Slashdot Mirror

After performing hours of analysis, a computer science professor says he's "not impressed" by the quality of the recently-leaked code that's supposedly from an NSA hacking tool. An anonymous Slashdot reader writes: The professor, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago, gripes about the cryptography operations employed in the code of an exploit called BANANAGLEE, used against Fortinet firewalls. Some of his criticism include the words "ridiculous", "very bad", "crazy" and "boring memory leaks".

"I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email.
If these were cyberweapons, "I'm pretty underwhelmed by their quality," professor Checkoway writes on his blog, adding that he found "sloppy and buggy code," no authentication of the encrypted communication channel, 128-bit keys generated using 64 bits of entropy, and cypher initialization vectors that leaked bits of the hash of the plain text...

Zothecula writes By cladding a living cell with graphene quantum dots, researchers at the University of Illinois at Chicago (UIC) claim to have created a nanoscale biomicrorobot (or cytobot) that responds electrically to changes in its environment. This work promises to lay the foundations for future generations of bio-derived nanobots, biomicrorobotic-mechanisms, and micromechanical actuation for a wide range of applications. "UIC researchers created an electromechanical device — a humidity sensor — on a bacterial spore. They call it NERD, for Nano-Electro-Robotic Device. The report is online at Scientific Reports, a Nature open access journal."

An anonymous reader writes "Artificial and natural knowledge researchers at the University of Illinois at Chicago have IQ-tested one of the best available artificial intelligence systems to see how intelligent it really is. Turns out–it's about as smart as the average 4-year-old. The team put ConceptNet 4, an artificial intelligence system developed at M.I.T., through the verbal portions of the Wechsler Preschool and Primary Scale of Intelligence Test, a standard IQ assessment for young children. They found ConceptNet 4 has the average IQ of a young child. But unlike most children, the machine's scores were very uneven across different portions of the test." If you'd like to play with the AI system described here, take note of the ConceptNet API documentation, and this Ubuntu-centric installation guide.

tsu doh nimh writes "If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new OAuth service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground. From KrebsOnSecurity: 'The brainchild of researchers at the University of Illinois at Chicago, Cloudsweeperâ(TM)s account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure thatâ(TM)s computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.'" A recent report from Kaspersky (PDF) also highlighted the trend toward phishing attepts targeting Facebook, Google, and Yahoo accounts alongside bank accounts.

Zothecula writes "In the Spider-Man comics and movies, the famous hero's 'Spider Sense' warns him of incoming danger, which proves to be just as important a superpower as slinging webs and climbing walls. Now a group of researchers at the University of Illinois in Chicago may have found a way to replicate such superhuman perception that doesn't involve any radioactive spiders. Using a collection of sensors placed all over the body, the group has designed a 'SpiderSense' suit that detects objects in the environment and warns the wearer when anything gets too close."

chicksdaddy writes "Threatpost has a write-up of a study by researchers at Carnegie Mellon University that provides the first conclusive evidence that Chinese government censorship extends to social media sites like Sina Weibo, the popular micro blogging Web site that many have likened to a Chinese Twitter. 'The study ... found that censors in China delete around 16 percent of the messages submitted to Sina Weibo ... The study, released in March, concludes that "soft censorship" in China — the removal of controversial subject matter from blogs and Web pages — is at least as popular as hard censorship, like the blocking of offensive sites. The result is suppression of news about events or individuals that are deemed threatening to the ruling Communist party.'"

caffeinemessiah writes "With the recent launch of Facebook Places, the rise to prominence of Foursquare and GoWalla, and articles in the New York Times about the increasing popularity of 'checking in' to locations using GPS-enabled mobile phones, a number of businesses are wondering how to reward frequent patrons. But exactly how susceptible are these 'location based services' to being abused? A researcher at the University of Illinois at Chicago shows how easily Foursquare can be gamed in 9 Perl statements, and invites readers to submit more succinct versions of the code to game the system." An anonymous reader contributes a link to a similar article about spoofing Facebook Places to create an alibi.

itwbennett writes "Blogger Peter Smith weighs in with some possibilities for how the new Nintendo 3DS handheld gaming system will provide 3D gaming without the need for 3D glasses. The DSi has cameras, which means the 3DS will have to have them too if it's going to be backwards compatible. We've also heard rumors that the 'next DS' will have tilt-sensors better than the iPhone. With either the camera or tilt-sensors either of these 'faux 3D' systems would work. But since we've seen the DSi do this already, it doesn't seem likely that the new hardware will rely on the same old trick. Enter our friends at Engadget, who uncovered some details from Japanese newspapers. If they're right, the Nintendo 3DS will incorporate parallax barrier LCD screens from Sharp (see also this explanation of dynamic parallax barrier screens). This is the same technology used in a few '3D Laptops.'"

crazybilly writes "First Monday recently released a study about how college students actually use Wikipedia. Not surprisingly, they found, 'Overall, college students use Wikipedia. But, they do so knowing its limitation. They use Wikipedia just as most of us do — because it is a quick way to get started and it has some, but not deep, credibility.' The study offers some initial data to help settle the often heated controversy over Wikipedia's usefulness as a research tool and how it affects students' research."

An anonymous reader asks: "I attend the University of Illinois at Chicago. Last semester my housing arrangements went smoothly. I put down my application fee, and my deposit just fine, got a room for the semester and life went on. This semester, because there was supposedly a large number of students who did not check into their rooms last semester, we were required to make a $100 prepayment, in addition to the application fee and deposit. No problem, I think, I see the university is trying to make a quick buck off people who don't follow through with their plans. Now I do NOT have a checking account, a credit card, or anything. I don't trust the banks, or the credit card companies, so I am one of the few people who do EVERYTHING in cash. However, they refused to take the cash. Is it legal for a state-owned university, let alone any business to not take legal tender?" The housing department also will not charge my university account (so I can pay the bursar or whoever I need to) in cash, and they want a check or money order. Nowhere in their letter did they say that. I fear out of technicality I am going to loose my housing since I cannot get them their money on time because they do not take cash.

What can I do?"

Roland Piquepaille writes "Researchers from Illinois and Florida are developing a networking system which will create virtual representations of real people to improve our knowledge. They will use artificial intelligence and natural language processing software to enable us to interact with these avatars. The goal of the project, sponsored by the National Science Foundation (NSF), is to give us the possibility to interact with these virtual representations as if they were the actual person, complete with the ability to understand and answer questions. We should see the results at the beginning of 2008 — if the researchers succeed."

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

PabloJones writes "Apple and Motorola have come together to create a new mp3-enabled cell phone, according to this Reuters article. It says that the device will be capable of storing about 12 songs, and will be fully integrated with iTunes. Perhaps this is a beginning of a new relationship between the two companies, after the PowerPC problems between the two in recent years."

IronBlade asks: "Hi all, I'm very interested to hear if the O'Reilly / Useractive Linux/UNIX System Administrator courses are any good. There are 4 units, and as they are offering them in a package (4 for the price of 3) until -Feb 15th-, I'm very interested in your opinion as to their worth. I have previous sysadmin experience on GNU/Linux and feel I have a reasonable grasp of things, but I don't have any proof of my skills, and certificates from the University of Illinois would be a Good Thing to add to the CV."

ynakai asks: "Today, I had the fortune to be allowed to play with demo applications in a CAVE. This technology is stunning, but what is the killer app? A staffer said that despite the potential use as a teaching tool for medical students, the system is rarely used now except by digital artists (who admittedly create some stunning experiences - try the VRML versions of some). Surely Slashdot can think up better ways to make use of a multimillion dollar room of fully immersive 3D interaction, besides FPS games?"

ynakai asks: "Today, I had the fortune to be allowed to play with demo applications in a CAVE. This technology is stunning, but what is the killer app? A staffer said that despite the potential use as a teaching tool for medical students, the system is rarely used now except by digital artists (who admittedly create some stunning experiences - try the VRML versions of some). Surely Slashdot can think up better ways to make use of a multimillion dollar room of fully immersive 3D interaction, besides FPS games?"

ynakai asks: "Today, I had the fortune to be allowed to play with demo applications in a CAVE. This technology is stunning, but what is the killer app? A staffer said that despite the potential use as a teaching tool for medical students, the system is rarely used now except by digital artists (who admittedly create some stunning experiences - try the VRML versions of some). Surely Slashdot can think up better ways to make use of a multimillion dollar room of fully immersive 3D interaction, besides FPS games?"

gleeklet writes "Has anyone else seen that there is a need for inexpensive 3D visualization software for presentations and classroom lectures? There is a Chemical Engineering package available but compared to video game software, the graphics are a bit lacking. My goal was to create a chemical plant with the process control algorithms coded into the Quake II source. As a short demo I spent several hours creating a unit cell demo Quake II level to demonstrate the use of open source video game technology, which I found was well received by undergrads. Has anyone used video game technology as an education tool for science or engineering?"

YourHero writes: "Science Technology And Research Light-Illuminated Gigabit High-Performance Transit. All hail acronyms. U Illinois at Chicago has hooked up to SURFnet (Netherlands) at 2.5Gbps, with plans to go to 10Gbps and hook up Canada, Asia and other parts of Europe. StarLight as its called makes a monster gaming ... err. I mean 'real-time, multi-site virtual reality.' Looks like they've been racking up killer ping times for a few weeks now.

tilly sent us a really interesting little article on Why O'Reily is Better written from the perspective of one of their authors. Rahga wrote in to comment that the new KDE Mascot Looks like Playstation's "Croc". He's got a little poll. I vote no, but its close. tilly wrote in to note that Sunday's User Friendly is funny- it features a the ultimate choice. And for the best Star Wars quickie today, Sharkey sent us a link to this picture. Just look at it. Somewhat related is this one from an Anonymous reader: The Dark Redemption which is a 26 minute short film being directed in Australia- it takes place 2 days before the beginning of Star Wars, A New Hope and is apparently being done with permission of Lucas. gwendolin wrote in to ask the ultimate question: Do you dare to eat pop rocks and drink pepsi at the same time? This is wierd stuff (both the page, and the fact that a female with a cool homepage submitted a story!) Some Slashdot Sightings: VinceV wrote in to say that Slashdot apparently is mentioned in the printed manual for Caldera OpenLinux 2.2. cymen wrote in to tell us that Slashdot appeared in the Mit Technology Review. No URL, but someone sent me a scan (that I can't post for they fear the Slashdot effect) but its pretty cool. And finally, for some good old fashioned porn parody, gelbardn sent us Geek Erortica which features live strip shows of Ms. G3 and Ms. Dell. (No its not actually dirty, but its quite amusing).

Dan Yocum wrote in to let us know what's going on with Linus and Fermi today. As the updates says below, the speech is not open to the public-click below for more information.

As you know, the talk is not open to the general public, otherwise I would have posted the info far and wide. This is at the request of the Comdex officials. It is only by their generosity that Linus and his family have been able to come to the Chicagoland area. They don't want people to go to the Fermi talk and skip his keynote at Comdex. This is a philosophy I must appreciate and respect. Therefore it is only for Fermi staff, family and friends.

For those of you who do not know, Linus' keynote is at 10:30 on Monday morning at Comdex, and is free to those who have registered (which is free if you do it via the net, see the Comdex Site for more details). There will also be a reception and LUG meetings which will be free later in the afternoon.

And as you all know there will be a CLC meeting on Tuesday at 5:30PM in room N133 at McCormick Place, which is open to everyone, i.e., no Comdex pass is necessary to attend. The CLC is the Chicago Linux Consortium and this is our first meeting.

Back to Linus at Fermilab: this remains to be a non-public talk, so don't think that just because you saw it on Slashdot, you're allowed to come to the talk.

I have talked to the AALUG members and Simon has talked to the CLUG people: the same information that was passed along to those people stands today.

Thank you for your support and consideration in this matter, and please re-post this message freely.

Dan "