Wet Electronics Open Door to New Possibilities

Twice I ran my old Sony-Ericsson cell phone through the washing machine and it miraculously survived, but that is only a testimonial to device's excellent waterproofing technologies. That all may change soon, when ultra-secure moisture-friendly prototypes recently shown by North Carolina State University (NCSU) are commercialized.
Today, electronic devices of all types must be protected from not only submersion in water, but even from humidity in the air. Medical implants, for instance, must be hermetically sealed to secure them from shorting out. By harnessing the synergy between water-compatible hydrogels and liquid metals, NCSU researchers herald a new era of smarter moisture-compatible electronic devices.

  A 2-by-2 array of crossbar switches where memory-resistors at each crossing operate like synapses in the brain. (Source: NCSU)

As you might imagine, materials that can happily be submerged without dissolving or shorting out their circuitry are few and far between. And those that can—such as plastics—have inferior electrical characteristics, making them too slow reacting for medical implants and other mission-critical electronics that must work rain or shine. However, by combining liquid metals with polyelectrolyte hydrogels, which have the consistency of Jell-O, a new class of fast submersible gadgets is on the horizon.
The key to this invention of NCSU professor Michael Dickey, however, is not the water compatibility of the materials themselves, but rather the ability of the metal—an eutectic alloy of gallium and indium—to form a nonconductive oxide skin when current flows through it. The switches can be programmed to act like synapses in the brain. In effect, these crossbar switches remember their "experiences"—an effect called a memory-resistor, or memristor, by their inventor, University of California at Berkeley professor Leon Chua (this technology is currently being commercialized by HP Labs and Hynix).
Consequently, the new liquid-metal/hydrogel combination can be used to create brainlike circuitry that learns from its environment. The first task of these new water-compatible circuits, however, will be much less ambitious, since for one thing they are still being built on the millimeter scale rather than the micron- and nano-scale of circuitry in the brain. However, simple circuitry can be realized with the new approach to create biological sensors that can be directly implanted for medical monitoring.
NCSU doctoral candidates Hyung-Jun Koo and Ju-Hee So also contributed to the work, which was funded by the National Science Foundation and the U.S. Department of Energy.
R. Colin Johnson has been writing non-stop daily stories about next-generation electronics and related technologies for 20+ years. His unique perspective has prompted coverage of his articles by a diverse range of major media outlets—from the ultra-liberal National Public Radio to the ultra-conservative Rush Limbaugh Show.

Wireshark Cookie Dump:

Read More »

Data Furnaces Use Servers to Heat the Home

A recent paper by Microsoft Research suggests using servers and data centers to heat buildings, including homes, offices, and college campuses. The method could cut the costs and energy waste traditionally associated with big server farms.

Massive server farms are becoming more and more common. While we frequently advocate the business benefits of the cloud here at Smarter Technology, the environmental consequences of the numbers of servers needed for major cloud efforts can be huge. A recent paper now proposes an unlikely solution to this environmental problem: using servers as furnaces to heat homes, offices and other buildings.
According to the Environmental Protection Agency, servers and data centers are responsible for up to 1.5 percent of electricity consumption, much of which is used trying to keep the machines cool. While the machines don’t generate enough heat to produce electricity, their temperature (which reaches up to 122 degrees) is perfect for heating purposes, including water heating and clothes dryers.
Big server farms are a major consumer of electricity in the United States. Using their heat to warm homes and offices could cut costs and save energy.

The paper by Microsoft Research proposes using micro-datacenters as “Data Furnaces,” the primary heating sources for office buildings and homes. Each Data Furnace, consisting of 40 to 400 CPUs, would integrate with the existing infrastructure of a building, much like a traditional furnace.
The researchers suggest that cloud-computing service operators could offer free heating to the companies and families housing the Data Furnaces. The technology could thereby diminish costs for both parties, as well as reduce energy consumption.
One disadvantage of the system is the lack of security in residential areas and even office buildings, according to a recent article in Gizmag. With encrypted data and tamper-proof devices, however, the Data Furnaces could avoid breaches.
The researchers suggest that Data Furnaces could save companies up to $324 per furnace per year. “Data Furnaces will reuse the facilities and energy already allocated for heating purposes to provide computing services with low cost and energy footprint,” they write.
“A similar approach could be used to heat water tanks, office buildings, apartment complexes, vegetable farms and large campuses with central facilities,” the researchers add.
Would you consider using servers as furnaces in your home or office? Let us know in the comments section below!

Wireshark Cookie Dump:

Read More »

Lose your laptop? Change all passwords, pronto

Elie Bursztein, left, highlights Windows password vulnerabilities during a Black Hat talk.

(Credit: Declan McCullagh/CNET)

LAS VEGAS--If your Windows laptop is stolen, be warned: new research shows how a thief can gain access to the passwords used by your Amazon.com, Google, Yahoo, Facebook, and other Web accounts.
The passwords for accounts in the cloud are supposed to be protected by Windows' built-in encryption. But a team of security researchers demonstrated at the Black Hat security conference here how last week to bypass the operating system's security.
A thief--or someone unconcerned with the finer points of federal hacking laws--can take advantage of the vulnerability to discover the passwords stored by Web browsers and other programs like instant messaging clients. So can police using electronic forensics to analyze a computer seized during a criminal investigation or without a warrant at a national border.
"It's not just your data on the computer, but everything you have in the cloud, including your Facebook account, your Gmail account, and so on," Elie Bursztein, a postdoctoral researcher at Stanford University who also analyzed Microsoft's geolocation database, told CNET. Ivan Fontarensky, Matthieu Martin, and Jean Michel Picod collaborated with him on the research.
The team has released a open-source utility to perform this decryption, which they call OWADE, for Offline Windows Analyzer and Data Extractor. It runs on Ubuntu, a Debian-derived Linux distribution, and is designed to decrypt information stored by the four major Web browsers and instant messaging clients under Windows XP.
Here's how it works: Windows offers a built-in encryption feature called DPAPI, part of the Crypto API, which allows application developers to store sensitive data in scrambled form. Microsoft describes as allowing any application to "secure data without needing any specific cryptographic code other than the necessary function calls to DPAPI." (API stands for application programming interface.)
That's a useful feature to have--assuming it's designed and implemented well.
What Bursztein and his colleagues found are security vulnerabilities in the way DPAPI was created. For instance, the list of possible passwords in many versions of Windows is unusually small, about 7 trillion possibilities, and can be pre-computed.
A Microsoft representative said the company would have a public response later today.
Another vulnerability they found is in the way passwords for Wi-Fi networks are encrypted and stored. (In Windows XP, they're in the system registry. In Windows 7 and Vista, they're in both the registry and an XML file.)
Different browsers, they found, store passwords for Web sites in different locations with varying amounts of security precautions.
"I'm very sad to say that Firefox is the worst for offline security," said Bursztein, who uses that browser himself.
Internet Explorer turns out to be the most secure. If you don't know the exact Web page, you can't recover the password.
Instant messaging clients also offer differing levels of security. They found Skype uses custom encryption for passwords and rated the difficulty of decrypting or bypassing it as "extreme." If the Skype password is sufficiently strong, they said, it can't be discovered.
Google Talk's Windows client uses DPAPI and is rated as "hard" to penetrate. Microsoft Messenger gets a verdict of only "medium," with details varying based on which version is being used.
Even worse: aMSN, an open-source MSN Messenger clone; 9talk; Trillian; and Pidgin.
Bursztein's recommendation, after doing all this work? "The mechanism that's in place in Windows to protect your data can be easily bypassed. The only real alternative for you is to encrypt your disk if you don't what your account compromised."

Wireshark Cookie Dump:

Read More »

Hacker launches volunteer program for security professionals

Renowned hacker Johnny Long drums up support for his Hackers for Charity nonprofit and announces a new InfoSec without Borders program at DefCon.

(Credit: Seth Rosenblatt/CNET)

LAS VEGAS--Johnny Long used to be known for Google hacking--finding vulnerable servers on the Internet using specific search terms. Now he's helping humanitarian groups, street kids, and police in Uganda learn how to use computers and keep malicious hackers out of their systems, as well as matching other information security professionals to charities that need help.
Long, who started the Hackers for Charity nonprofit in 2008, launched a new program at the DefCon hacker conference here this weekend that he's calling InfoSec without Borders and which is modeled after the Doctors Without Borders program.
"The volunteers are professionals in the industry now and they have a corporate responsibility" and want to help communities in need, he said. "We want to help guide that by feeding in charities that we screen."
Long's nonprofit provides free computer training to anyone who wants it, fixes computers, provides technical support to nongovernmental organizations (NGOs), and has fed thousands of families through its "food for work" program.
"We've trained street kids, the Ugandan police, government officials, Red Cross workers. We're trying to raise the level of technical ability to provide not only a service, but jobs," he said in an interview yesterday. "We have given computer training to lots of people who had absolutely no background in it. Now they have jobs and are doing things like word processing, office reception...and that kind of work is very well paid because the pool of resources there is so small."
Hackers for Charity has 30 employees and thousands of volunteers all over the world. "We've been fully embraced by the hacker community," he said, adding that the majority of the group's funding comes from hackers.
For many people, the word "hacker" conjures up images of underground criminals who break into databases and steal credit card data or the Anonymous and LulzSec groups that are really online activists described by veteran hackers as "script kiddies" who use automated tools and other less sophisticated techniques to find and exploit holes in software. But a true hacker is driven by intellectual curiosity and a challenge and has a desire to master technology and find new uses for it.
In Uganda, there's a new definition as a result of Long's work.
"The definition of 'hacker' in areas we work in Uganda has changed to 'aid worker,'" Long said. "They don't have the idea that hackers are criminals. They see us as computer wizard aid workers. That's one of the underlying things I wanted to accomplish with Hackers for Charity, to change the perception. We had been labeled as a criminal community and it's not fair."
In the 1990s, Long worked at Computer Sciences Corporation and created its Strike Force vulnerability assessment team. While there he specialized in using Google to find servers that are vulnerable to attack, sites exposing sensitive data like Social Security numbers and passwords and other things companies wouldn't want accessible via a search engine query.
After his wife went on a mission (they are both Christians) to Uganda in 2006 and shared what she had seen, Long went there and did volunteer computer repair work for an NGO whose virus-laden computer system was "a mess" and was hindering the organization's ability to keep track of contributions and be productive.
"The impact was immediate. The NGO was on the ground and up and running in two weeks, and feeding children the day we left. The last thing they said to us was 'you saved lives,'" he said. "That absolutely struck me and when I got back to the real world it was all I could think about. I wanted to use that platform to get people plugged in to that feeling of doing something positive, and to offer a positive path for hackers."
"It's hactivism by definition," Long said. "It's using technology to create social change, but it's the first example of positive hactivism I've seen."
Asked if people participating in online activism organized by the Anonymous group were hactivists, Long said: "It depends on the results of what they're doing. With Sony's site going down, you can see the immediate effect of their actions. But as to the social change, the political influence that they have, how do you measure that? A successful hactivist will be able to measure both. Personally, I have trouble seeing that impact."
Hackers for Charity is based in Jinja, which is a "stone's throw from the source of the Nile" and the second largest town in Uganda. Long's family runs a restaurant catering to Western tastes of tourists who might want a change from the typical fare of goat milk and rice. Visitors "will have a milkshake and cheeseburger and they'll drop off their laptop for a $20 repair," he said.
A lot of people are poor and turn to crime to survive. Long's family--including his three children ranging in age from nine to 15--live in a gated compound with barbed wire and an armed guard. "We have bars on every window and gates on every door," he said.
Most of the crime in Uganda is theft, he said. Computer security is practically non-existent, and that combined with the poverty is driving criminals online, according to Long, who is helping educate the Ugandan police on how to investigate everything from financial and bank fraud to credit card skimming and online scams.
"Criminals see this as a sand box to play in," he said. In addition to the work Hackers for Charity does, Long also works teaching the police about information security and connecting them to experts in the U.S. "It's basic training with the police there that can lead to training in things like forensics, he said. "We can work on cases, but we're also bringing up a generation of cyber cops in a place that has almost no infrastructure. It's unique."
Long is worried that Uganda could become another Nigeria, which is known in the online world as the birthplace of the Nigerian scam or "advance fee fraud," which features e-mails from a "barrister" who claims to be unable to access a large sum of unclaimed money without access to a bank account in a western country and offers a percentage of the money for help. By offering free computer training and other help Long hopes to help break the cycle of poverty without people having to become online thieves.
"If something doesn't change Uganda will become another Nigeria in the sense that criminals will take advantage of the technology first," he said. "We're trying to head that off as best we can."

Wireshark Cookie Dump:

Read More »

Top 5 Potential Cyber-Enemies for the United States

Details of "Operation Shady RAT"--a years-long campaign of hacking and cyber-espionage that's targeted the U.S. government, the U.N., the International Olympic Committee, and numerous other agencies and corporations worldwide--were released by security firm McAfee this week.
So far, most of the evidence gathered seems to point to China as the likely perpetrator behind Shady RAT, which is McAfee’s name for the operation. But the U.S. and the West also have other potential cyber-enemies to be wary of. Here's a breakdown of the five most likely parties with the resources and the will to carry out similar campaigns.

China

Easily the most significant cyber-threat. Not only are Chinese hackers suspected to be behind Operation RAT, but they're also the likely perpetrators of earlier hack attacks against Google and other incidents in recent years. The political value of the targets, including some in Taiwan, would also seem to indicate at least some level of tacit knowledge of the hacking activities by the Chinese government, if not full-blown support. If that's the case, then Chinese government-sponsored hacking represents by far the greatest cyberwar threat, given the nearly limitless resources China's ruling Communist party has been known to throw into pet projects.

Anonymous/Hacktivists

McAfee says that by comparison to what it uncovered in Operation Shady RAT, the Anonymous/Lulzsec brand of hacking is "just nuisance." So far, the hacker collectives have limited their activities largely to defacing websites and leaking embarrassing or private information. They also claim to have retrieved a number of files from a NATO server that they said they would not release because it would "be irresponsible" to do so. Ethical code or not, such a breach represents a dire threat to any military force or other agency that relies on secrets to operate.

Iran

A low-level cyberwar between Iran and the United States and/or Israel could already be under way, depending on who you ask. Reports of Iranian hackers going after U.S. targets began to circulate more about five years ago, with an attack on Twitter in 2009 drawing the most attention. Then came the Stuxnet worm. It's believed that a Western country, perhaps the U.S. or Israel, released it to infiltrate Iran's nuclear facilities. Ever since then, it's been game on. Iranian hackers continue to vow revenge and go after American targets fairly regularly. It's unclear how much involvement the Iranian government has in the attacks.

Jihadists/Terrorists

So far, the Internet has been used primarily as a recruiting tool for terrorism, but more groups of jihadist hackers have been making themselves known lately, include one that declared a "cyber jihad" following the death of Osama bin Laden. The threat of cyber-terrorism is not just limited to jihadis, either. Hackers have been known to fly the banner of any number of extremist causes.

Unknown

Any number of groups, governments or even individuals pose a potential cyberthreat. Remember who pulled off the Sony PlayStation Network attack? Me neither, because although Anonymous was suspected, no one ever took responsibility, and it doesn't fit the Anonymous M.O. Anonymous itself seemingly appeared from the ether. There's no reason a more malicious group couldn't do the same.

Wireshark Cookie Dump:

Read More »

Microsoft Announces "BlueHat" Contest for Better Security Solutions

As any Jedi knight knows, the temptation to turn to the Dark Side is difficult to resist. The same can be true for White Hat hackers--malware fighters who discover vulnerabilities in software.
The black market prices for those kinds of security flaws are as tantalizing to ethical hackers as the malevolent side of The Force was to Luke Skywalker. Microsoft wants to temper those temptations, though, and has announced a contest that offers more than $250,000 in prizes for developing better solutions to counter security threats.
Microsoft's "BlueHat Prize," announced by the company at the Black Hat security conference in Las Vegas Wednesday, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. Those kinds of vulnerabilities can create problems like buffer overflows that can be exploited by Net miscreants to compromise computers.
“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology," Matt Thomlinson, Microsoft’s General Manager of Trustworthy Computing Group, said.
“Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues," Thomlinson continued. "We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks."

Top Experts Needed

In offering the prize, Microsoft hopes to attract the world's top experts to focus their "little gray cells" on a major security problem. “Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," observed Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center.
“We’re looking to collaborate with others to build solutions to tough industry problems," she added. "We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world."

The Origin of the Concept

According to Microsoft, it got the idea for the BlueHat prize from a previously launched security information-sharing program. That initiative, the Microsoft Active Protections Program (MAPP), allows Microsoft to share information with security vendors around the world so they can release protection technologies to their customers much faster. The success of that program got Microsoft thinking about mounting a similar effort for the security research community.
One vendor with praise for BlueHat was Adobe, a company that's no stranger to software with vulnerabilities. “The Microsoft BlueHat Prize announced at Black Hat [on August 3] is an exciting new initiative and a great example of encouraging community collaboration in the defense against those with malicious intent," observed Adobe's Senior Director for Product Security and Privacy Brad Arkin.
“This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks, rather than thinking about software security as a challenge best addressed one bug at a time," he continued. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."
Here are the official rules and guidelines for the competition. Contest submissions will be accepted until Sunday, April 1, 2012, Microsoft said. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and functionality (30 percent); robustness--how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The winners will be announced at Black Hat USA conference in 2012.

Wireshark Cookie Dump:

Wireshark Cookie Dump:

Read More »

Apple Sues Samsung For copying its designs on Galaxy Products

Apple sued Samsung Electronics claiming the South Korean firm's Galaxy line of mobile phones and tablets "slavishly" copies the iPhone and iPad, according to court papers, a move analysts say is aimed at keeping its close rivals at bay.

Apple is one participant in a web of litigation among phone makers and software firms over who owns the patents used in smartphones, as rivals aggressively rush into the smartphone and tablet market which the US firm jumpstarted with iPhone and iPad.

Nokia and Apple have sued each other in numerous courts and as recently as last month Nokia filed a complaint with the US trade panel alleging that Apple infringes its patents in iPhones, iPads and other products.

Samsung is one of the fastest growing smartphone makers and has emerged as Apple's strongest competitor in the booming tablet market with models in three sizes but it remains a distant second in the space.

"If Apple fails to fend off Android, it will within a year or two find itself in a situation like Research in Motion, even if at a higher level (initially)," said Florian Mueller, a technology specialist and blogger on patent battles.

"Apple has realised this already as its new lawsuit against Samsung shows, but given what's at stake, I think Apple would have to do much more than this. It would have to sue more Android device makers and over more patents."

Samsung's Galaxy products use Google's Android operating system, which directly competes with Apple's mobile software. However, Apple's claims against Samsung focus on Galaxy's design features, such as the look of its screen icons, the lawsuit said.

The lawsuit, filed on Friday, alleges Samsung violated Apple's patents and trademarks.
"This kind of blatant copying is wrong," Apple spokeswoman Kristin Huguet said in a statement.

Apple is bringing 16 claims against Samsung, including unjust enrichment, trademark infringement and 10 patent claims.

"...Samsung has made its Galaxy phones and computer tablet work and look like Apple's products through widespread patent and trade dress infringement... By this action, Apple seeks to put a stop to Samsung's illegal conduct and obtain compensation for the violations that have occurred thus far," Apple said in the court document.

Samsung said it would respond to the legal action "through appropriate legal measures to protect our intellectual property."

"Samsung's development of core technologies and strengthening our intellectual property portfolio are keys to our continued success," it said in a statement.

Samsung faces the challenge of moving beyond being a hardware company, clever at copying ideas, to becoming more creative, better adept at software, at a time when consumer gadgets are getting smarter all the time.

It has yet to come up with the kind of original, iconic, market-leading products that powered brands such as Apple's i-series or Sony Corp's Walkman. Nor has it taken the kind of initiatives in software that Google and Apple did to thwart Microsoft.

FORMIDABLE RIVAL

Apple CEO Steve Jobs has criticised Samsung and other rivals in presentations of new products or technology debates. Analysts say Samsung's response to this has been muted, partly because Apple was Samsung's second-biggest customer last year after Sony.

Apple brought in around 6.2 trillion won ($5.7 billion) of sales to Samsung in 2010 mainly by purchasing semiconductors, according to Samsung's annual report.

John Jackson, an analyst with CCS Insight, said Samsung is essentially Apple's only real tablet competitor at this stage. "It's clear that they do not intend to let Apple run away with the category," Jackson said.

"This is more like a symbolic move by Apple that it is quite serious about rivals advancing and it is trying to hold back its close competitors," said John Park, an analyst at Daishin Securities in Seoul.

"Samsung is unlikely to respond aggressively given that Apple is its core client in the component business," Park said.

To better compete with Apple, Samsung redesigned within weeks its new 10.1-inch tablet, first introduced in February, to make it the thinnest in the category after Apple set the trend with its iPad 2.

The global smartphone market is expected to grow 58 per cent this year and Android is set account for 39 per cent of the market, while the tablet market is likely to quadruple to 70 million units, according to research firm Gartner.

Apple's iPad will still dominate, controlling more than half of the tablet market for the next three years, but its share is seen gradually declining to 47 per cent in 2015 from 69 per cent this year, giving way to Android devices.

Wireshark Cookie Dump:

Read More »