Archive for RB

| March 30, 2011
Comments Off on Microsoft Builds Bing for Bodies

Microsoft Builds Bing for Bodies

Microsoft Builds Bing for BodiesA Microsoft (MSFT) scientist has developed a search engine for the human body according to MIT’s Technology Review. Antonio Criminisi at the Microsoft Research Cambridge campus in Great Britain has developed a search engine to browse through a patient’s anatomy to easily find organs to help in diagnosis.

Microsoft logoThe research created a way for doctors to search the three-dimensional images produced by MRI scans, which are often tricky to view specific areas. Mr. Criminisi told Technology Review “It is very difficult even for someone very trained to get to the place they need to be to examine the source of a problem.

The search engine creates an index of the human body which allows the user to search a specific body part by detecting patterns of light and dark within the scan itself. According to the article, the search engine will make it possible to display the necessary results in seconds to compare scans to see how it has changed, offering a quicker way to detect changes in a problematic area.

Microsoft Bing logoThe MSFT team is also investigating different ways to interact with the search engine. The researchers are looking into voice recognition and using Microsoft’s Xbox Kinect controller. Technology Review says that the use of the Kinect device could mean that surgeons will be able to consult a patient’s scan images mid-surgery without compromising their sterile gloves by touching a keyboard, mouse, or screen.

Kenji Suzuki, at the University of Chicago, told Technology Review, that if the search engine does offer a user-friendly way of searching then it could drastically improve patient care,  “As medical imaging has advanced, so many images are produced that there is a kind of information overload. The workload has grown a lot,” he said.

rb-

Steve BallmerImagine if this were online, the search providers could data-mine your online persona, but also your physical being. I don’t think it is too far of a reach for the search engine firm to mine scans online and sell the info to some huge pharma firm so they can target scripts to people online. But hey that would be OK since it would not be evil.

What do you think?

Would you trust your health to the folks from Redmond?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Health care | Tags: , , , , , ,
| March 28, 2011
Comments Off on Cyber Attack on Google, Yahoo, Skype Certs

Cyber Attack on Google, Yahoo, Skype Certs

TechyEye says that the Iranian paramilitaryBasij” group appears to have its own cyber warfare division which is launching attacks on the websites of Iran’s “enemies.” TechEye says the paramilitary group is an arm of the Revolutionary Guard.

Iran flagThe Associated Press cites General Ali Fazli, acting commander of the Basij, in the state-owned IRAN paper as saying Iran’s cyber army consists of university teachers, students, and clerics. He said its attacks were a retaliation for similar attacks on Iran. The AP quotes Fazli, “As there are cyber attacks on us, so is our cyber army of the Basij, which includes university instructors and students, as well as clerics, attacking websites of the enemy … Without resorting to the power of the Basij, we would not have been able to monitor and confront our enemies.”

Iran has sought to master the digital world as a crucial step to prepare for what it calls “soft war”, which includes fighting against cyber attacks such as the Stuxnet computer worm that Iran said was aimed at sabotaging its uranium enrichment program.

Until now the secretive “Cyber Army” that emerged to fight opposition websites and blogs after President Mahmoud Ahmadinejad’s disputed re-election in 2009 was believed to be part of the Revolutionary Guard. However in February according to the AP, General Mohammad Ali Jafari, signaled that the Revolutionary Guard supports the cyber army, describing it as a “defensive, security, political and cultural need for all countries”. Jafari claimed at the time that the Guard has been successful in cyber warfare.

Comodo logoIn another article TechEye recounts a possible Iranian cyber-warfare success. The article identifies Iran as the “state player” which hacked important Certificate Authority (CA) certificate information at Comodo. Digital certificates are used to vouch for the authenticity of a site owner and secure encrypted communications between sites and their users. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individuals’ accounts, Mikko H. Hypponen, chief research officer at F-Secure, said in a blog post.

Security researcher and Tor developer Jacob Appelbaum found the compromise and alerted  Google and Mozilla.  USERTRUST Network, a part of Comodo issued the compromised certificates. Writing from his blog Mr. Appelbaum initially suspected the hack “was taken by a state-level adversary.” Comodo confirmed the attack and issued a statement naming Iran as the country it suspects. According to the Comodo blog, the incident happened on March 15th, when unknown attackers managed to get access to one of the user accounts for the RA.

An attacker obtained the username and password of a Comodo Trusted Partner in Southern Europe.  We are not yet clear about the nature or the details of the breach suffered by that partner other than knowing that other online accounts (not with Comodo) held by that partner were also compromised at about the same time.

The attacker used the username and password to log in to the particular Comodo RA account and effect the fraudulent issue of the certificates.

F-Secure logoAccording to F-Secure, the targets included Google (GOOG), Microsoft (MSFT), and Yahoo (YHOO):

  • login.live.com,
  • mail.google.com,
  • www.google.com,
  • login.yahoo.com,
  • login.skype.com,
  • addons.mozilla.com, and
  • “Global Trustee.”

Google patched Chrome last week and Mozilla managed to include the blacklist in Firefox 4.

rb-

It appears that Comodo did the right thing and made a responsible disclosure. According to reports, immediately after the breach was identified, they contacted the browser publishers and domain owners and filled them in on the situation.

As for the why? There is speculation that the Iranians wanted to control their internal dissidents. If they compromise the certificates, they could set up man-in-the-middle attacks by faking some of the world’s leading sites.

Some are speculating that it was China and not Iran behind this attack. The logic being, if they are good enough to take out a security company’s certificates, they are smart enough to spoof a few IP addresses as a decoy for investigators.

What do you think?

Did Comodo act fast enough?

Are Certificate Authority structures to complex for their own good?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| March 26, 2011
Comments Off on iPad Notes

iPad Notes

Researchers Outline iOS Attack to Access Stored Passwords in Six Minutes

Researchers Outline iOS Attack to Access Stored Passwords in Six MinutesFierceCIO reports that researchers from Germany’s Fraunhofer Institute for Secure Information Technology say (PDF) they can break into an Apple (AAPL) iOS device (iPhone or iPad) to extract stored passwords in just six minutes. The attack requires physical access to the iOS device. Once boosted, large swaths of the iOS file system could be swiftly pried open by hackers.

Data that can be exploited include account passwords for MS Exchange ActiveSync, LDAP, VPN, and Wi-Fi. A successful attack starts with a jailbreak, followed by installing an SSH server to load a script to get access to the keychain entries which contain the passwords.

Based on this weakness, the author says that iOS needs work, “… a proper implementation of security using best practices could require a rewriting of key security components in Apple’s iOS.” He concludes that “… organizations deploying the iOS hardware at the moment might find it prudent to perform encryption at the app level instead of relying on the iPhone’s or iPad’s broken passphrase system.”

iPhone Password Hack Shows Flawed Security Model

iPhone Password Hack Shows Flawed Security ModelArs Technica has a different article on the latest iOS vulnerability. Ars argues that the attack isn’t entirely new, and is actually a product of Apple’s “DRM approach” to security. Forensics expert Jonathan Zdziarski told Ars that similar exploits have been around since Apple introduced the iPhone 3G. According to Mr. Zdziarski,

The real problem is that Apple hasn’t yet fully implemented a truly secure environment for iOS. Apple has … been relying on their DRM know-how, and just erasing the label that says ‘DRM’ and calling it ‘security. The problem with this is that DRM only makes things a little more difficult for hackers.”

“Real security relies on the strength of the key, and the secrecy of the key,” Mr. Zdziarski continued. “And as long as the keys are all stored on the iPhone and don’t rely on a user password, they can easily be compromised.”

The Ars article says that while Apple has continually improved the iDevices information security, they all have the same flaws. Mr. Zdziarski told Ars he believes Apple is pushing to make iOS devices compliant with the FIPS 140-2 (PDF) security standards. However, he warns that. “… at the end of the day … Apple will need to abandon their DRM approach if they want true security, as opposed to just some fancy marketing strategies.”

VMware Unleashes Virtual Desktops for Apple iPad

VMware Unleashes Virtual Desktops for Apple iPadNetwork World is reporting that VMware (VMW) has released VMware View Client for iPad to the Apple App Store. “We’ve been working on it since the middle of last year,” says Pat Lee, director of end-user computing clients at VMware.

VMware said it had trouble making Windows work as a virtual desktop on the iPad. “Windows really isn’t touch-savvy,” Lee says. VMware tried to adapt the iPad experience to Windows. “We spent a lot of time building custom gestures to make sure it blends into the iOS experience,” Lee says.

VMware created a virtual trackpad that can appear on the screen. “We want it to be as logical as possible,” Lee says. VMware promised “instant-on” access to Windows desktops from the iPad, as well as support for Bluetooth keyboards. VMware is using  PCoIP to deliver the remote desktops and says the client will offer a secure connection to server-hosted desktops.  The View client for iPad will be free for existing users, who are charged either $150 or $250 per seat.

The VMware announcement comes after Citrix (CTXS)  released Receiver for iPad, and Parallels developed Parallel’s Mobile, an iPad desktop application.

Contracts HD for iPad: Give Contracts the Finger

Contracts HD for iPad: Give Contracts the FingerHat tip to AppScout for finding Contracts HD for iPad. They say that it is one of those apps that is breathing life into the existence and usefulness of the tablet device. Contracts HD is designed to allow any Apple (AAPL) iPad user to create, collaborate, sign, and email completed contracts using iPad’s dynamic touch-screen interface. The app also provides a database of contract templates for which anyone can add an addendum to all existing contracts, auto-fill appropriate fields within the contract with your exact information, and allows both parties to sign contracts safely and securely by using a fingertip.

Once the contract is signed, and all parties have received their PDF copies via email, you can save contracts to a secure archive for easy access later. Contracts HD also has a little brother app for iPhone that enables you to synchronize contracts between devices.  Contracts HD for iPad is $9.99 in the iTunes App Store ($4.99 for the iPhone version).

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| March 23, 2011
Comments Off on Updated to WordPress 3.1

Updated to WordPress 3.1

Updated to WordPress 3.1Thanks to a snow day, I was able to update the Bach Seat to WordPress 3.1.

Steps for a successful WordPress update

Step 1: Backup

Step 2: Disable plugins

Step 3: Update from Dashboard

Step 4: Reactivate plugins

Step 5: Test

All seem OK, for now, please let me know if you find anything broken.

rb-

I don’t see any real changes.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , ,
| March 21, 2011
Comments Off on Batman Protects Data

Batman Protects Data

Batman Protects DataBatman, the crime fighter who protects the streets of Gotham. Now he can protect your data. Mimoco has added Batman to its line of Mimobots, the USB flash drives that look, flashy.

Batman Mimobot

According to the New York Times, the USB crime fighter can hold 2 GB to 16 GB of data while sitting on your desk or plugged into your laptop. The Batman Mimobot comes with preloaded character-specific content, including wallpaper, screen savers, avatars and sound features.

Mimoco’s licensing deal with Warner Brothers includes Batman, Robin, the Joker, Catwoman, and a limited-edition Batman, clad in a vintage 1939 black-and-gray costume. Additional characters from DC Comics, including Green Lantern, Superman, and the Flash, are expected soon according to the NYT.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »