UMBC ebiquity
GENERAL

Archive for the 'GENERAL' Category

How the DC Internet voting pilot was hacked

October 6th, 2010, by Tim Finin, posted in cybersecurity, Security, Social

University of Michigan professor J. Alex Halderman explains how his research group compromised the Washington DC online voting pilot in his blog post, Hacking the D.C. Internet Voting Pilot.

“The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they’ve invited the public to evaluate the system’s security and usability. … Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.”

The problem was a shell-injection vulnerability that involved the procedure used to upload absentee ballots. Halderman concludes

“The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security. I described above how a small error in file-extension handling left the system open to exploitation. If this particular problem had not existed, I’m confident that we would have found another way to attack the system.”

Secret message in the Canadian Governor General coat of arms?

October 4th, 2010, by Tim Finin, posted in GENERAL

Personal coat of arms of David Johnson, Governor General of CanadaSlashdot highlights another mystery today — what’s the meaning of the binary sequence along the bottom of the personal coat of arms of David Johnston, Canada’s new Governor-General.

“As de facto head of state and the Queen’s representative in Canada he is required to design a personal coat of arms. One modern detail has attracted particular attention – a 33-digit palindromic binary stream at the base. Efforts to decode the meaning of the number using ASCII, Morse, grouping by 3/11 and other theories has so far come up empty (right now it’s a toss up between random, the phone number 683-077-0643 and Morse code for ‘send help – trapped in a coat of arms factory.’) Is 110010111001001010100100111010011 the combination to his luggage, or just a random stream of digits?”

Here’s a theory that I hope might be true. As an educator and former president of a university known for its strength in computer science, maybe he is trying to interest Canadian children in mathematics and computer science by giving them a an intriguing puzzle to work on.

Taintdroid catches Android apps that leak private user data

September 30th, 2010, by Tim Finin, posted in Mobile Computing, Privacy, Security, Social

Ars Technica has an an article on bad Android apps, Some Android apps caught covertly sending GPS data to advertisers.

“The results of a study conducted by researchers from Duke University, Penn State University, and Intel Labs have revealed that a significant number of popular Android applications transmit private user data to advertising networks without explicitly asking or informing the user. The researchers developed a piece of software called TaintDroid that uses dynamic taint analysis to detect and report when applications are sending potentially sensitive information to remote servers.

They used TaintDroid to test 30 popular free Android applications selected at random from the Android market and found that half were sending private information to advertising servers, including the user’s location and phone number. In some cases, they found that applications were relaying GPS coordinates to remote advertising network servers as frequently as every 30 seconds, even when not displaying advertisements. These findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.”

TaintDroid is an experimental system that “analyses how private information is obtained and released by applications ‘downloaded’ to consumer phones”. A paper on the system will be presented at the 2010 USENIX Symposium on Operating Systems Design and Implementation later this month.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, OSDI, October 2010.

The project, Realtime Privacy Monitoring on Smartphones has a good overview site with a FAQ and demo.

This is just one example of a rich and complex area full of trade-offs. We want our systems and devices to be smarter and to really understand us — our preferences, context, activities, interests, intentions, and pretty much everything short of our hopes and dreams. We then want them to use this knowledge to better serve us — selecting music, turing the ringer on and off, alerting us to relevant news, etc. Developing this technology is neither easy nor cheap and the developers have to profit from creating it. Extracting personal information that can be used or sold is one model — just as Google and others do to provide better ad placement on the Web.

Here’s a quote from the Ars Technical article that resonated with me.

“As Google says in its list of best practices that developers should adopt for data collection, providing users with easy access to a clear and unambiguous privacy policy is really important.”

We, and many others, are trying to prepare for the next step — when users can define their own privacy policies and these will be understood and enforced by their devices.

Banned Books Week

September 27th, 2010, by Krishnamurthy Viswanathan, posted in Books

The Banned Books Week (BBW) is an annual event that celebrates the “freedom to read”.  The campaign was started in 1982 and is held during the last week of September. The United States campaign, sponsored amongst others, by the American Library Association “highlights the benefits of free and open access to information while drawing attention to the harms of censorship by spotlighting actual or attempted bannings of books across the United States.” [1]

During this week, the Amnesty International directs attention to “the plight of individuals who are persecuted because of the writings that they produce, circulate or read”. [2]

The idea behind the event is to promote intellectual freedom: it encourages individuals to read books that have been challenged due to the unorthodox viewpoints expressed in these works of literature. Every year, the American Library Association’s Office for Intellectual Freedom records attempts by individuals and groups to ban books from libraries and classrooms. If you thought that censorship was a thing of the past, take a look at the Top Ten Most Frequently Challenged Books of 2009.  At-least 46 of the Radcliffe Publishing Course Top 100 Novels of the 20th Century have been targeted. The list includes acclaimed classics such as Catcher in the Rye, and To Kill a Mockingbird.

While some books are banned or restricted, a majority of them are not banned due to the efforts of librarians, booksellers, students, teachers, and the reading community at large. It is due to events like these that attention is drawn to the dangers of imposing restrictions on the availability of information in our world.

UMBC Linux Users Group Installfest, Fri 9/24/2010,The Commons

September 20th, 2010, by Tim Finin, posted in GENERAL

Got Linux? Let your computer know who is boss! The UMBC Linux Users Group (LUG) is holding a Linux Installfest from 10:30am to 4:30pm on Friday 24 September in the Main Street concourse of the UMBC Commons. Bring your computer and the LUG experts will help you install Linux on it in addition to your current operating system.

Proofiness: when mathematics turns to the dark side

September 18th, 2010, by Tim Finin, posted in GENERAL

This sounds like a book worth reading, Proofiness – The Dark Arts of Mathematical Deception by Charles Seife. It is reviewed in tomorrow’s New York Times — Fibbing With Numbers.

It goes without saying that what you learn in a book like this should only be used for defensive purposes. Do not turn to the Dark Side!

The book reminds me of the classic How to Lie with Statistics published in the 1950s.

What are the hottest areas for a career in IT?

September 7th, 2010, by Tim Finin, posted in AI, GENERAL

According to a recent post in the Microsoft Careers JobsBlog the top three hottest new majors for a career in technology are

  • Data Mining/Machine Learning/AI/Natural Language Processing
  • Business Intelligence/Competitive Intelligence
  • Analytics/Statistics, specifically Web Analytics, A/B Testing and
    statistical analysis

Happily these are all strengths of the IT programs at UMBC. In fact, we have placed a large number of graduates at leading edge technology companies in the past few years, including Microsoft, Google, Amazon, IBM, and Yahoo.

Middle-earth dictionary attack

August 24th, 2010, by Tim Finin, posted in Humor, Security

Middle-earth dictionary attack

Middle earth dictionary attack
From http://abstrusegoose.com/296

Probability-based processor might speed AI applications

August 18th, 2010, by Tim Finin, posted in GENERAL, Semantic Web, Social media

Lyric Semiconductor LEC chipAnalog computers were a hot idea — in the 1950s! But I find this intriguing because I’ve come around to the position that a lot of our human “intelligence” is the result of acquiring and using probabilistic models. So supporting this in hardware might be a big win, especially for low-cost, low-power devices. It will also support lots of other common tasks in social computing, image processing and language technology.

Technology review has a short article, A New Kind of Microchip, on computer chip being developed by Lyric Semiconductor that process signals representing probabilities rather than digital bits.

“A computer chip that performs calculations using probabilities, instead of binary logic, could accelerate everything from online banking systems to the flash memory in smart phones and other gadgets. … And because that kind of math is at the core of many products, there are many potential applications. “To take one example, Amazon’s recommendations to you are based on probability,” says Vigoda. “Any time you buy [from] them, the fraud check on your credit card is also probability [based], and when they e-mail your confirmation, it passes through a spam filter that also uses probability.”

All those examples involve comparing different data to find the most likely fit. Implementing the math needed to do this is simpler with a chip that works with probabilities, says Vigoda, allowing smaller chips to do the same job at a faster rate. A processor that dramatically speeds up such probability-based calculations could find all kinds of uses.”

Lyric’s chip is called LEC and was developed with support from DARPA. It is 30 times smaller in size than current digital error correction technology according to Wired. Although small it yields “a Pentium’s worth of computation,” according to Lyric CEO Vigoda. His 2003 dissertation at MIT was on a related topic, Analog Logic: Continuous-Time Analog Circuits for Statistical Signal Processing.

You can also read about the LEC chip in a story in yesterday’s NYT, A Chip That Digests Data and Calculates the Odds.

Researchers prove Rubics Cube solvable in 20 moves or less

August 13th, 2010, by Tim Finin, posted in AI, Games, GENERAL, Google, Social media

Using a combination of mathematical tricks, good programming and 35 CPU-years on Google’s servers, a group of researchers have proved that every position of Rubik’s Cube can be solved in 20 moves or less. The group consists of Kent State mathematician Morley Davidson, Google engineer John Dethridge, math teacher Herbert Kociemba, and programmer Tomas Rokicki.

This is an amazing result and a testament to more than 30 years of work on the problem. The Cube was invented in 1974 and almost immediately the subject for programs to solve it. In 1981, Morwen Thistlethwaite proved that any configuration could be solved in no more than 52 moves. Periodically, tighter upper bounds for the maximum solution length were found. This result ends the quest — there are some configurations (about 300M) that require 20 moves to solve and there are none that require more than 20 moves.

In their own words, here’s how the group solved all 43,252,003,274,489,856,000 Cube positions:

  • We partitioned the positions into 2,217,093,120 sets of 19,508,428,800 positions each.
  • We reduced the count of sets we needed to solve to 55,882,296 using symmetry and set covering.
  • We did not find optimal solutions to each position, but instead only solutions of length 20 or less.
  • We wrote a program that solved a single set in about 20 seconds.
  • We used about 35 CPU years to find solutions to all of the positions in each of the 55,882,296 sets.

This reminds me of the first program I wrote for my own enjoyment, which used brute force to find all solutions to Piet Hein’s Soma Cube. In 1969 I had a summer job as the night operator for an IBM 360 and I would turn off the clock to run my program so that the management wouldn’t know how much computer time I was consuming.

See this BBC story more more information on this amazing result.

USCYBERCOM secret revealed

July 8th, 2010, by Tim Finin, posted in GENERAL, Mobile Computing, Security, Semantic Web
USCYBERCOM logo.  Click to enlarge.

The secret message embedded in the USCYBERCOM logo

     9ec4c12949a4f31474f299058ce2b22a

is what the md5sum function returns when applied to the string that is USCYBERCOM’s official mission statement. Here’s a demonstration of this fact done on a Mac. On linux, use the md5sum command instead of md5.

~> echo -n "USCYBERCOM plans, coordinates, integrates, \
synchronizes and conducts activities to: direct the \
operations and defense of specified Department of \
Defense information networks and; prepare to, and when \
directed, conduct full spectrum military cyberspace \
operations in order to enable actions in all domains, \
ensure US/Allied \ freedom of action in cyberspace and \
deny the same to our adversaries." | md5
9ec4c12949a4f31474f299058ce2b22a
~> 

md5sum is a standard Unix command that computes a 128 bit “fingerprint” of a string of any length. It is a well designed hashing function that has the property that its very unlikely that any two non-identical strings in the real world will have the same md5sum value. Such functions have many uses in cryptography.

Thanks to Ian Soboroff for spotting the answer on Slashdot and forwarding it.

Someone familiar with md5 would recognize that the secret string has the same length and character mix as an md5 value — 32 hexadecimal characters. Each of the possible hex characters (0123456789abcdef) represents four bits, so 32 of them is a way to represent 128 bits.

We’ll leave it as an exercise for the reader to compute the 128 bit sequence that our secret code corresponds to.

FIm classic Metropolis opens tonight in Baltimore

June 11th, 2010, by Tim Finin, posted in GENERAL

The newly restored complete version of Metropolis opens tonight the Senator Theater for a one-week run. If you like movies about robots, or dystopian futures or just like classic fims that made a difference, it is well worth seeing.

Baltimore is lucky to be one of about ten cities in the US screening it this summer and the only one on the east coast outside of Boston. From the Baltimore Sun

“This “complete” version of Lang’s silent sci-fi extravaganza restores all of its subplots and nearly all of its surging imagery. With Gottfried Huppertz’s soaring romantic score heard in full for the first time, “Metropolis” offers an engulfing audiovisual experience. It leaves you shaking your head in wonder and disbelief.

Those new to the film can sit back and be overwhelmed. Those who’ve seen it have the additional pleasure of watching a puzzle solved before your eyes. Roughly 25 minutes longer than the 2002 version, this print of “Metropolis” uses footage from a 16-millimeter dupe negative found in Buenos Aires to fill in some major bits and pieces — and some minor ones.

You can tell the 16-mm footage from the drop in picture quality. But the effect is thrilling, not jarring. This print combines the ecstasy of seeing a peak accomplishment in pristine form with the frisson movie-lovers get from viewing films as artifacts of their time, aging the way gardens or buildings do.”

You are currently browsing the archives for the GENERAL category.

  Home | Archive | Login | Feed