UW Computer Security Research and Course Blog

On Thursday, Apple happily unveiled its plan for third party support of native iPhone applications. The plan involves an application development and distribution pipeline including an iPhone SDK, a suite of IDE tools, and a sales and distribution plan through the new iPhone “App Store”. Apple is restricting the distribution of 3rd party applications through their app store by requiring an iPhone developer account. There will be no other supported way to get 3rd party iPhone applications onto the iPhone. Apple has also made the claim that no malicious, pornographic, or software with security vulnerabilities will be distributed through their store.
(Read on …)

They’re out there…Some of us use them everyday…Especially college students living away from home…We can’t avoid them, unless we want to be stinky…

Yes I’m talking about coin-operated laundries…

Coin-operated washing facilities provide an interesting security problem, since the users only maintain a single asset, their clothes. The owners and operators of the facility are at most risk since they have to protect against people stealing money or gaining free use.

(Read on …)

This security review is intentionally left incomplete. It is simply a topic that I think would be interesting for us as a group to explore. If you can add to the discussion, please do, even if it’s simply to propose an idea, or to shoot one down.

Washington State Ferries have been using the Wave2Go system for over a year now. The old system required passengers to remain in a holding area after they had bought their tickets from one of three booths. Many patients would wait to buy their tickets just before the ferry would board, causing long lines right before departure and occasionally delaying ferries.

Wave2Go allows clients to buy tickets from multiple kiosks in addition to the three ticket booths. Alternatively, you can purchase tickets ahead of time online and then print them out. (Read on …)

Summary

The past week has seen a renewed interest on the part of the security community in the reliability of hard disk encryption. With the recent revelation that data on encrypted drives is vulnerable to unauthorized access via memory manipulation, the technology has come under new scrutiny, and the integrity of existing disk encryption technologies is being questioned. While this blog has explored both the recent security breach and specific encryption tools (cold-boot attacks , Truecrypt security review), this security review will take a broad look at the security principles behind disk encryption and vendor-independent weaknesses and strengths of the technology.

(Read on …)

Summary:
The International Olympic Committee will be granting Olympic athletes the right to blog at this year’s summer games in China, and there will be a few interesting restrictions placed on what they can say. In addition to the standard laws all bloggers have to conform to (copyright, etc) the athletes are prohibited from posting photographs of events, and from writing about other athletes, as well as from writing about anything that “may compromise the security, staging and organization of the games”. I’m going to examine the motives of the committee in putting these restrictions in place as they may pertain to security, ignoring issues like intellectual property for now.

(Read on …)

ASIMO is a robot that resembles a human that is created by Honda Motor Company. It was created at the Wako Fundamental Technical Research Center in Japan. The current version of this robot is version eleven. This robot, which is about four feet tall, looks like an astronaut wearing a backpack and it can walk and run on two feet. In addition, there are various features that ASIMO can perform. For example, it can recognize moving objects, postures and gestures, and environments. Therefore, it can react under various situations. In addition, ASIMO has facial recognition capabilities and distinguish sounds. It can also find information such as weather report by connecting to the Internet or greet and guide visitors given that they are valid visitors in the user’s network. Assuming ASIMO robots will be able to work as security guards in the future, here is the security review for the robot.
(Read on …)

Summary
“Smart pillbox could be a lifesaver” that is the title on the recent news in MIT in the world. It is design to be used by elderly people so they can properly take their medication. The purpose will be to enforce the prescribe regimen to prevent drug-resistance disease and to prolong life. It might also prevent the unnecessary loss of life due to a miss of daily regiment.
Elderly people are the main target for this device, because they can be in the situation where they need to take a series of medication, like more than ten drugs. This project consists of two systems, uBox for the patient and uPhone for the health care worker. The uBox will alert the patient for his/her daily regiment by flashing lights and sound a buzzer. In addition, it will also record the time and other data which can be retrieved by the health care workers. The uBox has 14 chambers for the medication, each of which will be filled with prescription drug by the health care workers. On the other hand, the uPhone is to let the health care worker to track patient progress and retrieves the related data from the uBox.
However, smart pillbox is not only developed at MIT, University of Wisconsin-Milwaukee also been trying to develop it. The difference lies on their dispenser unit which can communicate with the medical staff via the web. The purpose of the smart pillbox is the same, which is to ensure adherence in taking medication.

(Read on …)

Online Banking - Many banks now provide an online application that will let the bank’s clients manage their funds. This includes both, viewing, as well as transferring funds to arbitrary third parties through a feature called ‘Online Bill Pay.’ Thus, given access to a user’s online banking credentials, an adversary can easily drain the user’s funds.

(Read on …)

Anyone who has travelled within the past 6 years has experienced the excruciating joy of going through modern airport security. For most domestic flights your checked bags go through one set of security procedures, and your person and carry on items go through another. I will be focusing on the personal/carry on side of airport security. (Read on …)

The latest version (7) of Microsoft’s Internet Explorer web browser, like their latest Windows (Vista) operating system, is supposed to be the most secure version in the product’s history. A complete security review of either IE7 or Vista is outside the scope of this post, but there is one very interesting security feature found at the intersection of the two, called “Protected Mode.” Presented as a feature intended to limit the possible damage even if every other security feature in IE7 fails, Protected Mode limits the browser’s ability to modify the system in case of an attack while preserving the ability to execute other tasks, such as downloading files and allowing helper programs, plug-ins, and the user to interact with the browser much as before. (Read on …)