Research Projects You Should Know About

Anonymous Coward writes "Here is a look at 10 current IT and network research projects, from active cookies to faster wireless LANs to the latest anti-phishing schemes, that could be making their way out of labs and into companies and homes soon." Still no virtual sandwich I see.

Re:sharing Wi-fi?

[red5]

"Steal", "Share"? It's all just a matter of semantics these days.

Attention Givers

[Joebert]

Spammers are expected to start mining for familiar e-mail addresses via secretly overtaken "zombie" computers and replicating patterns seen in messages such as common abbreviations, misspellings and signatures.

There is somthing kinda funny about that.

Quite a few business people pay top dollar to resorts that pay that much attention to datails about them.

Maybe the spammers could quit looking for pennies & devolop software that uses their skills for people who actually want it.

The key to going where Google isn't...

[b0r1s]

Is to explore the content that Google ignores. The next 'breakthrough' in search engines will advance on Google Images and Google Video by being able to discover objects in images and understand text in video.

Being able to search video hosting sites for a phrase without requiring manual entry of the script (if one even exists) would be incredibly useful.

Active Cookies

You can download the Active Cookies whitepaper from the front page of http://www.ravenwhite.com./

It appears that Raven White, in association with RSA Laboratories, are proposing an extension to the HTTP cookie scheme whereby a cookie could be associated with an IP address rather than a domain. This would, according to them, allow a site to store a shared secret on the client which could not be obtained by third parties via a "pharming" (DNS/browser location spoofing) attack.

I'm not going to argue about the merits of the scheme they are proposing - it appears to be relatively functional.

What I don't understand is why, if what they're proposing requires extensions to the existing behavioural specification, they don't look at a challenge-response style method of cookie acquisition. This would remove the tying of cookie "ownership" to the DNS hierarchy and permit a more robust scheme of sharing information between the client and server.

A valid anology to the current system might be:
Me: Hi, my name's Malcolm, can I have the secret documents?
You: You walked in when I asked for Malcolm - here they are.

White Raven's scheme:
Me: Hi, can I have the secret documents?
You: I recognise you from the last time I spoke to Malcolm - here they are.

Cookie auth scheme:
Me: Hi, can I have the secret documents? Here's the password we agreed on earlier.
You: I recognise that password, you must be the entity I spoke to earlier or an agent thereof. Here's the documents!

I concede that the IP based cookie distribution system is simpler - but it's not much simpler, it is still open to attacks and it is less flexible. Is there something I'm missing?

Malcolm

Re:Here's a cool one

[cyclomedia]

Sod the neighbors we were selling this in 2003 to whole villages. The local pub would have a sat dish and an omni antennae on the roof, with a rackmount PC to join them together. We put access points with small directional plate antennaes into project boxes from maplin. silicone sealed them up. bolted them to poles. bolted the poles to peoples chimneys and ran cat5 with a power-over-network adapter through the attic into their computer/hub. Bish bash bosh. Requlated connections via the fixed IP addresses of the access points and used a VPN to access the main village-pub system to admin it all from our office.

in theory.

in reality the "antenna" boxes would leak and corrode the connections, trees would only pass the signal through when dry. the villages would be 60 miles away in a valley where we had no mobile signal to chat back to the office to test connections. the satelite latency was occasionally huge (though throughput was good once it kicked in). we had no GPS equipment so had to use printed out multimap photos to try and work out where to point the clients box. Couldnt get the bastard network drivers to work on peoples clapped out pentium 200 + win 98 boxes (until we introduced the minimum XP + usb port standard!) Etc.

still, was a lot of fun, in the true spirit of tech hacking :-)