UW Computer Security Research and Course Blog

An article linked today on Slashdot revealed that a vast majority of security breaches could be prevented if users were not logged in with administrative priveleges.  While this is not terribly surprising, the numbers were rather shocking.  The report suggests that 92% of the 154 major security breaches were caused by users having administrative priveleges.  Windows Vista’s User Accounts Control (UAC) has long been criticized for its excessive use of popup windows, and it seems that aside from being an annoyance, the measures put in place to help secure a system have become a vulnerability.

(Read on …)

GPeerReview is a new project that attempts to create a web of trust for scientific publications. The goal is to have people read papers, leave comments, and digitally sign them with GPeerReview. The review could then be sent to an author, and if the author likes it, he/she could include it with her list of works. This would filter out false and possibly malicious reviews.  Peer review comments would hopefully give credibility to an author’s work, through many positive reviews.

The reasons for using GPeerReview are stated on their google code page. Since peer reviews give credibility to an author’s work, it is important to get peer reviews. However, reviews can possibly be damaging, in the case of false reviews. Thus, it is important to trust the reviewers, and be able to associate the reviewer  to the review, and the review to the correct publication. Through this system, a web of trust would be created, allowing for employers, journals and conferences to utilize the tool as a criteria for acceptance. Additionally, a publication can gain credibility after publication, allowing papers to be published early and reviewed later. The ultimate goal would be to revolutionize scientific publishing, similar to the world wide web and media publishing.

(Read on …)

A recent article on slashdot purports that Google will soon release new software, dubbed ‘Latitude’ enabling users to broadcast their geographic location via Google Maps.  This information can be gathered either from mobile phones, via GPS or local cell phone towers, or from laptop computers, via WIFI access points.  Once the data is uploaded, users can decide with whom to share their location, and to those lucky few their location is shown as an icon with their chosen picture on top of a Google Map display.  The initial release will support Blackberry, Android, and Windows Mobile phones, with likely updates to include iPhones and iPod touches.

Google has long had the ability to locate its users, a function predominantly featured on the iPhone.  What distinguishes ‘Latitude’, however, is the ability to take this information and share it with others.  Location data will thus have to be stored on Google’s servers, in order for others to access that information and display it on their screens.   Obviously this generates numerable privacy concerns, however Google attempts to address these by claiming the feature will be limited in that it will only display information to other people the user chooses, and that it can be easily disabled at any time.  Google also claims that the company will not collect a large database of geographic information, and the only location data stored on the servers will be the most recent location uploaded.
(Read on …)