Cyberwars: “Bigger than Heartbleed”

Shellshock-bash-header-664x374Just months after the Heartbleed bug made waves across the internet, a new security flaw has emerged which threatens to compromise everything from major servers to connected cameras. It is known as the Bash or Shellshock bug, a quarter-century old vulnerability that could put everything from major internet companies and small-scale web hosts to wi-fi connected devices at risk.

This  flaw allows malicious code execution within the bash shell – commonly accessed through Command Prompt on PC or Mac’s Terminal application – to take over an operating system and access confidential information. According to the open-source software company Red Hat, bash shells are run in the background of many programs, and the bug is triggered when extra code is added within the lines of Bash code.

heartbleed-iconBecause the bug interacts with a large percentage of software currently in use, and does in ways that are unexpected, Robert Graham – an internet security expert – claims that the Bash bug is bigger than Heartbleed. As he explained it:

We’ll never be able to catalogue all the software out there that is vulnerable to the Bash bug. While the known systems (like your Web server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable.

According to a report filed by Ars Technica, the vulnerability could affect Unix and Linux devices, as well as hardware running Max OS X – particularly Mac OS X Mavericks (version 10.9.4). Graham warned that the Bash bug was also particularly dangerous for connected devices because their software is built using Bash scripts, which are less likely to be patched and more likely to expose the vulnerability to the outside world.

shellshock_bashAnd since the bug has existed for some two and a half decades, a great number of older devices will be vulnerable and need to be patched because of it. By contrast, The Heartbleed bug was introduced into OpenSSL more than two years ago, allowing random bits of memory to be retrieved from impacted servers. And according to security researcher Bruce Schneier, roughly half a million websites could be vulnerable.

For the time being, the administrative solution is to apply patches to your operating system. Tod Beardsley, an engineering manager at security firm Rapid7, claims that even though the vulnerability’s complexity is low, the level of danger it poses is severe. In addition, the wide range of devices affected by the bug make it essential that system administrators apply patches immediately.

cyber_virusAs Beardsley explained during an interview with CNET:

This vulnerability is potentially a very big deal. It’s rated a 10 for severity, meaning it has maximum impact, and ‘low’ for complexity of exploitation — meaning it’s pretty easy for attackers to use it… The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes etc. Anybody with systems using bash needs to deploy the patch immediately.

Attackers can potentially take over the operating system, access confidential information, and make changes. After conducting a scan of the internet to test for the vulnerability, Graham reported that the bug “can easily worm past firewalls and infect lots of systems” which he says would be “‘game over’ for large networks”. Similar to Beardsley, Graham said the problem needed immediate attention.

cyber-hackIn the meantime, Graham advised people to do the following:

Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a Bash patch. And, since most of them can’t be patched, you are likely screwed.

How lovely! But then again, these sorts of exploitable vulnerabilities are likely to continue to pop up until we rethink how the internet is run. As the Heartbleed bug demonstrated, the problem at the heart (no pun!) of it all is that vast swaths of the internet run on open-source software that is created by only a handful of people who are paid very little (and sometimes, not at all) for performing this lucrative job.

In addition, there is a terrible lack of oversight and protection when it comes to the internet’s infrastructure. Rather than problems being addressed in an open-source manner after they emerge, there needs to be a responsible body of committed and qualified individuals who have the ability to predict problems in advance, propose possible solutions, and come up with a set of minimum standards and regulations.

cryptographyEnsuring that it is international body would also be advisable. For as the Snowden leaks demonstrated, so much of the internet is controlled the United States. And as always, people need to maintain a degree of vigilance, and seek out information – which is being updated on a regular basis – on how they might address any possible vulnerabilities in their own software.

I can remember reading not long ago that the growing amount of cyber-attacks would soon cause people to suffer from “alert fatigue”. Well, those words are ringing in my ears, as it seems that a growing awareness of our internet’s flaws is likely to lead to “bug fatique” as well. Hopefully, it will also urge people to action and lead to some significant reforms in how the internet is structured and administered.

Source: cnet.com, arstechnica.com, blog.erratasec.com, securityblog.redhat.com

Making Tech Accessible: Helping Amputees in War-Torn Sudan

3Dprinting_SudanThe new year is just flying by pretty quickly, and many relevant stories involving life-changing tech developments are flying by even faster. And in my business and haste to deal with my own writing, I’ve sadly let a lot of stories slip through my fingers. Lucky for me that there’s no statute of limitations when it comes to blogging. Even if you cover something late, it’s not like someone’s going to fire you!

That said, here is one news item I’m rather of ashamed of having not gotten to sooner. It’s no secret that 3D printing is offering new possibilities for amputees and prosthetic devices, in part because the technology is offering greater accessibility and lower costs to those who need them. And one area that is in serious need is the developing and wartorn nation of Sudan.

robotic_hand2And thanks to Mick Ebeling, co-founder and CEO of Not Impossible Labs, 3D printed prosthetics are now being offered to victims of the ongoing war. After learning of a 14-year old boy named Daniel who lost both arms in a government air raid, he traveled to the Nuba Mountains to meet him in person. Having already worked on a similar project in South Africa, he decided to bring 3D printed prosthetics to the area.

Ebeling was so moved by Daniel’s plight that he turned to a world-class team of thinkers and doers – including the inventor of the Robohand, an MIT neuroscientist, a 3D printing company in California, and funding from Intel and Precipart – to see how they could help Daniel and kids like him. Fittingly, he decided to name it “Project Daniel”.

ProjectDaniel-Training-NotImpossibleAnd now, just a year later, Not Impossible Labs has its own little lab at a hospital in the region where it is able to print prosthetic arms for $100 a pop, and in less than six hours. Meanwhile, Daniel not only got his left-arm prosthetic in November, but he is currently employed at the hospital helping to print prosthetics for others children who have suffered the same fate as him.

Ebeling says the printed arm isn’t as sophisticated as others out there, but it did allow him to feed himself for the first time in two years. And while Daniel won’t be able to lift heavy objects or control his fingers with great precision, the prosthetic is affordable and being produced locally, so it also serves as an economically viable stand-in until the tech for 3D-printed prosthetics improves and comes down in cost.

Not-ImpossibleNot Impossible Labs, which has already fitted others with arms, says it hopes to extend its campaign to thousands like Daniel. It’s even made the design open source in the hopes that others around the world will be able to replicate the project, setting up similar labs to provide low-cost prosthetics to those in need. After all, there are plenty of war torn regions in the developing world today, and no shortage of victims.

In the coming years, it would be incredibly encouraging to see similar labs set up in developing nations in order to address the needs of local amputees. In addition to war, landmines, terrorism, and even lack of proper medical facilities give rise to the need for cheap, accessible prosthetics. All that’s really needed is an internet connection, a 3D printer, and some ABS plastic for raw material.

ProjectDaniel-Mohammad&Daniel-NotImpossibleNone of this is beyond the budgets of most governments or NGOs, so such partnerships are not only possible but entirely feasible. For the sake of kids like Daniel, it’s something that we should make happen! And in the meantime, check out this video below courtesy of Not Impossible Labs which showcases the printing technology used by Project Daniel and the inspiring story behind it.

And be sure to check out their website for more information and information on how you can help!



Source:
news.cnet.com, notimpossiblelabs.com

The 3D Printing Revolution

3D-printing1From the way people have been going on about 3D printing in the past few months, you’d think it was some kind of fad or something! But of course, there’s a reason for that. Far from being a simple prescriptive technology that requires us all to update our software or buy the latest version in order to “stay current”, 3D printing is ushering in a revolution that will literally change the world.

From design models and manufactured products, the range of possibilities is now venturing into printed food and even artificial organs. The potential for growth is undeniable, and the pace at which progress is happening is astounding. And on one of my usual jaunts through the tech journals and video-sharing websites, I found a few more examples of the latest applications.

ord_bot_2_2_display_mediumFirst up is this story from Mashable, a social media news source, that discusses NYU student Marko Manriquez’s new invention: the BurritoBot. Essentially a 3D food printer that uses tortillas, salsa, guacamole and other quintessential ingredients, Manriquez’s built this machine for his master’s thesis using open-source hardware – including the ORD bot, a 3D printing mechanical platform (pictured above).

The result is a food printer that an tailor-make Burritos and other Mexican delights, giving users the ability to specify which ingredients they want, in which proportion, and all through an app on their smartphone. No demos available online as of yet, but Mashable provides a pretty good breakdown on how it works, as well as Manrquez’s inspiration and intent behind its creation:


Next up, there’s Cornell University’s food printer that allows users to created desserts. In this CNN video, Chef David Arnold at the French Culinary Institute shows off the printer by creating a chocolate cake, layer by layer, dough and icing. A grad student from Cornell’s Computational Synthesis Lab was on hand to explain that their design is also open-source, with the blueprints and technical design made available online so anyone can build their own.

As Chef Arnold explained, his kitchen has been using the printer to work with ingredients ranging from cookie dough, to icing to masa – the corn meal tortillas are made from. It also allows for a degree of accuracy that many may not possess, while still offering plenty of opportunities to be creative. “The only real limitation now is that the product has to be able to go through a syringe,” he said. “Other than that, skies the limit.”


But even more exciting for some are the opportunities that are now being explored using metals. Using metal powder and an electron beam to form manufactured components, this type of “additive manufacturing” is capable of turning out parts that are amazingly complex, far more so than anything created through the machining-process.

In this next video, the crew from CNNMoney travel to the Oakridge National Lab in Tenessee to speak to the Automation, Manufacturing and Robotics Group. This government-funded lab specializes in making parts that are basically “structures within structures”, the kind of things that are used in advanced prosthetic limbs, machinery, and robots. As they claim, this sort of manufacturing is made possible thanks to the new generation of 3D ABS and metal printers.

Oakridge_natlabWhat’s more, this new process is far more efficient. Compared to old fashioned forms of machining, it consumes less energy and generates far less waste in terms of materials used. And the range of applications is extensive, embracing fields as divergent as robotics and construction to biomedical and aerospace. At present, the only real prohibition is the cost of the equipment itself, but that is expected to come down as 3D printing and additive manufacturers receive more market penetration.


But of course, all of this pales in comparison to the prospect of 3D printed buildings. As Behrokh Khoshnevis – a professor of Industrial & Systems Engineering at USC – explains in this last video from TEDxTalks, conventional construction methods are not only inefficient, labor intensive and dangerous, they may very well be hampering development efforts in the poorer parts of the world.

As anyone with a rudimentary knowledge of poverty and underdevelopment knows, slums and shanty-towns suffer disproportionately from the problems of crime, disease, illiteracy, and infant mortality. Unfortunately, government efforts to create housing in regions where these types of communities are common are restrained by budgets and resource shortages. With one billion people living in shanties and slum-like shelters, a new means of creating shelter needs to be found for the 21st century.

contour-craftingThe solution, according to Khoshnevis, lies in Contour Crafting and Automated Construction –  a process which can create a custom house in just 20 hours! As a proponent of Computer-Assisted Design and Computer-Assisted Manufacturing (CAD/CAM), he sees automated construction as a cost-effective and less labor resource-intensive means of creating homes for these and other people who are likely to live in unsafe, unsanitary conditions.

The technology is already in place, so any claims of that is of a “theoretical nature” are moot. What’s more, such processes are already being designed to construct settlements on the moon, incorporating robotics and 3D printing with advanced computer-assisted simulations. As such, Khoshnevis is hardly alone in advocating similar usages here on planet Earth.

The benefits, as he outlines them, are dignity, safety, and far more sanitary conditions for the inhabitants, as well as the social benefits of breaking the pathological cycle of underdevelopment. Be sure to check out his video below. It’s a bit long, but very enlightening!


Once in awhile, its good to take stock of the future and see that it’s not all creepy robots and questionable inventions. Much of the time, technological progress really does promise to make life better, and not just “more convenient”. It’s also especially good to see how it can be made to improve the lives of all people, rather than perpetuating the gap between the haves and the have nots.

Until next time, keep your heads high and your eyes to the horizon!