2011 10 30

From TheCommandLineWiki

Jump to: navigation, search

Contents

News Cast for 2011-10-30

(00:00:17.360) Intro

(00:06:37.823) Security alerts

(00:06:54.442) New research shows possibility of using an iPhone as a keylogger

  • https://threatpost.com/en_us/blogs/new-research-shows-possibility-using-iphone-keylogger-101811-0
  • Dennis Fisher at threatpost had an article that reminds us
    • That with new capabilities of all kinds come new security risks
  • In this instance he discussed the work of researchers at MIT and GA Tech
    • Proving that the accelerometers in smartphones are sensitive enough
      • To allow a surprising eavesdropping attack
  • It is consistent with previous research into acoustic and electromagnetic approaches
    • That have shown attackers could effectively log key strokes
      • By coupling powerful analysis with observation
  • In this case the team was able to use a neural network to mine readings
    • Streamed from a phone's accelerometer if it happened to be on a hard surface
      • Near a target's PC, an not unreasonable circumstance
  • The researchers were able to achieve about an 80% accuracy in retrieving what was typed
  • This approach conveys certain advantages to an attacker over existing ones
  • It does not require access to or control of a physical environment
  • A bit of malware on a person's smartphone plus a bit of luck would work well enough
  • Smart phones are increasing in adoption so the luck needed doesn't seem far fetched
    • Especially as many users no doubt treat their phones like computer peripherals
      • Charging them from the USB port and syncing files and data with their desktops
  • The article mentions several remediations from the fairly obvious to changes to phone settings
  • Obviously keeping your phone away from your keyboard would work
  • The way these accelerometers are used, to detect phone movement and orientation
    • Requires less sensitivity than they are typically configured for
  • The research team notes that if device makers simply halved the default sample rate
    • That would be enough to support most legitimate uses
    • While make this key logging method from working
  • I am sure it is possible, if one doesn't exist already
    • To develop custom tools for the popular platforms to tweak the sample rate
      • Even without support of the phone manufacturers to set up this particular defense

(00:09:42.111) New android adds address space layout randomization for improved security

  • https://threatpost.com/en_us/blogs/aslr-added-android-40-102411
  • Dennis Fisher at threatpost also offered a bit of good news from some smartphone owners
  • He shares details of the security enhancements that are part of the latest version of Android
    • Version 4.0 or Ice Cream Sandwich that was just released
  • In particular, the new version includes something called address space layout randomization
  • ASLR has been included in iOS and the later versions of Windows for some time
  • Its inclusion in Android is unfortunately just a bit of catch up with state of the art
  • What ASLR does is help protect against buffer overflow based exploits
  • These work by tricking a vulnerable program in reading past a point in memory
    • That it is designed to, executing a bit of malicious code injected by an attack
  • Randomizing how the memory for a given process is laid out
    • Makes it more difficult for an attacker to predictably get an overflow to execute their code
  • There is more work to be done in this vein
  • As Fisher notes, data execution protection is in use elsewhere
    • Again both in iOS and in desktop operating systems
  • Since Linux has support for this defense, a means to prevent execution of memory regions
    • That are not declared to hold executable program code
    • It should be relatively easy to enable support for it in the Linux based Android OS
  • Android 4.0 adds other measures, such as improved user credential management
    • And an enhanced API for support virtual private network access
  • Both of those support more secure use of programs and networks
    • Not directly hardening the OS itself like ASLR and DEP do
  • Still, it is encouraging that Android development for security is improving
    • And hopefully we'll see key improvements in the next point releases
      • Rather than waiting for the next major revision
      • As Ice Cream Sandwich is a big update all around

(00:12:35.677) News

(00:12:49.096) Salted disks hold six times more data

  • Just as Gordon Moore's famous observation drew a dramatic cost-performance curve for CPUs
    • Data storage capacities seem to have charted a very similar trajectory
  • For traditional magnetic medium hard drives, this has been especially true in the last few years
  • Even with the immense file sizes for high definition video
    • Drive space is almost getting too cheap to meter
  • Be that as it may, traditional hard drives share a limitation with CPUs
  • As much as the physical density has grown, there is a limit of how small
    • The very features that make up the magnetic bits can be shrank
  • http://www.theregister.co.uk/2011/10/17/salty_bpm/
  • Chris Mellor at The Register discussed some research out of Singapore
    • That could potentially increase storage per surface area by a factor of six
  • The work of Dr. Joel Yang at the Institute of Materials Research and Engineering
    • Builds on existing techniques for manufacturing high density drives
  • It starts with bit patterning, a method for carefully arranging the magnetic grains
    • That physically store the value of written bits
  • These grains currently are at the scale of about 7 or 8 nanometers
    • Which is around half to a third the scale of features on processor chips
  • To store a single bit, though, a handful of grains are required
    • Which is the current limiter of storage densities for this kind of media
  • Yang's improvement consists of using a high resolution e-beam lithography process
  • In effect it draws the nanoscale features onto the disk surface
  • A developer solution is required to actually build the resulting structures
  • Here is where the salt comes in, and yes that is table salt
    • Though I imagine it is considerably more pure
      • Than the stuff you are shaking on your fries
  • This approach allowed the etched features to be scaled down to 4.5nm
    • Which they compose into single grains at about 10nm
    • But grains capable of storing a single bit value each
      • Rather than requiring several grains to do the same thing
  • Yang discovered the key effect while working at MIT
    • And this development actually represents a simplification, a reduction of steps
      • From traditional techniques in use for commercial drive fabrication now
  • It may be possible that the effect could be pushed further
    • But as things stand, a 2.5in drive that now holds 500GB
      • Could be made with this technique that would instead store 3TB
  • Given the reduction in complexity, when translated to commercial scale
    • This approach should also net a tidy reduction in cost
  • Yang's work really could make data storage, at least on traditional drives
    • So cheap and capacious that it would be easier
      • To hang onto every last scrap of information with which we work
  • The article doesn't mention it but I wonder if the work could also yield
    • Drives at today's capacities that are 1/6 the size and power consumption
  • I enjoy using my new smartphone but still find even the 32GB micro-SD card a bit limiting
  • Having a half TB of capacity in my phone would be great, especially for video
  • The article doesn't say how the improvement in density affects performance
  • Given the rising popularity of solid state disks with their performance enhancement
    • I am kind of surprised this aspect wasn't mentioned at all
  • I suppose it might be a wash as proximal bits would require less time and energy
    • But reading bits widely scattered across the disk might be proportionally slower
  • I hope this work feeds into some commercial applications soon so we can find out

(00:16:39.654) Kinect turns any surface into touch screen

  • https://www.technologyreview.com/computing/38933/?mod=chthumb
  • Duncan Graham-Rowe at Technology Review has news of some research
    • That clearly moves forward the idea of using sensors and projectors
      • To turn environmental surfaces into interactive screens
  • I've talked about Sixth Sense, a similar system developed by Pranav Mistry
    • Who is now continuing that work at MIT's Media Lab
  • This work, done by CMU and Microsoft Research utilizes infrared depth sensing
    • Similar to the technology in the Redmond giants novel Kinect gaming peripheral
  • The original sixth sense used color rings to help the software track
    • Where in space and in relation to project images the user's fingers are
  • This system, the OmniTouch, eliminates the need for markers
  • Like the Kinect does for XBox games where users bodies act as a controller
    • The OmniTouch continuously models the environment in 3 dimensions
  • It also looks for finger sized cylinders to track and interpret gestures
  • Mistry's work has apparently also progressed to eliminate trackers
  • One thing that would seem to distinguish the two projects
    • Is the ability for OmniTouch to create multiple screens
  • The article mentions a painting application that generates both a canvas
    • And uses the operator's hand as a palette
    • Implying that it tracks and maintains the latter separately
  • The researchers, led by Chris Harrison, are presenting their findings
    • At the ACM Symposium on User Interface Software and Technology
  • This will include some interesting details not discussed in earlier work
  • For one the projected displays are of lower resolution than fixed displays
    • Even in mobile devices, the ones most comparable for their touch capabilities
  • The Microsoft, CMU team has developed some specific applications
    • That are less affected by the lower resolution
  • The one that caught my interest was the use of gestures to infer
    • Whether the wearer wants information to be shared or kept private
  • For more inclusive, interactive input systems like this
    • I think the true innovation will rely on doing what is impossible
      • Through existing mechanisms in the same field of use
  • The projected screens may be of lower resolution
    • But apparently allow for surprisingly accurate targeting of touches
      • Which implies that the spatial modeling and motion tracking over all is very accurate
  • What sort of subtle movement cues could we teach a system like this
    • To extract out of our usual real world interactions
  • If Omnitouch, like Kinect, can read stance as well as movement
    • I could see it adopting tricks I've seen used elsewhere
      • Such as automatically zooming and moving display windows
      • When someone leans in or back
  • Maybe it could sense when a users shoulders hunch in frustration
    • And encourage them to take a break
  • Right now the OmniTouch is a little impractical being shoulder mounted
    • But aims for something similar to Sixth Sense, a pendant form factor
  • It does use off the shelf components like its predecessor
    • Ones that the article notes are getting smaller all the time
  • There is no mention of the licensing model of OmniTouch
  • Sixth Sense was opened shortly after it was announced
    • As a means to speed its development
    • Which apparently has worked as it sounds like it is still very active
  • With a couple of competing implementations of similar ideas
    • I hope we'll see acceleration towards tools ready for everyday use

(00:21:12.692) 18th century cipher cracked with the aid of machine translation

  • http://science.slashdot.org/story/11/10/25/1452245/copiale-cipher-decoded
  • Slashdot linked to a New York Times article by John Markoff
    • Discussing the work of Dr. Kevin Knight
      • A computer scientist at the Information Sciences Institute
        • At the University of Southern California
    • In collaboration with Beata Megyesi and Christiane Schaefer of Uppsala University in Sweden
  • Using techniques cultivated for machine language translation
    • They cracked the first 16 pages of an 18th century manuscript
  • Markoff puts this into perspective, explaining how statistical translation techniques
    • Arose from cryptography, originally suggested by Warren Weaver
      • In an oft cited letter to cybernetics pioneer Norbert Weiner
  • Weaver felt that the sort of frequency and other statistical analysis
    • That could reverse a code would also be able to bridge to languages
  • Developments in this vein have led to many modern machine translation tools
    • Most notably the pretty useful and versatile Google Translate
  • Closing the loop, Knight and his team used translation techniques
    • To work on the Copiale Cipher which has resisted previous attempts to decipher
  • Markoff puts the cipher into the same class as several other puzzles
    • That have captivate codebreakers of all kinds
      • Such as the Kryptos sculptures and the Voynich manuscript
  • Beyond the appeal to those looking to exercise their deciphering chops
    • And maybe earn a bit of fame for surmounting codes that have stood unbroken for some time
    • Knight notes how crypt analysis can be of historical importance
  • Ciphers were popular in the 18th century, the period from which this document dates
  • Sharing the recovered text with Andreas Onnerfors, a historian at Lund University in Sweden
    • And an expert on secret societies
  • Beyond identifying the document as belonging to a group interested in eye surgery and opthalmology
    • Onnerfors identified a political commentary towards the end of the recovered text
  • It spoke about the natural rights of man, clearly of a piece
    • With similar thought and writing from the Enlightenment
  • The implication is that other contemporaneous cipher texts may exist
    • That could expand our understanding of the spread of politic thought and theory at this time
  • Markoff has an excellent description of how the team worked
    • In a manner pretty consistent with other tales I've read of cryptanalysis
      • Even though Knight's background in particular is solely from machine translation
  • They used several cribs and reasonable guesses to help frame their analysis
    • And after chasing down some blind alleys eventually found success
  • Knight also separately looked at the Voynich manuscript but hasn't cracked it yet
  • He has offered some further data suggesting it isn't a hoax as some have suggested
  • The existence of identifiable, complex patterns suggest a fair investment in its creation
    • More than is likely if it were fabricated on a whim, as a lark
  • Both the Copiale Cipher and the Voynich Manuscript utilized unrecognizable characters
  • The Copiale Cipher's symbols encoded the text's actual meaning
    • Despite the inclusion of Roman characters as well
  • I think that similarity, of using unique symbol sets is part of what has enthusiasts so excited
  • I suspect that we'll need some key crib before we can crack the Voynich manuscript
    • And so far no one has been able to come up with much useful about it
      • Which really just deepens its allure to codebreakers

(00:26:02.680) Massively parallel computer built from single layer of molecules

  • Most of the developments in parallel computing that I follow
    • Take the form of modestly re-arranging existing elements of a processor
    • Or of trying to directly model the parallel computer we know best, the brain
  • https://www.technologyreview.com/blog/arxiv/27291/?ref=rss
  • Technology Review covered some new research that falls somewhere in between
  • Anirban Bandyopadhyay at National Institute for Materials Science in Tsukuba, Japan
    • Definitely took the neural network of a brain as a starting point
    • But has managed to distill it down to the core attribute that drives the parallelism
  • What was demonstrated was a particular molecule with useful electrical properties
    • That also interconnects when a layer of it is deposited on a substrate
  • Called 2,3-dichloro-5,6-dicyano-p-benzoquinone, or DDQ
    • It can take on one of four electrical states and the transitions
      • Can be biased by the use of an electrical field
  • Any given molecule of DDQ can be manipulated by a scanning tunnelling microscope
  • Applying charges to each molecule this way would be incredibly inefficient
  • Each molecule of DDQ connects with between 2 and 6 neighbors and when one is altered
    • It affects the states of all of the molecules to which it is connected
  • The researchers laid out an array of 300 molecules on a gold substrate
  • By carefully setting a starting state they were able to kick off a calculation
    • That progressed as a cellular automata representing
      • The diffusion of heat through a conducting medium
      • And the way cancer spreads through a tissue
  • The article doesn't mention how quickly the calculation ran
    • Though hints that it was efficient by mentioning
      • How the whole layer was involved in computing
  • Cellular automata evince global computation through the expression of local rules
  • There has been work suggesting that CAs are Turing complete
    • That any kind of computation can be transformed to be carried out by a CA
  • Having one that runs at native speed, as quickly as some direct physical representation can run
    • Is exciting regardless of the parallel applications
      • To see what sorts of computations would benefit from such a set up
  • I suspect right out of the gate simulation of complex, emergent phenomena
    • Is most likely to benefit, in much the same way that they would
      • From similar parallel computing speed ups in quantum computers
  • The fact that they've already shown 300 elements is a pretty big step forward
    • And that they are already at the nanoscale
  • As the article notes, the next step is going to be understanding how to generalize the approach
  • After that they're going to have to find some input/output system that's more feasible
    • Than a scanning tunneling microscope
  • I suspect that as this research progresses, they'll identify other molecules
    • That have interesting electrical states, can connect with each other
      • And perhaps are more easily manipulated by the kinds of components in consumer electronics
  • Regardless, this may be tantamount to the creation of the transistor
    • A whole new bedrock on which to build at least some new forms of computing

(00:29:35.148) Following Up

(00:29:52.000) House takes Senate's bad internet censorship bill, making it worse

  • http://arstechnica.com/tech-policy/news/2011/10/house-takes-senates-bad-internet-censorship-bill-makes-it-worse.ars
  • Nate Anderson at Ars Technica covered the introduction of the House version of PROTECT IP
  • Called the Stop Online Piracy Act with a sub-section called out as the E-PARASITE Act
    • It adds measures that crank up the risk of severe unintended consequences considerably
  • Like the Senate version it enables private actors, rights holders
    • To demand ad networks and payment processors to cut of target sites
    • But unlike that version it is not an optional measure alongside domain name seizure
  • There is still no judicial oversight and a stunning absence of any mechanism
    • To deal with an incorrect or even abusive takedown request
  • As Anderson notes, the extreme measures are meant for foreign sites
    • That aren't necessarily going to respect regular takedown notices or infringement claims
  • He explains how this reasoning is continuous with a list of notorious infringers
    • Prepared by the content industry no doubt to drum up support
  • Another problem with the list and institutionalizing these powers
    • Is that many of the services already being targeted have legitimate uses
  • Case law in the area of copyright, even for digital media and network distribution
    • Has trod a very careful balance between dealing with commercial piracy
      • A legitimate enforcement pursuit
    • And non-infringing uses of the same innovative technologies and services
  • PROTECT IP and SOPA uniformly assume that the pursuit of commercial infringers
    • Trumps all other concerns
  • I approach the broader context in which Anderson helps places this proposed legislation
  • I am not unsympathetic to the problems raised by blatantly commercial piracy
    • But also strongly suspect it is a signal of yet another market failure
  • Time and again we've seen such piracy decline most when rights holders compete against it
  • When talking about about foreign access to digital works you have to bear in mind
    • That studios and labels have fought to preserve differential releases
      • With region codes and country specific download and streaming offerings
  • I have to wonder how much of what these bills target was brought on by these tactics
  • If we saw the reduction or removal of barriers to access between different countries
    • Would the rights holders benefit more than from taking down those sites
      • Filling the voids they intentional and in a backwards fashion created?

(00:33:39.880) Outro

Retrieved from "http://thecommandline.net/wiki/2011_10_30"
Personal tools