Archive for November, 2013

Botnets and YOU

It’s nearly Thanksgiving, and nothing puts me more in the spirit of giving thanks than the thought of an enormous, globe-spanning distributed network of computers at my beck and call. This is a lie, though; I don’t have a network like that, and if I did, ‘thanks’ is probably not what I would be giving, and the only thing I would anticipate receiving would be a prison sentence. The kind of network I just described is called a ‘botnet’, and yes, they are generally illegal. I am certainly not condoning the creation of a botnet, but I feel it is important to know about them, since they represent one of the most powerful weapons a malicious ‘hacker’ typically has in their arsenal. Also, as a sort of morbid curiosity, it is difficult to deny the ingenuity of their operation.

There are a myriad of ways to create a botnet, but the general idea is pretty simple: the ‘bots’ in the ‘botnet’ are simply computers that have been told to report to and / or receive orders from a central location. Basically just a bunch of computers that are set up with software that allows them all to be controlled by a single computer. This practice in itself is not illegal, but the circumstances that surround the creation and operation of the vast majority of botnets in existence today is where ‘botnet’ receives its negative connotation.

Most botnets are formed by distributing a piece of malicious software; these are the same kinds of worms, viruses and trojan horses that you’ve likely heard about before. These pieces of software can be very devious, installing themselves and running as a disguised process without the victim ever knowing. That’s the point, though — the victim has to remain completely unaware, otherwise they may take action against the malware. With this in mind, in order to remain stealthy, botnet software will often intentionally use fewer resources and exert less control over a victim’s system that it is actually capable.

Botnets are used for a variety of things, but most typically for spamming phishing emails, running denial-of-service attacks, and collecting personal data from victims.

Due to their extremely distributed nature, it is difficult to determine the source of a botnet, but that doesn’t mean that individual botnets can’t be identified and tracked. In a certain way, botnets can be a source of fascination and awe. Botnets are given names and sometimes even personalities and are typically ranked by either the number of infected hosts or by their level of impact. Another entertaining facet of botnets are their occasional hostile takeovers, wherein a very savvy individual or group of individuals is able to capture a bot’s software and reverse engineer it in order to procure information that would allow them to seize control of the botnet from its original creator. A bit of internal botnet warfare goes on due to the possibility for these sorts of takeovers, with some botnets possessing the ability to remotely ‘self destruct’ itself — not literally blow up, but to wipe itself or the system it was hosted on in order to prevent a reverse-engineering attempt.

There really is a lot to be said about botnets, but I hope that this overview was enough to pique your interest and lead to further investigation. Just be careful, and don’t do anything illegal, of course. Also, have a great Thanksgiving break, you’ve probably earned it.

Advertisements

November 21, 2013 at 12:26 am Leave a comment

Biometric Security Flaws

Some of you Apple fans out there may have already purchased the iPhone 5S. Some of you may think that the Touch Id fingerprint scanner is a great and secure feature. Apple claimed it was very secure, and it took a long three days before someone was able to hack it. Many believed that these identity based technologies were going to be far more secure than knowledge based securities such as passwords and pin numbers, but is that really the case?

The technology to scan a fingerprint is just one of many different ways to use your body as security authentication. This is termed biometrics and it utilizes any measurable physical characteristic that can be automatically checked. There are scanners out there for your face, hand geometry, retina, iris, hand written signature, vein, and voice. What is the problem if all of these characteristics are basically unique to you? That is exactly the problem. There is no way to change any of these if they become compromised and they can become compromised.

You only have 10 fingers, and If someone gets this data and uses it gain access to financial information, you only have 9 passwords left. It is even worse for a retina pattern scanner. How do you get a new retina? Most of us have seen the spy movies where they gather a persons fingerprint and use it, but this is not limited to James Bond. The German hacking group CCC that broke the iPhone used inexpensive materials found in your home like glue, print toner, and transparent paper. The worst part is we leave our fingerprints everywhere including the device we are trying to protect.

This may not be a huge concern to you considering that most would not put that much effort into getting the average person’s information no matter how difficult or easy it may be. The problem may arise in your future when you become an important government official, upper management of a international company, or even a celebrity of your field. Someone may just want the information you keep on your phone bad enough to use the methods a simple Youtube search can provide.

November 17, 2013 at 11:55 pm Leave a comment

Police Face Recognition Software

For the majority of you who have posted pictures on your Facebook and have used the “Photo Tag Suggestion” feature.  You would probably think this article is pretty interesting.  For those who don’t know what I am talking about, it’s when you upload pictures onto your Facebook album and Facebook automatically matches the peoples faces in the pictures and tag your friends.

Now homeland security is trying out the same thing, except for police officers.  Right now in San Diego, police officers are equipped with tablets and cell phones with an app that they can use to take pictures and look up your information.  Currently the database of pictures are of people who have been arrested before.  So when the police arrests someone, they take a quick picture of them and then the app uses facial recognition to match the persons face to someone who has been convicted.  When this is matched, there are a number of pictures the officer can look at to compare.  If there is a match then the officer just selects the picture and their information comes up including arrests.

This new facial recognition technology would help police officers retrieve data from individuals in a quicker manner.  Many other states are catching on to this and they are linking the facial recognition technology to driver’s license databases.  This can be good and bad depending on how the test goes.  The technology is still in the works but they hope to improve it to work accurately.  Currently, the app may have a potential for false positives which can have a lot of mishaps.  But if you have no convictions or arrests, you shouldn’t be worried.  It would also be up to the judgement of the police officers who receives the technology to choose if the images match.

When I heard about this, I thought it was very interesting because technology is growing bigger everyday.  Now even the simplest thing we know can be used to help the police protect us from dangerous people.  This facial recognition program has been on all of our phone cameras and regular cameras for awhile now.  It’s just interesting that now they thought of the idea to use it for another good cause than just taking #SelfieSundays (Instagram Lingo).

Don’t forget to take the quiz and have a good weekend!

Feel free to comment on the post if you have any ideas or questions about the blog posted.

-David

November 14, 2013 at 1:02 am Leave a comment

Fun With Virtual Labs

So here’s the scenario: you’ve just read about some neat piece of software or a cool operating system either here or elsewhere on the internet and you think you’d like to try it out. To complicate things, perhaps the software doesn’t run on your current operating system, or maybe in order for it to work, it needs a deployment of several systems simultaneously. For nearly anybody, that would be a tall order, and for what? Fun? A difficult justification for what is shaping up to be a monumental undertaking. I assure you, there is a better way.

 

As the title of this article would imply, the way to your software salvation lies in virtualization. It is likely that you have heard of hardware virtualization before; you have almost undoubtedly been exposed to virtualized hardware at some point in your life, either directly or indirectly. For example, even here on campus, a significant amount of the computers you use in labs are ‘thin clients’ that simply send control information and video data back and forth between a virtual computer that is located on a server deep within one of ISU’s data centers. Even most servers these days are virtualized to allow for scalability and load-balancing. Most applications that are touted to run ‘in the cloud’ will likely be running on virtualized hardware.

 

Now that you know about all these advantages to virtualization, how can you leverage virtual hardware for your own experimental purposes? Not only is the solution easy, it is also free! There are virtualization applications that you can pay for, for sure, but if all you want to do is set up a quick test environment or if you’re just beginning, some of the simplest solutions are the free ones.

 

The keyword to search for is ‘Virtual Machine’ software. These are applications that are designed to simulate all of the individual parts of a computer in software, so that you can essentially run a computer within your computer. On a side note, video game emulators function in a similar fashion; all of the hardware components of a console are ‘emulated’ in computer software to allow a game program made for that system to run within that environment. Back on track — two of the most prolific free applications for simulating computer systems are Virtualbox and VMWare Player. Both of these solutions have automated wizards that will aid you in setting up your virtual systems, all you need to supply is the disk image file for the operating system you want to install (Ubuntu would be a good place to start if you are lacking disk images to try). There are other free solutions as well, but generally may require a more intense set-up process. Some of these options would include an Ubuntu server running Xen, or a Windows server running Hyper-V.

 

However you choose to get your virtual lab set up, you’ll be able to experience a number of handy benefits. If you keep a virtual machine around that has the same operating system installed on it as your primary computer, you can use that virtual machine to give interesting software a sort of ‘trial run’ without having to install it on your own computer. It’s cleaner and more efficient to roll back a virtual machine than it would be to uninstall a pesky application that you don’t want. Testing out configurations for specific applications is handy, too; you’ll be able to see how a particular configuration will will affect your system before actually messing around with any important configurations files. A virtual ‘lab’ is often used by security professionals and hobbyist ‘hackers’ alike in order to practice and gain experience without putting themselves or others at risk of an errant or misconfigured attack. An excellent resource for practice virtual machines is the website Vulnhub.

 

Personally, I feel the biggest advantage that my personal use of a virtual lab offers me is the lack of apprehension before diving into a project; just spin up a virtual machine and start bashing rocks together. Now go forth and make virtual labs of your own!

 

November 11, 2013 at 12:05 am Leave a comment

Embrace the Matrix

Hello MAT 120 students! I am Chris Higgins, application developer and server administrator at Illinois State University, masters student, former blogger for this site, and now I am back doing a guest posting! Many thanks to Dr. Machina for reaching out and asking if I would be willing to come back and do a guest posting. I was in this same class four long years ago as a freshman, struggling to get every answer right and pass the class with the best grade I can get. Now I’m sitting in my office writing this blog post while I have various programs end editors open, spending most of my working day coding and coding away.

Programming and coding is taking the world by storm. Everywhere you go, there are hundreds of devices around you being run by some program that a developer wrote. You cannot go anywhere without computers being around you. So, why not embrace what is happening around you? Why not become part of the change? The world of information technology is rapidly growing, creating both new jobs and new technologies. There will always be jobs in IT out there, and jumping into IT just helps to lead you to success.

One of the best things you can do for yourself is learn how to code. It is like learning a new language, the sooner you learn and more you use it, the better you will be at programming. Gabe Newell quotes “the programmers of tomorrow are the wizards of the future”, and he is exactly right! I remember being young and working on my own Windows 95 computer thinking how cool it was, not even imagining the amount of progress that would be made in the coming years to where we are today. Now it is not even the nerds that say coding is in the future, famous celebrities such as singer/rapper Will.I.Am and basketball player for the Miami Heat Chris Bosh are joining the party and learning how to code. They are taking the initiative to basically enter the matrix.

I hope that I have convinced some of you to become interested in coding and working in IT, if you were not already thinking that could be your future! Always keep an eye for student IT job posts on the ISU jobs website, and don’t forget to take this weeks quiz now available on ReggieNet! Thanks for having me everyone, I hope you enjoyed the read!

November 6, 2013 at 11:59 pm 1 comment

Deep Learning Neural Networks

Every single time you decide to update your status, you are sending secret messages about your personality that you yourself may not be able to realize. I’m not writing about just the basic facebook like of your favorite band’s page. Companies like facebook are now analyzing the data you harmlessly give them a bit further to understand where you are in your life and what is best to sell you tomorrow. The larger companies are investing large amounts of money into something called a deep learning neural network with the hope of figuring out just who you are and how to best proceed knowing their customer’s personality.

How does this deep learning neural network figure out who I am and what I want? The idea is based on the concept of how our bodies figure things out and make decisions based upon the inputs we receive. The input values can be as simple as your facebook post that you really want some ice cream and your later post that you had a really hard test this morning. These post can be perceived just the same as you seeing ice cream and your decision to purchase it. With the use of the neural network, the computer can realize that during finals time it should to try and sell you ice cream. This is just a very simple example and the technology itself can be used to look at thousands of post to make even more surprising statements about you. Basically, neural networks can be used to recognize associations between what you do with your social network to determine how best to serve and advertise to you.

A_simple_neural_network_with_two_input_units_and_one_output_unit

The associations work nearly the same as neurons in your own central nervous system. Each neuron is attached to thousands of other different neurons. To determine outputs from inputs, your brain takes your neurons and their associations to other neurons to make complex decisions. Computers can do the same thing, but replace the word neuron with node. Nodes can store information themselves and also connections to other nodes. Deep learning algorithms take these nodes into consideration and evaluate the connections between the data to provide meaningful results.

Although all of the data mining of your personal life may sound scary, neural networks do have serious potential to make your overall social networking experience much better. They hope to utilize deep learning neural network algorithms for a variety of applications such as helping you better articulate a post and choose the best vacation pictures from the thousands you have uploaded.

The idea itself isn’t brand new. Computer neural networking technology was used by Google to recognize human faces and helped Microsoft with speech recognition and translation. The same idea has even been used to recognize human emotions from text without you telling it specifically how you are feeling. One company who was later acquired by facebook had claimed they could accurately determine which of your smiles were genuine and which were faked just by looking at your pictures. It is a very efficient and intelligent method of analyzing data and making valuable connections in any application of its use.

November 3, 2013 at 11:55 pm Leave a comment


November 2013
S M T W T F S
« Oct   Dec »
 12
3456789
10111213141516
17181920212223
24252627282930