Archive for 'My Recent Reads'
I know who your name, where you work, and live (Safari v4 & v5)
July 25th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address. Safari v4 & v5, with a combined market browser share of 4% (~83 million users), has a feature (Preferences > AutoFill > AutoFill web forms) enabled by default. Essentially we are hacking auto-complete functionality.
This feature AutoFill’s HTML form text fields that have specific attribute names such as name, company, city, state, country, email, etc.
<* form>
<* input type="text" name="name">
<* input type="text" name="company">
<* input type="text" name="city">
<* input type="text" name="state">
<* input type="text" name="country">
<* input type="text" name="email">
<* /form>
These fields are AutoFill’ed using data from the users personal record in the local operating system address book. Again it is important to emphasize this feature works even though a user never entered this data on any website. Also this behavior should not be confused with normal auto-complete data a Web browser may remember after its typed into a form.
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.
Fortunately any AutoFill data starting with a number, such as phone numbers or street addresses, could not be obtained because for some reason the data would not populate in the text field. Still, such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it’s not exploit code designed to deliver rootkit payload. In fact, there is no guarantee this has not already taken place. What is safe to say is that this vulnerability is so brain dead simple that I assumed someone else must have publicly reported it already, but exhaustive searches and asking several colleagues turned up nothing.
I figured Apple might appreciate a vulnerability disclosure prior to public discussion, which I did on June 17, 2010 complete with technical detail. A gleeful auto-response came shortly after, to which I replied asking if Apple was already aware of the issue. I received no response after that, human or robot. I have no idea when or if Apple plans to fix the issue, or even if they are aware, but thankfully Safari users only need to disable AutoFill web forms to protect themselves.
In a cyber-war, we fight for economic well-being
June 29th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Earlier this month NPR’s Planet Money podcast had a session entitled, “A War Between States And Corporations,” where they interviewed Ian Bremmer (President, Eurasia Group). Mr. Bremmer is the author of The End of the Free Market: Who Wins the War Between States and Corporations? Near the end of the podcast Ian said something about the economy and internet security that really resonated with me.
“When you have hundreds of western multinational corporations that have seen industrial espionage, that’s been directly targeted at them through cyber attacks, massive unprecedented cyber attacks, that were either directly organized by the Chinese government or were known about and actively tolerated by the Chinese government on behalf of Chinese corporations — that’s a pretty good description of a war.”
I’m inclined to agree because as he puts it…
“National security is no longer about tanks. National security is increasingly about economic well being, internet security, and issues that allow us to live on a daily basis. We’re not worried today about the soviets blowing us up with nukes, but we are worried that our kids to be able to enjoy a quality of life vaguely related to our own.”
Precisely. We want our children to have a good quality of life and the lack of internet security places that in jeopardy for all us. Historically economic failings, obviously not through cyber-war, played a role in the fall of the Roman Empire, the Soviet Union, and very nearly Greece. Our cyber-war, and it is a war, isn’t over in so much as that we haven’t lost our economy; nor solved the problem. What we citizens want, what we desire most (qualify of life), is facilitated through economic prosperity. To achieve this the U.S. needs entrepreneurialism and innovation. The latter is what enables business to grow and our economy flourish, which is exactly what our enemies want to steal from us, over the network, because they can.
“And, I see this as absolutely being a fundamentally conflictual relationship that is coming up between these corporations that are increasingly going to have to fight against other entities, economic entities, that are being supported by governments where there isn’t rule of law.”
Yes, how exactly can a western corporation, or any non-nation-state sponsored entity, possibly defend itself against such an adversary?
Legal and diplomatic remedies to enforce various cyber-crime laws is an option. Only this approach has proven all but completely ineffective. DoSing malicious network nodes has been suggested, but will certainly not deter let alone stop an advanced persistent threat. Increased attack distribution and subtlety is the result. The current WhiteHouse administration will not easily opt for conventional shock-and-awe warfare to target digital adversaries, even in occasions when we know names and locations. At least I hope not, although it may eventually come to that if we can’t find a way to succeed through technological means.
On the defensive side the U.S. government is simply not equipped to help businesses defend their networks or the applications above. GOV is out staffed and overwhelmed already trying to defend their own systems from classified data breaches. At best they may provide the private sector some welcome threat intelligence. If corporations desire security, not all do, and survival is optional, they must learn to adequately protect themselves against other corporations who may have the support of nation-states.
Adobe, Juniper, Symantec, Northrop Grumman, etc. recently received a warning shot in Operation Aurora, as did other named and unnamed corporations. A sure sign of the times. Bad guys want more than just money. They’re very keen on intellectual property, new inventions, source code, customer lists, contract negotiations, acquisition plans, product strategy, sales figures, names of employees and their friends & family, and so on. All of which is located on some computer, likely multiple computers, on the corporate network (or Facebook’s) accessible from anywhere the Internet.
You Don’t Want ISPs to Innovate
June 28th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
ISPs are trying to persuade the FCC not to impose basic rules on them, saying it will crush innovation. But when it comes to the tubes to your house, you don’t want their kind of “innovation.”
You Don’t Want ISPs to Innovate
June 25th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
ISPs are trying to persuade the FCC not to impose basic rules on them, saying it will crush innovation. But when it comes to the tubes to your house, you don’t want their kind of “innovation.”
You Don’t Want ISPs to Innovate
June 25th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
ISPs are trying to persuade the FCC not to impose basic rules on them, saying it will crush innovation. But when it comes to the tubes to your house, you don’t want their kind of “innovation.”
Stephen Wolfram: Computing a theory of everything – Stephen Wolfram (2010)
May 22nd, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Stephen Wolfram, creator of Mathematica, talks about his quest to make all knowledge computational — able to be searched, processed and manipulated. His new search engine, Wolfram Alpha, has no lesser goal than to model and explain the physics underlying the universe.
TEDTalks : Stephen Wolfram: Computing a theory of everything – Stephen Wolfram (2010)
May 9th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Stephen Wolfram, creator of Mathematica, talks about his quest to make all knowledge computational — able to be searched, processed and manipulated. His new search engine, Wolfram Alpha, has no lesser goal than to model and explain the physics underlying the universe.
PINs and the burden on customers
May 6th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
A survey by the Consumers’ Association shows that 10% of cardholders write down or share their PIN. This high proportion surely raises serious doubt about whether it’s fair for banks to claim that such people are “grossly negligent” even if the PIN is well disguised (for example, as part of a phone number in an address book with hundreds of other numbers). And if banks don’t want disabled people to share PINs with carers, they ought to come up with an alternative, or be held to account under disability discrimination laws.
Interestingly, Mark Bowerman (PR for the banks) says in this article that customers should not use the same PIN for multiple cards. We heard him on radio saying exactly the opposite a few years ago. Now he tells people to change PINs to something easy to remember (and easier for criminals to guess).
By giving customers contradictory and impractical advice, the banks are placing an unmeetable burden on them.
The banks also frequently give advice that is simply wrong. Look, for example, at this video by Barclays showing how to enter your PIN at a merchant terminal!
AT&T UTMS JS Injection
April 14th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
This isn’t exactly an exploit, but I’m sure after reading it, some people will feel like it is, or at minimum it might make people feel uncomfortable. It appears when users connect through AT&T UTMS wireless cards, the system man-in-the-middle’s the connection, and not only does it downgrade the image quality for performance reasons but it also injects a piece of JavaScript located at http://2.2.3.4/bmi-int-js/bmi.js (not live on the Internet). If you’re anything like me and you see a piece of JS installed in your website that you know doesn’t have any JS on it at all, you’re thinking you’re owned at this point. Alas, you probably are owned, but it’s in an effort to save your bandwidth. You can download a zipped copy of this JavaScript file here.
The real questions are when and how this page gets cached, and who owns 2.2.3.4 when it’s not being MITM’d (when you switch from UTMS to another network), and on and on. Incidentally, I tried to do directory transversal and go to http://2.2.3.4/ to see what else might be on that page and it banned me from going there and to the JavaScript file for the rest of the session. Why? Probably to stop guys like me from hacking whatever server that is and MITMing everyone on AT&T’s UTMS network. Clearly reducing the size of the page, is good for them, and is good for some percentage of users who don’t care about the potential issues here. And for the rest of us, we’ll continue to tunnel our traffic so we can avoid AT&T’s MITM craziness.
Update: a few people have sent me a link that this also is happening on other networks as well.
MalaRIA Malicious RIA Proxy
April 14th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
I got an email from Erlend Oftedal about a new tool he’s created called MalaRIA. The tool uses weak crossdomain.xml and clientaccesspolicy.xml (so both Flash and Silverlight) to allow a piece of code that resides on his server to use the client’s machine as a proxy to read information off of other websites that are protected in other ways. So think of it like an RIA version of BeEF.
You can read his blog post here or if you’re the visual type you can check out his movie here. We often talk about why poorly written crossdomain.xml files are dangerous, but I think this puts the last nail in that coffin. Yes, it’s dangerous. For real. Incidentally there is no reason you couldn’t deliver a MalaRIA payload over BeEF as well, if you wanted the best of both worlds. Nice job by Erlend!
Update: code available here.
Facebook Patents Social Feeds and I Patent XSS
February 26th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
In honor of the USPO’s decision to allow Facebook’s patent for social feeds I decided to patent XSS. Please pay up. You know who you are. Thank you.
HTC Desire ROM shoehorns HTC Sense and Flash 10.1 onto the Nexus One
February 22nd, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Want some of that colorful, homescreen-juggling, Android 2.1 Sense UI that HTC has prepped for the HTC Desire? Well, the previously promised hacked ROM is ready for your Nexus One’s consumption. It’s in alpha right now, so install at your own risk, and does indeed support Flash 10.1, so also beware of the risk of browsing the real internet. What more danger, excitement, and grassroots handset support could you possibly want out of life? Hit up the source link for the full instructions, video of the ROM in action is after the break.
Continue reading HTC Desire ROM shoehorns HTC Sense and Flash 10.1 onto the Nexus One
HTC Desire ROM shoehorns HTC Sense and Flash 10.1 onto the Nexus One originally appeared on Engadget on Sun, 21 Feb 2010 08:58:00 EST. Please see our terms for use of feeds.
HTC Desire ROM shoehorns HTC Sense and Flash 10.1 onto the Nexus One
February 22nd, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Want some of that colorful, homescreen-juggling, Android 2.1 Sense UI that HTC has prepped for the HTC Desire? Well, the previously promised hacked ROM is ready for your Nexus One’s consumption. It’s in alpha right now, so install at your own risk, and does indeed support Flash 10.1, so also beware of the risk of browsing the real internet. What more danger, excitement, and grassroots handset support could you possibly want out of life? Hit up the source link for the full instructions, video of the ROM in action is after the break.
Continue reading HTC Desire ROM shoehorns HTC Sense and Flash 10.1 onto the Nexus One
HTC Desire ROM shoehorns HTC Sense and Flash 10.1 onto the Nexus One originally appeared on Engadget on Sun, 21 Feb 2010 08:58:00 EST. Please see our terms for use of feeds.
PRC Cyber Capabilities Study
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
A report prepared by Northrop Grumman on Chinese capability to wage information warfare offers some valuable insights into the nature of professional and national security cyber-attack teams.
REPORT ON CHINESE CYBER WARFARE & ESPIONAGE – [uscc.gov]
“Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation”
Prepared for The US-China [...]
Physicists Prove Teleportation of Energy Is Possible
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Over five years ago, scientists succeeded in teleporting information. Unfortunately, the advance failed to bring us any closer to the Star Trek future we all dream of. Now, researchers in Japan have used the same principles to prove that energy can be teleported in the same fashion as information. Rather than just hastening the dawn of quantum computing, this development could lead to practical, significant changes in energy distribution.
According to the theory, developed by Masahiro Hotta of Tohoku University, Japan, a series of entangled particles could be stretched across an infinite amount of space. By inducing an energy change in one of the particles, the other entangled particles would change as well. Eventually, to preserve conservation of energy, the original particle would be destroyed, with its energy passing to the final particle in the chain. Thus, the energy has been teleported from one particle to another.
Naturally, Hotta doesn’t present any blueprint for replacing power lines with teleporting energy, concentrating instead on the implications for studying quantum mechanics. However, with a concept this profound, the implications beyond theory are nearly endless. So let’s hear what you’ve come up with! Commenters, I want to know: how would you use energy teleportation?
Quickpost: Quasi-Tautologies & SQL-Injection
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Last OWASP/ISSA Belgian chapter meeting was the location of an interesting discussion. For a full report of the meeting, read Xavier’s excellent blogpost.
Many SQL-injection techniques rely on tautologies: adding an expression that is always true to the where-clause of a select statement. Like OR 1=1. 1=1 is a tautology, it’s an expression that always yields true.
So if SELECT * FROM USERS WHERE USERNAME = ‘ADMIN’ and PASSWORD = ‘UNKNOWN’ doesn’t select any rows because the password is not correct, injecting ‘ OR 1=1 – gives SQL statement SELECT * FROM USERS WHERE USERNAME = ‘ADMIN’ and PASSWORD = ” OR 1=1 –’ which will return all rows, because the where-clause is always true (OR 1=1).
There are several security applications (WAFs, SQL firewalls, …) designed to monitor the stream of SQL statements and reject statements with tautologies, i.e. the result of a SQL-injection. Some are very simple and just try to match pattern 1=1. Bypassing them is easy: 1>0 is also a tautology. Others are more sophisticated and try to find constant expressions in the where-clause. Constant expressions are expressions with operators, functions and constants, but without variables. If a constant expression is detected that always evaluates to true, the firewall assumes it’s the result of a SQL-injection and blocks the query.
This is all classic SQL-injection, but now comes the interesting part.
What if I use an expression that is not a tautology in it’s mathematical sense, but is almost one… Say I use expression RAND() > 0.01 ? The RAND function is a random number generator and returns a floating point value in the range [0.0, 1.0[. Expression RAND() > 0.01 is not a tautology, it’s not always true, but it is true about 99% percent of the time. I call this a quasi-tautology.
A firewall looking for tautologies will not detect this, because it is not a tautology. But when you use it in a SQL-injection, you stand a 99% chance of being succesful (provided the application is vulnerable to SQL-injection)!
There are other functions than RAND to create quasi-tautologies. An expression comparing the seconds of the current system time with 59 is also a quasi-tautology.
The GreenSQL firewall will detect SQL statements with quasi-tautologies, not because it looks for them, but because it builds a whitelist in training mode.
Quickpost info
Chip and PIN is broken
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
There should be a 9-minute film on Newsnight tonight (10:30pm, BBC Two) showing some research by Steven Murdoch, Saar Drimer, Mike Bond and me. We demonstrate a middleperson attack on EMV which lets criminals use stolen chip and PIN cards without knowing the PIN.
Our technical paper Chip and PIN is Broken explains how. It has been causing quite a stir as it has circulated the banking industry privately for over 2 months, and it has been accepted for the IEEE Symposium on Security and Privacy, the top conference in computer security. (See also our FAQ and the press release.)
The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.
It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank) — in fact Steven blogged about it here last August.
But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification. The reason why it works can be quite subtle and convoluted: bank authorisation systems are complex beasts, including cryptographic checks, account checks, database checks, and interfaces with fraud detection systems which might apply a points-scoring system to the output of all the above. In theory all the data you need to spot the wedge attack will be present, but in practice? And most of all, how can you spot it if you’re not even looking? The banks didn’t even realise they needed to check.
This attack is both academically and practically significant. We get reports weekly from different victims of phantom withdrawals, and these include large numbers of stolen cards used to make purchases in the window between theft and the cancellation of the card. Currently these victims are denied refunds by their banks, but this attack could explain some of the frauds we are seeing. The fact the receipt says “PIN Verified” when actually it wasn’t raises a whole load of legal and evidential questions which call into question the banking industry’s claim that their systems work (and log) properly. Merchants will be none too pleased either; the system no longer protects their interests but only those of the issuing bank.
There’s been some confusion, possibly even misinformation, about our attack and its effects. Cartes Bancaires in France were so concerned that they briefed the press way in advance of our plans for publication. We can set the record straight on a few things:
- the attack applies to cards used online (where the merchant POS contacts the bank) as well as offline;
So what went wrong? In essence, there is a gaping hole in the specifications which together create the “Chip and PIN” system. These specs consist of the EMV protocol framework, the card scheme individual rules (Visa, MasterCard standards), the national payment association rules (UK Payments Association aka APACS, in the UK), and documents produced by each individual issuer describing their own customisations of the scheme. Each spec defines security criteria, tweaks options and sets rules – but none take responsibility for listing what back-end checks are needed. As a result, hundreds of issuers independently get it wrong, and gain false assurance that all bases are covered from the common specifications. The EMV specification stack is broken, and needs fixing.
We’re really worried that if something isn’t done to fix this problem, and the many others we’ve found in EMV, other regions adopting it (like the USA) are going to make the same mistakes again and again – and that means customers stay vulnerable.
That’s why again we’re arguing that Chip and PIN is broken. We don’t want people keeping their money in shoe boxes – we want the problems fixed. That means getting decent governance for the system that involves all the stakeholders – banks, regulators, merchants and customers.
Update (2010-02-11): ZDNet UK have some in-depth press coverage, and the story has also been picked up by the Telegraph and Daily Mail.
TEDTalks : Derek Sivers: Weird, or just different? – Derek Sivers (2009)
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
“There’s a flip side to everything,” the saying goes, and in 2 minutes, Derek Sivers shows this is true in a few ways you might not expect.
The Real Hustler
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Paul Wilson, my esteemed coauthor on that paper on the psychology of scam victims that is currently attracting quite a bit of attention, has just started an entertaining and instructive new blog, The Real Hustler. If you liked our paper, you’ll probably enjoy Paul’s blog.
Well worth a bookmark and repeat visits for fans of the BBC TV series and for researchers who recognize the importance of the exciting new field of security psychology.
Terrorists Prohibited from Using iTunes
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
The iTunes Store Terms and Conditions prohibits it: Notice, as I read this clause not only are terrorists — or at least those on terrorist watch lists — prohibited from using iTunes to manufacture WMD, they are also prohibited from even downloading and using iTunes. So all the Al-Qaeda operatives holed up in the Northwest Frontier Provinces of Pakistan, dodging…
Appeals Court Backs EFF Push for Telecom Lobbying Documents Disclosure
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
San Francisco – Today a federal appeals court rejected a government claim of “lobbyist privacy” to hide the identities of individuals who pressured Congress to grant immunity to telecommunications companies that participated in the government’s warrantless electronic surveillance of millions of ordinary Americans. As the court observed, “There is a clear public interest in public knowledge of the methods through which well-connected corporate lobbyists wield their influence.”
The Electronic Frontier Foundation (EFF) has been seeking records detailing the telecoms’ campaign for retroactive legal immunity under the Freedom of Information Act (FOIA). Telecom immunity was enacted as part of the FISA Amendments Act of 2008.
“Today’s ruling is an important one for government and corporate accountability,” said EFF Staff Attorney Marcia Hofmann. “The court recognized that paid lobbyists trying to influence the government to advance their clients’ interests can’t hide behind privacy claims to keep their efforts secret.”
This decision is the latest setback for the government in its long-running attempt to delay disclosure of the documents EFF seeks. So far, EFF has obtained thousands of pages of records through this litigation.
"AT&T, Verizon and Sprint expended millions of dollars to lobby the government and get an unconstitutional grant of retroactive immunity for their illegal spying on American citizens," said EFF Senior Staff Attorney Kurt Opsahl. "The public deserves to know how our rights were sold out by and for telecom lobbyists."
The appeals court sent part of the case back down to the district court for further consideration, including whether disclosure of the lobbyists’ identities would reveal intelligence sources and methods and whether communications between the agencies and the White House can be withheld under the presidential communications privilege or other grounds.
For the full opinion:
http://www.eff.org/files/filenode/foia_C0705278/opinion2909.pdf
For more on this case:
http://www.eff.org/issues/foia/cases/C-07-05278
Contacts:
Marcia Hofmann
Staff Attorney
Electronic Frontier Foundation
marcia@eff.org
Kurt Opsahl
Senior Staff Attorney
Electronic Frontier Foundation
kurt@eff.org
Nate Cardozo
Open Government Legal Fellow
Electronic Frontier Foundation
nate@eff.org
Vulnerability in TLS/SSL Could Allow Spoofing, (Wed, Feb 10th)
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Microsoft released a bulletin yesterday about a potential problem in TLS/SSL that could allow spoofing. From their bulletin:
Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.
As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues.
As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround is not intended for wide implementation and should be tested extensively prior to implementation.
Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, depending on customer needs.
More details are in their bulletin and we’ll let you know if we hear anything more. We have not received any reports of in-the-wild exploitation of this potential vulnerability.
Thanks, Kurt and Cheryl, for bringing this to our attention!
Marcus H. Sachs
Director, SANSInternet Storm Center
The Quest to Read the Human Mind
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
It’s after dark on a warm Monday night in April, and I’m lying face-up in a 13-ton tube at the Henry H. Wheeler, Jr. Brain Imaging Center at the University of California at Berkeley. The room is dimly lit, and I am alone. A white plastic cage covers my face, and a blue computer screen shines brightly into my eyes. I’m here because a neuroscientist named Jack Gallant is about to read my mind. He has given me strict instructions not to move; even the slightest twitch could affect the accuracy of what he’s about to do. As I stare straight up, I notice an itch on my thigh. Don’t scratch it, I tell myself. I try to keep my thoughts blank as the beeping gets faster and the fMRI machine-the scanner that will detect changes in blood flow in my brain-powers up.
Gallant assures me that the random thoughts in my head will not affect his results. Today he’s just concerned with what I see and how that registers in the visual cortex, a region at the back of the brain that processes what my eyes take in. It doesn’t matter that I’m thinking about what to eat for dinner, or that I’m worried about getting a parking ticket on Oxford Street. The only important thing, he says, is for me to keep as still as possible, and soon he’ll have enough information to re-create the pictures I’ve been staring at without ever having seen the images himself.
For the past 10 years, Gallant has been running a neuroscience and psychology lab at Berkeley dedicated to brain imaging and vision research. He’s one of a few neuroscientists in the world on the verge of unlocking the key to mind reading through brain-pattern analysis using magnetic resonance scans and algorithms. By showing me a series of random photographs and evaluating fMRI readings from my primary visual cortex, Gallant says his technique can reconstruct imagery stored in my brain. His current method takes hours of analysis, but his objective is to hone the technology to the point where it can deduce what people are seeing in real time.
If successful, it could influence the way we do just about everything. Mind-reading machines could help doctors understand the inner worlds of people with hallucinations, cognitive disabilities, post-traumatic stress disorder and other impairments. Judges could use them to sneak a look into suspects’ brains by having them reenact the experience and reading their visions. Such machines could also determine whether someone using the insanity defense is faking it, or whether someone claiming self-defense truly feared for his life. On the flip side, the technology raises serious ethical concerns, with critics worrying that it could one day make our private thoughts vulnerable to snoops and hackers.
I ponder all this as I lie motionless in the brain scanner, staring straight ahead while Gallant and two of his lab researchers flash several dozen photographs in front of my eyes, a few seconds at a time. I see sheep grazing in a meadow, a rock formation, a pond and a profile of a guy who looks like Einstein. I’m not actually supposed to be looking at these pictures-my job is to stare at the white dot in the middle of the screen. “Seeing” doesn’t happen entirely in the conscious realm, Gallant explains. The visual cortex works like a camera, automatically absorbing information through the retina and registering the imagery in the brain.
Ten minutes feels like an eternity, but finally the fMRI announces the conclusion of its program with another loud beep. The researchers remove me from my bind and escort me to the control room, where a giant monitor is displaying 30 scanned images of my brain from different angles. I see bunches of white squiggly lines and light gray V shapes inside rows of gray circles. “That’s it? That’s my brain?” I ask, my head foggy from having tried so hard to stay still. It surprises me that all the goings-on in my mind can be reduced to a bunch of geometric shapes. Gallant tells me that brain activity is basically just a bunch of neurons firing-an estimated 300 million in the primary visual cortex alone, according to the latest research.
To help make sense of the shapes, the brain scanner divides them up into a grid of three-dimensional cube-like structures called volume pixels, or voxels. To me, each voxel looks like a random mix of whites, grays and blacks. But to Gallant’s computer model, which can see more-precise data in those shades, the voxels are a meaningful matrix of zeroes and ones. By crunching this matrix, it can transform the shapes back into a remarkably accurate rendering of the Einstein Guy or the grazing sheep. Gallant and his team didn’t have time to generate enough scans of my brain to make their algorithm work, but they showed me some convincing results from other volunteers. “It’s not perfect,” says Shinji Nishimoto, one of Gallant’s postdocs, “but we’re getting pretty close.”
As I leave the lab, my thoughts secure in my head, I feel a bit uneasy knowing that they may not stay that way for long. Gallant’s “neural decoding”-a term he prefers to “mind reading”-is getting faster and more sophisticated all the time. In fact, last October, his lab managed to re-create entire video clips just by analyzing the brain patterns of people watching them. In one example, a reconstructed video of an elephant walking through the desert shows a blotchy Dumbo-shaped mass plodding across the screen. The fine details are lost, but the rendering is nonetheless impressive for having been pulled from someone’s brain. And it’s not just Gallant who’s making progress. Using similar technology, other researchers are unlocking memories and dreams.
Beyond the fuzzy realm of the paranormal, mind reading could simply be a question of having the right tools. “As long as we have good measurements of brain activity and good computational models of the brain,” Gallant wrote in a supplement to a paper he published in Nature in 2008, “it should be possible in principle to decode the visual content of mental processes like dreams, memory, and imagery.”
What’s on your Mind?
Remarkably, scientists can predict with near-perfect accuracy the last thing you saw just by analyzing your brain activity. The technique is called neural decoding. To do it, scientists must first scan your brain while you look at thousands of pictures. A computer then analyzes how your brain responds to each image, matching brain activity to various details like shape and color. Over time, the computer establishes a sort of master decoding key that it can later use to identify and reconstruct almost any object you see without the need to analyze the image beforehand.
The Magic of the MRI
Gallant is a slight, wiry man with a horseshoe mustache and a Willy Wonka-esque energy about him. He tends to use friendly, vivid analogies when he talks. “The brain is a Thanksgiving turkey,” he said to me last summer during a visit to his bare-bones office at Berkeley. He was drawing furiously on the chalkboard, attempting to explain in simple terms the inner workings of the visual cortex. “The outside of the turkey is the skin, or the brain’s cortex. All the giblets inside are subcortical nuclei. This”-he tapped his chalk on the giant balloon-like cavity at the rear of his “turkey” diagram-”is the primary visual cortex,” the center of our vision system.
The brain employs a complex assembly line to construct the world around us. The primary visual cortex, or V1, connects to a maze of other regions known as V2, V3, and so on. (“Nobody knows exactly how many areas there are up there,” Gallant says, a finger to his head.) Each region performs specific vision-related functions, like distinguishing colors, discerning shapes, gauging depth, or sensing motion. When I look at a dog, for instance, I don’t just see the shape of a four-legged animal; I recognize that it’s the brown-and-white dog I owned as a child, romping in a familiar way in the backyard I grew up in. It might even trigger a memory of playing with him. Each of these aspects of “seeing” would be represented by different patterns in the visual cortex.
The key function of V1 relevant to Gallant’s research-registering visual stimuli-was discovered in the early 20th century, when soldiers with bullet wounds to the back of the head, presumably to their visual cortex, experienced partial blindness despite having healthy eyes. Experiments on rodents affirmed that the location and shape of things we see are replicated in V1. If I were to look at a tree, for instance, the back of the eye would register a representation of an upside-down tree onto V1. But it wasn’t until the late 1990s, when neuroscientists used a process called multi-voxel pattern recognition, that scientists were able to pinpoint these representations non-invasively in humans. The technique uses fMRIs to map the visual cortex into tiny structures-voxels-that correspond to patterns of blood flow. One pattern in the area responsible for shape, for instance, might suggest that a person is looking at a dog, while another pattern in the area responsible for color could suggest that the dog is brown.
Gallant’s project takes the technique to a new level, using a computer model to not only identify images but also reconstruct them. On the night of my fMRI session, I met five members of Gallant’s lab who, for the past three years, have been wrestling with probability theory to come up with the best algorithms to power the model. When I asked them how exactly they devised the code, Thomas Naselaris, a tall, curly-haired postdoc, put a long equation on the blackboard called Bayes’ theorem. It’s a fundamental tenet of probability theory that calculates how odds change in response to new information, he explained, and it’s the key to their technique.
To calculate the probability that someone’s brain patterns represent a particular image, the researchers must first prime their special equation with a sizable sampling of data, plugging in 1,750 of the subject’s fMRI scans. “For every possible image a person could be looking at, Bayes’ theorem tells you the probability that the image is correct,” Naselaris says. It’s a bit like trying to predict the make of a car concealed beneath a tarp: To come up with an accurate guess, you must first analyze all the available clues-the shape of the tarp, its size, maybe the type of person who owns the car, possibly the sound of the engine. The more information you have, the better your guess. Likewise, the more data you plug into the equation, the more accurate its predictions.
Dancing Bears
The ability to pluck a picture from someone’s brain is an impressive feat, but the far bigger challenge is figuring out the actual thoughts associated with that picture. Gallant would have no way to know, for instance, what I was thinking while I was lying in the scanner. That’s because thoughts, unlike pictures, are not neatly recorded at the back of the brain.
So where are they recorded? Tom Mitchell, a computer scientist at Carnegie Mellon University, along with his colleague Marcel Just, is using fMRI and multi-voxel pattern recognition to answer that question. By mapping the brain’s response to images, words and emotions, Mitchell believes his lab could be decoding thoughts, not just pictures, within the decade.
To pinpoint where thoughts live in the brain, during a recent study he put volunteers in an fMRI machine, showed them two objects-a hammer and a house, for example-and used software to analyze voxel patterns triggered in multiple parts of the brain, ultimately determining which object the subject was thinking about. Like Gallant, Mitchell can do this with 90 percent accuracy. “When you think about a hammer, you think about all aspects of it. You might think about swinging it, which would fire neurons in your motor cortex,” he says. “You might think about what it looks like, which activates the visual cortex.” His team also gathered fMRI data from the amygdala and the anterior cingulate cortex-areas that correlate with emotions like anger and love-to map out brain patterns that form when people hear words such as “love,” “justice” and “anxiety.”
Yukiyasu Kamitani, a computational neuroscientist at the Advanced Telecommunications Research Institute International in Japan, believes he can take the technology even further and decode dreams. This summer, he plans to put sleeping people in the fMRI to read their brain signals and, like Gallant, reconstruct them.
Meanwhile, Gallant and Nishimoto are attempting to reproduce movies stored in the brain. After I finish my fMRI scans, Gallant showed me a video clip on his computer featuring psychedelic bears floating in front of mountains. Every few seconds, a new bear zoomed into the foreground and then floated away like a beach ball tossed in the air. Occasionally a colorful cube flew past the bears. Just looking at it made me dizzy. “This is a motion-enhanced movie,” Gallant says excitedly. “It makes your visual system go absolutely crazy, so you get lots of blood flow and signals.”
Nishimoto, the lab’s resident “motion guy,” is able to reconstruct from brain scans the colors, location and movement of these bears, generating reproductions of the original video footage. In a similar experiment, he asked a volunteer to watch two hours of movie trailers inside an fMRI machine. A computer then matched the subject’s brain patterns to colors and moving shapes in the movie. To build up the computer model’s reference library of associations-to prime it-the researchers fed it thousands of hours of YouTube videos and asked it to predict how the person’s brain would respond to watching them. Then, when the subject watched a new set of videos, the computer was able to match the new brain patterns to images in its library to piece together a reproduction of the original video clip. The reconstructed video captured the general flow of motion, as well as shapes and colors, although it missed fine details such as facial features. The resolution will improve, the researchers say, as more data is added to the computer model. “Whenever I tell anyone we can do this,” Gallant says, “they say there’s no way.”
Thinking back to the rat’s nest of lines from my own fMRI readings-all that from looking at a simple black-and-white photo-it’s a little creepy to think that our mental processes can be reduced to binary code in this fashion. But then again, so is the notion of a mysterious black box of neurons controlling everything we do and think. “It’s all numbers,” Gallant says. “The trick is to do good bookkeeping.”
Marijuana Research Offers New Hope For Male Birth Control Pill
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
The male birth control pill has lingered for years tantalizingly just out of reach, in the realm where rumor meets science. Recently developed hormonal and mechanical contraceptives never found an audience, serving only to highlight the absence of a male pill. Now, an examination of how smoking pot lowers fertility may make the male pill more than a persistent rumor.
Writing in last week’s issue of the journal Cell, University of California, San Francisco, researcher Yuriy Kirichok revealed a new link between bong hits, a protein called Hv1, and the ability of sperm to swim. Hv1 activates in alkaline environments, like the vagina. Kirichok’s study showed that endocannabinoid anandamide, a chemical found in the kind bud, raises the testes’ pH. In that raised-pH environment, sperm start swimming too early, and get too tired to reach the egg once they actually exit the body.
A pill that contains anandamide, or in some other fashion alters the pH in testicles, could make anyone’s sperm as lazy and apathetic as the spliff-ripping burnouts gaining that sterility the hard way.
However, before every tosses out their condoms in favor of some chronic, it should be noted that an Hv1 pill can’t hit the market until some scientists explore some potential side effects. Specifically, Hv1 protein acts across the body in a range of different ways, not just in sperm. By changing the pH environment for Hv1 protein in general, bodily functions may alter in unforeseen ways. So while this is definitely a positive step towards creating the long-desired male birth control pill, it may not be available in stores until after Gilliam finally finishes his Don Quixote movie.
For the First Time, Researchers Find Longevity Gene That Helps Determine Lifespan
February 11th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Humanity’s search for the secrets to immortality has inspired Ray Kurzweil’s Singularity vision and DARPA’s hunt for ageless synthetic beings. Now scientists have discovered a single gene that appears to control how quickly individuals will biologically age, The Telegraph reports. The discovery could not only encourage people to adopt healthier lifestyles earlier, but may eventually help people live longer if scientists can figure out how to manipulate the gene.
Each person has a genetically-programmed lifespan that depends upon telomeres, or the ends of chromosomes that serve as protective caps for the main genetic material. Biological aging is determined by how quickly the telomeres shorten each time the genetic material is copied during cell division — a process that parallels human aging.
A newly-identified variant of the TERC gene seems to determine both the starting length of a person’s telomeres and how quickly the telomeres shorten. The full findings appear in the journal Nature Genetics.
The scientists have yet to try and manipulate the gene to possibly delay biological aging, but they suggest that people could get tested for the gene early on in life. People could then take appropriate steps to avoid proven “bad” influences on those precious telomeres, such as smoking, obesity and lack of exercise.
[via The Telegraph]
Beer is a rich source of silicon and may help prevent osteoporosis
February 10th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Shared by Roy
I’ll drink for that!
A new study suggests that beer is a significant source of dietary silicon, a key ingredient for increasing bone mineral density. Beers containing high levels of malted barley and hops are richest in silicon.
SS-2010-003.txt
February 10th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
A vulnerability exists in the Microsoft SMB client which allows an attacker to trigger a kernel pool memory corruption by sending a specific ‘Negotiate Protocol’ response.
2009-09-Part-of-Nature.png
February 10th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
Shared by Elton Carvalho
Gostei das partes que falam sobrecusto de extração versus valor de substituição e juros X reservas da natureza.
Researchers penetrate last bastion of Windows security
February 4th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
With a little help from Adobe
Security researchers have defeated vulnerability protections baked into the latest versions of Internet Explorer, demonstrating that it’s possible to poke holes in a safety net that’s widely relied on to keep end users safe from drive-by exploits.…
The Web won’t be safe, let alone secure, unless we break it
February 4th, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” — i.e. negatively impact the usability of a significant and unacceptable percentage of websites. Doing so is a nonstarter for any browser vendor looking to grow market share. The choice is clear for most vendors: Be less secure and adopted, rather than secure and obscure. This is what the choice comes down to. This is a topic deserving of further exploration.
Web security can be divided into two parts, Website security and Web Browser security. Both are equally important. A website must be able to protect itself from a hostile browser and a browser must be able to protect itself from a hostile website. If either side of these assumptions fails, then there is a problem (the Web is not secure). Attacks targeting browsers, which will be the focus of this post, can be broadly categorized into three distinct vectors:
1) Attacks designed to escape the confines of the browser walls and execute within the desktop operating system below. This is primarily achieved by exploiting memory and file-handling implementation flaws.
2) Behavioral attacks that trick users into doing something, such as downloading and installing malware, thereby harming their machine or encouraging them to reveal sensitive information.
3) Attacks taking advantage of design flaws in the way the Web works. These attacks normally remain within the browser walls and use the victim’s browser as a launch platform for surreptitiously pilfering information from their session or the surrounding network.
After years of massive volumes of CVEs (repository for published vulnerabilities), the browser vendor incumbents (Microsoft, Mozilla, Opera, Google, Apple) have made great strides in addressing vector #1. Some have more work to do than others. This is a good thing, as exploiting unpatched browsers is the primary method for malware propagation such as the so-called drive-by-downloads, legitimate websites hosting malware that infects their visitors. Fortunately “fixing” #1 doesn’t require “breaking the Web,” only updating shoddy code and distributing updates.
Solving #2 is more psychological than technical in nature. The challenge is that people trust computer screens, believe what they see on the Web, and will install anything in order to watch the latest celebrity sex tape or open a personalized e-greeting sent by their “friend.” Attackers prey on this inherent trust, general good nature, and basic human instinct. In response, browsers have provided EV-SSL, Anti-Phishing Toolbars, SSL warning dialogs, password managers, etc. These efforts make important security decisions more visible, harder to get wrong, or remove the decision altogether. Again “fixing” these issues doesn’t require “breaking the Web,” but creating a more intuitive user-interface design.
Many, including myself, have asked the major browser vendors to do something about the CSS History Hacking, a privacy violation where a malicious website can tell if you’ve been to a certain URL, by disabling access to key DOM APIs. They said doing so would break certain websites and upset Web developers. (Update: See Wladimir’s comment below for excellent insight into the true difficulty of solving this problem)
To solve Intranet Hacking, the suggestion was made to deny websites with a non-RFC 1918 IP address the ability to passively instruct a browser to connect to RFC 1918 IP addresses. The response was that it would break certain essential features like corporate Web proxy set-ups and add-ons like Google Desktop.
Fixing Clickjacking would require changing IFRAMES implementation so that they would not be transparent or allowed at all. Doing so would undoubtedly cause major Web breakage, such as no banner advertising or Facebook-style application platforms. So instead we get opt-in X-FRAME-OPTIONS, which basically no one uses at the moment.
Maybe browser tab/session separation is in order. When logged-in to a website in one tab, other tabs wouldn’t have session access thereby limiting the damage XSS, CSRF, and Clickjacking could inflict. But, this solution would probably annoy users and Web developers who really want persistent authentication. Oh, and we really need Web tracking cookies too. Gah!
So here we are, waiting for the other shoe to drop, and bad enough things to happen. Then we’ll get the juice required to fix these problems, by default. The bigger problem is when that time eventually comes we might actually be forced to break the Web to secure it. In the meantime, the community has been lobbying hard for opt-in tools that the proactive crowd can use to protect themselves ahead of time. Fortunately, we are starting to see new technologies like XSSFilter, Content Security Policy, Strict Transport Security, and Origin headers come into view. Maybe this is the future and a look into the security proving ground for the changes we’ll need to make later.
