Slashdot Mirror

← Back to Stories (view on slashdot.org)

Research Projects You Should Know About

Posted by ryuzaki0 on from the listen-up dept.

Anonymous Coward writes "Here is a look at 10 current IT and network research projects, from active cookies to faster wireless LANs to the latest anti-phishing schemes, that could be making their way out of labs and into companies and homes soon." Still no virtual sandwich I see.

21 of 56 comments (clear)

  1. Huh. by darkhitman · · Score: 5, Funny

    Those are the ones that weren't censored out, I assume. The real list goes something like this: 1- Virtual pr0n 2- More of the above 3- See one and two 4- Identity-theft wizard 5- 1,2,3.

    --
    Tell me something...it's still "We, the people"... right?
  2. Re:sharing Wi-fi? by red5 · · Score: 4, Interesting

    "Steal", "Share"? It's all just a matter of semantics these days.

    --
    I know I'm going to hell, I'm just trying to get good seats.
  3. Here's a cool one by slashbob22 · · Score: 4, Funny

    "Sharing Wi-Fi with your neighbors" - Sign me up for my Doctorate. I've been doing research into this for years. So far I have determined that it works fairly well.

    I RTFA and I don't believe this is anything new; it is essentially a software based SLA with your neighbors. Frankly, I have been doing this with neighbors for a while now, albeit I do know them well.

    --
    Proof by very large bribes. QED.
    1. Re:Here's a cool one by cyclomedia · · Score: 2, Interesting

      Sod the neighbors we were selling this in 2003 to whole villages. The local pub would have a sat dish and an omni antennae on the roof, with a rackmount PC to join them together. We put access points with small directional plate antennaes into project boxes from maplin. silicone sealed them up. bolted them to poles. bolted the poles to peoples chimneys and ran cat5 with a power-over-network adapter through the attic into their computer/hub. Bish bash bosh. Requlated connections via the fixed IP addresses of the access points and used a VPN to access the main village-pub system to admin it all from our office.

      in theory.

      in reality the "antenna" boxes would leak and corrode the connections, trees would only pass the signal through when dry. the villages would be 60 miles away in a valley where we had no mobile signal to chat back to the office to test connections. the satelite latency was occasionally huge (though throughput was good once it kicked in). we had no GPS equipment so had to use printed out multimap photos to try and work out where to point the clients box. Couldnt get the bastard network drivers to work on peoples clapped out pentium 200 + win 98 boxes (until we introduced the minimum XP + usb port standard!) Etc.

      still, was a lot of fun, in the true spirit of tech hacking :-)

      --
      If you don't risk failure you don't risk success.
    2. Re:Here's a cool one by theonetruekeebler · · Score: 2, Funny
      Sharing Wi-Fi with your neighbors

      I may as well.

      After all, they've been sharing theirs with me for months now---thanks to AirSnort and them thinking a good password is their dog's name follwed by a "1".

      --
      This is not my sandwich.
  4. Already done... by kihjin · · Score: 5, Funny

    One of the ten research projects is "Human beings that live in computers."

    Interesting idea, but not original: /. started this in 1997.

    --
    This slashdot-related signature is a stub. You can help kihjin by expanding it.
  5. Active cookies? by beavis88 · · Score: 4, Funny

    That one sounds like it's straight out of 1999. Quick, someone register a .com and call the VC firms!

    1. Re:Active cookies? by smclean · · Score: 4, Informative
      The active cookie proposal actually didn't seem like such a bad idea. I dug through all the fluff and actually found the whitepaper on that one:

      http://www.ravenwhite.com/files/activecookies--28_ Apr_06.pdf

      From what I've gathered, basically, they seek to stop the threat of DNS poisoning and passive-snooping man-in-the-middle impersonation of a users' session by tagging cookies in the client's browser with an IP address rather than a domain name, then redirecting users from the DNS-resolved websites to that same IP (only to send their cookies), and ensuring (on the machine pointed to by that IP) that the IP address of the connection which was sent the redirection and the IP address that is now sending back the cookie to match up.

      This does seem like quite a bit of work to go through to stop what are probably relatively uncommon attacks though.

      --

      "'Yrch!' said Legolas, falling into his own tongue."

    2. Re:Active cookies? by illuminatedwax · · Score: 3, Insightful

      So active cookies totally won't work for certain large sites like yahoo or google that have services like akadns which change the resolved IP addresses quite often?

      --
      Did you ever notice that *nix doesn't even cover Linux?
    3. Re:Active cookies? by jrumney · · Score: 2, Insightful

      they seek to stop the threat of DNS poisoning and passive-snooping man-in-the-middle impersonation of a users' session by tagging cookies in the client's browser with an IP address rather than a domain name, then redirecting users from the DNS-resolved websites to that same IP (only to send their cookies), and ensuring (on the machine pointed to by that IP) that the IP address of the connection which was sent the redirection and the IP address that is now sending back the cookie to match up.

      OK, so as I expected, it does not, as the Newwork World article claims, prevent an attack where someone hijacks your wifi connection to direct you through their own network where they can spoof addresses.

  6. Attention Givers by Joebert · · Score: 3, Interesting
    Spammers are expected to start mining for familiar e-mail addresses via secretly overtaken "zombie" computers and replicating patterns seen in messages such as common abbreviations, misspellings and signatures.

    There is somthing kinda funny about that.

    Quite a few business people pay top dollar to resorts that pay that much attention to datails about them.

    Maybe the spammers could quit looking for pennies & devolop software that uses their skills for people who actually want it.
    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  7. Politicks by crazyjeremy · · Score: 4, Funny
    #8 is "Human beings that live in computers".... it says
    Politicians could one day determine the results of elections before they take place
    Isn't that already how it is now? At least in Florida...
    --
    Funnypics
  8. The BIG 3D imaging problem is... by geerbox · · Score: 5, Informative

    ...not really bandwidth, but storage.

    I've been lucky to head to a couple of optics conferences, and with the keynote presentations that has been the one surprising thing (to me as a layman) that comes up time after time.

    10Gbps throughput via optics is great; in fact, with the use of optics, the amount of data that can be collected for, say, scanning living tissue, is enormous. Finding a storage mechanism large enough and fast enough to store seemingly infinite amount of information, though, have been the researchers' concern.

    What did they think was a solution for this? You guessed it, optical storage.

  9. The key to going where Google isn't... by b0r1s · · Score: 4, Interesting

    Is to explore the content that Google ignores. The next 'breakthrough' in search engines will advance on Google Images and Google Video by being able to discover objects in images and understand text in video.

    Being able to search video hosting sites for a phrase without requiring manual entry of the script (if one even exists) would be incredibly useful.

    --
    Mooniacs for iOS and Android
  10. Knock knock... by Cephei · · Score: 4, Insightful

    "Sir, we have a warrent to get any encryption keys you have on your computer. You cleared your cookies in IE? Well that's too bad." -handcuff-

    It gets easier and easier to get arrested.

    1. Re:Knock knock... by Entropy · · Score: 2, Informative

      Don't forget they don't have to knock now ..

      --
      The sea changes color, but the sea does not change.
  11. 10 projects, 11 pages, 55 ads by drDugan · · Score: 4, Informative

    title says it all. yet another web presentation optimized for ad presentation.

    yuk.

  12. truly pathetic article by Anonymous Coward · · Score: 3, Insightful

    Wow, what a TERRIBLE article.

    First, it is piles of advertising and links you have to click through to get to even the very first page.

    Second, the articles are written by marketing droids, it appears. "Human beings that live in computers" is a stupid marketer code for sim city.

    How pathetic a slashdot article -- slashdot for sub-intelligent children...

  13. Active Cookies by Anonymous Coward · · Score: 4, Interesting

    You can download the Active Cookies whitepaper from the front page of http://www.ravenwhite.com./

    It appears that Raven White, in association with RSA Laboratories, are proposing an extension to the HTTP cookie scheme whereby a cookie could be associated with an IP address rather than a domain. This would, according to them, allow a site to store a shared secret on the client which could not be obtained by third parties via a "pharming" (DNS/browser location spoofing) attack.

    I'm not going to argue about the merits of the scheme they are proposing - it appears to be relatively functional.

    What I don't understand is why, if what they're proposing requires extensions to the existing behavioural specification, they don't look at a challenge-response style method of cookie acquisition. This would remove the tying of cookie "ownership" to the DNS hierarchy and permit a more robust scheme of sharing information between the client and server.

    A valid anology to the current system might be:
    Me: Hi, my name's Malcolm, can I have the secret documents?
    You: You walked in when I asked for Malcolm - here they are.

    White Raven's scheme:
    Me: Hi, can I have the secret documents?
    You: I recognise you from the last time I spoke to Malcolm - here they are.

    Cookie auth scheme:
    Me: Hi, can I have the secret documents? Here's the password we agreed on earlier.
    You: I recognise that password, you must be the entity I spoke to earlier or an agent thereof. Here's the documents!

    I concede that the IP based cookie distribution system is simpler - but it's not much simpler, it is still open to attacks and it is less flexible. Is there something I'm missing?

    Malcolm

  14. Fighting spam zombies from outer space by MonkeyBot · · Score: 2, Funny

    Dammit, I read this article and I am VERY concerned. Are the spam zombies actually FROM outer space, or am I supposed to fight them from outer space? If they're FROM outer space, then at least I know where to look (you know, up towards space...I hijack the SETI satellites or something). If I'm just supposed to fight them from outer space, then where the hell do I need to start looking for them? I mean, outer space is a big battleground.
    Can someone please clarify? I can only hope that they choose to face us on our home turf...but then again, spam zombies can't be hard to beat up. They're made of friggin' spam, and they move pretty slow. Furthermore, if we have to fight them FROM outer space, and they're not coming here, why are we fighting them in the first place? Isn't that more of an attack on the spam zombies? I have no beef with the spam zombies. Well, maybe some highly processed beef...

  15. Toss Active Cookies by tqbf · · Score: 2, Insightful

    I wrote about this after reading the white paper. I don't think this is a particularly useful idea.

    The key "insight" of the paper is that if you associate cookies with IP addresses, and not domain names, attackers can't spoof DNS to steal cookies. So a server and client have a facsimile of a "trusted channel"; if the server can recover a proper IP-tagged cookie, it knows it's talking to a client and not a man-in-the-middle.

    Apart from the fact that this whole scheme is aimed at a relatively exotic exploit, which exploit accounts for only a fraction of all phishing attacks, I don't think it will work technically. The simplest reason is Javascript. Attackers don't have to relay requests for victims; they can complete a transaction and transparently direct the victim back to the server. The server need never have contact with the attacker.