Friday, October 31, 2008

The iPhone, the SDK, the Kindle and the Future of Mobile Learning

Yesterday, Mike Qaissaunee , Vince DiNoto and I gave a presentation titled The iPhone, the SDK, the Kindle and the Future of Mobile Learning at the National Science Foundation's Advanced Technological Education Conference in Washington, DC. Mike put up the slides from our presentation on SlideShare - here's the presentation:

View SlideShare presentation or Upload your own. (tags: apple iphone)

Tuesday, October 28, 2008

Are Wired Keyboards Secure?

Last week Martin Vuagnoux and Sylvain Pasini, doctorate students with the Security and Cryptography Laboratory at the Ecole Polytechnique Fédérale de Lausanne in Switzerland, posted an interesting piece titled Compromising Electromagnetic Emanations of Wired Keyboards.

Vuagnous and Pasini tested 11 different wired mechanical keyboards (PS/2, USB and laptop) purchased between 2001 and 2008 and used four different attack methods on each. They claim they were able to fully or partially recover keystrokes electromagnetically at distances up to 20 meters including through walls. They've posted two videos at Dailymotion.com demonstrating how they were able to collect keystrokes. The first shows a Logitech keyboard with a PS/2 connector attached to a laptop. A one meter wire cable was used as an antenna and placed one meter away from the keyboard. The monitoring system was able to pickup the phrase "trust no one" when it was typed on the keyboard:



The second video shows how a larger antenna can be used to snag keystrokes though a wall:



Vuagnous and Pasini conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments. They go on to say more information on these attacks will be published soon, with a paper currently in a peer review process for a conference.

It will be interesting to see if others can duplicate this work - these would make nice classroom experiments.

Sunday, October 26, 2008

Goodbye Landlines?

Amherst College is just a couple miles down the road from where I live - it's a small and well known college in Western Massachusetts with an enrollment of approximately 1,680 undergraduate students. Peter Schilling, IT Director at the College, has published what he calls his IT index in a blog at Academic Commons.

Schilling's post lists 30 indicators of technological change on the Amherst campus. You'll have to take a look at his piece to see the full list - here's my 10 favorites from his list:
  1. Year that an incoming Amherst College class first created a Facebook group so that they could socialize and otherwise get to know each other prior to arriving on campus: 2006.
  2. By the end of August 2008 the total number of members and posts at the Amherst College Class of 2012 Facebook group: 432 members and 3,225 posts.
  3. Students in the class of 2012 who registered computers, IPhones, game consoles, etc. on the campus network by the end of the day on August 24th, the day they moved into their dorm rooms: 370 students registered 443 devices.
  4. Number of students in the class of 2012 who brought desktop computers to campus: 14 (out of 438).
  5. Number that brought iPhones/iTouches: 93.
  6. Likelihood that a student with an iPhone/iTouch is in the class of 2012: approximately 1 in 2.
  7. Total number of students on campus this year that have landline phone service: 5.
  8. Average number of emails received per day: 180,000.
  9. Percentage of email that arrives on campus that is spam: 94%.
  10. Total number of alumni who have logged in to the College web site: 7,354.
Every single one of these makes me say - WOW. The one that gets the biggest WOW is #7. Only 5 out of 1,680 students have a land line......... I doubt these students will ever have or need a landline. Be sure to see Schilling's post and entire list here.

Wednesday, October 22, 2008

China’s TOM-Skype Platform Analysis

Earlier this month Nart Villeneuve and the Information Warfare Monitor released an interesting joint report titled BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform. Villeneuve is CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto. His research focuses on International Internet censorship and the evasion tactics used to bypass Internet filtering systems.

In the report Villeneuve takes a look at confidentiality and security issues with TOM-Skype, the Chinese version of Skype. If you are not familiar with Skype, it is a software application users download and install on their computers. Once installed it allows users to make free computer-to-computer voice calls over the Internet. In 2004, Skype connected with TOM Online, a large wireless provider in China. The two companies put together a Chinese version of Skype called TOM-Skype and released it to the Chinese public.

Shortly after TOM-Skype’s release in 2006, human rights groups started to question the applications security practices, and several accused the company of censoring chat. Here’s a piece from Villeneuve’s report:

Human rights groups criticized Skype, suggesting that the company was “legitimizing China’s system of censorship”, while others suggested that TOM-Skype contained Trojan horse capabilities that could be used for surveillance by the Chinese Government.

Skype responded to those criticisms stating:

The text filter does not affect in any way the security and encryption mechanisms of Skype.

Full end-to-end security is preserved and there is no compromise of people’s privacy.

Calls, chats and all other forms of communication on Skype continue to be encrypted and secure.

There is absolutely no filtering on voice communications.

Skype also said that censored messages are simply discarded and not displayed or transmitted anywhere. Villeneuve’s current report challenges these statements, documenting and questioning the security practices of TOM-Skype. Major findings from his report include:

The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.

These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.

The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.


Analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

The report is both upsetting and fascinating. It includes a technical section describing how Villeneuve believes the content is being censored and logged and how security and privacy are being breached. In the report forward Villeneuve says:

The lessons to be drawn from this case are numerous and issues of corporate social responsibility will be raised. If there was any doubt that your electronic communications – even secure chat – can leave a trace, Breaching Trust will put that case to rest.

This is a wake up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype. Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents.

This is an excellent case study that could be used (for example) in a networking, Internet security or policy course. The entire 16 page report can be downloaded in PDF format here.

Sunday, October 19, 2008

What Is An Agent Of Change?

When you manage people, you are in it together.
And because you are the leader, you own all the outcomes, good and bad.
- Jack Welch

With the coming presidential election we've been hearing the word change used a lot. It's nothing new - it just seems to be ratcheted up because we're dealing with some extra hot issues this round. So..... what is this change stuff all about? Jack and Suzy Welch have an interesting perspective. In the October 20, 2008 Business Week WelchWay column, they are asked the following question by Anil Kale from Pune, India:

What kind of person is a change agent?

Jack and Suzy's answer is an interesting one. They start by saying that true change agents must have a single critical trait - power. They say most questions they get about change come from people deep within their organizations who have a burning desire to improve things and are frustrated with the organizational inertia in their way. They have good ideas, passion, dedication and hunger to be change agents but worry they cannot be.

Jack and Suzy go on saying by and large, change is still made by people with some sort of authority. It's driven by managers who have a platform to advocate for a new direction and the ability to hire, promote, and reward those who embace it. Change agents must be leaders to be effective - unfortunately - not all leaders are change agents.

Here's three other traits (besides power) that Jack and Suzy say are essential:

1. True change agents see a future no one else does, and that vision won't let them rest. They don't lead change because it "makes sense" or because change is "necessary." They lead change because they believe their organization must get ahead of an approaching "discontinuity" in order to survive and win. Typically, they've risen through the ranks because they've seen around corners before, and they're recognized for what they are, serial visionaries.

2. Change agents have the courage to bet their careers. True change agents are willing to take bold action - and accept the consequences. They know that leading change can be messy, with few clear-cut answers about how events will play out.

3. Change agents have something about them that galvanizes teams and turns people on. Perhaps the biggest misconception about change agents is that they're Lone Ranger types. In fact, the most effective change agents have a fervent core of supporters, cultivated through intensity and caring.

What's the business award? According to Jack and Suzy - for some change agents, it's the organization's survival. But for many others, it's not nearly as dire. It's growth, and all the good things that come with it: more and better jobs, new products, global expansion, not to mention their byproducts - excitement and fun.

True change agents have power, vision, bravery and support - Jack and Suzy say these people are rare - from my perspective I would agree.

*****
Take a look at Jack and Suzy's Business Week piece here. You can also listen to a podcast titled True Change Agents, found on their website The Welch Way.

Thursday, October 16, 2008

Who Will Be The Best President For America In A Science-Dominated World?

The debates are over..... 19 days until the election and..... many of us have not heard much about either candidates positions on science related issues. How can we find out more?

Last year a group of 6 people labeled themselves Science Debate 2008 and called for a presidential science debate. Here's some detail from their website: In November 2007 a small group of six citizens - two screenwriters, a physicist, a marine biologist, a philosopher and a science journalist - began working to restore science and innovation to America’s political dialogue. Within weeks, more than 38,000 scientists, engineers, and other concerned Americans signed on, including nearly every major American science organization, dozens of Nobel laureates, elected officials and business leaders, and the presidents of over 100 major American universities.

Signers submitted over 3,400 questions they wanted the candidates for President to answer about science and the future of America. These 3400 questions were pared down to 14 and answered by each candidate. Science Debate 2008 believes these questions are broad enough o allow for wide variations in response, and they are specific enough to help guide the discussion toward many of the largest and most important unresolved challenges currently facing the United States.

Here's the 14 questions:

1. Innovation. Science and technology have been responsible for half of the growth of the American economy since WWII. But several recent reports question America’s continued leadership in these vital areas. What policies will you support to ensure that America remains the world leader in innovation?

2. Climate Change. The Earth’s climate is changing and there is concern about the potentially adverse effects of these changes on life on the planet. What is your position on the following measures that have been proposed to address global climate change—a cap-and-trade system, a carbon tax, increased fuel-economy standards, or research? Are there other policies you would support?

3. Energy. Many policymakers and scientists say energy security and sustainability are major problems facing the United States this century. What policies would you support to meet demand for energy while ensuring an economically and environmentally sustainable future?

4. Education. A comparison of 15-year-olds in 30 wealthy nations found that average science scores among U.S. students ranked 17th, while average U.S. math scores ranked 24th.  What role do you think the federal government should play in preparing K-12 students for the science and technology driven 21st Century?

5. National Security. Science and technology are at the core of national security like never before. What is your view of how science and technology can best be used to ensure national security and where should we put our focus?

6. Pandemics and Biosecurity. Some estimates suggest that if H5N1 Avian Flu becomes a pandemic it could kill more than 300 million people. In an era of constant and rapid international travel, what steps should the United States take to protect our population from global pandemics or deliberate biological attacks?

7. Genetics research. The field of genetics has the potential to improve human health and nutrition, but many people are concerned about the effects of genetic modification both in humans and in agriculture. What is the right policy balance between the benefits of genetic advances and their potential risks?

8. Stem cells. Stem cell research advocates say it may successfully lead to treatments for many chronic diseases and injuries, saving lives, but opponents argue that using embryos as a source for stem cells destroys human life. What is your position on government regulation and funding of stem cell research?

9. Ocean Health. Scientists estimate that some 75 percent of the world’s fisheries are in serious decline and habitats around the world like coral reefs are seriously threatened. What steps, if any, should the United States take during your presidency to protect ocean health?

10. Water. Thirty-nine states expect some level of water shortage over the next decade, and scientific studies suggest that a majority of our water resources are at risk. What policies would you support to meet demand for water resources?

11. Space. The study of Earth from space can yield important information about climate change; focus on the cosmos can advance our understanding of the universe; and manned space travel can help us inspire new generations of youth to go into science. Can we afford all of them? How would you prioritize space in your administration?

12. Scientific Integrity. Many government scientists report political interference in their job. Is it acceptable for elected officials to hold back or alter scientific reports if they conflict with their own views, and how will you balance scientific information with politics and personal beliefs in your decision-making?

13. Research. For many years, Congress has recognized the importance of science and engineering research to realizing our national goals. Given that the next Congress will likely face spending constraints, what priority would you give to investment in basic research in upcoming budgets?

14. Health. Americans are increasingly concerned with the cost, quality and availability of health care. How do you see science, research and technology contributing to improved health and quality of life?

You'll have to visit the Science Debate 2008 website to see answers from Obama and McCain. The website has a lot of excellent content and is interactive - you can even vote and comment on responses to the 14 questions. It is worth taking a look at.

You can also get the 56 page PDF document of the questions and responses here.

Wednesday, October 15, 2008

Women in the Technical Workplace

I did say I was taking a blog sabbatical this week to work on proposals but could not pass up using some time at lunch to write this up......

The Boston Herald has an interesting piece today titled Looking out for working women. The article focuses on the work done over the past ten years at the Center for Women and Work at the University of Massachusetts at Lowell. The Center is involved in a number of nationally focused programs, including Project Working WISE, funded by a $240,000 grant from the National Science Foundation.

Project Working WISE started in January 2006 and successfully planned and organized an intergenerational and interdisciplinary conference in April of 2007 on workplace factors associated with women's success in STEM fields (Science, Technology, Engineering and Mathematics). Since the conference, Project Working WISE has concentrated on outreach and dissemination of results.

Here's a quote from the Herald piece:

While the median weekly wage for all men working full-time or on salary is $766, for women it’s just $614, according to 2007 data from the U.S. Department of Labor. The gap is even wider for minority women: the median weekly income for black women is $233 less than that of all men, while Hispanic women earn $293 less. And the most common job for women to have is still secretarial work.

The Herald piece also quotes project advisor board member Lisa Brothers, a professional engineer and the vice president of the Boston-based engineering and contracting firm Nitsch Engineering:

"Only 10 percent of engineers are females; we are definitely under-represented" and "there are still wage inequalities" in the industry.

The Center will celebrate its tenth anniversary on October 23rd in honor of U.S. Rep. Niki Tsongas.