Archive for April, 2009
Mobile Phone Viruses
April 7th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
There’s a very interesting article in the latest issue of Science titled “Understanding the Spreading Patterns of Mobile Phone Viruses“. While the whole article isn’t online, the supporting documentation is available – but if you want to read the article, then you’ll have to pick up a copy of the latest Science magazine.
The article covers the spread of mobile phone viruses and makes use of a dataset associated with 6.2 million mobile customers and some 10,000 mobile phone towers. I hope that data was sufficiently anonymized.
From the abstract:
“We model the mobility of mobile phone users to study the fundamental spreading patterns characterizing a mobile virus outbreak. We find that while Bluetooth viruses can reach all susceptible handsets with time, they spread slowly due to human mobility, offering ample opportunities to deploy antiviral software. In contrast, viruses utilizing multimedia messaging services could infect all users in hours, but currently a phase transition on the underlying call graph limits them to only a small fraction of the susceptible users. These results explain the lack of a major mobile virus breakout so far and predict that once a mobile operating system’s market share reaches the phase transition point, viruses will pose a serious threat to mobile communications.”
I’ve been looking in to mobile phone viruses and methods for protecting against them for a few years now, and I’d largely agree with the findings of the article and there are some very pretty diagrams as to how the viruses propagate via Bluetooth and MMS, which is helpful in introducing others to the topic.
An area of contention though relates to the MMS propagation path. While MMS viruses can propagate very fast and to a much broader population (requiring no physical proximity), unlike Bluetooth viruses, they are much easier to stop. Since the payloads have to pass through the carriers MMS transport, it is easy to intercept the malicious content centrally – thereby halting propagation.
To some degree the major carriers have started down this path, and were eventually successful against mobile viruses like CommWarrior a few years back. Future mass-MMSing malware will be easy enough to detect and stop using the technologies already in place – subject to client-side polymorphism adoption (which hasn’t been done seriously beyond some proof-of-concept samples — yet!).
An area of future concern though is standard Web propagation techniques. Since most new smartphones allow comprehensive Internet access and have their own Web browsers (and other online services), I believe that mobile phones are increasingly going to fall to drive-by-download attack vectors and most of the badness that desktop hosts have been combating for several years.
That said, I don’t think that third-party developed host-based protection (e.g. “desktop” Anti-virus) is a real solution for mobile phones. The dynamics between carrier, device and customer are very different when compared to desktop relationships. The consequence of this different relationship is that the mobile phone carrier has to do the heavy lifting in protection but, more importantly, they’re in a much better position to do this.
Brain Researchers Open Door to Editing Memory
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Researchers in Brooklyn have been able to erase certain memories by applying with a single dose of an experimental drug delivered to areas of the brain critical for holding specific types of memory, like emotional associations, spatial knowledge or motor skills.
Microbes Turn Electricity Directly to Methane
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
A tiny microbe can take electricity and directly convert carbon dioxide and water to methane, producing a portable energy source with a potentially neutral carbon footprint, according to a team of Penn State engineers.
European ISPs to record all emails and calls
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
A controversial new regulation comes into force today, that extends existing EC directives on data retention from telecoms providers to ISPs.
Mobile Phone Viruses
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
There’s a very interesting article in the latest issue of Science titled “Understanding the Spreading Patterns of Mobile Phone Viruses“. While the whole article isn’t online, the supporting documentation is available – but if you want to read the article, then you’ll have to pick up a copy of the latest Science magazine.
The article covers the spread of mobile phone viruses and makes use of a dataset associated with 6.2 million mobile customers and some 10,000 mobile phone towers. I hope that data was sufficiently anonymized.
From the abstract:
“We model the mobility of mobile phone users to study the fundamental spreading patterns characterizing a mobile virus outbreak. We find that while Bluetooth viruses can reach all susceptible handsets with time, they spread slowly due to human mobility, offering ample opportunities to deploy antiviral software. In contrast, viruses utilizing multimedia messaging services could infect all users in hours, but currently a phase transition on the underlying call graph limits them to only a small fraction of the susceptible users. These results explain the lack of a major mobile virus breakout so far and predict that once a mobile operating system’s market share reaches the phase transition point, viruses will pose a serious threat to mobile communications.”
I’ve been looking in to mobile phone viruses and methods for protecting against them for a few years now, and I’d largely agree with the findings of the article and there are some very pretty diagrams as to how the viruses propagate via Bluetooth and MMS, which is helpful in introducing others to the topic.
An area of contention though relates to the MMS propagation path. While MMS viruses can propagate very fast and to a much broader population (requiring no physical proximity), unlike Bluetooth viruses, they are much easier to stop. Since the payloads have to pass through the carriers MMS transport, it is easy to intercept the malicious content centrally – thereby halting propagation.
To some degree the major carriers have started down this path, and were eventually successful against mobile viruses like CommWarrior a few years back. Future mass-MMSing malware will be easy enough to detect and stop using the technologies already in place – subject to client-side polymorphism adoption (which hasn’t been done seriously beyond some proof-of-concept samples — yet!).
An area of future concern though is standard Web propagation techniques. Since most new smartphones allow comprehensive Internet access and have their own Web browsers (and other online services), I believe that mobile phones are increasingly going to fall to drive-by-download attack vectors and most of the badness that desktop hosts have been combating for several years.
That said, I don’t think that third-party developed host-based protection (e.g. “desktop” Anti-virus) is a real solution for mobile phones. The dynamics between carrier, device and customer are very different when compared to desktop relationships. The consequence of this different relationship is that the mobile phone carrier has to do the heavy lifting in protection but, more importantly, they’re in a much better position to do this.
TEDTalks : Beyond the crisis, mindboggling science and the arrival of Homo evolutis – Juan Enriquez (2009)
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Even as mega-banks topple, Juan Enriquez says the big reboot is yet to come. But don’t look for it on your ballot — or in the stock exchange. It’ll come from science labs, and it promises keener bodies and minds. Our kids are going to be … different.
TEDTalks : Fulfilling the dream of flight in a high-tech wingsuit – Ueli Gegenschatz (2009)
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Wingsuit jumping is the leading edge of extreme sports — an exhilarating feat of almost unbelievable daring, where skydivers soar through canyons at over 100MPH. Ueli Gegenschatz talks about how (and why) he does it, and shows jawdropping film.
TEDTalks : Military robots and the future of war – P.W. Singer (2009)
April 6th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
In this powerful talk, P.W. Singer shows how the widespread use of robots in war is changing the realities of combat. He shows us scenarios straight out of science fiction — that now may not be so fictitious.
Japan Aims for Walking Robot on the Moon by 2020
April 5th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Japan hopes to have a two-legged robot walk on the moon by around 2020, with a joint mission involving astronauts and robots to follow, according to a plan laid out Friday by a government group.
Deep packet inspection and the thoughts of some experts
April 5th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
How does society reconcile the technological benefits and privacy impacts of new technology? Deep packet inspection is just one seemingly neutral technological application that can have a significant impact on privacy rights and other basic civil liberties, especially as market forces, the enthusiasm of technologists and the influence of national security
interests grow stronger.
We have produced a web site (http://dpi.priv.gc.ca) meant to serve as a resource on deep packet inspection. It grew out of a desire at the Office of the Privacy Commissioner of Canada to understand more about a technology that has application in network traffic management, behavioural advertising, and law enforcement.
In the summer and fall of 2008, we contacted leading academics and professionals working in telecommunications, law, privacy, civil liberties and computer science to ask if they would contribute a short essay to a project we were planning – a project that would help Canadians understand the impact of just one component of the technology that underlies our networked society.
The resulting project site presents the work of these academics, lawyers, researchers, activists and industry professionals. We value the time they invested in preparing their essays, and we are happy to present their work in a format that will, hopefully, encourage further discussion around deep packet inspection and similar technologies.
You will notice that this web site was developed with sharing in mind. There are opportunities for you to leave your comments about each essay – either through a written comment or by voting on the essay. We have built in links to some of the more popular content sharing services, in case you think some or all of the essays should be brought to the attention of friends, colleagues, legislators or others.
Or, alternatively, please feel free to send me your comments.
Web Sites Disrupted By Attack on Register.com
April 5th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Web site host and domain name registrar Register.com has been the target of a sustained attack this week, disrupting service for thousands of customers. The attacks began on Wednesday, causing a three-hour outage for many Web sites that rely on the company for hosting and/or use the company’s domain name system (DNS) servers, said Roni Jacobson, executive vice president at Register.com. The outage was the result of what’s known as a distributed denial of service (DDoS) attack, in which attackers cause hundreds or thousands of compromised PCs to flood a target with so much junk traffic that the Web site can no longer accommodate legitimate visitors. Typically, DDoS attacks are waged as a way for criminals to extort money from the targets, who are told the attack will cease when a ransom demand is paid. Jacobson declined to say whether Register.com had received any extortion demands. “We did have a
Group takes Conficker fight to a new level
April 1st, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Forming a global alliance to fight cybercrime isn’t easy, and building an organization that can stay one step ahead of cyber crooks in more than 100 countries is close to impossible. But a band of volunteers calling itself Conficker Working Group thinks it can do it.
CRTC Launches Online Consultation on Net Neutrality
April 1st, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
The CRTC has launched an online consultation on net neutrality. Topics include the impact on user experience, innovation, the role of the CRTC, network management, and ISP transparency. Comments posted to the consultation will form part of the public record for the hearing on the issue this summer. Canadians have until April 30th to ensure that their voices are heard.