University of Michigan | Bach Seat

Tag Archive for University of Michigan

RB | March 12, 2015

Comments Off

What the FREAK !

Earlier this month news broke that Google, Apple, and Microsoft are vulnerable to a new bug poetically called – Factoring RSA Export Keys – FREAK. The cause of the FREAK bug is not new. In fact, the origin of the FREAK back goes back to the 1990s and government meddling.

Paul Dirkin at Sophos’ Naked Security blog explains that FREAK is a risk to all users. It is a risk because an attacker can trick you and the server into settling on a much weaker HTTPS encryption scheme than from the 1990s. Basically, the attacker gets you to use what’s called “export grade” RSA encryption. Export grade encryption is a ghost from an earlier U.S. Gooberment attempt to break encryption. In the ’90s the NSA required exported encryption to be deliberately weakened. The idea was that export grade keys were just about good enough for every day, not-so-secret use, but could be cracked by superpowers with supercomputers if national security should demand it.

No one should be using export-grade keys anymore – indeed, no one usually does. But many clients and servers still support them according to Sophos. Somehow, in 2015 it never seemed to matter that the 1990 code was still lying around.

If attackers can watch the traffic flowing between vulnerable devices and websites they could inject code that forces both sides to use 512-bit encryption, which can be easily cracked. It took researchers seven months to crack the key In 1999, the article claims that the same crack takes about 12 hours and $100 using Amazon’s (AMZN) cloud in 2015. It would then be technically pretty straightforward to launch a MITM by pretending to be the official website.

Now that your security is compromised, an attacker can use a “man in the middle” attack (someone who can listen into and change the network traffic between you and your destination server).

Additionally, the author says many servers use the same RSA key over and over again. This allows attackers to use the compromised export grade key to decrypt other sessions, using the same key. Another risk Sophos claims is that export-grade keys allow evil-doers to steal both the public and private keys by using a technique known as “factoring the modulus,” With the critical private key, criminals can now sign traffic from an imposter website as though it came from a trusted third-party.

The author says the team that identified the original FREAK vulnerability claim to have used this bug to create a fake nsa dot gov. University of Michigan computer scientists J. Alex Halderman and Zakir Durumeric, told InfoSecurity that the vulnerability affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains.

The good news, according to Sophos: Users of Chromium/Chrome and Firefox are OK.

The bad news – the bug affects TLS/SSL, the security protocol that puts the S into HTTPS and is responsible for the padlock in your browser’s address bar. The bug is known to exist in:

OpenSSL‘s TLS implementation (before version 1.0.1k), which includes Google (GOOG) Android‘s “Browser” browser, and therefore probably Samsung‘s (005930) derived browser known as “Internet.”
Apple (AAPL) SecureTransport puts OS X software at risk, including Safari.
Microsoft (MSFT) Windows Schannel TLS library puts Windows software including Internet Explorer at risk.

You can check to see if your browser is vulnerable to the FREAK attack on a UMich page here.

You can also check on your favorite website on this UMich page.

rb-

“Export grade” encryption was largely abandoned by 2000 because it was a bad idea. silly idea. It hurt the US software industry and Americans who bought an inferior product. It is still a dumb idea in 2015. As the Gooberment wants to cripple the latest generation of encryption by putting backdoors into encrypted messaging. They seem to have won with Google. Google has dumped plans to encrypt communications by default in Android.

In the short term, if you are worried, use another browser Firefox or Chrome.

Apple’s App Stores Out of Order (blogs.barrons.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2015, AAPL, Apple, Encryption, Freak, GOOG, Google, Hack, Microsoft, MSFT, Security, Sophos, SSL, TLS, University of Michigan

RB | January 6, 2015

Comments Off

UMich Helps Secure the Web with Let’s Encrypt

The University of Michigan is teaming up with leading Internet firms to help secure the web. UMich, Cisco (CSCO), Akamai (AKAM), Mozilla, the Electronic Frontier Foundation, and public key certificate authority IdenTrust, have launched a new free certificate authority (CA) called Let’s Encrypt.

The Let’s Encrypt CA, which will be available in the Summer of 2015. It aims to get people to encrypt their connections to their websites according to a recent GigaOM article. Let’s Encrypt goal is to make it easier to get a proper Secure Sockets Layer/Transfer Layer Security (SSL/TLS) certificate. That way the certs can be deployed to secure a Web server and its users.

Let’s Encrypt will help secure the Internet

According to the article Let’s Encrypt, comes as the tech industry scrambles to encrypt the web. This is more important after the mass surveillance revelations of NSA leaker Edward Snowden. The CA will aid other efforts to secure the Internet.

Let’s Encrypt is developing the Automated Certificate Management Environment or ACME protocol. The ACME protocol. will sit between Web servers and the CA. It includes support for new, stronger forms of domain validation.

Let’s Encrypt will serve as its own root CA. The nonprofit CA public benefit corporation, Internet Security Research Group (ISRG) will run the root CA. Josh Aas, the executive director of ISRG, explained securing the web is just not a simple thing to use Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL). He explains that getting, paying for, and installing a certificate is too hard for many network administrators.

The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.

According to the statement, Let’s Encrypt’s certificates will be free. It will have an automated issuance and renewal protocol – an open standard. A step to reduce the need for input from the domain holder’s side. According to an EFF blog post, “switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.”

Records of certificate issuance and revocation will be publicly available. The organizations behind Let’s Encrypt are stressing that the system won’t be under any one organization’s control.

The EFF has been working on helping users take advantage of HTTPS for a while. The EFF worked with the Tor Project, to create the HTTPS Everywhere extension for Firefox, Firefox for Android, Chrome, and Opera browsers.

The Let’s Encrypt project will use Internet-wide datasets of certificates to make higher-security decisions about when a certificate is safe to issue. The data will include the EFF’s Decentralized SSL Observatory, the University of Michigan’s scans.io, and Google‘s (GOOG) Certificate Transparency logs.

In addition to the Let’s Encrypt project, some of the paths to secure the web include:

The next version of the HTTP protocol will likely be encrypted by default.
Mozilla and Firefox are collaborating with the EFF to bring Microsoft, Google, Opera, and others to add Let’s Encrypt to their list of valid CAs.
Google will rank up sites that use SSL/TLS encryption.
The content delivery and security outfit Cloudflare is offering free SSL encryption for millions of its customers.
And now Let’s Encrypt aims to equip websites with free certificates – the proof they need to tell users’ browsers that their public encryption keys are genuine and the connection is properly secured.

rb-

Many websites currently use the HTTP protocol, a standard that exposes site owners to a number of threats including cyber espionage, keyword-based censorship, account hijacking, and a host of web application attacks such as SQLi and XSS. Let’s Encrypt helps reduce these risks which I think it is a good step in the right direction.

Larry Seltzer argues on Wired that Let’s Encrypt does not go far enough. We want the project to not only encrypt data but also authenticate users. IMHO that is a pipe dream. Authentication will step on the toes of Symantec, Oracle, and other hugely funded firms that will squash anybody doing the right thing that threatens their profits.

Power Up 2014: Double Your Impact! (eff.org)

Category: Uncategorized | Tags: 2015, Cisco, CSCO, EFF, Firefox, GOOG, Google, HTTPS, Let’s Encrypt, Mozilla, Security, SSL, TLS, University of Michigan

RB | October 1, 2013

Comments Off

R Social Networks Bad 4 U?

The average U.S. Facebook user spends 6.5 hours a month on the site. There is growing global evidence that using social networks have a negative impact on their users. Not only do social networks open their users to malware (PDF) and identity theft, but the latest research from around the world suggests that social media can impact user’s emotional well-being.

BuzzFeed reports that social scientists at the University of Michigan looked at the impact of social networking. The UofM researchers released new research that using Facebook can make you feel bad. The U of M research published in the online journal Plos One found that Facebook use predicted declines in the well-being of surveyed participants.

Facebook

The Michigan research indicates that using Facebook negatively impacts how people feel from one moment to the next. It also impacts their overall life satisfaction. As UM social psychologist Ethan Kross explained to BuzzFeed:

“On the surface, Facebook provides an invaluable resource for fulfilling the basic human need for social connection. Rather than enhancing well-being, however, these findings suggest that Facebook may undermine it.”

BuzzFeed points out that the results are just another piece in a larger stack of evidence. The evidence says that increased hours per month spent on Facebook could have a harmful effect on our lives. Professor Kross told the LA Times, “We measured lots and lots of other personality and behavioral dimensions … none of the factors that we assessed influenced the results. The more you used Facebook, the more your mood dropped.”

The Michigan study tested for and discounted alternative reasons that might account for Facebook’s negative impact on happiness. However, the article claims the deceased life satisfaction of Facebook users has more to do with behavioral patterns than the service itself.

The article equates Facebook use with gambling. The author cites Alexis Madrigal‘s article in the Atlantic, “The Machine Zone.” The Atlantic article says that Facebook users, similar to those who play slot machines, are unwittingly lulled into a time-distorting rhythm. They are lulled by repetitive and sometimes rewarding tasks — like looking at an endless stream of your friends’ photos. This behavior can mimic the deleterious effects of gambling and even addiction. The article claims this kind of problem stems from Facebook’s savvy design and engineering. Facebook takes advantage of how humans are wired to keep users on the site.

Social networks in China

TechEye also points out a study from researchers at China’s Beihang University. The Chinese study claims social networking sites are generating a lot of anger. The study, by Rui Fan, Jichang Zhao, Yan Chen, and Ke Xu, examined human emotions on China’s Twitter-like microblogging site Sina Weibo.

After reading 70 million messages from 200,000 users of Weibo, the researchers found that anger spreads faster and wider than other emotions like joy. The TechEye article suggests that posts you write out of anger will have more impact than those expressing happiness. The researchers also found that users with a larger number of friends have a more significant sentiment influence on their neighborhoods. According to the article, the Chinese researchers found that anger among users correlated much higher than that of joy. They concluded that angry emotions could spread more quickly and broadly in the network.

If a user sent an angry message, researchers looked at how likely the recipients were to also send out an angry message or retweet the same emotion. The BuzzFeed article also references a German study. The German study found that Facebook’s social pressures created noticeable stress and feelings of envy. These are emotions that could, ultimately, lead to people abandoning the social network.

Social networks FOMO

A Pew Research Center report released in May 2013 reinforces the risks Facebook faces. According to BuzzFeed, younger users told Pew the stress of needing to manage their reputation on Facebook contributes to their lack of enthusiasm for the social network. Nevertheless, the site is still where a large amount of socializing takes place. The teens reported feeling they need to stay on Facebook to not miss out.

The BuzzFeed article concludes that future social media networks will have to figure out have to survive if they make us sad. The question isn’t exclusive to Facebook. In a recent survey, social media as an industry ranked third to last in consumer satisfaction. Social networks ranked below the airline industry. They state that it’s not hard to imagine a future where users will demand social platforms that are not only intensely engaging but also keenly aware and respectful of how our psychological state works.

As Madrigal notes in his post, “fighting the great nullness at the heart of these coercive loops should be one of the goals of technology design, use, and criticism.” Facebook has succeeded in its mission to connect the world. But we’re only beginning to understand what that means for humanity.

Quitting Facebook – what’s behind the new trend to leave social networks? (phys.org)

Category: Uncategorized | Tags: 2013, BuzzFeed, China, Facebook, Network, Pew Research Center, Security, Sina Weibo, Social, Twitter, University of Michigan

RB | August 27, 2013

Comments Off

NVIDIA Comes to Detroit

Automakers have made a beeline for Central California in recent years. They are setting up research and engineering facilities in the shadows of consumer electronics giants Google (GOOG) and Apple (AAPL). The Detroit Bureau asks if the migration be turning around? A major Silicon Valley firm, NVIDIA (NVDA), is reversing the trend by setting up a technical center in Ann Arbor.

AnnArbor.com reports the tech center will initially support about 20 employees. They will be primarily dedicated to working with the local automotive community. Danny Shapiro, director of automotive for Santa Clara, CA, based NVIDIA said that more work will likely be done at the center with supercomputing and graphics development. NVIDIA VP for worldwide automotive sales and Ann Arbor site leader Phil Hughes said. “We’re going to have software engineers, hardware engineers and field application engineers working here as well as people on the business and marketing side.”

Who uses NVIDIA

Mr. Shapiro said the new facility will help the company’s growing team of Michigan-based engineers and executives work with automakers and suppliers. The Michigan team will develop the next generation of infotainment, navigation, and driver assistance programs. NVIDIA points out that Chrysler, Ford (F), General Motors (GM), and Volkswagen are already using NVIDIA products in their designs. NVIDIA believes having a technology center near the heart of the auto manufacturing community in Michigan makes sense.

“Silicon Valley is the future, Detroit is the past,” said NVIDIA’s Shapiro. “That’s the conventional wisdom. Well, the conventional wisdom isn’t quite right. We’ve been investing in Michigan for years and we’re accelerating these efforts by opening the Nvidia Technology Center.”

Detroit Bureau points out that NVIDIA isn’t alone. Other high-tech firms opening centers in Southeast Michigan are Microsoft (MSFT) and Google, Mr. Shapiro noted. “This is where consumer electronics and safety advancements are being made that will change the driving experience for all of us,” the executive told the Detroit Bureau. “Nvidia has been fueling this trend for years. A number of our employees live in the area and are working closely with car companies.”

High-tech start-ups

While there’s a small but growing presence of high-tech start-ups within the Motor City itself, many of the firms setting up shop in Michigan have chosen to go to Ann Arbor the home of the University of Michigan. “All of this activity has helped make Ann Arbor a high-tech hub and not just for the Detroit area,” Shapiro noted.

Michael Finney, president of the Michigan Economic Development Corp., said Nvidia already powers in-dash instrument clusters as well as navigation and information displays in more than 4 million vehicles from automakers such as Audi, Bentley, BMW, Lamborghini, Maserati, Rolls Royce, Tesla, and Volkswagen.

rb-

I have covered the new blood moving into the neighborhood, including SAIC, and Bill Ford’s plans to make Detroit the Silicon Valley of Mobility.

Detroit’s Silith.IO Takes Its Mobile Collaboration Tool to Silicon Valley (xconomy.com)

Category: Uncategorized | Tags: 2013, Ann Arbor, Automobile, Detroit, F, Ford Motor Company, General Motors, GM, GOOG, Google, Michigan, NVDA, NVidia, Silicon Valley, University of Michigan

RB | July 2, 2013

Comments Off

Social Media – It’s All About Me

Social media sites such as Facebook (FB) and Twitter are a narcissist magnet, according to recent study from the University of Michigan. The U-M researchers published their results online in Computers in Human Behavior.

TechEye says the Michigan researchers found that college students and their adult counterparts use social media in differing ways to bolster their egos and control perceptions of others, the report suggests. Elliot Panek, a University of Michigan researcher said that social networking is about making your image, how you are seen, and also checking on how others respond to this image.

College-age students love using Twitter to make their opinions and views seem important. He told CBC News that college students social media tool of choice is the megaphone of Twitter. “Young people may over evaluate the importance of their own opinions,” Professor Panek said. “Through Twitter, they’re trying to broaden their social circles and broadcast their views about a wide range of topics and issues.”

Adults who show narcissism tend to prefer Facebook, which works in the same way. Middle-aged adults usually have already formed their social selves and they use social media to gain approval from those who are already in their social circles. According to Mr. Panek, Facebook serves narcissistic adults as a mirror. “It’s about curating your own image, how you are seen, and also checking on how others respond to this image,” he said.

So what’s wrong with being a little narcissistic? Plenty. The traits associated with the disorder can stunt the development of close, long-term relationships. What’s more, highly narcissistic people are more likely to react aggressively to criticism and to carry out actions that promote themselves at the expense of others. On the upside, narcissism also correlates with higher self-esteem and low anxiety

Those findings confirm the conventional wisdom that Twitter is the more youthful, millennial, me-centric social network. Facebook is the province of older people who like to showcase pictures of pasta dishes or post status updates about their kids. We’d hazard to say it’s a crutch for people who can’t get out of the house much, but still, seek validation from their peers. Incidentally, the median age of Facebook users has risen from 38 to 41 over the last few years, according to various social media studies. A recent spate of alarmist headlines suggested that teenagers may, in fact, be ditching Facebook.

rb-

Do you like me now?

Do Narcissists Use Twitter and Facebook More Than Other People? (news.health.com)

Category: Social Networking | Tags: 2013, Facebook, FB, Narcissism, Social media, Twitter, TWTR, University of Michigan

« Older Entries Recent Entries »

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Bach Seat

Tag Archive for University of Michigan

What the FREAK !

Related articles

UMich Helps Secure the Web with Let’s Encrypt

Let’s Encrypt will help secure the Internet

Related Posts

NVIDIA Comes to Detroit

Who uses NVIDIA

High-tech start-ups

Related article

Meta