster, but the technology's applications are not restricted to consumer interfaces--the U.S. military is also using virtual agents to enhance combat tactics. Furthermore, researchers are trying to embed social intelligence into the agents, providing users with a more dynamic computer interface that can intuit their emotional states and take appropriate measures. LiveWire Logic's RealDialog Agents, a product that combines computational linguistics and artificial intelligence, is programmed to respond to customer inquiries accurately, consistently, and immediately via interactive text-based conversations that obviate the need for human intervention. LiveWire reports that the software can defuse the stress on all customer support touch points and reduce customer support and call center costs. RealDialog's utilization of drag-and-drop and automated-authoring technology makes design and management easy, even for nonprogrammers. Meanwhile, Vanderbilt University and the University of Southern California recently won a major contract with the Office of Naval Research to supply computer software that can assist battlefield tactics by lowering risk, raising the odds for mission success, and supporting the objectives of mission commanders, according to Robert Neches of USC's Information Sciences Unit. The Vanderbilt-USC technology, Autonomous Negotiating Teamware, helps coordinate combat air squadrons through the communication of individual software modules that exchange information and make balanced decisions. University of Southampton researchers have devised a software agent with learning algorithms so it can adjust to user requirements and manage users' schedules like a virtual butler.
http://www.technewsworld.com/perl/story/31172.html

Anti-spam solutions should leverage the existing constraints of spam operators rather than impose radical new changes in the Simple Mail Transfer Protocol (SMTP) standard, writes Cloudmark chief scientist Vipul Ved Prakash. Spammers must change the content of their message (a meme) regularly, find ways to by pass filtration systems, and send millions of messages from comparatively few IP addresses in a short time. Anti-spam systems that address these issues make life much tougher for spammers while saving the integrity of SMTP. By identifying spam memes quickly and then sharing with other intended recipients, for instance, anti-spam systems can inoculate those in-boxes from messages containing that meme. Some of the best solutions would combine constraints, like blocking mail from certain domains when that mail contains a spam meme. That would allow legitimate mail from that domain, which could be a popular ISP. Besides these combination solutions, spam-fighting measures should be careful not to infringe on the basic merits of SMTP email. Digital signature schemes do a relatively good job of this because they judge individual pieces of mail instead of entire domains. Payment systems are a worse solution since Prakash argues that email needs to remain free. He says anti-spam software should strive to allow email sent to and received from strangers, as well as pseudoanonymous messages.
http://www.technologyreview.com/articles/dialog0703.asp

Consumer electronics firms and wireless networking companies are pushing for a special ZigBee, or 802.15.4 standard that would enable location applications with a new alternative physical layer (PHY). Applications would be able to locate a single tagged product in a warehouse, or scan an entire pallet of tagged items instead of each one individually. IEEE 802.15.4a Interest Group chair Larry Taylor says IEEE rules require technical requirements and applications to be defined before official specification can start, but that ultrawideband is an ideal technology. Once developed, 802.15.4a would remain low-power, low-data rate, and low-cost, broadcasting up to 75 meters in the unlicensed 2.4GHz band. In contrast, the new home networking standard currently under construction, 802.15.3a, emphasizes high speed and short range for applications such as high-definition video streaming. The fourteen companies comprising the 802.15.4a Interest Group expect to be granted official study group status soon, and next need to tackle the criteria that set their proposed standard apart from existing specifications. Taylor says that, in addition to location properties, the new standard could also allow extremely low-power applications. He says, "I think if you can have an active radio communication device that consumes a small enough amount of power then you can start thinking about using those in an almost unlimited range of applications."

Copyright holders' determination to clamp down on digital file-swapping with threats of litigation is prompting swappers to seek out more private networks, while developers are devising new technology to avoid traffic bottlenecks and other problems plaguing older networks. These two objectives often conflict, as demonstrated by the dilemma faced by BitTorrent users. BitTorrent is a software program that has grown popular because of its ability to facilitate the swapping of large files such as movies and TV shows by segmenting those files into many small units. The software lacks the search function common to older networks such as Kazaa and Napster, and instead uses BitTorrent system connections posted on Web pages. The connections direct users to "tracker" software that traces hosts for a given file and its elements, and that steers surfers to another machine for duplication, thus allowing files to be downloaded rapidly. However, BitTorrent creator Bram Cohen warns that the software has no anonymity features, and strongly advises against using the program to distribute copyrighted material. The software is better suited for distributing open-source programs and other uncopyrighted files, in his opinion. Popular BitTorrent Web sites such as Torrentse.cx and Bytemonsoon.com have closed in recent weeks in response to warnings of copyright infringement, denial-of-service attacks, or bandwidth overload.

As transistor density in electronic circuits increases and the transistors themselves decrease in size, lithographic manufacturing becomes increasingly expensive. An alternative technique, molecular self-assembly, is cheap and methodical, but can lead to faults and does not accommodate strict fabrication parameters, according to University of Wisconsin-Madison chemical engineer Paul Nealey. Scientists at UW-Madison and Switzerland's Paul Scherrer Institute have developed a method that melds the best elements of both lithographic and spontaneous chemical assembly while keeping drawbacks to a minimum, which could lead to personal data assistants, computers, and cell phones with ultra dense storage capacities. "Tremendous promise exists for the development of hybrid technologies...in which self-assembling materials are integrated into existing manufacturing processes to deliver nanoscale control and meet exacting fabrication constraints," proclaims Nealey, who co-authored a report on the technique published in the July 24 issue of Nature. The international research team lithographically etched patterns in the surface of a polymeric substance, then deposited a thin layer of block copolymer molecules on the substrate. The molecules arranged themselves into the configurations etched on the underlying material, without any defects. Nealey notes that the hybrid manufacturing method shows the most promise in the creation of magnetic storage media boasting the highest possible capacity per unit area, as well as new microelectronic equipment with unmeasured potential. The research, which was partly bankrolled by the National Science Foundation's Materials Research Science and Engineering Center and the Semiconductor Research Corporation, was carried out at the Center for NanoTechnology at UW-Madison's Synchrotron Radiation Center.

The potential for Linux to serve as an embedded operating system was the topic of discussion during a presentation at the 2003 Linux Symposium at Ottawa's Congress Center. Tim Riker, the senior Linux technologist for Texas Instruments, suggested that there are huge opportunities for Linux as an embedded operating system, but stressed that some minor adjustments will need to be made. Embedded operating systems are being used to power personal digital assistants (PDAs), as well as home stereo equipment and other devices. In particular, Riker noted that having an open-source operating system serve as an embedded operating system in mobile devices is a challenge because the storage and battery life of the portable devices limits their kernel size. Removing unnecessary features in kernels is one way to overcome this obstacle. The General Public License is a legal issue for manufacturers who do not want to release source code for devices, as developers are required to release the code of GPL software if they customize the device. However, the biggest issue is the storage concerns for mobile devices that use the resource-intensive open-source Mozilla browser. "Can you sacrifice the amount of storage and horsepower that it takes to run Mozilla?" Riker asked the audience of Linux developers and advocates.
http://www.eweek.com/article2/0,3959,1201896,00.asp

Magnetic RAM (MRAM) technology is expected to become commercially available in the next two to three years, but industry experts are unsure about its exact uses or in which devices the technology will first appear. MRAM potentially combines the best performance aspects of other leading memory technologies: DRAM's low cost, SRAM's speed, and Flash memory's nonvolatility. In addition, because MRAM uses magnetism to store information and does not require a constant electrical current, its low power demands make the technology ideal for mobile devices. Nearly every large hardware vendor is developing MRAM and many expect to have products ready by 2005, though no companies have said definitively what MRAM's particular applications are going to be. Analyst John Jones says the manufacturing learning curve for MRAM will probably make the technology initially more expensive than many other memory technologies and limit its application to smaller devices using Flash, which is also relatively expensive. Jones says some critics believe the costs of MRAM will actually prevent the technology from replacing cheap DRAM in PCs, for example. Jones says enabling "instant-on" PCs through MRAM would be a compelling application that should spur companies' development efforts. "In the past seven years, funded by the Department of Advanced Research Projects Agency [DARPA], Honeywell, IBM, and Motorola have led the development and interest in MRAM," notes Jones, who adds that Intel, Hewlett-Packard, Matsushita, NEC, Fujitsu, Hitachi, Siemens, and Toshiba have also hopped on the MRAM bandwagon. IBM has teamed up with Infineon Technologies to be one of the first to commercialize MRAM."
http://www.iseriesnetwork.com/article.cfm?ID=16944&channel=home
(Access to this site is free; however, first-time visitors must register.)

Researchers at Switzerland's Dalle Molle Institute for Perceptual Artificial Intelligence, the Swiss Federal Institute of Technology, and Barcelona's Center for Biomedical Engineering Research have developed a noninvasive, electroencephalographic technology that would enable a disabled person to mentally control the movements of a wheelchair, once the system is perfected. The user wears a skullcap studded with electrodes wired to a computer, which uses software to translate brain activity into one of three specific commands--"move forward," "turn right," and "turn left"--and then wirelessly transmits these commands to a wheeled robot. To avoid collisions, the software reads that the commands to move right, left, or forward should be followed only when the opportunity presents itself, and the robot is equipped with infrared sensors to register its proximity to walls and objects. The robot's planned course of action is illuminated on the device, allowing the user to detect command errors and take remedial measures with time to spare. Experimentation has demonstrated that a user can learn to skillfully control the robot mentally within two days. The research team is modifying the system to recognize a greater number of mental states, while Jose Millan of the Dalle Molle Institute notes it has yet to be seen whether the EEG signals picked up by the cap will be weakened when the user is sitting in the moving wheelchair. The Spinal Injuries Association executive director Paul Smith says the technology promises "huge" psychological advantages for paralysis victims.
http://www.newscientist.com/news/news.jsp?id=ns99993967

Recent studies show Microsoft's Windows password-encoding schemes allow cracker programs to identify alphanumeric passwords in less than 14 seconds, though experts say the finding is not the most imminent danger to password-only security. Previously, the best cracking method for Windows passwords took more than one minute and 30 seconds. Swiss researcher Philippe Oechslin, in partnership with security group Lasec, published a technique that uses precalculated data processed with the help of large look-up tables. Oechslin's study shows that Microsoft's NTHash password-encoding set-up, which replaced the previous LANMan scheme, is still vulnerable to cracking programs because it uses the same table for the same passwords, instead of a randomized password-encoding algorithm. Aberdeen Group research director Eric Hemmendinger, however, downplays the Swiss technique, saying it was probably meant for promotional purposes because of its well-publicized nature and Microsoft's noninvolvement. Instead, he says password-based security is fundamentally a human problem. Some of the most common methods of defeating password security include phoning the help desk and claiming to be someone else, finding written notes near a work station, and using guessable passwords. Forrester analyst Laura Koetzle says another security layer, like biometric identification or digital signatures, is needed for more sensitive systems, and that many companies are taking steps to increase protection.
http://www.technewsworld.com/perl/story/31178.html

The Australian government plans to introduce legislation this year to ban unsolicited commercial email in response to a National Office for the Information Economy report, which suggests a multilayered approach to preventing spam, says Richard Alston, minister for communications and information technology. The legislation would prohibit commercial electronic messages without end users' prior consent or an existing relationship, and it would also provide penalties and would require all commercial electronic messages to include a working opt-out mechanism as well as the sender's contact information. In addition, it would prohibit the use of email address-harvesting software, would try to work with overseas organizations to develop international anti-spam guidelines, would be enforced by the Australian Communications Authority, and deal with email only, since a prior industry code handles text messages. The Australian Direct Marketing Association worries that the legislation may hurt small and mid-sized businesses that use email as a legitimate marketing tool, and the government says it will work with industry organizations to develop a reasonable system. The legislation would have a 120-day period for businesses to comply, and would deal directly only with spam from Australian companies.
Click Here to View Full Article

The Internet Software Consortium is leading an effort to rapidly expand the Internet's domain name root server system. Currently, there are 13 server sites--comprising many servers--that manage all domain lookups, but the root server system is quickly being mirrored to protect against possible hacker attacks. Internet Software Consortium (ISC) Chairman Paul Vixie reports that the F-root he controls has mirrors in nine cities. The ISC began the mirroring of the F-root in the wake of a large-scale distributed denial-of-service attack in 2002, and Vixie says VeriSign has initiated mirroring of its J-root where .com servers are placed. He also says VeriSign is running three hidden primary root servers, while ICANN is taking steps to take on oversight of the "hidden primary root" that directs roots A through M by the end of this year. Vixie also says that two mirror sites of the Stockholm-located I-root are now undergoing trials and the Amsterdam K-root is set to begin operating a mirror in London. "I have another 10 [mirrors] where the contracts are signed but we're not installed yet," reports Vixie.
Click Here to View Full Article

Using Instant Messaging software, wireless laptops, and other communications technologies, attendees at conferences and other presentations are setting up back channels--sometimes with the conference organizers' authorization--to make useful observations and commentary, link to Web sites relevant to the topic at hand, and exchange information. Science fiction author Cory Doctorow says the back-channel chatter is akin to the discussions among attendees immediately following presentations, adding that "We're just moving the corridor into the room and time-shifting it by 30 minutes." New York University adjunct professor Clay Shirky, who conducted experiments that incorporate messaging software in face-to-face meetings, reports that many participants were stimulated by the experience. "The intellectual quality of a two-track meeting is extraordinarily high, if it is run right and you have smart people involved," he notes. Some people believe that this back-channeling should be taken a step further by projecting the chatter on a screen at the front of the conference room for all to see; Shirky says such openness is essential if a meeting or presentation is to nurture productive discussion. However, the disadvantages of back-channeling include its potential for distraction, while some speakers say the practice is annoying and breeds self-consciousness. Doctorow uses an incident at a 2002 computer industry confab as an example: Attendees' attitude toward presenter and former Qwest CEO Joe Nacchio changed dramatically when San Jose Mercury News columnist Dan Gillmor and Linux Journal editor Doc Searls posted a Web link on their blogs showing that Nacchio, who was then grumbling about the economic slump, had made a lot of money through the sale of Qwest stock.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)

MIT researchers are exploring ways to radically change the computer interface. The person who integrated typewriter functions with the computer made one of the worst mistakes in computer engineering, according to MIT computer science professor Randall Davis. His graduate students are working on a number of innovations that will allow users to sketch and audibly describe concepts for the computer. Davis says the inspiration for this work is a short Disney film he saw as a boy, where the animations came to life after being drawn on paper. Microsoft is interested in the work of Ph.D. candidate Christine Alvarado, whose sketch application lets engineers describe basic objects and concepts, such as wheels, axles, slopes, and springs, by drawing them. Alvarado's work is unique because the application recognizes drawn objects in the context of others, unlike other writing applications such as Palm's graffiti, which requires users to draw in specific ways and cannot evaluate characters in context. Ph.D. candidate Tracy Hammond is working on a similar tool, but meant for universal modeling language programmers. Users can create their own "shape vocabulary" defining pieces of information that is then turned into code by IBM's Rational Rose system. Davis wants to combine voice and gesture with the sketch applications, allowing someone to draw a recognized object and then manipulate it with vocal commands. Eventually, the work will contribute to a computer that is not just a desktop system, but is the desktop itself that users write on.

The optimal strategy an organization can follow to effectively reduce the amount of junk email it receives combines sender ID-based and message content-based antispam solutions whose deployment models can also be integrated. DNS-based blacklists (DNSBLs) track down the sender's IP address in databases that archive incorrectly configured mail servers and documented unsolicited bulk emailers, but implementing DNSBLs alone is not a good idea, because it can lead to false positives. DNS-based white lists and Reverse Mail eXchange are thought to be more reliable strategies; the former solution classifies positive responses to email as a sign of sender trustworthiness, and the latter allows servers receiving mail to check to see whether the IP address is authorized as belonging to a legitimate sender. The effectiveness of these solutions could be boosted by complementing them with finer-grained sender ID mechanisms, such as EarthLink's challenge/response protocol and digital signatures, each of which come with their own set of advantages and drawbacks. Content-based antispam solutions are client-side technologies in which vendors capture and scan massive spam archives in order to provide fingerprints that can be measured against corresponding fingerprints in incoming mail to spot spammers. Antispam suppliers also use vocabularies of objectionable terms and Bayesian filters to curb spam, though these techniques entail considerable feedback and education. The glut of spam clogging corporate inboxes also makes a strong case for using alternate communications tools to email, such as Instant Messaging and RSS.

A geographical migration is occurring as the IT industry shifts from innovation to execution, and companies outsource IT operations to services in India, China, and elsewhere. Silicon Valley is in the midst of a downturn and has lost many tenants, while IT's center of gravity has relocated to the home turf of industry giants such as Dell, IBM, SAP, and Microsoft; the Indian city of Bangalore, where Wipro Technologies makes its home on the Electronics City campus, is also thriving. Stanford University economics professor Timothy Bresnahan contends that these changes are typical, given the protean nature of computing's technological advancement. Nevertheless, there are signs that Silicon Valley is starting to recover: Sun Microsystems, Hewlett-Packard, and Oracle are among the Valley-based companies adopting the development and marketing models of IT industry leaders such as IBM in order to boost their share in the tech sector. Meanwhile, the emergence of cheaper and more powerful computer systems has allowed companies such as Google to erect robust and well-oiled infrastructures, clearing the way for the development and rollout of new services. Most notably, Collaborative Economics President Doug Henton says the Valley's "innovation habitat" will likely allow the region to turn the merger of bio-, info-, and nanotechnology to its advantage. Offshore IT outsourcing, which is primarily seen as a cost-cutting measure, has attracted much criticism and inspired lawmakers to pursue limitations on how many foreign workers should be allowed into the U.S., as well as bans on the outsourcing of certain services; however, Forrester Research estimates that the number of IT-related jobs expected to cross the ocean by 2015--3 million--accounts for roughly 2% of total American employment today. Furthermore, there are indications that establishing development centers abroad would increase the number of jobs and help keep companies competitive and focused on their core strengths. A possible future IT model could be one in which maintenance, customer support, and programming is handled by outsourcers while design and marketing remains onshore.

New wireless, location-tracking technologies that can be embedded into practically everything are expected to emerge over the next few years, but there is concern that their benefits--greater convenience and safety, cheaper and more efficient inventory tracking--could be outweighed by their implications for personal privacy. In North America, location technologies are making headway in emergency services through initiatives such as the FCC Enhanced 911 mandate, in which U.S. wireless carriers have until December 2005 to modify cell phones so their location can be accurately pinpointed by emergency operators. Another low-cost location technology U.S. companies are testing or employing are radio frequency identification (RFID) tags, which transmit information about the items they are attached to--clothing, for instance--that not only establishes their whereabouts, but provides relevant data that could augment their sale, maintenance, or recovery in the event of theft or unintentional removal. Asia is much more advanced than the West in terms of commercial wireless enhancements: In Tokyo, for example, people can use cell phones to access local weather and traffic reports as well as street navigation aid, while personalized advertising is just around the corner. The dark side of location technology is its potential to be intrusive. A lack of oversight, legislation, and other safeguards could give rise to companies, government agencies, and others accessing more personal information about users from wireless communications systems than originally intended. Important questions about the nature of the information such technology provides, who deserves access to that information, the extent of that access, and people's right to check and challenge that data are being debated as the technology develops. Conflict between watchdog organizations, businesses, and governments appears to be inevitable as these entities struggle to find a way to maximize location technology's advantages while minimizing its potential for privacy infringement.
Click Here to View Full Article