Volume 13, Issue 4

Obama Sworn In As Nation's 44th President

by Deborah Tedford

Inaugural Speech Analysis
Barack Hussein Obama was sworn in Tuesday as the 44th president of the United States, writing a new chapter in American history as the first African-American to hold the nation's highest office.

With his hand on the gilt-edged, burgundy Bible used by President Lincoln in 1861, Obama swore to "preserve, protect and defend" the Constitution in front of an ebullient, possibly record-breaking crowd gathered on the National Mall.

"Earlier generations faced down fascism and communism not just with missiles and tanks, but with sturdy alliances and enduring convictions," he told the crowd in his inaugural address. "They understood that our power alone cannot protect us, nor does it entitle us to do as we please. Instead, they knew that our power grows through its prudent use; our security emanates from the justness of our cause, the force of our example, the tempering qualities of humility and restraint."

View Full Article | Return to Top

InfiniBand Goes the Distance

Campus Technology (01/08/09) Jackson, Joab

InfiniBand is better at transporting large data sets over long distances than high-speed TCP/IP, according to researchers at the Oak Ridge National Laboratory. An Energy Department team pitted InfiniBand connections against TCP/IP connections in a test of throughput over an 8,600-mile optical link. InfiniBand turned in an average throughput of 7.34 Gbps, while a tweaked high-throughput version of TCP, called HTCP, offered a peak throughput of 1.79 Gbps. The project was discussed in the paper "Wide-Area Performance Profiling of 10GigE and InfiniBand Technologies," which was presented at the recent SC08 conference. "The task of sustaining end-to-end throughput … over thousands of miles still remains complex," the researchers wrote. InfiniBand "somewhat surprisingly offer[s] a potential alternate solution for wide-area data transport." High-performance computer systems often use InfiniBand interconnects, but the connections are not usually deployed to move large files over long distances.

View Full Article | Return to Top

Keeping Information Safe From Digital Spies

Daily Bruin (01/08/09) Bui, Sandy

As people become increasingly dependent on digital technology, security and privacy concerns will be growing issues for the next several decades, says Amit Sahai, the associate director of the Center for Information and Computation Security (CICS) at the University of California, Los Angeles (UCLA). UCLA professor Jens Palsberg predicts that 2009 will see an increasing number of headline stories on cyberterrorism, against both countries and multinational organizations. "More and more, people will wonder whether the increasing computerization of healthcare will make their most personal data be one cyberattack away from falling into the wrong hands," Palsberg says. "Pundits will call for the Obama administration to prepare the nation better for cyberattacks." Sahai notes that there have been some revolutionary breakthroughs in cybersecurity research in the past decade. CICS is developing new protective technologies, including functional encryption, biomedic-based encryptions, and reliable routing of the Internet. Sahai says functional encryption involves a sophisticated system in which multiple keys provide access to specific data. Artificial intelligence (AI), particularly machine learning, could potentially offer more secure systems that learn to automatically recognize patterns and objects, Sahai says. "In AI, traditionally these programs are usually trying to understand handwriting, or speech, or see objects like people or facial expressions," he says. "But in cybersecurity, some of the same ideas and algorithms can be used to identify viruses or spyware."

View Full Article | Return to Top

DECT Cordless Phones No Longer Secure

Network World Canada (01/07/09) Judge, Peter; Meckbach, Greg

Researchers at the 25th Chaos Communications Congress in Berlin, Germany, recently demonstrated that they could eavesdrop on calls made using Digital Enhanced Cordless Telecommunications (DECT) wireless networks. "DECT really ought to be used for consumer applications and avoided by enterprises," says Info-Tech Research Group analyst Mark Tauschek. "Get rid of anything that you have that's based on DECT." The attack used a Linux laptop with a modified laptop card that can directly intercept calls and information, recording everything in a digital form. Even if encryption is turned on, the system can bypass it by pretending to be a base station that does not support encryption. Andreas Schuler, from the Dedected group, which demonstrated the attack, says if someone fakes being an unencrypted base station and DECT devices cannot get encryption to work, all the most popular phones will revert to unencrypted communications as the priority of manufacturers is interoperability not security. University of Luxembourg cryptographer and Dedected member Ralf-Philipp Weinmann says it is not clear whether the same method would work on debit card reading systems, since they may enforce the use of encryption or use higher level encryption such as secure sockets layer. Nevertheless, Tauschek says retailers that use wireless point-of-sale terminals should use a different standard that has better security features, such as the Advanced Encryption Standard.

View Full Article | Return to Top

'Smart' Cameras Are Watching You

The Lantern (Ohio State University) (01/09/09) Gorder, Pam Frost

Ohio State University (OSU) researchers are developing a "smart" surveillance system that will be able to determine if a person on the street appears to be lost or is acting suspiciously. The goal is to create a network of smart video cameras that will allow officers to quickly and efficiently observe and monitor a wide area. "In my lab, we've always tried to develop technologies that would improve officers' situational awareness, and now we want to give that same kind of awareness to computers," says OSU professor James W. Davis. Davis says the goal is to analyze and model the behavior patterns of people and vehicles moving through a scene. "We are trying to automatically learn what typical activity patterns exist in the monitored area, and then have the system look for atypical patterns that may signal a person of interest," he says. The system will focus on where a person goes and what they do. The first algorithm expands the small field of view that traditional pan-tilt-zoom cameras provide by taking a series of snapshots from every direction within a camera's field of view and combining them into a 360-degree, high-resolution panorama. The operator can click anywhere on the picture and the camera will pan and tilt to that location for a live image. Another program will map locations onto an aerial map of the scene and then calculate where the view spaces of the security cameras overlap and determine the geo-referenced coordinates of each ground pixel in the panoramic image. A third program will use the aerial and panorama views for tracking people, which could be used to instruct a camera to follow specific people based on their behaviors.

View Full Article | Return to Top

Japan Researchers Unveil Robot Suit for Farmers

Agence France Presse (01/09/09)

Japanese researchers have developed a robot suit that assists farmers with harvesting. Researchers at the Tokyo University of Agriculture and Technology recently demonstrated the suit by having someone pull radishes from the ground and pick oranges from high branches. The robot suit has eight motors, 16 sensors, and weighs 55 pounds. Japan has an aging, shrinking farm industry, and the researchers believe the robot suit would help provide support for the leg muscles and joints of elderly farmers. "Human robotic technology is being applied to various industries but it has great potential in the agricultural industry, in which people have to bear a heavy burden," says professor Shigeki Toyama. Toyama says robotics will play an increasingly important role in farming, especially in Japan and Europe, where manual labor is costly and space is limited.

View View Full Article | Return to Top

Operating on the Virtual Human

BBC News (01/12/09) Lever, Anna-Marie

Oxford University physiologist Peter Kohl believes surgeons will be using virtual reality to simulate alternative operations within 10 years. Computer models will enable surgeons to experiment on a virtual surgical table, discover the best way to proceed with a procedure, and also lead to faster operations. The Europe Union has been funding an effort to create biomedical models that simulate the human body structurally and functionally. "We have developed better tools to look at smaller parts of the puzzle in terms of structure and function," says Kohl, one of the principal investigators of the Virtual Physiological Human (VPH) initiative. "We now need to understand how the pieces interact with each other and the environment." Kohl acknowledges that some people will have their doubts about using a quantitative computer model to assess patients' surgical options. He says a thorough assessment of the computer predictions used for medical procedures will be needed to determine VPH's reliability.

View Full Article | Return to Top

Sign-Language Translator

Technology Review (01/12/09) Chu, Jennifer

Boston University researchers are developing an electronic sign language dictionary that will enable users to search for the definition of sign language gestures by demonstrating the gesture in front of a built-in camera. The technology could be used by parents of deaf children to better understand what their children are saying or by deaf people who want to use the Internet in their primary language. Boston University computer science professor Stan Sclaroff and linguistics professor Carol Neidle, who are developing the technology, say they hope to create a system that will allow anyone with a camera and an Internet connection to learn sign language and interact online using sign language. "This takes a lot of processing power, and trying to deal with sign language in different video qualities is very hard," says Georgia Institute of Technology Contextual Computing Group head Thad Starner, who is working on a sign language recognition system that uses sensors attached to gloves. To develop the system, Sclaroff and Neidle asked multiple signers to sign through 3,000 gestures in a studio equipped with four high-speed cameras, which were used to record front and side views and facial expressions. Neidle says smiles, frowns, and raised eyebrows are an understudied part of American Sign Language that could provide strong clues to a gesture's meaning. The signing sessions are analyzed to mark the start and finish of each sign and to identify key subgestures. Sclaroff uses that information to develop algorithms that can distinguish a signer's hand from the background and recognize hand position, shape, and movement patterns.

View Full Article | Return to Top

Government Spends Over $30 Million to Sharpen Cyber Security Saber

Network World (01/09/09)

The U.S. Defense Advanced Research Projects Agency recently named the major contractors that will develop the first phase of technologies aimed at dramatically improving cybersecurity as part of the $30 million National Cyber Range program. The projects will test a variety of technologies, including hot security systems that could modify or replace operating systems and kernels; local-area-network security tools and suites that could require modifying or replacing traditional network device operating systems; and new protocols that may replace portions or the entirety of today's protocol stacks. The projects also will research wide-area-network systems that operate on bandwidths currently not available commercially, and tactical networks that may include mobile ad hoc networks or maritime systems. The program's objectives include being able to offer the use of highly advanced test facilities, establishing an administration capable of certifying and accrediting new technology, and managing security and scheduling testing. "Addressing the vulnerabilities within our cyberinfrastructure must become our long-term national security and economic security priority," says U.S. Joint Interagency Cyber Task Force director Melissa Hathaway. "I don't believe that this is a single-year or even a multi-year investment—it's a multi-decade approach."

View Full Article | Return to Top

Auto Gear-Change Bicycle: Computer Controlled Bicycle Gear Changes Optimize Power, Comfort

ScienceDaily (01/14/09)

Researchers in the Department of Mechanical Engineering at National Defense University in Tashi, Taiwan, are developing a computer system for bicyclists that tells them when to change gears to optimize power while maintaining comfort. The researchers cite ergonomic studies that show cyclists can be in an optimum state while cycling with a fixed output power and peddling speed. The researchers developed an algorithm that provides cyclists with a gear shift strategy to maintain the optimal gear without sacrificing comfort. The algorithm, which has been tested in a simulation of a 12-speed bicycle, provides a gear-shifting sequence with minimal power losses and gear shifts. The algorithm will enable riders to operate the derailleur gearing system more easily, making riders more comfortable because they will be in the correct gear and shifting gears will be smoother. The researchers say the technology could eventually be extended to an entirely automatic mechanical gear-shifting system.

View Full Article | Return to Top

A Breakthrough in Imaging: Seeing a Virus in Three Dimensions

New York Times (01/13/09) P. D3; Markoff, John

IBM researchers have successfully captured a three-dimensional (3D) image of a virus for the first time. The researchers, based at IBM's Almaden Research Center, used magnetic resonance force microscopy (MRFM) to capture a 3D image of a tobacco mosaic virus with a spatial resolution down to four nanometers. MRFM uses an ultrasmall cantilever arm as a platform for specimens that are moved in and out of proximity of a tiny magnet. At extremely low temperatures, the researchers can measure the effect of the magnetic field on protons in the hydrogen atoms in the virus. By repeatedly switching the magnetic field, the researchers were able to cause a minute vibration in the cantilever arm, which was measured using a laser. Moving the virus through the magnetic field repeatedly allows a 3D image to be constructed from numerous two-dimensional samples. The researchers say the tool will help structural biologists working to unravel the structure and the interactions of proteins. MRFM will enable researchers to examine the proteins that make basic DNA structures and make images of interactions among biomolecules.

View Full Article | Return to Top

Group Details 25 Most Dangerous Coding Errors Hackers Exploit

Computerworld (01/12/09) Vijayan, Jaikumar

A group of 35 high-profile organizations, including the U.S. Department of Homeland Security and the National Security Agency's Information Assurance Division, has released a list of the 25 most serious programming errors. The goal is to focus attention on dangerous software-development practices and ways to avoid those practices, according to officials at the SANS Institute, which coordinated the list's creation. Releasing the list is intended to give software buyers, developers, and training programs a tool to identify programming errors known to create serious security risks. The list will be adjusted as necessary to accommodate new or particularly dangerous programming errors that might arise. The list is divided into three classes. Nine errors on the list are categorized as insecure interactions between components, another nine are classified as risky resource management errors, and the rest are considered "porous defense" problems. The top two problems are improper input validation and improper output encoding errors, which are regularly made by numerous programmers and are believed to be responsible for the attacks that compromised hundreds of thousands of Web pages and databases in 2008. Other programming errors include a failure to preserve SQL query, Web page structures leading to SQL injection attacks, cross-site scripting vulnerabilities, buffer-overflow mistakes, and chatter error messages.

View Full Article | Return to Top

How Do You Picture Yourself in a Virtual World?

University of Leicester (01/14/09)

The MOdelling Of SecondLife Environments (MOOSE) project is exploring the use of three-dimensional multi-user virtual environments for teaching digital photography in university courses. The University of Leicester's Beyond Distance Research Alliance is researching how groups of students can socialize and engage in virtual environments for more productive information and knowledge exchanges. Meanwhile, London South Bank University researchers have uncovered previously unknown perceptions of students' identity through avatars and are investigating how being known as an avatar affects group discussions and negotiations. Leicester's Matthew Wheeler says some students perceived missing body language and personal cues when communicating through an avatar. The lack of body language did not drastically affect the conversation because the students knew each other in real life and were able to identify each other based on the appearance of the avatar. Although universities are considering incorporating Second Life into their programs, the researchers say that many educators and students may find themselves lost in the virtual world. To create a usable virtual world, the MOOSE project will create a framework to encourage students' engagement and socialization in a virtual environment designed for learning, and build guidelines for developing students' transferable skills through Second Life.

View Full Article | Return to Top

U.S. Plots Major Upgrade to Internet Router Security

Network World (01/15/09) Marsan, Carolyn Duffy

The U.S. Department of Homeland Security (DHS) plans to quadruple its investment in research dedicated to securing the Border Gateway Protocol (BGP) by adding digital signatures to router communications. DHS says the research initiative, dubbed BGPSEC, will prevent routing hijackings and accidental misconfigurations of routing data. DHS expects BGPSEC to take several years to develop prototypes and standards and at least four years before deployment. Experts have praised the accelerated effort, as BGP is one of the Internet's most vulnerable faults. "The reason BGP problems are so serious is that they attack the Internet infrastructure, rather than particular hosts," says Columbia University professor of computer science Steve Bellovin. "This is why it is a DHS-type of problem." Arbor Networks' Danny McPherson says BGP is one of the largest threats on the Internet. "There doesn't exist a formally verifiable source for who owns what address space on the Internet, and absent that you can't really validate the routing system," McPherson says. The extra funding should enable the DHS to develop ways of authenticating Internet Protocol (IP) address allocations and router announcements on how to reach blocks of IP addresses. DHS funding for router security will rise to approximately $2.5 million per year beginning this year, up from about $600,000 per year over the last three years, says Douglas Maughan, DHS program manager for cybersecurity research and development.

View Full Article | Return to Top

More Chip Cores Can Mean Slower Supercomputing, Sandia Simulation Shows

Sandia National Laboratories (01/13/09) Singer, Neal

Simulations at Sandia National Laboratory have shown that increasing the number of processor cores on individual chips may actually worsen the performance of many complex applications. The Sandia researchers simulated key algorithms for deriving knowledge from large data sets, which revealed a significant increase in speed when switching from two to four multicores, an insignificant increase from four to eight multicores, and a decrease in speed when using more than eight multicores. The researchers found that 16 multicores were barely able to perform as well as two multicores, and using more than 16 multicores caused a sharp decline as additional cores were added. The drop in performance is caused by a lack of memory bandwidth and a contention between processors over the memory bus available to each processor. The lack of immediate access to individualized memory caches slows the process down once the number of cores exceeds eight, according to the simulation of high-performance computing by Sandia researchers Richard Murphy, Arun Rodrigues, and Megan Vance. "The bottleneck now is getting the data off the chip to or from memory or the network," Rodrigues says. The challenge of boosting chip performance while limiting power consumption and excessive heat continues to vex researchers. Sandia and Oak Ridge National Laboratory researchers are attempting to solve the problem using message-passage programs. Their joint effort, the Institute for Advanced Architectures, is working toward exaflop computing and may help solve the multichip problem.

View Full Article | Return to Top

U.S. Science Is Lagging Internationally — But How, Exactly?

Inside Higher Ed (01/15/09) Lederman, Doug

The decreasing number of scientists and engineers produced in the United States is regularly cited to demonstrate the decline of higher education in America and the country's inability to compete in the global economy. However, a new report from the National Science Foundation (NSF) suggests that the numbers may have a different meaning. The report acknowledges that by 2005, most of the 23 developed countries had surpassed the United States in the ratio of degrees in natural sciences and engineering being awarded to 20- to 24-year-old graduates. However, NSF researchers say the disparity is more attributable to growth in the number of university graduates in those countries and not because of a greater emphasis on science and engineering. The researchers found that between 1975 to 1990, nine of the 21 countries studied saw increases solely because of increases to the total number of university degrees awarded, while in 11 cases both the expansion of all degrees and a greater percentage of degrees in natural science and engineering were responsible. From 1990 to 2005, 19 of the 21 countries had higher population ratios of first university degrees in science and engineering than the United States. In 10 of those 19 countries, the change could be attributed to the growth in overall completion of degrees.

View Full Article | Return to Top

Girls and Gadgets Computer Conference Held at University of Teesside

Evening Gazette (UK) (01/15/09) Desira, Joanna

The University of Teesside's recent Girls and Gadgets Computer Conference attracted about 200 teenage girls in the United Kingdom. Organized by Alison Brown, a senior lecturer in the School of Computing, the conference gave the young girls an opportunity to learn more about computers and improve their multimedia skills. The conference featured sessions on computer games, digital music, multimedia, animation, and electronic journalism. In a session called Cover Girl, the girls learned about image manipulation by taking photographs of themselves and manipulating them electronically. "We aim to offer the girls an understanding of the vast range of opportunities available to them in the field of computing," Brown says. "The conference can help to encourage them to consider computer science as a serious career choice." Guest speakers at the conference included Microsoft UK's Eileen Brown and Teesside senior lecturer Siobhan Fenton.

View Full Article | Return to Top

Smart Bridges Under Development With New Federal Grant

University of Michigan News Service (01/14/09) Moore, Nicol Casal

A $19 million project led by the University of Michigan is working to create "smart" bridges capable of providing autonomous, thorough descriptions of their condition to inspectors. The five-year project is developing an infrastructure monitoring system that will include four types of surface and penetrating sensors to detect cracks, corrosion, and other signs of weakness. The system will use enhanced antennas and Internet connections to wirelessly send information to an inspector, either on site or in an office. The project involves researchers from the College of Engineering and the Transportation Research Institute at the University of Michigan, as well as engineers from five private firms. University of Michigan professor Victor Li has developed a new type of concrete that conducts electricity, which will allow researchers, engineers, and inspectors to measure changes in conductivity, indicating a weakness in a bridge. Meanwhile, University of Michigan professor Jerome Lynch is leading an effort to develop a carbon nanotube-based "sensing skin" that would be glued or painted onto "hot spots" to detect cracks and corrosion invisible to the human eye. The skin's perimeter is lined with electrodes that carry a current over the skin to detect what is occurring underneath. Low-power, low-cost wireless nodes will be used to detect traditional damage indicators such as strain and changes in vibration. Finally, sensors housed in vehicles that travel on the bridges could be used to measure a bridge's reaction to the strain a vehicle imposes. The system also will feature a human-infrastructure interaction component, led by University of Michigan professor Vineet Kamat, which will organize the sensor data into meaningful displays before it is sent to inspectors.

View Full Article | Return to Top

How We Are Tricked Into Giving Away Our Personal Information

Swedish Research Council (01/15/09)

Organizations are poorly equipped to prevent attacks that target human error and weaknesses, says Stockholm University's Marcus Nohlberg, who says social engineering attacks have received little attention from researchers. Nohlberg's research has led to a more thorough understanding of the methods attackers use and what makes people and organizations vulnerable. He says the biggest problem is that information and proper training is not an effective deterrent. "There will always be a small group of people who do not do as they were taught," Nohlberg says. "The best thing is practical training, and it's probable that organizations will need to start running internal checks where they in fact create fictitious attacks in order to identify weaknesses." Social engineering is more expensive to the attacker, as it requires commitment and time, but software and technologies already exist that can interact with people automatically. Nohlberg warns of a time when programs target victims through digital forums such as Facebook, making social engineering attacks as easy and inexpensive as sending spam.

View Full Article | Return to Top

Low-Cost Strategy Developed for Curbing Computer Worms

UC Davis News & Information (01/14/09) Greensfelder, Liese

A new strategy for guarding against computer worms has network computers share data about the probability that an attack is taking place. "One suspicious activity in a network with 100 computers can't tell you much," says Senthil Cheetancheri, who developed the strategy when he was a graduate student in the Computer Security Laboratory at the University of California, Davis. "But when you see half a dozen activities and counting, you know that something's happening." The strategy uses an algorithm to compare the cost of disconnecting a computer from the network to the cost of having an infected machine, based on the probability of an attack and what the computer is used for. A toggle would be triggered to disconnect a computer if an infection costs more than staying online. For example, a copy writer might be moved offline even if there is a low probability of an attack, but someone in online sales might not be disconnected until it is almost certain that the activity is malicious.

View Full Article | Return to Top

Putting Heads (and Computers) Together to Solve Global Problems

MIT News (01/13/09) Trafton, Anne

Researchers at the Massachusetts Institute of Technology's (MIT's) Center for Collective Intelligence (CCI) want to unite the world's greatest minds with powerful computers to solve some of the world's toughest problems. Collective intelligence applications such as Wikipedia and Linux only hint at the concept's true potential, says CCI director and MIT professor Thomas Malone. Malone envisions pooling brainpower through computing advances to enable experts and others to find solutions to difficult problems such as global climate change. He says CCI's goal is to discover how people and computers can be connected so they act more intelligently than a single person, computer, or group can on their own. One CCI venture, the Climate Collaboration project, is developing an online deliberation tool to allow experts from a variety of fields to share ideas collaboratively. The Climate Collaboration project requires users to catalog their contributions and connect them to points that were previously made, creating "argument maps" to eliminate repetitive, unhelpful comments and tangents that derail most online forums. The deliberation tool is connected to computer-based climate models, so suggestions about different parts of the problem can be combined and tested. CCI also has proposed a project that would consolidate patient data, clinical practices, and medical research to create a worldwide network that could use the information to precisely identify the type of cancer patients have and predict the treatment best suited to them.

View Full Article | Return to Top

Digital Rights War Looms Ahead

BBC News (01/13/09) Shiels, Maggie

The Digital Entertainment Content Ecosystem (DECE) consortium, a coalition of entertainment, retail, and IT companies, is developing a new digital rights management (DRM) standard without the participation of Apple Computer. By not participating in DECE, Apple devices will likely be unable to play content created by DECE members, and DECE member content will not be made available by Apple. Apple recently dropped DRM restrictions on the 10 million songs in its iTunes store. More than 25 major companies, including Sony, Paramount Pictures, Lionsgate, Microsoft, Best Buy, Hewlett-Packard, Cisco, and Intel have joined DECE, which plans to create new DRM standards and specifications for phones, DVD players, streaming services, and computers. "All of the companies in this consortium realize if we can do this and do this right we have the potential for a very large market," says DECE president Mitch Singer, the chief technology officer at Sony Pictures. Singer says DECE wants to create a centralized "virtual locker" that consumers can use to buy from multiple storefronts and access content from anywhere on any device.

View Full Article | Return to Top

Digital Communication Technology Helps Clear Path to Personalized Therapies

Burnham Institute for Medical Research (01/09/09) Baxt, Josh

Researchers at the Burnham Institute for Medical Research have demonstrated that digital communications algorithms can be used to identify effective multi-drug treatments. A stack sequential algorithm, originally developed for digital communications, has been used by scientists to find optimal drug combinations. The algorithm can be used to integrate information from a variety of sources, including biological measurements and model simulations. Combination therapies can be effective treatments in diseases such as cancer and hypertension, but it is difficult to find effective combinations using only trial and error, says study leader Giovanni Paternostro. Current methods for finding effective combination therapies involve extensive testing, and the ever-expanding possibilities eliminate the option for exploring large combinations. In the study, a small subset of the possible drug combinations identified by using the algorithm was tested in two biological model systems. One system explored improving the physiological decline associated with aging in fruit flies, and the other tested for the selective killing of cancer cells. In both systems, effective drug combinations were found by combining the algorithm with biological tests.

View Full Article | Return to Top

Let the Cracking Begin

Government Computer News (01/12/09) Jackson, William

Analysts have started the process of testing new Secure Hash Algorithm (SHA) candidates for flaws as part of the first round of the National Institute of Standards and Technology's (NIST's) competition to select the next government standard for cryptographic tools. So far, three of the initial 51 submissions have been eliminated. NIST's Bill Burr says there are probably more than three or four more broken algorithms that have not been withdrawn from consideration yet. The winning submission will become SHA-3, and will augment and eventually replace the algorithms currently specified in Federal Information Processing Standard 180-2, which uses SHA-1 and SHA-2. Officials decided to create a competition to design SHA-3 in 2007 after weaknesses were discovered in the existing algorithms. The final selection of a new standard is expected to take place in 2012. Candidates for SHA-3 must be publicly disclosed and available without royalties, work on a wide variety of hardware and software platforms, and support 224-, 256-, and 512-bit encryption. NIST will hold several public workshops to continue to narrow the field, and expects to reduce the number of submissions to 15 by late summer, with the final five being selected in 2010.

View Full Article | Return to Top

Career Experts Predict 2009 Should Be Good For Tech Pros

Tech Careers (via Information Week), January 8

Despite the economic recession, career experts say IT professionals should feel optimistic about the hiring environment in 2009. After all, IT has become a core, embedded function at every company, meaning that there is now less volatility to IT hiring plans. As a result, technology workers will continue to weather the current economic turmoil better than many other professions. Many employers want to hold on to and even bolster their teams of IT people who keep the business running, as well as IT workers who can help their organizations take greater advantage of technology.

Given this need to bolster their core businesses, many organizations are experiencing greater demand for systems engineers, application developers, and database pros who can help make that happen. They are placing particular emphasis on individuals who will be able to move innovative projects forward once the economic uncertainty lifts. Potential areas of growth include mobile technology and electronic medical records. Generally speaking, companies will be looking to align themselves with the new priorities of the Obama Administration, especially when it comes to technology policy.

While most companies are focusing on ways to retain experienced tech talent, there also are promising opportunities for new graduates. Among top jobs for new grads are network systems and data communications analysts, who have average beginning pay of approximately $40,000. Another good career option for college grads between the ages of 20 to 24 is computer support specialist, with an average beginning salary of $25,950. In addition, both of these jobs have solid long-term prospects, according to recent U.S. Department of Labor data.

View Full Article | Return to Top

Recruiter Reveals Hot Jobs for 2009

Network World, January 13

According to executive recruitment firm CTPartners, there are two general categories of executive IT jobs that will be in high demand throughout 2009: social media and healthcare. Moreover, as companies position themselves for an economic recovery, there will be a growing list of jobs that will experience an increase in demand. Within the financial services sector, for example, IT experts who can help fix current problems will be in high demand. As well, there are opportunities in clean tech, alternative energy and infrastructure. The article takes a closer look at the mix of strategic and hands-on executive roles within the social media and healthcare sectors.

Social media continues to gain momentum as organizations look to broaden their presence on the Web. According to research firm Gartner, organizations must adopt these social media technologies to engage the best candidates. Moreover, organizations must grasp the opportunities in figuring out how to exploit the potential of Internet-based communities. As CTPartners points out, there are two technology-related job titles that are drawing the most attention from organizations: head of digital media and head of advanced new media technology.

Healthcare, too, is a field that is drawing attention from recruiters. The CTPartners report emphasizes areas like healthcare informatics and points out the importance of knowledge of the payer and provider space, the product and service space, and WebMD, Google EHealth or anything related to electronic medical records. The healthcare industry is looking for individuals with skill sets that encompass both IT and medical care. One hot new job opportunity is an executive role within the field of healthcare informatics.

View Full Article | Return to Top

Security boffins attempt to freeze out cold boot crypto attack

Track this topic Print story Post comment Cache from chaos

By John Leyden • Get more from this author

Posted in Enterprise Security, 19th January 2009 15:12 GMT

VMware whitepaper - The business case for Virtualization

Security researchers have developed prototype countermeasures to defend against the recently developed cold boot crypto attack.

Cold boot is a technique for snatching cryptographic keys from memory, creating a means to circumvent disk encryption. A targeted machine that's been left hibernating would be turned off and quickly rebooted using an external hard drive, loaded with customised software, in order to extract encryption keys stored in memory.

The technique works because DRAM circuits used in modern PCs retain data for a short time after they are powered down, contrary to popular opinion. Cold boot attacks are of potential interest to both hackers and computer forensics experts.

Crypto boffins are on the way to defending against the attack. By saving cryptographic keys in CPU cache, instead of potentially vulnerable DRAM, the attack can potentially be frustrated.

"By switching the cache into a special mode one can force that data remains in the cache and is not written to the backing RAM locations," write the security researchers behind the Frozen Cache blog. "Thus, the encryption key can't be extracted from RAM. This technique is actually not new: LinuxBIOS/CoreBoot calls this Cache-as-RAM. They use it to allow "RAM access", even before the memory controller is initialized."

View Full Article | Return to Top

Downadup Worm Races Onto Millions of PCs

By Jennifer LeClaire
January 16, 2009 2:17PM

The Downadup worm, also known as Conficker or Kido, is racing across the Internet and has infected more than 8.9 million PCs since November. Microsoft has issued a patch to block the worm, but many PC users haven't installed it and portable USB drives are helping the worm spread. The Downadup worm also blocks security sites and changes access rights.

The Win32.Worm.Downadup is raging across the Internet, using new tricks to spread undetected. The worm spreads by exploiting a vulnerability in the Windows RPC Server Service and has infected millions of Windows PCs in the last two weeks.
"From an estimated 2.4 million infected machines to over 8.9 million during the last four days," Toni Koivunen, an F-Secure researcher, wrote in the company's log. "That's just amazing."

According to Koivunen, there are several different variants of Downadup running wild. The algorithm to create the domain names changes a bit between the variants.

"We've been tracking the variant we believe to be most common [algorithm]. It creates 250 possible domains each day," he said. "We've registered some selected domains out of this pool and are monitoring the connections being made to them."

View Full Article | Return to Top

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License