Google Summer of Code ‘08
Posted by Geeksinside.com - Code, Circuits, Projects
From the FAQ:
The Google Summer of Code is a program that offers student developers stipends to write code for various open source projects.
...
In order to participate in the program, you must be a student. Google defines a student as an individual enrolled in or accepted into an accredited institution including (but not necessarily limited to) colleges, universities, masters programs, PhD programs and undergraduate programs. You should be prepared, upon request, to provide Google with transcripts or other documentation from your accredited institution as proof of enrollment or admission status. Computer Science does not need to be your field of study in order to participate in the program.
Link to the FAQ: http://code.google.com/soc/2008/faqs.html
And the link to the announcement: http://code.google.com/soc/2008 Tags: code, Google
Related posts
Attack On Computer Memory Reveals Vulnerability Of Widely-Used Security Systems
Posted by Lockergnome
data="http://www.youtube.com/v/JDaicPIgn9U"
width="350"
height="288">
A team of academic, industry and independent researchers has demonstrated a new class of computer attacks that compromise the contents of “secure” memory systems, particularly in laptops.
The attacks overcome a broad set of security measures called “disk encryption,” which are meant to secure information stored in a computer’s permanent memory. The researchers cracked several widely used technologies, including Microsoft’s BitLocker, Apple’s FileVault and Linux’s dm-crypt, and described the attacks in a paper and video published on the Web today.
The team reports that these attacks are likely to be effective at cracking many other disk encryption systems because these technologies have architectural features in common.
“We’ve broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers,” said Alex Halderman, a Ph.D. candidate in Princeton’s computer science department. “Unlike many security problems, this isn’t a minor flaw; it is a fundamental limitation in the way these systems were designed.”
The attack is particularly effective against computers that are turned on but are locked, such as laptops that are in a “sleep” or hibernation mode. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.
Halderman’s Princeton collaborators included graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman and Professor Edward Felten, the director of the Center for Information Technology Policy. The team also included Seth Schoen of the Electronic Frontier Foundation, William Paul of Wind River Systems and independent computer security researcher Jacob Appelbaum.
Felten said the findings demonstrate the risks associated with recent high-profile laptop thefts, including a Veterans Administration computer containing information on 26 million veterans and a University of California, Berkeley laptop that contained information on more than 98,000 graduate students and others. While it is widely believed that disk encryption would protect sensitive information in instances like these, the new research demonstrates that the information could easily be read even when data is encrypted.
“Disk encryption is often recommended as a magic bullet against the loss of private data on laptops,” Felten said. “Our results show that disk encryption provides less protection than previously thought. Even encrypted data can be vulnerable if an intruder gets access to the laptop.”
The new attacks exploit the fact that information stored in a computer’s temporary working memory, or RAM, does not disappear immediately when a computer is shut off or when the memory chip is taken from the machine, as is commonly thought. Under normal circumstances, the data gradually decays over a period of several seconds to a minute. The process can be slowed considerably using simple techniques to cool the chips to low temperatures.
Disk encryption technologies rely on the use of secret keys — essentially large random numbers — to encode and protect information. Computers need these keys to access files stored on their own hard disks or other storage systems. Once an authorized user has typed in a password, computers typically store the keys in the temporary RAM so that protected information can be accessed regularly. The keys are meant to disappear as soon as the RAM chips lose power.
The team wrote programs that gained access to essential encryption information automatically after cutting power to machines and rebooting them. The method worked when the attackers had physical access to the computer and when they accessed it remotely over a computer network. The attack even worked when the encryption key had already started to decay, because the researchers were able to reconstruct it from multiple derivative keys that were also stored in memory.
In one extremely powerful version of the attack, they were able to obtain the correct encryption data even when the memory chip was physically removed from one computer and placed in another machine. After obtaining the encryption key, they could then easily access all information on the original machine.
“This method is extremely resistant to countermeasures that defensive programs on the original computer might try to take,” Halderman said.
The attacks demonstrate the vulnerability of machines when they are in an active state, including “sleep mode” or the “screen lock” mode that laptops enter when their covers are shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent.
None of the attacks required specialized equipment. “I think we’re going to see attackers doing things that people have previously though impractical or impossible,” Appelbaum said.
The researchers were able to extend the life of the information in RAM by cooling it using readily available “canned air” keyboard dusting products. When turned upside down, these canisters spray very cold liquid. Discharging the cold liquid onto a memory chip, the researchers were able to lower the temperature of the memory to -50 degrees Celsius. This slowed the decay rates enough that an attacker who cut power for 10 minutes would still be able to recover 99.9 percent of the information in the RAM correctly.
“Hints of problems associated with computers retaining their temporary memory have appeared in the scientific literature, but this is the first systematic examination of the security implications,” said Schoen.
The researchers posted the paper describing their findings on the website of Princeton’s Center for Information Technology Policy. They submitted the paper for publication and it is currently undergoing review.
In the meantime, the researchers have contacted several manufacturers to make them aware of the vulnerability: Microsoft, which includes BitLocker in some versions of Windows Vista; Apple, which created FileVault; and the makers of dm-crypt and TrueCrypt, which are open-source products for Windows and Linux platforms.
“There’s not much they can do at this point,” Halderman said. “In the short term, they can warn their customers about the vulnerability and tell them to shut their computers down completely when traveling.”
In the longer term, Halderman said new technologies may need to be designed that do not require the storing of encryption keys in the RAM, given its inherent vulnerability. The researchers plan to continue investigating this and other defenses against this new security threat.
Symantec download exposes PCs to attack
Cisco warns its WLAN security can be cracked
Linux Kernel Vulnerability
Attack code surfaces for latest Windows vulnerability
Address Bar Spoofing Vulnerability
Firefox Security Flaw Reveals User Information
Possible LAND Attack Vulnerability Affects Windows XP And 2003
Microsoft Security Advisory - Animated Cursor Flaw
IE attack Code posted for new IE attack Code posted for new IE attack
3 New Windows Security Bulletins For July, Many Systems Affected
Related posts
An-arrgh-chy: The Law And Economics Of Pirate Organization
Posted by Lockergnome
Pirates, like gangsters, highwayman, and other colorful outlaws, have always carried a certain romantic appeal with them upon the high seas. Thanks to a certain movie trilogy, they are the most appealing of the outlaws at this moment. And the language… y’arrgh! But exemplars of democracy? In a swashbuckling and daring new article for the Journal of Political Economy, “An-arrgh-chy: The Law and Economics of Pirate Organization,” Peter Leeson explores the fascinating “golden age” of piracy during the late seventeenth and early eighteenth centuries and finds that these criminal organizations were able to establish a remarkably stable form of self government.
While economists have long been fascinated with the financial organization of criminal enterprises, the impact of their political structure has long been overlooked. Piracy was a capital crime, so both the costs and benefits were quite high. But, as Leeson shows, pirates never lacked for “Brethren in Iniquity.” Plumbing the (often entertaining) court records of pirate trials, Leeson allows the pirates to speak for themselves as to why the pirate’s life was for them. Piracy exploded along with trade to the far-flung colonies. A captain of a trading ship was the representative of land-based merchants, and thus wielded complete authority-which was often abused-over the crew. Although a captain of a pirate ship wielded absolute authority in battle the pirates, in the words of one of their own, “constituted other Officers besides the Captain; so very industrious were they to avoid putting too much power into the hands of one Man.” Foremost among these officers was the quartermaster, who oversaw the distribution of provisions, division of booty, and general order aboard the ship.
Pirates entered into an agreement called the chasse-partie that dictated the division of booty. But they also drew up articles for a voyage, most of which were institutionalized as the “Custom of the Coast” or the “Jamaica Discipline,” that covered all aspects of government, and life aboard a ship “for the better Conservation of their Society, and doing Justice to one another.” Records of these articles still exist, and Leeson helpfully reproduces one within his article. Even a court that stood in judgment gave the pirates the backhanded compliment that they were “wickedly united, articled together.” Modern piracy, Leeson notes, is a different affair. Mainly land-based and short term in its commitments, it no longer requires the same sort of organization. The days of “an-arrgh-chy” have passed.
Provocative and filled with historical detail, An-arrgh-chy: The Law and Economics of Pirate Organization makes for fascinating election year reading.
Pirate Act makes it through House committee
What’s My Pirate Name?
September 19th - Talk like a pirate day!
I am a ‘net pirate’
Hargh! The Pirate Bay Remains Safe Haven For Scofflaws
Journal of Competition Law and Economics
Health Economics, Policy and Law
International Journal of Economic Theory (IJET)
Ahoy, Mateys!
The International Economics Network
Related posts
Almost There - Near Space Project
Posted by Alan Parekh
A Hacked Gadgets reader took his Almost There project up to over 42,000 feet a few years ago and documented the process. Looks like Near Space is gaining some popularity recently.
Here is a list of projects that are worth a look:
Near Space Project 1
Near Space Project 2
Near Space Project 3
Near Space Project 4
"So, here’s what I decided to do. Use a Pressure Sensor and a Temperature Sensor fed in to a PicAxe CPU that approximately once a minute will trigger the transmitter and bang out the raw data using simple Morse Code.
On the receiving end, I’ll use a matching FRS radio to receive the data, feed it in to the Sound Card of a Laptop, and a Cassette Recorder with sound level activation to record the data for time immemorial. Run software on the Laptop that decodes the Morse Code and displays it on the screen, and saves it to a Data file. Then (finally) I’ll have a conversion chart that I can look up the raw data values from the screen and manually convert them to Altitude and Temperature readings."
Related posts
UTAS astronomers help uncover first solar system that resembles ours
Posted by Swinburne University of Technology
The newly discovered system, which is code-named OGLE-2006-BLG-109L, contains two planets orbiting a cooler star half the mass of our Sun, about 5000 light years from Earth.
It resembles a scaled down version of our Solar System with the two planets having mass ratios (as compared with their star), orbital separations and surface temperatures similar to those of Jupiter and Saturn.
More information available here. Tags: code, LED