Thursday, October 17, 2013

Online Hackers Beware: GOTCHA!

Worried about the robustness of the ubiquitous CAPTCHA in preventing online attacks? TRUST researchers Jeremiah Blocki, Manuel Blum, and Anupam Datta at Carnegie Mellon University think they have the solution: GOTCHAs, or Generating panOptic Turing Tests to Tell Computers and Humans Apart. GOTCHAs introduce a new twist on the use of human-only solvable puzzles (such as CAPTCHAs) by having the interaction between humans and computers use Inkblot images and associated phrases used to describe the images. A user is presented with an image and asked to describe that image with a short phrase. Later, when logging in online the user is shown the same image and challenged to provide the matching phrase that describes it. For a human, successfully completing both steps is easy. For a computer, not so much. Hence GOTCHA's effectiveness.

See MIT Technology Review and Gizmodo Australia for coverage of this research. The full research paper is available here.

Saturday, October 12, 2013

"Fingerprinting" of Mobile Devices

A team led by TRUST researcher and Stanford computer science Professor Dan Boneh has identified a method of effectively "fingerprinting" mobile devices. By exploiting tiny errors in each device's sensors, including the accelerometer and microphone, the team showed how their results could be used to uniquely identify a mobile device.

A more in-depth article on the research is available at the SFGate Tech Chronicles.

Thursday, October 03, 2013

Online privacy concerns growing

There's a privacy arms race under way online, a continuing struggle among consumers, Internet companies, advocates and policymakers to assert greater control over personal data.

Following recent NSA spying regulations, many people disabled browser cookies or took other steps to protect their privacy. Cookies are still popular with online advertisers, but they have been developing and using more refined methods for some time, including authenticated tracking, browser fingerprinting, cross-device tracking and more.

"Google knows exactly who you are because there is so much authentication built into Google's services," Chris Hoofnagle, director of the information privacy programs at the Berkeley Center for Law & Technology, said in an e-mail. "We are moving to an authenticated Web where one is always signed in, and that authentication, even if on the surface (it's) pseudonymous, typically indicates the user's identity."
See full article at SFGATE.

Wednesday, October 02, 2013

Your Digital Trail: Private Company Access

As the second story in a four-part series examining one's digital trail and who potentially has access to it, NPR broadcast this episode of All Things Considered on October 1st.

Though news reports have focused on the National Security Administration's efforts to monitor people's phone calls and online activities, private companies are also tracking what we are doing, nearly everywhere we leave a digital footprint.

This story looks at how data-tracking companies are monitoring online behavior.

Researchers explore underground market of Twitter spam and abuse

Data presented at the 22nd USENIX Security Symposium by researchers at ICSI (International Computer Science Institute)from a project exploring the underground market of spam and abuse on Twitter. Vern Paxson of ICSI and Chris Grier of UC Berkeley led a group that tracked the criminal market on Twitter, which sells access to accounts that are later used to push spam, malicious links (including Phishing and malware) as well as inflation of follower accounts. The research of 10 months was limited to Twitter because the researchers were unable to get permission from Facebook, Google, and Yahoo, social networks the reserachers observed as being actively abused by merchants responsible for several million fraudulent accounts. See complete article at CSO - Security and Risk.

Wiretap Extension Will Help Crooks & Terrorists

By extending the existing US wiretap laws to give federal agencies easier backdoor access to Internet Communications, the country's enemies and cyberthieves also receive aid and technical assistance for their own nefarious objectives.

This ominous warning is set forth in a compelling paper signed by 20 academic and private sector security experts, including heavy hitters like BT's Bruce Schneier and Professor David Wagner of EECS Berkeley.

The core issue is that the government is expected to mandate either centralized wiretap access to the Internet communications that continue to elude the FBI's grasp, or access at user endpoints.

More information: internet evolution.