| |
|
Deadline for applications to
SECuR-IT &
SUPERB-TRUST
Deadline for applications to
WISE
SUPERB-TRUST
SECuR-IT
WISE
Conferences 
Key Resources:
Experts debate: Is DRM good or bad for consumers?COMPUTERWORLD ran a story about the FTC's discussion about the controversial DRM (digital rights management) technology possibly benefiting consumers because it could give them more choices for downloading or buying copyrighted content. Others on a panel discussion about new technology products are not convinced however.Until DRM matured, consumers had control over how they used digital content, noted Deirdre Mulligan, director of the Samuelson Law, Technology and Public Policy Clinic at the University of California, Berkeley, Law School. DRM is creating a "permission culture" where consumers have to ask the copyright owner's permission to play a piece of music on both a home computer and a car stereo, she said. See full article at COMPUTERWORLD. Shankar Sastry to discuss UC Berkeley's intiatives at its first Global Technology Leaders ConferenceA press release came out yesterday in the Wall Street Journal's online MarketWatch announcing UC Berkeley as host of the inaugural A. Richard Newton Global Technology Leaders Conference on Thursday, November 20th.The conference will bring together notable entrepreneurs, scientists and researchers to discuss the world's most overarching challenges and ascertain pathways to solution in the health sciences, energy and technology fields. Dean of UC Berkeley's College of Engineering, Shankar Sastry, will discuss Berkeley's initiatives in these areas. Alberto Sangiovanni-Vincentelli, professor in Electrical Engineering and Computer Sciences at Berkeley, will deliver the keynote address, "The Future of the Future." The conference is being held during Global Entrepreneurship Week and is sponsored by the Ewing Marion Kauffman Foundation and the goal for the group is to develop a roadmap leading to new industries in energy, technology and health care. "It is fitting to launch this annual series during a week that seeks to inspire young people to be innovative and entrepreneurial," said Lesa Mitchell, vice president, Advancing Innovation, Kauffman Foundation. See complete story in MarketWatch. Improving the Count; Prof. David Wagner, others pose solutions for better election systemThe Boulder Daily Camera ran an article Sunday regarding problems with voting systems in general and in Boulder County specifically. Although Boulder County Commissioners agreed to spend $1.4 million on optical scanning equipment in 2004, in didn't take long for problems that still follow the county's election process showed up. In August 2004, Boulder County lagged hours behind other Colorado counties. Worse, poorly printed ballots delayed election results for 72 hours in November, 2004.?If the proper maintenance and everything else is being done to (the scanners), this is the voting system we should be using,? said John Gideon, co-director of VotersUnite!, a non-partisan group that has been logging errors on all kinds of voting machines.Computer scientist David Wagner of the University of California at Berkeley who studies electronic voting machines, agrees. ?Right now, I think optical scan systems are probably the most mature, reliable technology on the market,? he said. ?Boulder got the best technology on the market. ... None of the voting systems are perfect, and they all have their limitations.? See full story in The Boulder Daily Camera. Profitability of spam finally measuredZDNet posted an article about a key paper presented at this year's ACM Conference on Computer and Communication Security. A team of researchers, including UC Berkeley Professor Vern Paxson, used somewhat aggressive tactics to collect data that measures the conversion rate, or the rate at which an advertising impression results in a products sale, for spam. They essentially hijacked a portion of the notorious Storm botnet to inject spam that contained links to domains and storefronts they controlled.The team's data has shown that generating 28 sales at an average of $100 each of various "male-enhancement" products required 350 million separate spam messages. This provides a yearly revenue rate of the Storm botnet for the sale of pharmaceuticals at around $3.5 million dollars. See complete article at ZDNet. What Could Possibly Go Wrong?An article came out today in PCWorld regarding the progress of E-voting technology since the 2000 U.S. presidential election, although it has taken a rather zig-zagged path. After Congress passed the 2002 Help America Vote Act (HAVA), counties spent billions of dollars upgrading to new electronic voting machines, many of which were dumped when it was determined that they were either unusable or untrustworthy.Machine malfunctions, touch-screen calibration errors, training problems with unskilled poll workers or human error on the part of the voter all impact on an election's outcome. All of the above notwithstanding, University of California computer science professor David Wagner states that bad design choices could be ferreted out if the federal government included user-interface testing as part of the certification process. Proposed next-generation voting standards would require this type of testing, but it is not clear that these standards will be adopted, Wagner said. The Berkeley professor also said he will be watching these voter registration databases closely today. "I don't know what to expect," he said. "Everything could go smoothly, or we could have a substantial fraction of voters who show up on Election Day, think they're registered and are told that there is some problem with their registration." See article today in PCWorld. David Wagner quoted in article on new trend in voting technologyIn an article written by freelance technology journalist Cyrus Farivar, the concept of using cryptography for what is being called end-to-end voter-verifiability is described and analyzed.In order for public officials to definitively show that the proposed cryptography works as it should, they would have to provide an advanced mathematical proof, or "zero-sum proof" as it is known, whose sheer size would preclude printing it on the ballot. Among the several academics Farivar interviewed about the new cryptographic approach involved in voter-verifiable systems, Farivar quotes UC Berkeley Professor David Wagner who asks "Will voters accept something that uses mathematics that they won't understand?" See details in machinist. Stephen Maurer quoted in New Scientist on DNA and TerrorismStephen Maurer, Director of the Goldman School Project on Information Technology and Homeland Security ("ITHS") and member of TRUST was quoted in the New Scientist September 14, 2008 article, "DNA firms step up security over bioterrorism threat" that discusses efforts to counter fears that terrorists could make deadly viruses by ordering genetic material from corporations. Maurer is quotes as saying, "The fact that they're going to share their experiences is really important." Maurer helped write the industry guidelines.UC Berkeley Professor Doug Tygar called in as expert witness for the defenseSlashdot recounts a story published in NETWORKWORLD about the latest twist in the bizarre story of the rogue network administrator that hijacked the city's network in the last two months. With costs estimated at $1 million, city officials say they are trying to locate a mysterious networking device hidden somewhere in the network.This device, which is referred to as a "terminal server" in court documents actually appears to be a router that was installed to provide remote access to the city's Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. The router was discovered on Aug. 28. When investigators tried to log in to the device, they were greeted with what appears to be a router login prompt and warning message saying "This system is the personal property of Terry S. Childs." Childs, a network administrator with DTIS was arrested June 12 on charges of network tampering after he refused to provide his superiors with administrative access to the city of San Francisco's network, which he'd managed for the past five years. In a report filed before the city disclosed the hidden router, a court-appointed expert witness for the defense wrote that DTIS could easily prevent Childs from accessing the networks. "I have seen no evidence that Mr. Childs is a 'computer hacker,' and by taking a number of simple steps, DTIS could block access by Mr. Childs to San Francisco networks," wrote Doug Tygar, a University of California, Berkeley computer science professor. Childs next appearance is set for September 24th, when he'll face up to seven years in prison if convicted. For complete story, see NETWORKWORLD . Samuelson quoted about copyright and electronic access to CA lawsIn a September 3, 2008 Santa Rosa Press Democrat article, "He's giving you access, one document at a time," concerning efforts to make California laws more accessible on-line, Professor Pam Samuelson was quoted
9/29/08 Update: This article has been picked up by the San Francisco Chronicle (9/27/08) and the NY Times (9/29/08). TRUST Supports Undergraduate Security Research ExperienceThe Daily Californian ran an article on the UC Berkeley Summer Undergraduate Program in Engineering Research at Berkeley (SUPERB) program, including a group hosted by the TRUST Center. Led by Professor David Wagner and a group of graduate graduate student mentors, the SUPERB-TRUST participants got firsthand experience conducting research into security vulnerabilities of software applications as well as general exposure to working in a university research environment.Plug-in opens door for self-signed SSL certs in Firefox 3An online posting of an article in INFORMATION SECURITY MAGAZINE appeared Friday about the release of a software plugin developed by CMU Professors Adrian Perrig and Dave Anderson along with Ph.D. student Dan Wendlandt. The plugin, as part of a system called Perspectives, was designed to relieve some of the anxiety surrounding Mozilla Corp's decision to not display sites with either self-signed or expired SSL digital certificates in Firefox 3.The Perspectives system works from a series of servers that monitor website connections recording public encryption keys over time. If the servers can authenticate that the same key has been returned for a requested site for a predetermined period of time, Perspectives will override Firefox 3's default block on the site and allow the user to proceed. See SearchSecurity.com for details. University of California, Berkeley Prof. Bajcsy wins Innovation Research AwardHewlett Packard announced the 41 professors it has chosen to receive its HP Labs Innovation Research Awards, which fund joint research projects between academic research institutions throughout the world and HP Labs.Drs. Ruzena Bajcsy and Van P. Carey, of the University of California, Berkeley were among the 41 professors selected. "Deepening HP Labs' strategic collaboration with those in academia, government and the commercial sector ensures HP's research endeavors result in high-impact research that meets the scientific and business objectives of HP and its partners," said Prith Banerjee, senior vice president, Research, HP, and director, HP Labs. "The professors' deep technical expertise, HP Labs researchers' domain and industry knowledge, and governments' abilities to fund innovative research will come together to address the world's most complex IT challenges."See complete story at MarketWatch. Transit agency wants MIT students to stay gaggedThe Electronic Frontier Foundation is providing legal defense for three MIT students prohibited from discussing vulnerabilities they discovered in subway card security by an order given to the Massachusetts Bay Transportation Authority by a District Court Judge.The EFF has enlisted some high-profile academics, including UC Berkeley's David Wagner, to strengthen the case that the restraining order is antithetical to security research. Security researchers are watching this case carefully because it could ultimately set a precedent weighing First Amendment rights to publish freely against a vendor's desire to keep embarrassing and potentially explosive details secret. Prof. Wagner and several other high-profile academics have signed a letter to the judge on Monday that says: We are concerned that the pall cast by the temporary restraining order will stifle research efforts and weaken academic computing research programs. In turn, we fear the shadow of the law's ambiguities will reduce our ability to contribute to industrial research in security technologies at the heart of our information infrastructure. We urge that you reconsider and remove the temporary restraining order issued on August 10, 2008.See full story at cnet.news.com Research improves recognition softwareOn August 12, 2008, Allen Yang was featured on KGO TV in a segment titled, "Research improves recognition software".NIST Advisory Group Welcomes Berkeley ProfessorIt was recently announced that electrical engineering and computer science professor at the University of California, Berkeley, Ruzena Bajcsy, has been selected to serve on the primary private-sector policy advisory body of the National Institute of Standards and Technology (NIST). Dr. Bajcsy's appointment to the agency's Visiting Committee on Advanced Technology (VCAT) was announced by NIST's deputy director, James M. Turner.Bajcsy's research areas include artificial intelligence, robotics, biosystems and computational biology, and human-computer interaction. She is director emeritus of the Center for Information Technology Research in the Interest of Society (CITRIS), a UC Berkeley-based public-private partnership that develops information technology solutions to social, environmental and health care issues. See press release in ThomasNet Industrial Newsroom. Professor Anthony Joseph elected to the ACMUC Berkeley Professor Anthony Joseph has been elected to the Association for Computing Machinery Council as Member-At-Large. Elected member are recognized for significant accomplishments or for achieving significant impact on the computing field.UC Berkeley Professor Ruzena Bajcsy elected to American Academy of Arts & SciencesA press release issued by UCBerkeleyNews announced that University of California Berkeley Professor Ruzena Bajcsy has been elected to the American Academy of Arts & Sciences."The Academy honors excellence by electing to membership remarkable men and women who have made preeminent contributions to their fields, and to the world," academy president Emilio Bizzi said in a prepared statement.The American Academy of Arts & Sciences is one of the nation's oldest and most prestigious honorary societies and independent policy research centers. Automatic Patch-Based Exploit Generation is Possible: Techniques and ImplementationsA paper by David Brumley, Pongsin Poosankam, Dawn Song (TRUST) and Jiang Zheng, "Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications" is getting quite a bit of press:Electronic Voting at the RSA ConferenceThe RSA Conference April 7-11, 2008 in San Francisco resulted in a few news items about the work of David Wagner.Engineers Test Highly Accurate Face RecognitionThe work of postdoctoral researcher Allen Yang, of Professor Shankar Sastry's Heterogeneous Sensor Network (HSN) group at the University of California, Berkeley, is the subject of an article in Wired magazine where a new facial-recognition algorithm was created by Yang with the help of researchers at both UC Berkeley and the University of Illinois at Urbana-Champaign."Most algorithms use what's known as meaningful facial features to recognize people-things like the eyes, nose and mouth," says Dr. Yang. "But that's incredibly limiting because you're only looking at pixels from a designated portion of the face and those pixels end up being much smaller than the whole image. Our algorithm shows that you only need to randomly select pixels from anywhere on the face. If you select enough of them, you can produce extremely high accuracy." Yang's new algorithm may signal a quantum leap in face-recognition technology. Professor Ssstry, dean of UC Berkeley's College of Engineering notes that Yang's new method obsolesces years of research in this field. Nonetheless, the new technique could have profound impact in many areas, with new models for online advertising, new ways of annotating video and still images, and new techniques for identifying people in public places. See the complete article in Wired. Debugging Election CodesAn announcement on UC Berkeley's Electrical Engineering and Computer Sciences website tells of an article featuring David Wagner in the March issue of a Berkeley Engineering publication about his work reviewing voting machine systems code.Professor Wagner, as the Principal Investigator of a joint UC Berkeley-UC Davis project commissioned by California Secretary of State Debra Bowen, led a team whose comprehensive examination found major vulnerabilities in voting machine systems. While the machines were questioned immediately by grassroots activists, mainstream politics and media viewed their concerns about voting machine security as mere lunatic fringe behavior. However, according to Wagner, forward-thinking election officials changed this opinion. "Some elections officers took the activists' concerns seriously and forced these vendors to pry open the covers and hand over the source code," Wagner recalls. "That's what made it real; we could actually examine the code, so it wasn't just speculation anymore." While Wagner's review prompted Bowen to limit the machines to one per polling place, a well-designed electronic voting machine could be a benefit to democracy. See details in Innovations. Ranking Corporate America on Identity TheftThe New York Times covered a report compiled by Chris Hoofnagle at the Berkeley Center for Law and Technology at the University of California at Berkeley on the institutions most frequently cited by consumers in fraud complaints. The country's largest banks and phone companies showed up most frequently, of course. To account for size, Mr. Hoofnagle factored in the total amount of deposits per institution as of Dec. 31, 2006. Mr. Hoofnagle said he believe the study was an important step in creating an "identity theft marketplace" for consumers. "I've been working for years to try to spark a market, a true market, for competition on preventing fraud," he said. "Some of these institutions have attempted to compete based on advertisements, but I'm a real believer in the idea that if you give consumers information, they can make better decisions." For the complete report, see Measuring Identity Theft at Top Banks. Demands for Personal Information Controls on Social Networking Sites IncreaseA Wall Street Journal article discusses the effects to online privacy introduced by services offered on social networking sites such as Facebook and MySpace.In the article, TRUST security and privacy researcher and clinical research specialist at the UC Berkeley Samuelson Law, Technology & Public Policy Clinic Jennifer King weighs in on the data-sharing implications of such sites and advice to users about keeping their personal information and online activity more private. TRUST Spring 2008 Conference: April 2-3, 2008The next TRUST Conference to be held April 2-3, 2008 at the Claremont Resort & Spa in Berkeley, CA.The schedule is to have a full day (~8:00 AM to 5:00 PM) April 2 and a half day (~8:00 AM to 12:00 PM) April 3. This event will provide you with an opportunity to hear firsthand about the work of TRUST faculty and students-specifically activities that:
For more information, see the Conference Page. A Legal Analysis of the Sony BMG Rootkit DebacleDeirdre Mulligan and Aaron Perzanowski of the Berkeley Center for Law & Technology published an article on Sony BMG's deployment of digital rights management (DRM) systems that threaten the security of its customer's computers and the integrity of the information infrastructure in general.The DRM systems were released by Sony BMG on millions of Compact Discs in late 2005.A summary of the article can be found in Slashdot.
Older News ItemsThese items are being moved to the Trust Website News Blog
|
