Archive

Posts Tagged ‘carnegie mellon university’

Researchers Find Crippling Flaws In Global GPS

December 9th, 2012 12:59 admin View Comments

Security

mask.of.sanity writes “Researchers have developed attacks capable of crippling Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unnamed drones. The novel remote attacks can be made using against consumer and professional-grade receivers using $2500 worth of custom-built equipment. Researchers from Carnegie Mellon University and Coherent Navigation detailed the attacks in a paper. (pdf)”

Source: Researchers Find Crippling Flaws In Global GPS

Researchers Develop Surveillance System That Can Watch & Predict

October 28th, 2012 10:36 admin View Comments

Software

hypnosec writes “Carnegie Mellon university researchers have developed a surveillance system that can not only recognize human activities but can also predict what might happen next. Scientists, through the Army-funded research dubbed Mind’s Eye, have created intelligent software that recognizes human activities in video and can predict what might just happen next; sounding an alarm if it detects anomalous behavior. “

Source: Researchers Develop Surveillance System That Can Watch & Predict

Water-Prospecting Lunar Rover Prototype Built

October 9th, 2012 10:21 admin View Comments

Moon

Zothecula writes “Astrobotic Technology Inc., a spin-off company of Carnegie Mellon University (CMU), has debuted its full-size flight prototype of its Polaris lunar water-prospecting robot. Polaris is specially designed to work in the permanently shadowed craters at the Moon’s poles. Scheduled to be sent to the Moon using a SpaceX Falcon 9 launch vehicle, the solar-powered rover is a contender in the US$20 million Google Lunar X Prize and is tasked with seeking ice deposits that could be used by future colonists.”

Source: Water-Prospecting Lunar Rover Prototype Built

US Defense Contractors and Universities Targeted In Cyberattacks

June 13th, 2012 06:09 admin View Comments

China

Trailrunner7 writes, quoting Threatpost: “Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. … In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island.”

Source: US Defense Contractors and Universities Targeted In Cyberattacks

Turning Soap Film Into a Projector Screen

May 20th, 2012 05:10 admin View Comments

Displays

An anonymous reader writes “3 graduate students from University of Tokyo, Carnegie Mellon University, and the University of Tsukuba have developed a colloidal display — a clear projector screen that can control its transparency. Normally soap film will allow light to pass through, but the colloidal display does not. It mixes colloid into the solution and uses ultra sonic speakers to vibrate the surface of the soap film to achieve this. They have created several prototypes, such as 3D planar screen, to show how this technology can be useful.”

Source: Turning Soap Film Into a Projector Screen

Disney Research Can Turn Nearly Any Surface Into a Touch Screen

May 10th, 2012 05:47 admin View Comments

Displays

surewouldoutlaw writes “Remember that scene in Fantasia where Mickey turns all the brooms into an army of workers? Well, Disney isn’t quite there, yet. But scientists with the company’s research lab at Carnegie Mellon University in Pittsburgh have been able to turn virtually any surface, including liquid water and the human body, into a multi-touch interface. The new system is called Touché, and it is as awesome as it sounds.”

Source: Disney Research Can Turn Nearly Any Surface Into a Touch Screen

A Gaming Replacement for Those Annoying CAPTCHAs

May 3rd, 2012 05:00 admin View Comments

We all know about those authentication blocks of text called CAPTCHAs, perhaps too well. (Today’s fun trivia: The acronym stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart.). A new idea from PlayThru is to embed a small Flash or HTML5-based game that a human plays with a mouse to prove he or she really is a carbon-based life form. It is intriguing, potentially less annoying, and has captured (if you will excuse the pun) a few supporters already. The service is just getting started, and it is free to try out.

The CAPTCHA process was developed in 2000 by several computer scientists at Carnegie Mellon University. It has since spread like kudzu to various websites, where site owners try to prevent automated bots from bombarding their pages.

The original thought of Alan Turing with his namesake test was to develop some way for a human to tell when it was talking to a computer. The CAPTCHA is actually this process in reverse: It is administered by a machine, but tries to distinguish humans. It hasn’t been working all that well, though. Many spammers employ a variety of techniques to defeat them, such as by paying low wages to actual humans or running optical character recognition software to ferret out the CAPTCHA codes.

In the process, as so often happens with the Internets these days, the bad guys are making for a miserable user experience for the rest of us. The codes have gotten harder to read by ordinary humans, and many users will abandon a Web page rather than try to enter the right code. Updates such as user refreshes to get a new code or audio translators haven’t helped much.

Enter PlayThru’s attempt. Their service, perhaps the first game-based CAPTCHA, invites users to solve a game by identifying and interacting with dynamic objects, such as dragging and dropping toppings onto a pizza or food items into a refrigerator. You can see an example here.

Beta deployments of PlayThru are seeing submission rates increase by up to 40% over text-based CAPTCHAs, and in a company-sponsored survey of 100 people, 98% of the users preferred PlayThru over traditional text-based CAPTCHAs. Granted, that isn’t a scientific sample, but it’s still an indication of how much we all hate the regular CAPTCHAs, and of how much opportunity there is for their replacement.

PlayThru isn’t the first company to invent a better CAPTCHA. Oregon-based Vidoop came out with their own innovation a few years ago, but it hasn’t caught on.

But this just illustrates the problems in fighting spammers and still making our computer systems usable for the rest of us who just want to go about our business and get work done. The spammers always seem to have ways to defeat the latest technology, no matter how sophisticated. The PlayThru game-based CAPTCHAs could turn into a miniature Space Invaders or World of Warcraft as the automated tools used by the bad guys get better, which would make the simple originals useless. In the meantime, though, try out the demo on PlayThru’s site, and let us know what you think of the idea.

Source: A Gaming Replacement for Those Annoying CAPTCHAs

Censorship of Chinese Social Media Is Real, Comprehensive

March 26th, 2012 03:02 admin View Comments

China

chicksdaddy writes “Threatpost has a write-up of a study by researchers at Carnegie Mellon University that provides the first conclusive evidence that Chinese government censorship extends to social media sites like Sina Weibo, the popular micro blogging Web site that many have likened to a Chinese Twitter. ‘The study … found that censors in China delete around 16 percent of the messages submitted to Sina Weibo … The study, released in March, concludes that “soft censorship” in China — the removal of controversial subject matter from blogs and Web pages — is at least as popular as hard censorship, like the blocking of offensive sites. The result is suppression of news about events or individuals that are deemed threatening to the ruling Communist party.’”

Source: Censorship of Chinese Social Media Is Real, Comprehensive

Dr. Cranor on ‘Do Not Track’ and the Improbability of Complete Privacy

February 24th, 2012 02:30 admin View Comments

shutterstock_90909827 (150 px).jpgIf there truly is no privacy on the Web, then how can we be shocked by reports of a privacy breach? If that’s not the case, and we truly do expect privacy on the Web, then when fifteen years go by before major browser makers pledge to implement Do Not Track buttons only at the urging of the President of the United States – as Bloomberg News reported Thursday morning – whom do we hold at fault for those buttons’ having been absent all this time? And if those buttons probably won’t work anyway, which is what some experts believe, then just who is it being fooled by whom?

“People are holding out the same hopes for Do Not Track that they held out for P3P 15 years ago. It’s definitely a whole déjà vu thing here,” says Dr. Lorrie Faith Cranor, in the second part of her interview with ReadWriteWeb. Dr. Cranor, now an associate professor of computer science at Carnegie Mellon University, was an early contributor to P3P and the former chair of the W3C working group that developed it. It never got very far, and she believes there are many lessons from that experience that may now be applied to the Consumer Privacy Bill of Rights, which the White House unveiled Thursday afternoon.

The White House report (PDF available here) stops short of calling Do Not Track (DNT) the answer to consumer privacy issues.

“Privacy enhancing technologies such as the ‘Do Not Track’ mechanism allow consumers to exercise some control over how third parties use personal data or whether they receive it at all,” the report reads. “For example, prompted by the FTC, members of the online advertising industry developed self-regulatory principles based on the FIPPs, a common interface to alert consumers of the presence of third party ads and to direct them to more information about the relevant ad network, and a common mechanism to allow consumers to opt out of targeted advertising by individual ad networks. A variety of other actors, including browser vendors, software developers, and standards-setting organizations, are developing ‘Do Not Track’ mechanisms that allow consumers to exercise some control over whether third parties receive personal data. All of these mechanisms show promise. However, they require further develop¬ment to ensure they are easy to use, strike a balance with innovative uses of personal data, take public safety interests into account, and present consumers with a clear picture of the potential costs and benefits of limiting personal data collection.”

A White House statement Thursday indicated that some set of privacy regulations would eventually become enforced by the Federal Trade Commission. It did not say whether DNT would be a factor in those regulations.

Dr. Lorrie Faith Cranor - Carnegie Mellon Univ.jpg

Self-regulation: The Sequel

“Fifteen years ago, the industry told the FTC, ‘You don’t need to think about any tighter privacy regulations because we are going to build a computer-readable language for privacy policy, and it’s going to solve this problem – and it’s P3P!’ remarked Dr. Cranor. “Fast-forward to today, and industry is saying the same thing about Do Not Track, and W3C is starting to work on DNT. They have the same issues we had with P3P, where some of the players in the industry were excited about it, and others weren’t really quite on-board with it, and there’s a question of whether everybody would get on-board or not.

“I would love to see us just turn on the technology that we have, and maybe agree to get together and upgrade it a little bit, and it’s good to go. That’s really wishful thinking, though,” she adds. “I am very pessimistic that that is going to happen.”

“I think Do Not Track is a very much watered-down P3P. It’s much, much simpler. It’s not nearly as powerful. So the question is, was the problem with P3P that it was too complicated, and this very simple thing is what will allow [privacy] to get adopted?”
Dr. Lorrie Faith Cranor
Associate Professor of Computer Science
Carnegie Mellon University

The problem, as Cranor describes it, is that the real definition of privacy may be much deeper than President Obama described it in his preamble to his Thursday report. There, he cited former Supreme Court Justice Louis Brandeis’ famous definition of privacy as “the right to be let alone.”

Throughout a career full of contributions to the digital privacy process, Dr. Cranor has instead cited Alan F. Westin, the Columbia University law professor and, in 1967, the author of perhaps the most prescient volume on the subject of privacy in communications ever published, Privacy and Freedom. “Each individual is continually engaged in a personal adjustment process,” Prof. Westin wrote, “in which he balances the desire for privacy with the desire for disclosure and communication of himself to others.”

“As we walk about in the physical world, we raise and lower our voice and we raise and lower our window shades and we turn our faces, and we are all constantly adjusting to regulate our exposure and our privacy,” Dr. Cranor tells RWW. “And it comes naturally; we don’t spend a lot of time thinking about it. We just sort of naturally do it. But when we go online, it’s no longer natural, because we don’t have these readily apparent, physical things where you can just easily close that shade, and it’s obvious what you’re doing. So we have to rely on software tools to help us with this privacy regulation process.”

Multiple Choice

120223 Privacy Bird screenshot.jpgIn 2001, working with AT&T Labs, Cranor led the development team of one of the first user-centered privacy preference tools, entitled Privacy Bird. In concept, it was simple. It led the user by the hand through various scenarios, including potential exceptions to privacy rules. A user might not want a first-party site to share session information with a third-party provider… but what if that provider is the thing that makes the shopping cart work?

For the 2005 book Simplicity and Usability, which she co-edited with Simson L. Garfinkel, Cranor wrote:

Initially, most people with whom I have discussed privacy preferences tell me that their privacy preferences are pretty simple – for example, “I don’t want companies to give my information to anyone else.” But as our conversations continue, people usually start to articulate a variety of exceptions to their simple initial rules. “If I order something from them, then they can provide my information to fulfill the order and ship a package to me. And if I tell them about my hobby, then it would be OK if they send me catalogs related to that hobby or let me know about clubs I might be interested in.” Some people, eager for a good deal, go further: “I should have the right to control my information, but junk mail doesn’t really bother me so much. So if they are willing to give me something for free, I don’t mind throwing away their junk mail. But if they are profiting from my information, I should get something too.” And when the discussion turns to the sharing of location or presence information with other individuals, privacy preferences tend to get very complex.”

Next page: Simpler privacy may not be better privacy…

Page:  1   2  Next  »

Source: Dr. Cranor on ‘Do Not Track’ and the Improbability of Complete Privacy

Dr. Cranor on ‘Do Not Track’ and the Improbability of Complete Privacy

February 24th, 2012 02:30 admin View Comments

shutterstock_90909827 (150 px).jpgIf there truly is no privacy on the Web, then how can we be shocked by reports of a privacy breach? If that’s not the case, and we truly do expect privacy on the Web, then when fifteen years go by before major browser makers pledge to implement Do Not Track buttons only at the urging of the President of the United States – as Bloomberg News reported Thursday morning – whom do we hold at fault for those buttons’ having been absent all this time? And if those buttons probably won’t work anyway, which is what some experts believe, then just who is it being fooled by whom?

“People are holding out the same hopes for Do Not Track that they held out for P3P 15 years ago. It’s definitely a whole déjà vu thing here,” says Dr. Lorrie Faith Cranor, in the second part of her interview with ReadWriteWeb. Dr. Cranor, now an associate professor of computer science at Carnegie Mellon University, was an early contributor to P3P and the former chair of the W3C working group that developed it. It never got very far, and she believes there are many lessons from that experience that may now be applied to the Consumer Privacy Bill of Rights, which the White House unveiled Thursday afternoon.

The White House report (PDF available here) stops short of calling Do Not Track (DNT) the answer to consumer privacy issues.

“Privacy enhancing technologies such as the ‘Do Not Track’ mechanism allow consumers to exercise some control over how third parties use personal data or whether they receive it at all,” the report reads. “For example, prompted by the FTC, members of the online advertising industry developed self-regulatory principles based on the FIPPs, a common interface to alert consumers of the presence of third party ads and to direct them to more information about the relevant ad network, and a common mechanism to allow consumers to opt out of targeted advertising by individual ad networks. A variety of other actors, including browser vendors, software developers, and standards-setting organizations, are developing ‘Do Not Track’ mechanisms that allow consumers to exercise some control over whether third parties receive personal data. All of these mechanisms show promise. However, they require further develop¬ment to ensure they are easy to use, strike a balance with innovative uses of personal data, take public safety interests into account, and present consumers with a clear picture of the potential costs and benefits of limiting personal data collection.”

A White House statement Thursday indicated that some set of privacy regulations would eventually become enforced by the Federal Trade Commission. It did not say whether DNT would be a factor in those regulations.

Dr. Lorrie Faith Cranor - Carnegie Mellon Univ.jpg

Self-regulation: The Sequel

“Fifteen years ago, the industry told the FTC, ‘You don’t need to think about any tighter privacy regulations because we are going to build a computer-readable language for privacy policy, and it’s going to solve this problem – and it’s P3P!’ remarked Dr. Cranor. “Fast-forward to today, and industry is saying the same thing about Do Not Track, and W3C is starting to work on DNT. They have the same issues we had with P3P, where some of the players in the industry were excited about it, and others weren’t really quite on-board with it, and there’s a question of whether everybody would get on-board or not.

“I would love to see us just turn on the technology that we have, and maybe agree to get together and upgrade it a little bit, and it’s good to go. That’s really wishful thinking, though,” she adds. “I am very pessimistic that that is going to happen.”

“I think Do Not Track is a very much watered-down P3P. It’s much, much simpler. It’s not nearly as powerful. So the question is, was the problem with P3P that it was too complicated, and this very simple thing is what will allow [privacy] to get adopted?”
Dr. Lorrie Faith Cranor
Associate Professor of Computer Science
Carnegie Mellon University

The problem, as Cranor describes it, is that the real definition of privacy may be much deeper than President Obama described it in his preamble to his Thursday report. There, he cited former Supreme Court Justice Louis Brandeis’ famous definition of privacy as “the right to be let alone.”

Throughout a career full of contributions to the digital privacy process, Dr. Cranor has instead cited Alan F. Westin, the Columbia University law professor and, in 1967, the author of perhaps the most prescient volume on the subject of privacy in communications ever published, Privacy and Freedom. “Each individual is continually engaged in a personal adjustment process,” Prof. Westin wrote, “in which he balances the desire for privacy with the desire for disclosure and communication of himself to others.”

“As we walk about in the physical world, we raise and lower our voice and we raise and lower our window shades and we turn our faces, and we are all constantly adjusting to regulate our exposure and our privacy,” Dr. Cranor tells RWW. “And it comes naturally; we don’t spend a lot of time thinking about it. We just sort of naturally do it. But when we go online, it’s no longer natural, because we don’t have these readily apparent, physical things where you can just easily close that shade, and it’s obvious what you’re doing. So we have to rely on software tools to help us with this privacy regulation process.”

Multiple Choice

120223 Privacy Bird screenshot.jpgIn 2001, working with AT&T Labs, Cranor led the development team of one of the first user-centered privacy preference tools, entitled Privacy Bird. In concept, it was simple. It led the user by the hand through various scenarios, including potential exceptions to privacy rules. A user might not want a first-party site to share session information with a third-party provider… but what if that provider is the thing that makes the shopping cart work?

For the 2005 book Simplicity and Usability, which she co-edited with Simson L. Garfinkel, Cranor wrote:

Initially, most people with whom I have discussed privacy preferences tell me that their privacy preferences are pretty simple – for example, “I don’t want companies to give my information to anyone else.” But as our conversations continue, people usually start to articulate a variety of exceptions to their simple initial rules. “If I order something from them, then they can provide my information to fulfill the order and ship a package to me. And if I tell them about my hobby, then it would be OK if they send me catalogs related to that hobby or let me know about clubs I might be interested in.” Some people, eager for a good deal, go further: “I should have the right to control my information, but junk mail doesn’t really bother me so much. So if they are willing to give me something for free, I don’t mind throwing away their junk mail. But if they are profiting from my information, I should get something too.” And when the discussion turns to the sharing of location or presence information with other individuals, privacy preferences tend to get very complex.”

Next page: Simpler privacy may not be better privacy…

Page:  1   2  Next  »

Source: Dr. Cranor on ‘Do Not Track’ and the Improbability of Complete Privacy