Cyberwars: “Bigger than Heartbleed”

Shellshock-bash-header-664x374Just months after the Heartbleed bug made waves across the internet, a new security flaw has emerged which threatens to compromise everything from major servers to connected cameras. It is known as the Bash or Shellshock bug, a quarter-century old vulnerability that could put everything from major internet companies and small-scale web hosts to wi-fi connected devices at risk.

This  flaw allows malicious code execution within the bash shell – commonly accessed through Command Prompt on PC or Mac’s Terminal application – to take over an operating system and access confidential information. According to the open-source software company Red Hat, bash shells are run in the background of many programs, and the bug is triggered when extra code is added within the lines of Bash code.

heartbleed-iconBecause the bug interacts with a large percentage of software currently in use, and does in ways that are unexpected, Robert Graham – an internet security expert – claims that the Bash bug is bigger than Heartbleed. As he explained it:

We’ll never be able to catalogue all the software out there that is vulnerable to the Bash bug. While the known systems (like your Web server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable.

According to a report filed by Ars Technica, the vulnerability could affect Unix and Linux devices, as well as hardware running Max OS X – particularly Mac OS X Mavericks (version 10.9.4). Graham warned that the Bash bug was also particularly dangerous for connected devices because their software is built using Bash scripts, which are less likely to be patched and more likely to expose the vulnerability to the outside world.

shellshock_bashAnd since the bug has existed for some two and a half decades, a great number of older devices will be vulnerable and need to be patched because of it. By contrast, The Heartbleed bug was introduced into OpenSSL more than two years ago, allowing random bits of memory to be retrieved from impacted servers. And according to security researcher Bruce Schneier, roughly half a million websites could be vulnerable.

For the time being, the administrative solution is to apply patches to your operating system. Tod Beardsley, an engineering manager at security firm Rapid7, claims that even though the vulnerability’s complexity is low, the level of danger it poses is severe. In addition, the wide range of devices affected by the bug make it essential that system administrators apply patches immediately.

cyber_virusAs Beardsley explained during an interview with CNET:

This vulnerability is potentially a very big deal. It’s rated a 10 for severity, meaning it has maximum impact, and ‘low’ for complexity of exploitation — meaning it’s pretty easy for attackers to use it… The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes etc. Anybody with systems using bash needs to deploy the patch immediately.

Attackers can potentially take over the operating system, access confidential information, and make changes. After conducting a scan of the internet to test for the vulnerability, Graham reported that the bug “can easily worm past firewalls and infect lots of systems” which he says would be “‘game over’ for large networks”. Similar to Beardsley, Graham said the problem needed immediate attention.

cyber-hackIn the meantime, Graham advised people to do the following:

Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a Bash patch. And, since most of them can’t be patched, you are likely screwed.

How lovely! But then again, these sorts of exploitable vulnerabilities are likely to continue to pop up until we rethink how the internet is run. As the Heartbleed bug demonstrated, the problem at the heart (no pun!) of it all is that vast swaths of the internet run on open-source software that is created by only a handful of people who are paid very little (and sometimes, not at all) for performing this lucrative job.

In addition, there is a terrible lack of oversight and protection when it comes to the internet’s infrastructure. Rather than problems being addressed in an open-source manner after they emerge, there needs to be a responsible body of committed and qualified individuals who have the ability to predict problems in advance, propose possible solutions, and come up with a set of minimum standards and regulations.

cryptographyEnsuring that it is international body would also be advisable. For as the Snowden leaks demonstrated, so much of the internet is controlled the United States. And as always, people need to maintain a degree of vigilance, and seek out information – which is being updated on a regular basis – on how they might address any possible vulnerabilities in their own software.

I can remember reading not long ago that the growing amount of cyber-attacks would soon cause people to suffer from “alert fatigue”. Well, those words are ringing in my ears, as it seems that a growing awareness of our internet’s flaws is likely to lead to “bug fatique” as well. Hopefully, it will also urge people to action and lead to some significant reforms in how the internet is structured and administered.

Source: cnet.com, arstechnica.com, blog.erratasec.com, securityblog.redhat.com

Developing World Tech: BRCK Mobile Internet Device

BRCK1Far from Silicon Valley in California, there is a place that some are now calling “Silicon Savannah.” Located around Nairobi, and centered on the nonprofit collective Ushahidi, an explosion in African tech is taking shape. And this month, backers of the collective’s 2013 Kickstarter campaign are finally getting their hands on BRCK – a long-awaited device that is the antithesis of shiny, expensive internet hardware.

A mobile Internet router, BRCK is essentially a self-powered, mobile Wi-Fi device that promises to bring internet access to remote communities and underdeveloped neighborhoods all around the world. And as an added bonus, it reverses the usual order of globalization – having been invented in a developing country, built in the US, and intended for customers in any country anywhere.

BRCKIt can connect to the web in one of three ways: by plugging in a standard ethernet cable, by bridging with other Wi-Fi networks, or by accessing 3G or 4G data via a basic SIM card. Originally, Ushahidi invented it in order to overcome infrastructure challenges – specifically, inconsistent electricity and Internet connectivity – plaguing young upstarts in Nairobi. But it turns out, plenty of other people and places face the same challenges all over the world.

Contrary to public opinion, it is not just developing or underdeveloped countries that experience infrastructure challenges. Recently in the UK, Virgin Media customers across London lost service; while in the US, in what appeared to be an unrelated event, millions of Time Warner customers across the U.S. – largely in Chicago, Houston, Los Angeles, New York, and Tampa – were knocked offline.

Developed-and-developing-countriesBut even just focusing on the developing world, BRCK’s potential market is enormous. While only a quarter of people from the developing world are currently connected, they already account for a staggering two-thirds of all people online today. While the technology is not exactly cutting-edge by most standards, it offers numerous advantages that take the needs of its potential market into account.

Beyond its three connection methods, BRCK can keep up to 20 users up and running for as long as eight hours during an electrical outage. And should the internet be unavailable in a given locale, the device continues operating offline, syncing up when its connection is restored. In addition, the stock hard drive is 4 gigabytes big, and it has a storage capacity of up to 32 gigabytes.

http://upload.wikimedia.org/wikipedia/commons/a/a2/Nairobi_Kibera_04.JPGBRCK CEO Erik Hersman, who cut his teeth in the industry as a blogger, sees the company’s base in Nairobi as one of its greatest assets, particularly given its target market. Having been born in Sudan and having settled in Kenya with his young family,  ( is well-suited to addressing local needs with local solutions:

I describe it as a new remix of old technology. That’s the key to understanding Africa’s technology… If it works in Africa, it’ll work anywhere… We’re playing with dirty power and crappy Internet, so the device has to be resilient.

While designed in Kenya, BRCK is manufactured and assembled in Texas by a company called Silicon Hills, which is located outside of Austin. With its matte black, rubberized case, BRCK is elegant, but mostly unassuming, and has the relative dimensions of an actual brick. It’s too large to fit in a pocket, but small enough to carry in a backpack, place on a desk, or even on the hood of your Land Rover in the African countryside.

BRCK2By weight, BRCK is substantially heavier than a plastic router, but it’s also much more than one. In addition to its battery, BRCK has multiple ports, including a general-purpose input/output, enabling users to program and connect other hardware – such as sensors or a solar charger – to the device. But what is perhaps most compelling about BRCK, are its potential applications.

In truth, the greatest possibilities lies in the ability to break away from the model of centralized internet providers. This could lead to nothing short of a revolution in how people get online, and in way that would ensure a far greater measure of “equality of access”. As Hersman explained it:

We see enormous resonance with the work of other organizations. Take the proliferation of web-enabled laptops and tablets in schools; why is it that each of these devices connect to a mobile tower? Why not to a single, centralized point? …We’re at a place in history where the barriers to entry are no longer in the software space, but in the hardware space. Because we don’t yet have fully functioning maker spaces and rapid prototyping abilities here in Nairobi, the design process is still relatively slow and expensive, but the barriers are coming down.

Achuar community monitors learning to use GPSEducation, health, environmental, and even military and governmental organizations are already in conversation with BRCK and multiple entities are testing it out. For consumers in emerging markets, BRCK’s $200 price tag may be a stretch, but the company is looking at purchasing plans, which have worked well in developing nations for both the cell phone and energy sectors.

But BRCK’s business model is ultimately based more on companies than individual consumers. Digital Democracy, a nonprofit organization that has worked in two dozen countries around the world, is one such company. According to its founder and executive director, Emily Jacobi:

The reason that we backed BRCK and that I’m excited to see it come about is because it fills an important gap in hardware and tools. We’re going to remote areas and training groups – indigenous groups, refugees, and other at-risk populations – to map the land and communities using GPS devices and cameras. We’re particularly excited about BRCK’s ability to facilitate collaborative work, as well as function offline.

internetIf there was one thing that the Digital Revolution promised, it was to bring the world together. Naturally, there were those who thought this to be naive and idealistic, citing the fact that technology has a way of being unevenly distributed. And while today, people live in a world that is far more connected than in any previous age, access remains an illustrative example of the gap between rich and poor nations.

Hence why an invention like the BRCK holds so much promise. Not only does it neatly reverse the all-too-common direction of technological development – i.e. technology conceived by a wealthy country, built in a poor one, only sold in wealthy ones – it also helps to shorten the gap between rich and poor nations when it comes to accessing and enjoying the fruits of that development.

This month, orders began shipping to buyers in 45 countries around the world this month. To get your hands on one, check out Ushahidi’s website and learn more about their efforts to develop open-source, equal-access technology.

Sources: fastcoexist.com, digital-democracy.org, ushahidi.com

The Future is Here: First Brain-to-Brain Interface!

https://i0.wp.com/www.extremetech.com/wp-content/uploads/2014/09/professor-x-x-men-telepathy-helmet-640x352.jpgIn a first amongst firsts, a team of international researchers have reported that they have built the first human-to-human brain-to-brain interface; allowing two humans — separated by the internet — to consciously communicate with each other. One researcher, attached to a brain-computer interface (BCI) in India, successfully sent words into the brain of another researcher in France, who was wearing a computer-to-brain interface (CBI).

In short, the researchers have created a device that allows people to communicate telepathically. And it’s no surprise, given the immense amount of progress being made in the field. Over the last few years, brain-computer interfaces that you can plug into your computer’s USB port have been commercially available. And in the last couple of years we’ve seen advanced BCIs that can be implanted directly into your brain.

BCICreating a brain-to-brain connection is a bit more difficult though, as it requires that brain activity not only be read, but inputted into someone else’s brain. Now, however, a team of international researchers have cracked it. On the BCI side of things, the researchers used a fairly standard EEG (electroencephalogram) from Neuroelectrics. For the CBI, which requires a more involved setup, a transcranial magnetic stimulation (TMS) rig was used.

To break the process down, the BCI reads the sender’s thoughts, like to move their hands or feet, which are then broken down into binary 1s and 0s. These encoded thoughts are then transmitted via the internet (or some other network) to the recipient, who is wearing a TMS. The TMS is focused on the recipient’s visual cortex, and it receives a “1″ from the sender, it stimulates a region in the visual cortex that produces a phosphene.

https://i2.wp.com/www.extremetech.com/wp-content/uploads/2014/09/brain-to-brain-bci-eeg-tms.jpgThis is a phenomenon whereby a person sees flashes of light, without light actually hitting the retina. The recipient “sees” these phosphenes at the bottom of their visual field, and by decoding the flashes — phosphene flash = 1, no phosphene = 0 — the recipient can “read” the word being sent. While this is certainly a rather complex way of sending messages from one brain to another, for now, it is truly state of the art.

TMS is somewhat similar to TDCS (transcranial direct-current stimulation), in that it can stimulate regions of neurons in your brain. But instead of electrical current, it uses magnetism, and is a completely non-invasive way of stimulating certain sections of the brain and allowing a person to think and feel a certain way. In short, there doesn’t need to be any surgery or electrodes implanted into the user’s brain to make it happen.

brain-to-brain-interfacingThis method also neatly sidestep the fact that we really don’t know how the human brain encodes information. And so, for now, instead of importing a “native” message, we have to use our own encoding scheme (binary) and a quirk of the visual cortex. And even if it does seem a little bit like hard work, there’s no denying that this is a conscious, non-invasive brain-to-brain connection.

With some refinement, it’s not hard to imagine a small, lightweight EEG that allows the sender to constantly stream thoughts back to the receiver. In the future, rather than vocalizing speech, or vainly attempting to vocalize one’s own emotions, people could very well communicate their thoughts and feelings via a neural link that is accommodated by simple headbands with embedded sensors.

Brain-ScanAnd imagine a world where instant messaging and video conferencing have the added feature of direct thought sharing. Or an The Internet of Thoughts, where people can transfer terabytes worth of brain activity the same way they share video, messages and documents. Remember, the internet began as a small-scale connection between a few universities, labs and research projects.

I can foresee a similar network being built between research institutions where professors and students could do the same thing. And this could easily be followed by a militarized version where thoughts are communicated instantly between command centers and bunkers to ensure maximum clarity and speed of communication. My how the world is shaping up to be a science fiction novel!

Sources: extremetech.com, neurogadget.com, dailymail.co.uk

Video Goes Viral, Kim Jong Un is Pissed!

https://i0.wp.com/media3.s-nbcnews.com/i/newscms/2014_30/579296/140723-kim-jong-un-video-mn-835_f0a62be658cd09bb2ea7bde45d25c135.jpgA new video was recently posted online that shows North Korean dictator Kim Jong Un breaking out the dance moves, getting pranked, and engaging in some serious fight scenes. The video has gone absolutely viral and has everybody laughing – except for Kim Jong Un himself. In fact, the “Great Leader’s” outrage was such that North Korea made  a public statement denouncing the video and demanding it be taken down.

According to the English-language Korean newspaper The Chosun Ilbo, the video was made by a Chinese man bearing the surname Zhang who reportedly studied at a university in South Korea. The paper goes on to cite a source in China saying North Korea felt the clip “seriously compromises Kim’s dignity and authority” and asked China to stop the spread of the video, but that “Beijing was unable to oblige.”

https://i0.wp.com/www.financetwitter.com/wp-content/uploads/2014/07/Funny-Hilarious-Video-Kim-Jong-un-Dancing.jpgThe reaction is predictable, and the request certainly betrays the North Korean regime’s internet-phobic tendencies, not to mention their ignorance of how the internet actually works. For starters, once something is posted on the internet, it becomes part of the digital ether and can never be destroyed. In addition, drawing attention to an internet phenomenon only makes it stronger! By condemning it, Kim Jong Un’s people just ensured it’s viral nature!

The video consists of the Dear Leader’s head being spliced onto a variety of bodies that see him getting down on a ball field, getting karate-kicked by Obama (who also has his head spliced onto various heads), skipping through a field with Osama Bin Laden, and doing some serious kung fu fighting. And it all takes place to a Chinese pop hit by the Chopstick Brothers, who have made viral videos of their own in the past.

Needless to say, it’s really quite funny. And it’s only made more so by the fact that the man-child leading the world’s most backward and ridiculous regime finds its so infuriating. So be sure to watch it, enjoy it, and contribute to its circulation!


Source:
 cnet.com

Encoding Equality: Girl Geek Academy

girlgeekWhen it comes to the gaming industry, there appears to be something of a glass ceiling. According to a developer satisfaction survey that was released last month from the International Game Developers Association, only 22 percent of people working in the gaming industry are women. And while this presents a twofold increase from five years ago (11.5%), it’s proportionally low considering that women make up some 48% of the gaming community.

This disparity is pretty common across software, app development, and tech startups (even though startups led by women produce 12 per cent higher returns). The logical next step would be to encourage more women to enter these fields. This is where Girl Geek Academy comes in, an initiative aimed at teaching women the skills they need to start their own ventures – everything from coding classes to mentoring programs from successful start-ups.

girlgeek_dinnerAnd there’s definitely demand for it, according to co-founder, programmer and senior digital strategist Tammy Butow:

We have seen over the years that female-focused groups have helped increase the number of women attending technology events and learning technology skills. Over the last few years I have run Girl Geek Dinners Melbourne – in January 2013 we had 350 members – and we then ran a series of tech workshops to teach skills such as HTML, CSS and JS…

Girl Geek Dinners Melbourne now has over 1000 members. [Fellow co-founder] April [Staines] and I also ran Australia’s first all-female hackathon She Hacks in Melbourne. She Hacks sold out in one week, a few weeks later we also ran Australia’s first Startup Weekend Women event and that sold out too.

After running these workshops and discovering just how many women were interested in learning these skills, Butow and her associates decided to widen their scope. This they did by opening up a series of classes and programs for women of all ages (above the age of 18) and skill levels with a target of achieving a total of one million women building apps and learning to create startups by the year 2025.

girlgeek_acadAs Butow explained, it’s all about taking the next step in the development of the internet as we know it:

The internet we know now was primarily built by men. We are interested in finding out what women would like to create. At the Startup Weekend Women event we recently ran, there were several teams that created apps focusing on flexible work opportunities for women. This was a very clear theme for the weekend. We had several women in attendance who were expecting children or had small children; they are interested in using technology to solve the problems they are experiencing.

Partnered with Google, Aduro and 99Designs, the Academy offers a number of classes – either as face-to-face workshops, or via Google Hangouts and Aduro. The two-hour classes include learning different programming languages, such as JavaScript and Ruby, down to the basics of founding a startup, such as a public speaking class and how to manage your finances.

https://i2.wp.com/klausandfritz.com/wp-content/uploads/2014/07/GGAcademyLaunch-19.jpgMore experienced women are encouraged to teach classes, and the Academy already boasts a variety of events, ranging from hackathons, makerfests, code getaways and study tours. The team is already organising the very first study tour, hoping to take Australian women to visit global startup hotspots such as Silicon Valley and Tel Aviv. And though women are the focus, men are welcome too, as long as they attend with a girl geek and are willing to lend a helping hand.

The first class took place on July 15th in Richmond, Victoria. For the price of AU$35, people got a healthy dinner and a seminar that focused on the very first issue relating to development: how to pitch an idea. For an additional AU$10, people were able to get tickets for the Google Hangout. For those interested in getting in on events held in the next 12 months, they can look them up on the Girl Geek Academy website.

Personally, I think this is a great initiative with a noble purpose. Despite great strides being made by women in all walks of professional life, certain industries remain tougher than others to crack. By creating an organization and atmosphere that fosters support, guidance and welcomes contribution, the gaming industry is likely to see a lot more women on the supply side in coming years.

the_evolution_by_pedro_croft-d5qxi09-600x259Perhaps then we can look forward to more positive representations of women in games, yes?

Sources: cnet.com, girlgeekacademy.com

Cyberwars: Watching the US and China in Real-Time

norse-hacking-map-640x353Since the dawn of the internet age, there has been no shortage of stories about hackers, malware-peddling malcontents, online scams and identity theft. Add to that the growing consensus that wars in the future will be fought online through “cyberwarfare divisions”, and you can understand why such positive statements once made about the internet – like how it would bring the world together and create “a global village” – would seem incredibly naive now.

However, despite the prevalence of hacking and cyberwarfare-related fear, very few people have actually experienced what it is like. After all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows global hacking attempts in real-time. And of course, the ongoing battle between US and Chinese forces accounts for much of it.

norse-china-usa-hacking-smallerThe real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers – essentially a juicy-looking target that turns out to be a trap -maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (the port used for Windows file sharing) is still one of the top targets , but DNS, SSH, and HTTP are all very popular too. CrazzyNet and Black Ice – two common Windows backdoor programs often used by script kiddies and criminals – is also sure to pop up.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsOn occasion, the map is likely to show a big burst of coordinated attacks coming from China and directed towards the US. And while it is difficult to blame these attacks directly on the Chinese government (as they are adept at routing their attacks through other servers) government and independent researchers are confident the majority of these attacks are being directed by the People’s Liberation Army’s Unit 61398 – aka. the PLA’s cyberwarfare division.

A lot of hacks originate in the US, too, but their targets are much more varied. And in cases where Chinese facilities (or other nations that are nominally identified as hostile to the US) you can bet that the US Cyber Command at Fort Meade is behind the lot of them. But the map is still limited in that it uses Norse’s own honeypot operations to identify these attacks, and it therefore cannot be said with absolute certainty that real attacks happen in the same fashion.

nsa_aerialBut a general picture of the size and shape of global hacking and cyberwarfare can be divined by looking at the stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day. Likewise, the National Nuclear Security Administration says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day, and the UK reported around 120,000 attacks per day back in 2011.

While the extent and purpose of these attacks certainly varies, it is pretty clear that hacking and cyberwarfare is a global problem and something that governments, corporations, and institutions need to pay attention to. Last year, the Obama administration’s announced that it would not sit idly by in the face of stepped up attacks from China. However, the subsequent testimony and document leaks by Snowden showed that the US has been conducting its own attacks the entire time (and even beforehand).

And such is the nature of war, regardless of the context or the weapons used. States rattle their swords claiming they will not tolerate aggression, but there is always a fine line between maintaining one’s defenses and escalating a situation to the point that mutual destruction becomes inevitable. Perhaps the people who are currently fighting this alleged cyberwar should look to the past – specifically to the First World War and the Cold War – to see just how effective “arms races” are!

Source: extremetech.com, map.ipviking.com

The Internet of Things: AR and Real World Search

https://i0.wp.com/screenmediadaily.com/wp-content/uploads/2013/04/augmented_reality_5.jpgWhen it comes to the future, it is clear that the concept of the “Internet of Things” holds sway. This idea – which states that all objects will someday be identifiable thanks to a virtual representations on the internet – is at the center of a great deal of innovation that drives our modern economy. Be it wearables, wireless, augmented reality, voice or image recognition, that which helps us combine the real with the virtual are on the grow.

And so it’s really no surprise that innovators are looking to take augmented reality to the next level. The fruit of some of this labor is Blippar, a market-leading image-recognition and augmented reality platform. Lately, they have been working on a proof of concept for Google Glass showing that 3-D searches are doable. This sort of technology is already available n the form of apps for smartphones, but a central database is lacking that could any device into a visual search engine.

https://i1.wp.com/inthralld.com/wp-content/uploads/2013/08/Say-Hello-to-Ikeas-2014-Interactive-Catalog-App-4.jpegAs Ambarish Mitra, the head of Blippar stated, AR is already gaining traction among consumers thanks to some of the world’s biggest industrial players recognizing the shift to visually mediated lifestyles. Examples include IKEA’s interactive catalog, Heinz’s AR recipe booklet or Amazon’s recent integration of the Flow AR technology into its primary shopping app. As this trend continues, we will need a Wikipedia-like database for 3-D objects that will be available to us anytime, anywhere.

Social networks and platforms like Instagram, Pinterest, Snapchat and Facebook have all driven a cultural shift in the way people exchange information. This takes the form of text updates, instant messaging, and uploaded images. But as the saying goes, “a picture is worth a thousand words”. In short, information absorbed through visual learning has a marked advantage over that which is absorbed through reading and text.

Augmented_Reality_Contact_lensIn fact, a recent NYU study found that people retain close to 80 percent of information they consume through images versus just 10 percent of what they read. If people are able to regularly consume rich content from the real world through our devices, we could learn, retain, and express our ideas and information more effectively. Naturally, there will always be situations where text-based search is the most practical tool, but searches arise from real-world experiences.

Right now, text is the only option available, and oftentimes, people are unable to best describe what they are looking for. But an image-recognition technology that could turn any smartphone, tablet or wearable device into a scanner that could identify any 3-D object would vastly simplify things. Information could be absorbed in a more efficient way, using an object’s features and pulling up information from a rapidly learning engine.

https://i1.wp.com/24reviews.com/wp-content/uploads/2014/03/QWERTY-keyboard.pngFor better or for worse, wearable designs of consumer electronics have come to reflect a new understanding in the past few years. Basically, they have come to be extensions of our senses, much as Marshall McCluhan wrote in his 1964 book Understanding Media: The Extensions of Man. Google Glass is representative of this revolutionary change, a step in the direction of users interacting with the environment around them through technology.

Leading tech companies are already investing time and money into the development of their own AR products, and countless patents and research allocations are being made with every passing year. Facebook’s acquisition of virtual reality company Oculus Rift is the most recent example, but even Samsung received a patent earlier this year for a camera-based augmented reality keyboard that is projected onto the fingers of the user.

https://i1.wp.com/blogs.gartner.com/it-glossary/files/2012/07/internet-of-things-gartner.pngAugmented reality has already proven itself to be a multi-million dollar industry – with 60 million users and around half a billion dollars in global revenues in 2013 alone. It’s expected to exceed $1 billion annually by 2015, and combined with a Google-Glass type device, this AR could eventually allow individuals to build vast libraries of data that will be the foundation for finding any 3-D object in the physical world.

In other words, the Internet of Things will become one step closer, with an evolving database of visual information at the base of it that is becoming ever larger and (in all likelihood) smarter. Oh dear, I sense another Skynet reference coming on! And in the meantime, enjoy this video that showcases Blippar’s vision of what this future of image overlay and recognition will look like:


Source: wired.com, dashboardinsight.com, blippar.com

China Blocks Google for 25th Anniversary of Tiananmen Square

tiananmen-square-1989-tankIn preparation for the 25th anniversary of the Tiananmen Square Massacre (aka. the June 4th Incident), Chinese authorities decided to begin blocking Google. It’s believed that the blockade is tied to this week’s 25th anniversary of the 1989 Tiananmen Square Massacre where the People’s Liberation Army cracked down on pro-democracy demonstrators. Each year, the Chinese government censors the web in an effort to limit protests against the thwarted uprising.

Aside from Google, several internet services were blocked or censored in advance, including social networks and other web communication tools. Though the Chinese government has not yet confirmed this, countless Chinese users have discovered Google’s services to be inaccessible since the last week of May. In addition, a report from GreatFire.org claimed that the government appeared to have begun targeting Google Inc’s main search engine and Gmail since at least the last week of May, making them inaccessible to many users in China.

chinese_hackerThe report added that the last time it monitored such a block was in 2012, when it only lasted 12 hours. At is states:

It is not clear that the block is a temporary measure around the anniversary or a permanent block. But because the block has lasted for four days, it’s more likely that Google will be severely disrupted and barely usable from now on.

Asked about the disruptions, a Google spokesman said: “We’ve checked extensively and there’s nothing wrong on our end.” And Google’s own transparency report, which shows details about its global traffic, showed lower levels of activity from China starting from about Friday, which could indicate a significant amount of disruption. Other major social media sites – such as Twitter and Facebook and Google’s own Youtube – are already blocked in the country.

A Google logo is seen at the entrance to the company's offices in TorontoOf course, this should come as no surprise, given the way this anniversary is received by Chinese officials. For the ruling Communist Party, the 1989 demonstrations that clogged Tiananmen Square in Beijing and spread to other cities remain taboo, particularly on their 25th anniversary. When June rolls around each year and the Tiananmen Square Massacre is commemorated around the world, including in Hong Kong, China’s ruling party typically conducts a web crackdown.

It’s not uncommon for Chinese censors to block certain comments from being made even on China-based company services, like Weibo, China’s own version of Twitter. And China also applies pressure to search engines like Baidu in their country in order to ensure that censorship filters are in place. And as with previous years, the run-up to the anniversary has been marked by detentions, increased security in Beijing and tighter controls on the Internet.

tiananmen_square_vigilThis year, the detainees included prominent rights lawyer Pu Zhiqiang and Chinese-born Australian artist Guo Jian, a former Chinese soldier who last week gave an interview to the Financial Times about the crackdown. And as usual, the Chinese government made a statement in which it once again defended its decision to use military force against the pro-democracy demonstrators who gathered in the Square twenty-five years ago.

The statement came from Foreign Ministry spokesman Hong Lei during a daily news briefing, in which he said:

The Chinese government long ago reached a conclusion about the political turmoil at the end of the 1980s. In the last three decades and more of reform and opening up, China’s enormous achievements in social and economic development have received worldwide attention. The building of democracy and the rule of law have continued to be perfected. It can be said that the road to socialism with Chinese characteristics which we follow today accords with China’s national condition and the basic interests of the vast majority of China’s people, which is the aspiration of all China’s people.

tiananmen_square_vigil2On the subject of why Google was being targeted, Hong said only that the government “manages the Internet in accordance with the law”, which is consistent with the state’s position with all web-based censorship. When asked about the jailing of dissidents, Hong replied that “In China there are only law breakers — there are no so-called dissidents.” He also stressed once again that all departments of the Chinese government “consistently act in accordance with the law.”

For years now, Google has had a contentious relationship with China, which began with the company had once offering its search services to the world’s second largest economy. However, due to issues over censorship, Google decided to move its Chinese search engine to Hong Kong, effectively allowing them to operate outside the rules and regulations of the Chinese government. But as China demonstrated these past few weeks, it still has the ability to block the flow of traffic from Hong Kong into the mainland. 

tiananmen_square_vigil3It also aptly demonstrated just how much it fears the specter of Tiananmen Square, even some twenty-five years later. From clamping down on their people’s ability to learn more about the massacre, to clamping down on even the possibility of protest in advance, to continually denying any wrongdoing and suppressing information on the number of people killed, the legacy of Tiananmen Square continues to expose the blatant hypocrisy and denial of the Communist Party of China.

If history has taught us anything, it is that the fall of a dictatorship usually begins with one terrible mistake. The state of China committed that mistake a quarter of a century ago, and since then has relied on state-sanctioned economic growth in order to justify its existence. But in so doing, they’ve essentially created a Catch 22 for themselves. Continued economic growth ensures greater material wealth for more and more of its people. And a burgeoning digital-age economy means more and more access to information for its citizens.

In short, the CPC is screwed. And I for one would be happy to see them gone! Lord knows they deserve it, and the Chinese people would be better off without them, no matter what they try to insist. So on this historic anniversary of the Tiananmen Massacre, I invite the CPC to EAT A DICK! And to the people still living under their hypocritical rule, please know that you are not alone. Hang in there, and wait for the day when these bastards join all the other reprehensible dick-heads on the ash heap of history!

Sources: cnet.com, reuters.com, (2)

Cyberwars: The Heartbleed Bug and Web Security

heartbleed-iconA little over two years ago, a tiny piece of code was introduced to the internet that contained a bug. This bug was known as Heartbleed, and in the two years it has taken for the world to recognize its existence, it has caused quite a few headaches. In addition to allowing cybercriminals to steal passwords and usernames from Yahoo, it has also allowed people to steal from online bank accounts, infiltrate governments institutions (such as Revenue Canada), and generally undermine confidence in the internet.

What’s more, in an age of cyberwarfare and domestic surveillance, its appearance would give conspiracy theorists a field day. And since it was first disclosed a month to the day ago, some rather interesting theories as to how the NSA and China have been exploiting this to spy on people have surfaced. But more on that later. First off, some explanation as to what Heartbleed is, where it came from, and how people can protect themselves from it, seems in order.

cyber_securityFirst off, Heartbleed is not a virus or a type of malware in the traditional sense, though it can be exploited by malware and cybercriminals to achieve similar results. Basically, it is a security bug or programming error in popular versions of OpenSSL, a software code that encrypts and protects the privacy of your password, banking information and any other sensitive data you provide in the course of checking your email or doing a little online banking.

Though it was only made public a month ago, the origins of the bug go back just over two years – to New Year’s Eve 2011, to be exact. It was at this time that Stephen Henson, one of the collaborators on the OpenSSL Project, received the code from Robin Seggelmann – a respected academic who’s an expert in internet protocols. Henson reviewed the code – an update for the OpenSSL internet security protocol — and by the time he and his colleagues were ringing in the New Year, he had added it to a software repository used by sites across the web.

Hackers-With-An-AgendaWhat’s interesting about the bug, which is named for the “heartbeat” part of the code that it affects, is that it is not a virus or piece of malware in the traditional sense. What it does is allow people the ability to read the memory of systems that are protected by the bug-affected code, which accounts for two-thirds of the internet. That way, cybercriminals can get the keys they need to decode and read the encrypted data they want.

The bug was independently discovered recently by Codenomicon – a Finnish web security firm – and Google Security researcher Neel Mehta. Since information about its discovery was disclosed on April 7th, 2014, The official name for the vulnerability is CVE-2014-0160.it is estimated that some 17 percent (around half a million) of the Internet’s secure web servers that were certified by trusted authorities have been made vulnerable.

cyberwarfare1Several institutions have also come forward in that time to declare that they were subject to attack. For instance, The Canada Revenue Agency that they were accessed through the exploit of the bug during a 6-hour period on April 8th and reported the theft of Social Insurance Numbers belonging to 900 taxpayers. When the attack was discovered, the agency shut down its web site and extended the taxpayer filing deadline from April 30 to May 5.

The agency also said it would provide anyone affected with credit protection services at no cost, and it appears that the guilty parties were apprehended. This was announced on April 16, when the RCMP claimed that they had charged an engineering student in relation to the theft with “unauthorized use of a computer” and “mischief in relation to data”. In another incident, the UK parenting site Mumsnet had several user accounts hijacked, and its CEO was impersonated.

nsa_aerialAnother consequence of the bug is the impetus it has given to conspiracy theorists who believe it may be part of a government-sanctioned ploy. Given recent revelations about the NSA’s extensive efforts to eavesdrop on internet activity and engage in cyberwarfare, this is hardly a surprise. Nor would it be the first time, as anyone who recalls the case made for the NIST SP800-90 Dual Ec Prng program – a pseudorandom number generator is used extensively in cryptography – acting as a “backdoor” for the NSA to exploit.

In that, and this latest bout of speculation, it is believed that the vulnerability in the encryption itself may have been intentionally created to allow spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them. And cracking SSL to decrypt internet traffic has long been on the NSA’s wish list. Last September, the Guardian reported that the NSA and Britain’s GCHQ had “successfully cracked” much of the online encryption we rely on to secure email and other sensitive transactions and data.

Edward-Snowden-660x367According to documents the paper obtained from Snowden, GCHQ had specifically been working to develop ways into the encrypted traffic of Google, Yahoo, Facebook, and Hotmail to decrypt traffic in near-real time; and in 2010, there was documentation that suggested that they might have succeeded. Although this was two years before the Heartbleed vulnerability existed, it does serve to highlight the agency’s efforts to get at encrypted traffic.

For some time now, security experts have speculated about whether the NSA cracked SSL communications; and if so, how the agency might have accomplished the feat. But now, the existence of Heartbleed raises the possibility that in some cases, the NSA might not have needed to crack SSL at all. Instead, it’s possible the agency simply used the vulnerability to obtain the private keys of web-based companies to decrypt their traffic.

hackers_securityThough security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol trusted by so many to protect their data. And beyond abuse by government sources, the bug is also worrisome because it could possibly be used by hackers to steal usernames and passwords for sensitive services like banking, ecommerce, and email. In short, it empowers individual troublemakers everywhere by ensuring that the locks on our information can be exploited by anyone who knows how to do it.

Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, claims that “It really is the worst and most widespread vulnerability in SSL that has come out.” The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”, and Forbes cybersecurity columnist Joseph Steinberg event went as far as to say that:

Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.

opensslRegardless, Heartbleed does point to a much larger problem with the design of the internet. Some of its most important pieces are controlled by just a handful of people, many of whom aren’t paid well — or aren’t paid at all. In short, Heartbleed has shown that more oversight is needed to protect the internet’s underlying infrastructure. And the sad truth is that open source software — which underpins vast swathes of the net — has a serious sustainability problem.

Another problem is money, in that important projects just aren’t getting enough of it. Whereas well-known projects such as Linux, Mozilla, and the Apache web server enjoy hundreds of millions of dollars in annual funding, projects like the OpenSSL Software Foundation – which are forced to raise money for the project’s software development – have never raised more than $1 million in a year. To top it all off, there are issues when it comes to the open source ecosystem itself.

Cyber-WarTypically, projects start when developers need to fix a particular problem; and when they open source their solution, it’s instantly available to everyone. If the problem they address is common, the software can become wildly popular overnight. As a result, some projects never get the full attention from developers they deserve. Steve Marquess, one of the OpenSSL foundation’s partners, believes that part of the problem is that whereas people can see and touch their web browsers and Linux, they are out of touch with the cryptographic library.

In the end, the only real solutions is in informing the public. Since internet security affects us all, and the processes by which we secure our information is entrusted to too few hands, then the immediate solution is to widen the scope of inquiry and involvement. It also wouldn’t hurt to commit additional resources to the process of monitoring and securing the web, thereby ensuring that spy agencies and private individuals are not exercising too much or control over it, or able to do clandestine things with it.

In the meantime, the researchers from Codenomicon have set up a website with more detailed information. Click here to access it and see what you can do to protect yourself.

Sources: cbc.ca, wired.com, (2), heartbleed.com

The Future of WiFi: Solar-Powered Internet Drones

titan-aerospace-solara-50-640x353Facebook, that massive social utility company that is complicit in just about everything internet-related, recently announced that it is seeking to acquire Titan Aerospace. This company is famous for the development of UAVs, the most recent of which is their solar powered Solara 50. In what they describe as “bringing internet access to the underconnected,” their aim is to use an army of Solara’s to bring wireless internet access to the roughly 5 billion people who live without it worldwide.

Titan Aerospace has two products – the Solara 50 and Solara 60 – which the company refers to as “atmospheric satellites.” Both aircraft are powered by a large number of solar cells, have a service ceiling of up to 20,000 meters (65,000 feet) and then circle over a specific region for up to five years. This of length of service is based on the estimated lifespan of the on-board lithium-ion batteries that are required for night-time operation.

solara-50-titan-640x320The high altitude is important, as the FAA only regulates airspace up to 18,000 meters (60,000 feet). Above that, pretty much anything goes, which is intrinsic if you’re a company that is looking to do something incredibly audacious and soaked in self-interest. As an internet company and social utility, Facebook’s entire business model is based on continued expansion. Aiming to blanket the world in wireless access would certainly ensure that much, so philanthropy isn’t exactly the real aim here!

Nevertheless, once these atmospheric satellites are deployed, there is a wide range of possible applications to be had. Facebook is obviously interested in internet connectivity, but mapping, meteorology, global positioning, rapid response to disasters and wildfires, and a whole slew of other scientific and military applications would also be possible. As for what level of connectivity Facebook hopes to provide with these drones, it’s too early to say.

internetHowever, TechCrunch reports that Facebook would launch 11,000 Solara 60 drones. Their coverage would begin with Africa, and then spread out from there. There’s no word on how fast these connections might be, nor how much such a connection would cost per user. Perhaps more importantly, there’s also no word on how Facebook intends to connect these 11,000 satellites to the internet, though it is obvious that Facebook would need to build a series of ground stations.

Many of these might have to be built in very remote and very hard to administer areas, which would also require fiber optic cables running from them to hook them up to the internet. In addition, Titan hasn’t produced a commercial UAV yet and have confined themselves to technology demonstrations. What they refer to as “initial commercial operations” will start sometime in 2015, which is perhaps this is why Facebook is only paying $60 million for Titan, rather than the $19 billion it paid for WhatsApp.

Google_Loon_-_Launch_EventAs already noted, this move is hardly purely altruistic. In many ways, Facebook is a victim of its own success, as its rapid, early growth quickly became impossible to maintain. Acquiring Instagram and WhatsApp were a savvy moves to bring in a few hundred million more users, but ultimately they were nothing more than stopgap measures. Bringing the next billion users online and into Facebook’s monopolistic grasp will be a very hard task, but one which it must figure out if it wants its stock not to plummet.

To be fair, this idea is very similar to Google’s Project Loon, a plan that involves a series of high-altitude, solar-powered hot air balloons that would provide wireless to roughly two-thirds of the worlds population. The idea was unveiled back in June of 2013 and has since begun testing in New Zealand. And given their hold on the market in the developed world, bringing broadband access to the developing world is seen like the next logical step for companies like Verizon, Time Warner, Comcast, and every other internet and telecom provider.

Wireless-Internet-1One can only imagine the kind of world our children and grandchildren will be living in, when virtually everyone on the planet (and keeping in mind that there will be between 9 and 11 billion of them by that time) will be able to communicate instantaneously with each other. The sheer amount of opinions exchanged, information shared, and background noise produced is likely to make today’s world seem quiet, slow and civilized by comparison!

Incidentally, I may need to call a  lawyer as it seems that someone has been ripping off my ideas… again! Before reading up on this story, the only time I ever heard the name Titan Aerospace was in a story… MY STORY! Yes, in the Legacies universe, the principal developer of space ships and aerospace fighters carried this very name. They say its a guilty pleasure when stuff you predict comes true when you are writing about it. But really, if you can’t cash in on it, what’s the point?

Consider yourself warned, Titan! J.J. Abrams may have gotten off the hook with that whole Revolution show of his, but you are not nearly as rich and powerful… yet! 😉 And the meantime, be sure to check out these videos of Titan’s Solar 50 and Google’s Project Loon below:

Titan Aerospace Solara 50:


Project Loon:


Source:
extremetech.com