UW Computer Security Research and Course Blog

CNN got an inside view of the so-called “Chinese cyber militia” when a group of three Chinese hackers agreed to be interviewed. This group of hackers claim that “no site is one hundred percent safe,” and that they’ve even broken into the Pentagon in the past. Should we write off these claims as hallow boasts from a group of fame chasers or is this something more?

First, let us consider who they are. Operating out of an apartment room in China, the group consists of a former computer operator in the People’s Liberation Army, a marketing graduate, and a self-taught programmer. In their cement-floored apartment with almost no furniture, the group leader quote sayings from Sun Tzu, “Know about both yourself and the enemy, and you will be invincible.”

They have been operating a hacking website with over 10,000 registered users, according to article, but CNN “decided to withhold” the address of the site. A quick search on Google leads to a site dedicated to being “Inside the World of Chinese Hackers,” which identifies their site as hack4.com. The front page of the hack4.com features a very comprehensive listing of articles, from discussing US-China relations, to reporting Fortify’s warnings of MySpace and Facebook vulnerabilities, to “Hacker’s Love Letters.” The website also compiles a large collection of downloads, from password crackers, to trojan generators, to overflow attack tools.

The group’s leader makes two bold claims:
1. That the group had successfully broken into the Pentagon network and downloaded information in the past.
2. That the Chinese government secretly pays them.
Of the Pentagon hack, he says, “They would not publicize this… It is very sensitive,” but does not discuss what information they obtained. Given that the Pentagon does report experiencing “multiple intrusions,” many originating from China, the Pentagon-hacking claim may be considered plausible. The second claim is less plausible, as it would require that they did obtain sensitive information and that the government would be willing to allow a group of rogue hackers to perform operations that could have international implications. In any case, no evidence whatsoever is provided to back the claims, so these can only be considered to be speculative.

What primarily distinguishes this group from merely a group of media hogs is (a) that they seem dedicated to hacking full-time and (b) that they have established what appears to be an authoritative site within the Chinese hacking community (if, in fact, they are not the people behind hack4.com, let’s suppose they are). Especially with the lofty goals of “ensuring the free sharing of the spirit of freedom” and “safeguarding China on the basis of our voices,” they do seem to take their work seriously. With about 10,000 users registered to hack4.com and given the existence other similar sites, Chinese hackers are indeed a growing fixture of the security landscape.

David W., Max A., Travis M.

The Onion has posted quite a funny video taking advantage of the many security problems with the Diebold voting machines.

Diebold Accidentally Leaks Results Of 2008 Election Early

Summary
Japan can be considered to be the leading pioneer of robots, especially in the case of humanoid robot. It began with the introduction of Honda Asimo; then it keeps proceeding and developing. Now, they take a little step further by making robots to live among the population. They are developing robots that can animate face expression by corresponding words. In addition, they also make robots that can do daily task such as being receptionist, vacuuming corridors, feeding the elderly and many

Discussion
Many might question, why such effort? The Japan population is approximately 127.77 million with 343 people per square kilometer in 2006. The population has declining birth rate and it is predicted in 2050 there will be more elderly people. Younger age is predicted to have more responsibility to take care of the elderly. However, they also need to make sure the productive generation will not too occupy in caring the elderly. Robots might be a solution to help caring for the elderly.
Perhaps, in the future, we will see more robots doing more tasks that are too dangerous for human. The news had revealed a female humanoid that can mimic human face expression. It can smile in response to “love” or frown when it hears “war”. This can be considered to be an amazing achievement where the future of robot development can be positive to the society.

Reflection
Japan has one of the highest life expectancy in the world. Unfortunately, this is not balanced with its birth rate. The declining birth rate and increasing divorce rate also contributes to the aging population.
How far will this progress? Can the science fiction depicted in Matrix or Terminator become reality? We will see.
The Japan’s government has taken steps to increase the birth rate by cutting tax and more incentive. So far, the result of the plan can only be seen when the future comes.

Broader Issue
Japan’s population condition gives a good cause for the robot development. They are developing robot to serve the society and increase productivity where humans could not achieve. However, some lingering question might not been answered yet, such as the usage of robots for war effort. Using robots for war will reduce human casualty and perhaps increase the probability of winning the war. Robots never get tired and will always accurate in its movement. It can be a perfect soldier in the battlefield for a short or long combat period.
Furthermore, if the future the Japan population re-bounces, will this slow down the robot development? The people have to take back the place which they are replaced.

Possible Reaction
Although robots have many application benefits, its societal impact might be in question. As many have thought, robots can be considered more productive than humans, especially in factories that suitable for high automation. People might be afraid of robot development that might soon replace their jobs. Another consideration, how smart this robot can be? They manage to mimic human expressions; can in the future robots make decision?
Another possible reaction, the government might limit robot production and its usage to make robots are used as it is intends to be used. With the flexibility in its use, there are unlimited possibilities of its misuse.

Slashdot is reporting that a lot of Wii homebrew code is being developed and released now. Apparently, a bug was found in The Legend of Zelda: Twilight Princess that allows you to smash the stack by overflowing the horse name buffer. Creating a modified saved game allows you to inject this malicious name. I was under the impression that the Wii cryptographically signed saved games to prevent bugs like these from being exploited, but it appears that people have either figured out how to sign saved games, or bypass the signature check, if one exists at all.

They’re out there…Some of us use them everyday…Especially college students living away from home…We can’t avoid them, unless we want to be stinky…

Yes I’m talking about coin-operated laundries…

Coin-operated washing facilities provide an interesting security problem, since the users only maintain a single asset, their clothes. The owners and operators of the facility are at most risk since they have to protect against people stealing money or gaining free use.

(Read on …)

Spy satellites will be used by local law enforcement to enforce the laws against United States citizens. Should this make us feel safer or more scared of our government?

On the one hand I expect any government to use the most sophisticated equipment it has available in the pursuit of law enforcement, but on the other, the more sophisticated the equipment gets the more difficult it will be for proper oversight to exist, and the tendency is increased (perhaps inadvertantly) that the tools will be used for nefarious purposes.

A lack of oversight has the potential to lead to disastrous results. The brouhaha that occurred over the warrantless wiretapping could be just a hint of what’s to come if programs such as this gain more ground.
When news of this type comes out I get an ominous feeling of “ickiness” about the fact that we have less and less implicit privacy (that being the general privacy to do things like walk outside into your fenced yard without risk of wanton surveillance). But at the same time I have a hard time determining where exactly the line is being crossed.

Can someone help determine where (if at all) a problem exists? Does it lie in the fact that the Federal government is using instruments of national security for issues that should be locally controlled? The Slashdot comments section has a lot of alarmist comments (including the ubiquitous “omg 1984” kind), but I’m not certain how a line is being crossed.

Source: http://yro.slashdot.org/article.pl?sid=08/02/13/2331224&from=rss

ASIMO is a robot that resembles a human that is created by Honda Motor Company. It was created at the Wako Fundamental Technical Research Center in Japan. The current version of this robot is version eleven. This robot, which is about four feet tall, looks like an astronaut wearing a backpack and it can walk and run on two feet. In addition, there are various features that ASIMO can perform. For example, it can recognize moving objects, postures and gestures, and environments. Therefore, it can react under various situations. In addition, ASIMO has facial recognition capabilities and distinguish sounds. It can also find information such as weather report by connecting to the Internet or greet and guide visitors given that they are valid visitors in the user’s network. Assuming ASIMO robots will be able to work as security guards in the future, here is the security review for the robot.
(Read on …)

Despite assurances from MySpace that photos in private profiles can only be seen by people on a user’s friends list, its web architecture has failed to enforce this. Info about a backdoor has been disclosed and made publicly available on message boards for months.

Users under 16 have their profile set to private by default, and according to MySpace, “Only the people you select will be able to view your full profile and photos”. When an unauthorized user tries to click on a photo link of a private profile, the following error message is given: “This profile is set to private. This user must add you as a friend to see his/her profile.” But anyone with some basic skills can plug the target’s public account number, called a “Friend ID,” into a specially crafted URL GET request, resulting in a bypass of this security measure and granting access to those photos… In other words, the link is not available, but it can be build based on trivial data.

Several forums online have started to post a number of MySpace photo links for underage girls. None of the posts appears to have involved with child pornography or other illegal conduct, however this is against the privacy of such private profiles.

More in CNET: http://blogs.cnet.com/8301-13507_1-9858905-18.html

Gradually over the year of 2007, I’ve been turning to Google to help me get through sticky problems with open-ended programming projects. As I’ve moved from Java to actual implementable languages such as Python and C#, I’ve found that more and more of my answer end up at places such as experts-exchange.com. I’m of course ecstatic that my exact problem has been found on the great big interweb; the Google summary shows me part of a solution! Of course, when I actually navigate to the site, I’m greeted with a greatly-reduced page with lots of ‘trial options’ (example). What happened to my content that I just saw highlighted on Google? It’s nowhere to be found.

(Read on …)

I came across this on xkcd.com.  Thought you all might enjoy it!

For more fun, check out  http://xkcd.com/341/ and read through  http://xkcd.com/345/.