Recent Articles:

What Hackers Can Gain from Attacking ICANN

December 18, 2014 Tech Comments Off

Hackers using a spear phishing attack targeted the Internet Corporation for Assigned Names and Numbers (ICANN), the organization announced Wednesday. The scheme enabled the hackers to gain access to internal emails, a members-only wiki, the ICANN blog and Whois portal, and administrative data files.

There were no catastrophic breaches, the worst transgression being the data files, which included encrypted user passwords for the data system that organizes general top-level domain files. ICANN has alerted users to change their password and implemented new security measures, but otherwise it seems the group got through unscathed.

But if the hackers had gained more control or ICANNs security measures werent up to snuff, security experts say there could be disastrous consequences.

First off, it helps to understand what did happen. ICANN is the international nonprofit in charge of the nuts and bolts of the internet. It manages top level domain names (everything from .com to .gov), allocates IP address space, and oversees underlying server system management functions. It also has several subcommittees in charge of setting standards for everything from new domain names to security protocols for the web.

It was hit with a spear phishing attack: a precisely-targeted email scheme, where a convincing email goads a user into clicking a link and handing over some information.

Theyre one of the central organizations for developing technical standards for a secure internet. They should be thinking a lot about security.

Though the attack was mild this time, there was potential for havoc if the hackers gained deeper access. Hackers looking to target a specific domain would probably infiltrate at a lower level, but poor security at ICANN could result in more startling attacks, according to Patrick Nielsen, senior security researcher at Kaspersky Lab, in an email.

If ICANN took only superficial precautions, then even a small, inexpensive attack could have disastrous consequences, he said. This would likely be on a large scale, such as taking down all domains for a specific country, or bringing down the internet altogether, not targeting individual users or websites.

This is pretty unlikely due to the security measures ICANN does have in place. But there are other risks if a stealthy hacker maneuvered those roadblocks, says Daniel Castro, senior analyst at the Information Technology and Innovation Foundation.

Especially if youre talking about the ICANN email server, the greater risk might be somebody taking over some ICANN servers or email accounts and impersonating an ICANN official, Castro told me in a phone conversation. Since ICANN is essentially the backbone of the internet, getting access to ICANN could open the door to countless other agencies and organizations.

Thats the biggest risk. If you have low security there, thats an entry point to a potential attack somewhere else.

In this case, the attack didnt manage to penetrate ICANN too deeply. This is likely due to some smart security systems in place that most high profile organizations will execute, Castro said.

These include using dual or multi-factor identification on top of passwords, like smartcards or fingerprint scanners. Many organizations also do intense internal training, even fake-phishing their own employees as a learning experience, he said.

While its encouraging the attack didnt seem very successful, its alarming someone was able to infiltrate the organization as much as they did, Castro noted. When asked for further comment, an ICANN representative referred to the group’s blog post.

In some ways its kind of ironic because theyre one of the central organizations for developing technical standards for a secure internet. They should be thinking a lot about security, Castro said. Their goal is to get [security standards] on a worldwide basis. Youd think they could get it done internally. 

Motherboard RSS Feed

Reaction to the Sony Hack Is ‘Beyond the Realm of Stupid’

December 17, 2014 Tech Comments Off

It’s been a big day for news surrounding the massive, ongoing Sony hack saga. 

First, major movie chains announced that they would not be screening The Interview after a nonspecific threat of violence from the Guardians of Peace, the hacking collective that attacked it. Then, Sony announced it was canceling the release of the movie altogether. Now, the government is suggesting that it really is North Korea behind the attack.

So, yeah, big day. 

To help make sense of it all, I called up Peter W. Singer, one of the nation’s foremost experts on cybersecurity and cyber war, to get his take. Singer is the author of Cybersecurity and Cyberwar: What Everyone Needs to Know and Wired for War and is a strategist at the New America Foundation. 

Let’s just cut to the chaseAre these hackers terrorists? Are they cyberterrorists?
There’s two layers to it now. There’s the definition of terrorism and the reaction to it, which has been a combination of being both insipid and encouraging to future acts.

The first is what has already happened. Sony has labeled what happened to it as cyberterrorism and various media have also described it as cyber terrorism. The reality is having your scripts posted online does not constitute a terrorist act. The FBI describes it as an ‘act that results in violence.’ Losing your next James Bond movie script that talks about violence is not the same thing as an act of violence.

I can’t believe I’m saying this. I can’t believe I have to say this.

What has happened to Sony already does not meet the definition. They’re saying ‘This is an act of war.’ We’re not going to war with North Korea over this act just because Angelina Jolie is now mad at a Sony executive. Acts of war have a different standard.

Literally, we are in the realm of beyond stupid with this.

And then we have the actual threats of violence.
This same group threatened yesterday 9/11-style incidents at any movie theatre that chose to show the movie. Here, we need to distinguish between threat and capabilitythe ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can’t believe I’m saying this. I can’t believe I have to say this.

This group has not shown the capability to do that. Sony is rueing any association it has with the movie right now. We are not in the realm of 9/11. Did movie chains look at the reality of the threat? Or did the movie theater chains utterly cave in? This is beyond the wildest dreams of these attackers.

I talked with Bruce Schneier yesterday, and he said Sony is playing the victim card. Has Sony taken an unfortunate event for this and turned it into an international incident?
Now we get to the part that moves from jokes and silliness to serious, which is: This is not just now a case study in how not to react to cyber threats and a case study in how to not defend your networks, it’s now also a case study in how not to respond to terrorism threats. 

We have just communicated to any would-be attacker that we will do whatever they want.

It is mind boggling to me, particularly when you compare it to real things that have actually happened. Someone killed 12 people and shot another 70 people at the opening night of Batman: The Dark Knight. They kept that movie in the theaters. You issue an anonymous cyber threat that you did not have the capability to carry out? We pulled a movie from 18,000 theaters.

Rightfrom the beginning, Sony and the media have taken what has been described as a run-of-the-mill albeit expansive and thorough hack and have scared everyone beyond belief. What happened here?

The attackers wonderfully understand the American psyche. What do we love most? This was a hack, but call it ‘cyber’ and ‘terrorism,’ and we lose our shit. There’s no other way to put it.

Schneier suggested that Sony has been calling this cyber terrorism because it makes it seem worseit makes it seem like the company was defenseless. Are execs doing this to save their jobs?
Yeah, you don’t want to be in the category of blame the victim, but Sony has had hacks before. It’s been hacked dating back to 2005, and the executives inside of it are still emailing to each other like it’s 1997 and it’s the first time they’ve ever been on email.

Set all of that aside, even the best companies with some of the best cybersecurity in the world get cracked. The banks with JP Morgan, the US military, the White House. The reality is we can either choose a ‘lose our shit’ mentality, or we can choose a mentality that is far more successful, which is focusing on resilience. 

It’s not an act of war, it’s frickin’ annoying for Sony

It’s about accepting the fact bad things might get in and you can power through them. It’s about getting up quickly when you knocked down, which takes the incentive away from the attacker.

Your reaction can either be, ‘I give up’ or ‘No, we’re going to show the movie.’

What do you think of the idea some have raised about just releasing the movie online, right now. Or, like, yesterday. Would that be a copout?
No, I don’t think so. But what we’re learning about Sony and its approaches to piracy with the MPAA, it would have put Sony in a fantastically interesting position to say, ‘This is what we’ve been fighting against all these years, but oh, here’s the movie.’

they’re setting an absolutely horrible precedent that makes every other company less safe moving forward

But the movie should come out.
This is bringing such publicity to this movie that, for all we know isn’t all that good. It definitely wouldn’t have gotten this much free or paid publicity. The problem is if you don’t release the movie, you can’t make lemonade out of lemons. That’s where they’re at right now. By caving in, they may think they’re cutting their losses, but they’re setting an absolutely horrible precedent that makes every other company less safe moving forward.

There’s a parallel here to the Boston marathon bombing. I am going to be careful on this. The Boston attacks were real, and people died. This is not in the same category. But, a lot of terrorism analysts have talked about how they shut down the entire city of Boston, which was the wrong message. It sends the message to terrorists elsewhere that if two not-so-well trained guys with a jury rigged rice cooker bomb can shut down an entire American city, what can we do if we’re good at this?

So we don’t know for sure if it was North Korea or not. But, do you think it was? Does it even matter?
It’s an issue of attribution. The victims always want to know who did it. In cyber, it’s particularly difficult to find out who did it because of technical reasons, but you also have the issue of what burden of proof do we have to meet? Is it a legal burden of proof? Is it a burden of proof for public opinion or a White House situation room burden of proof?

So far, the information that’s come out has pointed the finger at North Korean proxy groups, but it’s been context based. It wouldn’t meet level of court of law. The context combines the fact they’re pissed about this movie, and certain techniques in it are similar to what has been used in other attacks linked not definitively to North Korea. It’s enough for most people to talk about, at least.

But, does it matter?
It is, in many ways, besides the point. Even if North Korea steps forward and proudly said, ‘We did it,’ what is Sony’s recourse? Not much. It can sue North Korea, I guess.

The government should help defend this company and prevent hacks, but in terms of exacting punishment on North Korea. It’s not an act of war, it’s frickin’ annoying for Sony. But it’s not an act of war. 

We didn’t go to war with North Korea when they murdered American soldiers in the 1970s with axes. We didn’t go to war with North Korea when they fired missiles over our allies. We didn’t go to war with North Korea when one of their ships torpedoed an alliance partner and killed some of their sailors. You’re going to tell me we’re now going to go to war because a Sony exec described Angelina Jolie as a diva? It’s not happening. 

Motherboard RSS Feed

Thumbs-up for mind-controlled robotic arm

December 17, 2014 Robots Comments Off

A paralysed woman who controlled a robotic arm using just her thoughts has taken another step towards restoring her natural movements by controlling the arm with a range of complex hand movements.

Thanks to researchers at the University of Pittsburgh, Jan Scheuermann, who has longstanding quadriplegia and has been taking part in the study for over two years, has gone from giving “high fives” to the “thumbs-up” after increasing the manoeuvrability of the robotic arm from seven dimensions (7D) to 10 dimensions (10D).

The extra dimensions come from four hand movements–finger abduction, a scoop, thumb extension and a pinch–and have enabled Jan to pick up, grasp and move a range of objects much more precisely than with the previous 7D control.

It is hoped that these latest results, which have been published today, 17 December, in IOP Publishing’s Journal of Neural Engineering, can build on previous demonstrations and eventually allow robotic arms to restore natural arm and hand movements in people with upper limb paralysis.

Jan Scheuermann, 55, from Pittsburgh, PA had been paralysed from the neck down since 2003 due to a neurodegenerative condition. After her eligibility for a research study was confirmed in 2012, Jan underwent surgery to be fitted with two quarter-inch electrode grids, each fitted with 96 tiny contact points, in the regions of Jan’s brain that were responsible for right arm and hand movements.

After the electrode grids in Jan’s brain were connected to a computer, creating a brain-machine interface (BMI), the 96 individual contact points picked up pulses of electricity that were fired between the neurons in Jan’s brain.

Computer algorithms were used to decode these firing signals and identify the patterns associated with a particular arm movement, such as raising the arm or turning the wrist.

By simply thinking of controlling her arm movements, Jan was then able to make the robotic arm reach out to objects, as well as move it in a number of directions and flex and rotate the wrist. It also enabled Jan to “high five” the researchers and feed herself dark chocolate.

Two years on from the initial results, the researchers at the University of Pittsburgh have now shown that Jan can successfully manoeuvre the robotic arm in a further four dimensions through a number of hand movements, allowing for more detailed interaction with objects.

The researchers used a virtual reality computer program to calibrate Jan’s control over the robotic arm, and discovered that it is crucial to include virtual objects in this training period in order to allow reliable, real-time interaction with objects.

Co-author of the study Dr Jennifer Collinger said: “10D control allowed Jan to interact with objects in different ways, just as people use their hands to pick up objects depending on their shapes and what they intend to do with them. We hope to repeat this level of control with additional participants and to make the system more robust, so that people who might benefit from it will one day be able to use brain-machine interfaces in daily life.

“We also plan to study whether the incorporation of sensory feedback, such as the touch and feel of an object, can improve neuroprosthetic control.”

Commenting on the latest results, Jan Scheuermann said: “”This has been a fantastic, thrilling, wild ride, and I am so glad I’ve done this.”

“This study has enriched my life, given me new friends and co-workers, helped me contribute to research and taken my breath away. For the rest of my life, I will thank God every day for getting to be part of this team.”

 A video of Jan controlling the robotic arm.

Story Source:

The above story is based on materials provided by Institute of Physics. Note: Materials may be edited for content and length.

Robotics Research News — ScienceDaily

Can a ‘Positive Psychology’ App Make You Happy?

December 17, 2014 Tech Comments Off

Banish the self-help wizards and priests; the Happiness Enlightenment has arrived. It is, of course, an app.

Happify, one of a relatively new class of mobile mood-boosters, isnt based on philosophy or religion but on the empirical science of positive psychology.

Happify creates games and activities based on scientific research as a way to teach people how to be happier and more fulfilled, a representative said in an email. In the past year, the company says it has grown to more than 500,000 members.

Given that happiness is a life-long pursuitor maybe longer, since philosophers from Aristotle to Michel de Montaigne don’t believe you can call someone happy until after they’re deadand apps are synonymous with convenience and speed, I was skeptical.

There’s just something so yuppie, so self-involved, so frivolous about seeking happiness as an end in and of itself, even though that’s what Aristotle says we’re all doing anyway. Maybe it’s a Maslow Hierarchy/First World Problem thing, as if happiness is only something you can look for once you’re fed and indoors. Maybe it’s just my Protestant upbringing, which valorized suffering, or philosophy classes, which made me a snob. For whatever reason, happiness is like the Sunnot to be faced dead on.

For all of these reasons, the phrase positive psychology makes my skin crawl. It evokes late-night infomercials and giving yourself pep talks in the mirrorI’m good enough, I’m smart enough, and doggone it, people like me!but it’s nevertheless a real, if young, academic field.

The name was coined in 1998 by then-president of the American Psychological Association, Martin Seligman. Given its spread across American universities, Seligman has been praised for his promotional talents as well as his brilliance as a psychologist.

Happiness has both an emotional and a cognitive component, said Sonja Lyubomirsky, a psychology professor at University of California, Riverside, and a full-time researcher studying happiness, well-being, and the science of happiness.

You need to have both of those components: the sense that your life is going well and the relatively frequent experience of positive emotion, she told me.

True to its stated scientific roots, Happify defines happiness the same way. Note that these are both self-reported metrics. Though science is the search for the objective and the repeatable, happiness is firmly subjective.

Happify starts with a 13-question survey to determine who you are, what’s keeping you from happiness, and what needs to be shorn up. It asks for your basic demographic information, how social you arewhich positive psychology has found is big indicator of happinesshow much you focus on the past, present, and future, stuff like that.

After getting my info, it recommended Conquer Your Negative Thoughts by Derrick Carpenter, who holds a B.S. in Mathematics from MIT and a Master of Applied Positive Psychology from the University of Pennsylvania, where the field’s founder, Seligman now directs the positive psychology department. The track description promised to tune me into the radio station in your mind that’s playing negative music, so you can change the lyrics.

In my first Activity, I clicked on hot air balloons that carried positive words

Happify rewards you with Silver or Gold medals for finishing your track within 10 days, depending on how many Activities you complete. In my first Activity, I clicked on hot air balloons that carried positive words. I got 1280, because I’m awesome at reading, pointing, and clicking. Feels good to win, I thought.

My next activity was called Today’s Victories. Its description told me to Get ready to do something that sounds like a clich, (I was) and asked me to identify positive moments in my day.

Clich or not, the scientific literature, cited on Happify and elsewhere, supports it.

I asked Lyubomirsky if maybe this was just cognitive happiness, since to be grateful you’d have to think about good things in your life. She said there was more to it.

Write a gratitude letter and you feel more connected, she said. You recall good memories, it makes you feel joyful.

This is probably Happify’s true potentialthe constant pestering to take stock of the positive things in your life. Just like with the news, the negative ones get most of my attention, which makes sense.

We need to feel anger or rage sometimes because that might prompt us to do something about injustice in the world, Lyubomirsky said. And you need to feel anxious sometimes. Anxiety is necessary or else we won’t ever buckle down and study for that test. Sometimes we need to feel sad because sadness is an indicator that something is wrong and there’s a problem we need to focus and solve.

But Kurt Vonnegut, or at least his Uncle Alex, nailed the problem with this. One of the things [Uncle Alex] found objectionable about human beings was that they so rarely noticed it when they were happy, Vonnegut said in a graduation address. He himself did his best to acknowledge it when times were sweet. We could be drinking lemonade in the shade of an apple tree in the summertime, and Uncle Alex would interrupt the conversation to say, ‘If this isnt nice, what is?’

Interpreted most charitably, Happify, if you stick to its regimen, functions as a sort of Uncle Alex.

Still, it’s hard for me to imagine taking stock of my life and thinking it’s going well, because this app told me it was, especially an app which is always trying to funnel you toward paying for the premium version. 

I’ll be the first to admit I’m a cynical asshole, but asking someone to pay $ 72 to See How You Compare Against Others & Get Personal Activity Recommendations when there is a track called Stop Comparing Yourself to Others & See the Good in Life on another page seems disingenuous at best. That’s the thing about science. It’s very easily co-opted by commerce.

I ended up with a silver medal in my track because there werent enough free activities to get me to Gold. Being runner-up in a one man race didnt feel great.

By day two of Happify, I had gotten a 53 on my happiness evaluation. You’re Getting By it said, but you could be embracing life and living with more optimism, less stress, and more confidence on a regular basis. The happy face next to the evaluation that was a straight line.

I stared back and tried to remind myself of how feeling better than stuff is really what makes me feel happy. But then I looked over the things that had made my day better. Chatting with my girlfriend, chilling with the dog, getting in some minutes of guitar before work. Perhaps in spite of myself, perhaps in spite of Happify, I asked myself, if thats not nice, what is?

Motherboard RSS Feed

The Mind-Controlled Robotic Limb Can Now Give A Thumbs-Up

December 16, 2014 Tech Comments Off

The technology that could one day allow amputees and paraplegics to regain control of their lost limbs has gotten more precise. But its advancing in baby steps, as science so often must.

Two years ago, the world marvelled as Jan Scheuermann, a quadriplegic woman, moved a robotic arm using her mind. Her motions were awkward and clunky as she grabbed a chocolate bar full-fisted, like a baby, easing it towards her face for a nibble. Though a simple task, it was incredible to watch a woman who hadnt been able to feed herself in almost a decade achieve this personal feat.

Now, she can not just grab a chocolate bar, she can pinch a piece, eat it, and give the thumbs-up, if its particularly tasty. The latest video from the University of Pittsburgh shows how much Scheuermanns motions have advanced as she more nimblythough still occasionally clumsilypicks up and maneuvers blocks and balls of different sizes around a surface.

Researchers Brian Wodlinger and Jennifer Collinger spent two years fine-tuning the technology and the computer algorithm that translates the electricity emitted from neurons firing in Scheuermanns brain to the movements of the robotic arm. Now, instead of moving in just seven dimensions, the robotic hand can move in ten different dimensions.

The hand has three basic movements: up and down, forward and backwards, and left and right. The wrist has three movements: a yaw (fanning yourself), a pitch (waving hello), and a roll (waving like the Queen of England). The fingers can move even more precisely: grasping, finger abduction (moving your fingers together or apart, which allows you to do the live long and prosper motion), scooping, pinching, and thumb extension (thats the thumbs up).

10D control allowed Jan to interact with objects in different ways, just as people use their hands to pick up objects depending on their shapes and what they intend to do with them, Collinger said in a press release on the research.

We hope to repeat this level of control with additional participants and to make the system more robust, so that people who might benefit from it will one day be able to use brain-machine interfaces in daily life.

Its easy to watch these videos and start dreaming of the days of bionic men and women, of a time when quadriplegia will no longer being a life sentence of dependency. But the technology is still very much in the research phase, with work still to be done to refine the abilities of the arm and perhaps allow for sensory feedbackbeing able to feel the things youre touching.

Still, for Scheuermann, the process shes made already has been life-altering, she says in the release.

This has been a fantastic, thrilling, wild ride, and I am so glad I’ve done this, she said.

This study has enriched my life, given me new friends and co-workers, helped me contribute to research and taken my breath away.

Motherboard RSS Feed

Flying robots to aid in inventory management

December 16, 2014 Robots Comments Off

Standing on top of a ladder several meters high, pad and pen in hand, just to count boxes? Inventories in large warehouses could soon appear quite different and proceed to take flight, in the truest sense of those words: The goal of the InventAIRy Project is to automatically localize and record existing inventories with the aid of flying robots.

“Dear customers: the store is closed today for our regularly scheduled inventory work.” Anyone who has ever encountered this or a similarly worded sign knows that “patience is a virtue” especially while shopping, while in the background, an army of employees mill about, preoccupied with numbers. The manual inspection of a goods warehouse is a fundamental component of the legally proscribed annual inventory. The conventional procedure is time-consuming and paralyzes a majority of the warehouse operations. Even the barcodes and RFID tags pervasively used today are of little help. The entire process still demands a vast amount of personnel and time.

Marco Freund is keenly familiar with the problems that must be confronted when running an inventory. The certified logistics specialist heads the InventAIRy Project at Fraunhofer Institute for Material Flow and Logistics IML in Dortmund. His vision of an optimized inventory system looks like this: “The person in charge is sitting at his desk and at the press of a button, can inspect inventories or perhaps search for a specific item — without incurring any staffing or logistics costs.” To ensure this becomes reality in the not-too-distant future, Freund and his colleagues engineered a “dynamically animated records system” that distinguishes itself — on one rather critical point — from commonly available solutions currently in use today: “Goods and pallets can already be tracked automatically, via RFID for instance. In doing so, the antennas that the chips read out are permanently mounted to the shelf. The chips are located on the products and are recorded if they pass the readout device. With InventAIRy, exactly the opposite applies: The radio chips remain in their fixed position, the antenna is moved by its integration into a flying robot. “The Inventory Assistants, which the scientists have in mind, are autonomous robots that move throughout the warehouses by flying.

Putting wings to flying assistants

It is already a reality with driverless transportation systems, so it should also be possible to put them to flight with InventAIRy: In this project, the IML researchers are moving toward the goal of engineering autonomous flying robots that are capable of independently navigating and conducting inventory. These flying assistants should be able to localize objects both in the warehouses as well as the exterior area, and be able to track through barcodes and RFID tags. The advantage: These robots act independent of ground-based obstructions. Furthermore, they can move in any direction and see into hard-to-reach places, such as tall storage shelves.

The individual service robot, as an intelligent mobile object, perceives its environment dynamically on two levels: It detects how the warehouse is configured using motion and camera sensors, for instance, and can orient itself within the warehouse. GPS determines its position outside. In addition, the robot records the stored items in terms of content. The scientists accomplish this with the aid of optical sensors or radio sensors. “We take a look at various key problem sets at the same time: robustly designed, lightweight flying robots that can reliably recognize their surroundings, as well as intelligent software for their route planning and coordination,” the certified logistician explains. “To ensure this solution is also appealing to small- and medium-sized enterprises, we intentionally dispensed with the installation of an expensive local infrastructure that the robots can use to orient themselves. The researchers want to accomplish this with the aid of intelligent algorithms. The flying objects should prepare maps of the warehouse on a fully automated basis, and independently modify them if there are any changes. The basis for this are, for example, ultrasound sensors, 3D cameras, and laser scanners.

Current solutions are able to integrate collected inventory data automatically into existing warehouse administration systems, without requiring additional software development. InventAIRy researchers, by contrast, are working on smart interfaces that transmit data wirelessly into existing systems. This means commercial operations save time and money — and documentation errors decrease. Furthermore, the flying robots can continuously monitor warehouse inventories. “In this manner, it would be possible to identify materials bottlenecks at an early stage in production, and rectify them even before the shortfalls can occur,” adds project manager Freund. The team’s preliminary results are highly promising. “By mid-2015, we intend to start with a partially automated flight. In this phase, the robot equipped with the identification technology hovers — without having to be controlled via remote operation — at one position, and circumvents collisions with obstructions, such as shelves,” the project manager explains.

Story Source:

The above story is based on materials provided by Fraunhofer-Gesellschaft. Note: Materials may be edited for content and length.

Robotics Research News — ScienceDaily



Enter your email address to subscribe to this blog and receive notifications of new posts by email.