Chrome, Internet Explorer, and Firefox are vulnerable to
easy-to-execute techniques that allow unscrupulous websites to construct
detailed histories of sites visitors have previously viewed, an attack
that revives a long-standing privacy threat many people thought was
fixed.
Until a few years ago, history-sniffing attacks were accepted as an
unavoidable consequence of Web surfing, no matter what browser someone
used. By abusing a combination of features in JavaScript and cascading style sheets,
websites could probe a visitor's browser to check if it had visited one
or more sites. In 2010, researchers at the University of California at
San Diego caught YouPorn.com and 45 other sites using the technique to determine if visitors viewed other pornographic sites. Two years later, a widely used advertising network settled federal charges that it illegally exploited the weakness to infer if visitors were pregnant.
Until about four years ago, there was little users could do other
than delete browsing histories from their computers or use features such
as incognito or in-private browsing available in Google Chrome and
Microsoft Internet Explorer respectively. The privacy intrusion was
believed to be gradually foreclosed thanks to changes made in each
browser. To solve the problem, browser developers restricted the styles
that could be applied to visited links and tightened the ways JavaScript
could interact with them. That allowed visited links to show up in
purple and unvisited links to appear in blue without that information
being detectable to websites.
Now, a graduate student at Hasselt University in Belgium
said he has confirmed that Chrome, IE, and Firefox users are once again
susceptible to browsing-history sniffing. Borrowing from a browser-timing attack disclosed last year
by fellow researcher Paul Stone, student Aäron Thijs was able to
develop code that forced all three browsers to divulge browsing history
contents. He said other browsers, including Safari and Opera, may also
be vulnerable, although he has not tested them.
"The attack could be used to check if the victim visited certain
websites," Thijs wrote in an e-mail to Ars. "In my example attack
vectors I only check 'https://www.facebook.com'; however, it could be
modified to check large sets of websites. If the script is embedded into
a website that any browser user visits, it can run silently in the
background and a connection could be set up to report the results back
to the attacker."
The sniffing of his experimental attack code was relatively modest,
checking only the one site when the targeted computer wasn't under heavy
load. By contrast, more established exploits from a few years ago were
capable of checking, depending on the browser, about 20 URLs per second.
Thijs said it's possible that his attack might work less effectively if
the targeted computer was under heavy load. Then again, he said it
might be possible to make his attack more efficient by improving his
URL-checking algorithm.
I know what sites you viewed last summer
The browser timing attack technique Thijs borrowed from fellow researcher Stone abuses a programming interface known as requestAnimationFrame,
which is designed to make animations smoother. It can be used to time
the browser's rendering, which is the time it takes for the browser to
display a given webpage. By measuring variations in the time it takes
links to be displayed, attackers can infer if a particular website has
been visited. In addition to browsing history, earlier attacks that
exploited the JavaScript feature were able to sniff out telephone
numbers and other details designated as private in a Google Plus
profile. Those vulnerabilities have been fixed in Chrome and Firefox,
the two browsers that were susceptible to the attack, Thijs said. Stone unveiled the attack at last year's Black Hat security conference in Las Vegas.
The resurrection of viable sniffing history attacks underscores a key
dynamic in security. When defenders close a hole, attackers will often
find creative ways to reopen it. For the time being, users should assume
that any website they visit is able to obtain at least a partial
snapshot of other sites indexed in their browser history. As mentioned
earlier, privacy-conscious people should regularly flush their history
or use private browsing options to conceal visits to sensitive sites.
Complimentary Wi-Fi is so commonplace that a business advertising its
“hotspot” in the window seems somewhat passé. But a new hotspot
location should impress even the most jaded among us: For the first
time, scientists have demonstrated it’s possible to beam a wireless
Internet signal across the 238,900 miles separating Earth from the moon.
The demonstration, done by researchers at NASA and MIT, means that
future moon explorers could theoretically check in at Mare Imbrium and
post lunar selfies with greater speed than you do from your home
network.
The team will present its findings June 9 at the CLEO laser technology conference in California.
Not Your Starbucks Wi-Fi
In order to bring broadband to the moon, scientists used four
separate telescopes based in New Mexico to send an uplink signal to a
receiver mounted on a satellite orbiting the moon. Each telescope is
about 6 inches in diameter and is fed by a laser transmitter that beams
information in coded pulses of infrared light.
Since our atmosphere bends the signal as it travels to the moon, the
four telescopes transmit the light through different columns of air,
each with different bending effects. This setup increases the chance
that at least one of the laser beams will interact with the receiver,
and establish a connection with the moon.
And if you’re fixing to binge on Netflix on the moon, the connection
isn’t too bad, either. Scientists managed to send data from Earth to the
moon at a rate of 19.44 megabits per second — on par with slower
broadband speeds — and could download information from the moon at a
rate of whopping 622 megabits per second. According to Wired UK, that’s over 4,000 times faster than current radio transmission speeds.
So, in light of all that, there’s really only question that remains… “What’s the password?”
The Internet of Things is coming. And the tech cognoscenti aren’t sure that’s a good thing.
For years, the prospect of an online world that extends beyond
computers, phones, and tablets and into wearables, thermostats, and
other devices has generated plenty of excitement and activity. But now,
some of the brightest tech minds are expressing some doubts about the
potential impact on everything from security and privacy to human
dignity and social inequality.
That’s the conclusion of a new survey from the Pew Research Center.
For ten years, the Washington, D.C. think tank has surveyed thousands of
technology experts–like founding father Vint Cerf and Microsoft social
media scholar danah boyd–about the future of the Internet. But while
previous editions have mostly expressed optimism, this year people
started expressing more concern. “We had a lot of warnings, a lot of
people pushing back,” says Janna Anderson, co-author of the report.
The Internet of Broken Things
The 1,606 respondents said they saw many potential benefits to the
Internet of Things. New voice- and gesture-based interfaces could make
computers easier to use. Medical devices and health monitoring services
could help prevent and treat diseases. Environmental sensors could
detect pollution. Salesforce.com chief scientist JP Rangaswami said that
improved logistics and planning systems could reduce waste.
But most of the experts warned of downsides as well. Security was one
of the most immediate concerns. “Most of the devices exposed on the
internet will be vulnerable,” wrote Jerry Michalski, founder of the
think tank REX.
“They will also be prone to unintended consequences: they will do
things nobody designed for beforehand, most of which will be
undesirable.”
Beyond security concerns, there’s the threat of building a world that
may be too complex for our own good. If you think error messages and
applications crashes are a problem now, just wait until the web is
embedded in everything from your car to your sneakers. Like the VCR that
forever blinks 12:00, many of the technologies built into the devices
of the future may never be used properly. “We will live in a world where
many things won’t work and nobody will know how to fix them,” wrote
Howard Rheingold.
So Many Left Behind
That complexity could also leave many people behind. Developing
nations–precisely the ones that could most benefit from IoT’s
environmental benefits–will be least able to afford them, says Miguel
Alcaine, an International Telecommunication Union area representative
for Central America. In an interview, Pew’s Internet & American Life
Project director Lee Raine pointed out that the IoT could lead to a
much larger digital divide, one in which those who cannot or choose not
to participate are shut out entirely from many daily activities. What
happens when you need a particular device to pay for items at your local
convenience store?
Meanwhile, those that do partake in the IoT may find it dehumanizing,
especially in the workplace. We’ve already seen some companies explore
the possibility of monitoring their employees
through wearables. “The danger will be in loss of privacy and a
reduction of people into numbers: the dark side of the quantified self,”
wrote Andrew Chen, a computer information systems professor of at
Minnesota State University. Peter R. Jacoby, an English professor at San
Diego Mesa College, summed up this line of thought bluntly: “By 2025,
we will have long ago give up our privacy. The Internet of Things will
demand–and we will give willingly–our souls.”
The Counterargument
Not everyone thinks this loss of privacy is inevitable. Harvard
fellow David “Doc” Searls argues that we needn’t sacrifice our privacy
in order to enjoy the advantages of connected devices. There’s no reason
that all devices must connect to the internet as opposed to private
networks. And even those that are connected to the public internet could
use encryption to talk to private servers, protecting your data from
large companies.
“People’s Clouds of Things can be as personal and private as their
houses (and, when encrypted, even more so),” he wrote. “They can also be
far more social than any ‘social network’ because they won’t involve
centralized control of the kind that Facebook, Google, and Twitter
provide.”
Searls imagines a world with more fine-tuned control over not just
privacy, but the terms of service that govern the products we consume
today. We’ve already seen some progress towards such a vision with
open-source Internet of Things projects such as Spark, Tessel, Skynet and Nodered.
The question is whether these types of platforms can be used to build
truly open consumer products, and, if so, whether anyone will want to
use them.
The Hypometer
It’s also possible that the Internet of Things will fail to take off
in any meaningful way. “The Internet of Things has been in the red zone
of the hypometer for over a decade now,” Bill St. Arnaud, a
self-employed green internet consultant wrote. “Yes, there will be many
niche applications, but it will not be the next big thing, as many
pundits predict.”
An unnamed co-founder of a consultancy with practices in internet
technology and biomedical engineering agreed. “Inter-networked wearables
will remain a toy for the wealthy,” he wrote. He thinks wearables and
other connected devices will be useful for the military, hospitals,
prisons and other niche operations, but he doesn’t expect them to be
particularly life-changing.
Justin Reich, a fellow at Harvard University’s Berkman Center for
Internet & Society, hedged his bets. “I’m not sure that moving
computers from people’s pockets (smartphones) to people’s hands or face
will have the same level of impact that the smartphone has had,” he
wrote. “But things will trend in a similar direction. Everything that
you love and hate about smartphones will be more so.”
The internet will have nearly 3 billion users, about 40 percent of the world's population, by the end of 2014, according to a new report from the United Nations International Telecommunications Union. Two-thirds of those users will be in developing countries.
Those numbers refer to people who have used the internet in the last three months, not just those who have access to it.
Internet penetration is
reaching saturation in developed countries, while it's growing rapidly
in developing countries. Three out of four people in Europe will be
using the internet by the end of the year, compared to two out of three
in the Americas and one in three in Asia and the Pacific. In Africa,
nearly one in five people will be online by the end of the year.
Mobile phone subscriptions will
reach almost 7 billion. That growth rate is slowing, suggesting that
the number will plateau soon. Mobile internet subscriptions are still
growing rapidly, however, and are expected to reach 2.3 billion by the
end of 2014.
These numbers make it easy to
imagine a future in which every human on Earth is using the internet.
The number of people online will still be dwarfed by the number of
things, however. Cisco estimates the internet already has 10 billion
connected devices and is expected to hit 50 billion by 2020.
Forensic experts have long been able to match a series of prints to
the hand that left them, or a bullet to the gun that fired it. Now, the
same thing is being done with the photos taken by digital cameras, and
is ushering in a new era of digital crime fighting.
New technology is now allowing law enforcement officers to search
through any collection of images to help track down the identity of
photo-taking criminals, such as smartphone thieves and child
pornographers.
Investigations in the past have shown that a digital photo can be
paired with the exact same camera that took it, due to the patterns of
Sensor Pattern Noise (SPN) imprinted on the photos by the camera's
sensor.
Since each pattern is idiosyncratic, this allows law enforcement to
"fingerprint" any photos taken. And once the signature has been
identified, the police can track the criminal across the Internet,
through social media and anywhere else they've kept photos.
Researchers have grabbed photos from Facebook, Flickr, Tumblr,
Google+, and personal blogs to see whether one individual image could be
matched to a specific user's account.
In a paper
entitled "On the usage of Sensor Pattern Noise for Picture-to-Identity
linking through social network accounts", the team argues that "digital
imaging devices have gained an important role in everyone's life, due to
a continuously decreasing price, and of the growing interest on photo
sharing through social networks"
Today, "everyone continuously leaves visual 'traces' of his/her
presence and life on the Internet, that can constitute precious data for
forensic investigators."
The researchers were able to match a photo with a specific person 56
per cent of the time in their experiment, which examined 10 different
people's photos found on two separate websites each.
The team concludes that the technique has yielded a "promising result,"
which demonstrates that such it has "practical value for forensic
practitioners".
While the certainty of the technique is only just better than chance,
the technology is pretty new, and the numbers could get a bit more
promising in the future. And, like fingerprints, the SPN signature would
likely only be a part of the case being brought against a suspect.
Science, man. An international team of scientists have made a major breakthrough in synthetic biology.
For the first time ever, they were able to insert a man-made,
custom-built chromosome into brewer's yeast to not only create a life
form but one that also passes down its man-made genes to its offspring.
We're closer to creating artificial life.
Scientists have previously made chromosomes for bacteria and viruses
but this is the first time they've been able to build a chromosome for
something more complex. Called eukaryotic chromosomes, they have a
nucleus and are found in plants, animals and humans.
The artificial chromosome, called synIII after the chromosome three in brewer's yeast it replaced, was stitched together via a computer by a team of scientists
over a period of seven years. They basically redesigned the whole damn
thing piece by piece. The scientist liken man-made chromosomes to the
idea that you could shuffle genes into them like a deck of cards.
The
yeast cells that contained the designer chromosomes behaved as normally
as, well, normal yeast cells only that they could theoretically be
improved and do things normal yeast cells could not. Potentially,
scientists could create man-made versions of all the chromosomes in
organisms thus creating artificial life.
Donghee Son and Jongha Lee - Wearable sensors have until now been unable to store data locally.
Researchers have created a wearable device that is as thin as a
temporary tattoo and can store and transmit data about a person’s
movements, receive diagnostic information and release drugs into skin.
Similar efforts to develop ‘electronic skin’ abound, but the device
is the first that can store information and also deliver medicine —
combining patient treatment and monitoring. Its creators, who report
their findings today in Nature Nanotechnology1, say that the technology could one day aid patients with movement disorders such as Parkinson’s disease or epilepsy.
The
researchers constructed the device by layering a package of stretchable
nanomaterials — sensors that detect temperature and motion, resistive
RAM for data storage, microheaters and drugs — onto a material that
mimics the softness and flexibility of the skin. The result was a sticky
patch containing a device roughly 4 centimetres long, 2 cm wide and 0.3
millimetres thick, says study co-author Nanshu Lu, a mechanical
engineer at the University of Texas in Austin.
“The novelty is really in the integration of the memory device,” says
Stéphanie Lacour, an engineer at the Swiss Federal Institute of
Technology in Lausanne, who was not involved in the work. No other
device can store data locally, she adds.
The trade-off for that memory milestone is that the device works only if
it is connected to a power supply and data transmitter, both of which
need to be made similarly compact and flexible before the prototype can
be used routinely in patients. Although some commercially available
components, such as lithium batteries and radio-frequency identification
tags, can do this work, they are too rigid for the soft-as-skin brand
of electronic device, Lu says.
Even if softer components were available, data transmitted wirelessly
would need to be converted into a readable digital format, and the
signal might need to be amplified. “It’s a pretty complicated system to
integrate onto a piece of tattoo material,” she says. “It’s still pretty
far away.”
Totally paralysed people will be able to take part, using a brain-computer interface
The first Cybathlon, an Olympics for bionic athletes, will take place in Switzerland in October 2016.
The event will include a race where competitors control an avatar via a brain interface.
There will also be races for competitors wearing prosthetic limbs and exo-skeletons.
Hosted by the Swiss National Competence Center of Research,
it is hoped the competition will spur interest in human
performance-enhancing technology.
More people are walking again thanks to exo-skeletons
The brain-computer interface race is designed for competitors
who are paralysed from the neck down. They will control an avatar in a
computer racing game via a headset that connects the brain to a
computer.
There will also be races for those wearing arm or leg prosthetics, an exoskeleton race and a wheelchair race.
The assistive devices worn by the athletes, who will be known
as pilots, can either be ones that are already commercially available
or prototypes from research labs.
There will be two medals for each competition, one for the pilot and one for company that developed the device.
There will also be a wheelchair race
Bionic limbs and exoskeletons are becoming much more
technically advanced, offering those wearing them much more realistic
movements.
Prof Hugh Herr, from the Massachusetts Institute of
Technology, showed off some of the prosthetics that his team have been
working on at the Ted (Technology, Entertainment and Design) conference
in Vancouver last week.
He is currently in negotiations with health care
professionals to get the bionic limbs more widely available to those who
need them.
Pilots with arm prosthetics will be able to compete
Often though there was a disconnect between technology and
patients, said Prof Robert Riener, event organiser, from the University
of Switzerland.
"The idea is that we want to push development of assistive
technologies towards devices that patients can really use in everyday
life," he told the BBC.
"Some of the current technologies look very fancy but are a long way from being practical and user-friendly," he added.
The other main aim of the games is to allow people to compete who have never had the opportunity before.
"We allow technology that has previously been excluded from
the Paralympics. By making it a public event we want to get rid of the
borders between patients, society and the technology community," Prof
Riener said.
two creatives behind the ‘street eraser‘ blog are merging the digital world with the analog, sticking their adobe-inspired art throughout london’s urban fabric.
the giant playful labels illustrate the familiar grey and white
checkerboard pattern, visible when using the eraser tool in photoshop.
eliminating graffitti from traffic signs, color from mailboxes and
portions of billboards, the intervention seemingly reveals a concealed
world beneath our own. the team says of the digital tool interrupting
everyday surroundings, ‘we rather like the idea that it’s hiding under the surface of everything around us.’
Virtual 3D faces can now be produced from DNA code. The application,
developed by Mark Shriver of Pennsylvania State University, produces a
virtual mug shot of potential criminals. Pictured here is a work flow
diagram showing how facial features were processed for the application. (Photo : PLOS ONE)
Models of a criminal's face may so be generated from any trace of DNA
left at the scene of a crime. Computer-generated 3D maps will show
exactly how the suspect would have looked from an angle.
Mark Shriver of Pennsylvania State University and his team developed
the application, which produces a virtual mug shot of potential
criminals.
Shriver and his team took 3D images of almost 600 volunteers, coming
from a wide range of racial and ethnic groups. They superimposed more
than 7,000 digital points of reference on the facial features and
recorded the exact position of each of those markers. These grids were
used to measure how the facial features of a subject differ from the
norm. For instance, they would quantify the distance between the eyes of
a subject, and record how much more narrow or wide they were than
average.
A computer model was created to see how facial features were affected
by sex, genes and race. Each of the study participants were tested for
76 genetic variants that cause facial mutations. Once corrected for
race and sex, 20 genes with 24 variants appeared to reliably predict
facial shape.
"Results on a set of 20 genes showing significant effects on facial
features provide support for this approach as a novel means to identify
genes affecting normal-range facial features and for approximating the
appearance of a face from genetic markers," the researchers wrote in the article announcing the results.
As part of data collection, the team asked participants to rate faces based on perceived ethnicity, as well as gender.
Digital facial reconstructions from DNA have proven to be notoriously
unreliable. Even seemingly simple information like height can be
difficult to determine through genetic analysis. Other aspects of human
physiology, such as eye color, are easier to predict using genetic
analysis.
"One thing we're certain of [is] there's no single gene that suddenly
makes your nose big or small," Kun Tang, from the Shanghai Institutes
for Biological Sciences in China, said.
In order to further refine the system, Shriver has already started
sampling more people. Adding further diversity to the database should
allow the application to make even more accurate recreations of a
person's face. In the next round of testing, 30,000 different points
will be used instead of 7,000. Merging this development with 3D
printers would make it possible to print out 3D models of a person, just based on a piece of DNA.
Such models - digital or physical - are not likely to be used in
courts anytime soon. A more likely scenario is use as modern day version
of police sketches, assisting police in finding suspects. Only after an
arrest would the DNA of a suspect be compared to that collected at the
scene of a crime.
Creating 3D facial models from genetic evidence was detailed in Nature.
