Category Archives: Internet

Scientific blogging: Is it worth it?

Web 2.0 technologies have enabled the merging of different types of publications into one, the Internet, with millions of authors and billions of readers. Science is not an exception. Countless articles are presented in the Web as “scientific” in content, but there is a thin line between solid science and speculation. Are personal blogs appropriate for such everyday-science content and, more importantly, can they be trusted as true?

Well, blogs are not meant to publish research papers. Everybody knows that. The reason is not because of the content or the medium; it’s because of the intended audience. Many respectable public repositories of scientific papers like arxiv.org and citeseer.net contain a vast amount of true scientific knowledge. Scientific publications like Nature, Scientific American and New Scientist have their own blogging sections. Dedicated portals like Science20.com and Scientceblog.com publish thousands of science-related posts daily. There are even Facebook-like social networks for scientists, like ResearchGate and Academia.com.

There is a notorious “guide for authors” (pdf) for those who wish to actually publish a research paper in one of IEEE’s scientific journals. It illustrates, in a very graphic and hilarious way, the difference between a simple statement like “1+1=2” and the way it should be presented in a more impressive scientific form. The sad thing is, it’s not very far from the truth! Everyone who’s working on research and writes such papers has at least a few similar stories to tell, where a submitted paper was rejected in one journal as insufficient, only to get published in another with honors.

READ MORE >>

Advertisements

Remote office on demand via web 2.0

Ok, let’s say you left home this morning for an important meeting and, when you got there, you discovered that you have left the presentation file and the whole USB stick plugged on the PC back home. What do you do?

Most people would prefer a typical solution for remote access, like the Remote Desktop service on Windows or a VNC server on Linux. Usually, these server applications are configured to start on system boot and stay up, regardless if you need them or not. In the worst case, you may even forget all about them after some time, creating yet another security vulnerability for your system. Ideally, we would prefer the option of turning these servers on and off on demand, but the problem is that you’re not in front of your desktop PC to do so.

We have not yet found a way to “wake up” a server that it is not even running, so that you can connect to it and start it. Nevertheless, a combination of tools and web services can enable just that. I was wondering if it is possible to signal my home computer to start a server on demand, via a telephone (modem) or something, but I ended up in a much different and much more efficient way.

It seems that web 2.0 is becoming much more than a social thing. It can also be used a public “bulletin board”, accessed through various means and devices, making it a perfect “triggering” platform for web-enabled applications. Likewise, VNC is now becoming a standard practice for home and small-scale remote accessing, something like a mini-cloud architecture, for individual users for their own private needs. A combination of all these technologies can build up into a seamless service that can be characterized as a true “remote office via web 2.0” – definitely science fiction for those who have witnessed the birth of World Wide Web, only two decades ago.

Read the full article in my homepage >>

Reviving old laptops: the Linux option

Recently, I got the chance to “revive” my old laptop: an Acer Aspire 1300, with AMD AthlonXP 1.6 GHz, 512 MB RAM and 20 GB hard disk. This machine is so deprecated, compared to today’s mini netbooks, that searching the net for “Acer Aspire 1300” returns almost entirely shops for battery replacements.

Until now, it used to “struggle” under Windows XP Home, but I decided it was time to try something more efficient and lightweight. And here it is, as good as new, with openSuSE 11.1 (32-bit of course), full installation plus Matlab and some other tools:

openSuSE 11.1, setup finished

It seems that Linux is still the best way to revive old PC machines, discover more free space in the hard disk and get the most out of legacy hardware.

Old Nokia 1100 mobiles sold for 25.000 euros, firmware exploit for e-banking fraud

The news is a bit old by now, yet it still hasn’t gotten the proper attention by the mainstream media. Of course, for security experts, it’s no news at all. Everybody knows that cellular networks today are far from secure when it come to proper user/device authentication and firmware protection against tampering.

This incident proves two facts. First, the security in an ICT system is as string as its weakest link. And second, the public is totally unaware and uninformed about how security affects everyday life now, it’s not something that only freaks and scientists think about.

In short, the situation is this: The company (Nokia in this case) has used weak keys and/or encryption to its proprietary firmware on, very deprecated by now, Nokia 1100 mobile phones, or the keys have somehow leaked to the “public”. As a result, someone could read, decrypt, modify, re-encrypt and re-embed the firmware into the device’s EEROM. As all mobiles can be reprogrammed to recognize any phone ID in the network they’re connected (similarly to re-configuring a MAC address in an Ethernet card), a malicious user can reprogram such a mobile to “listen” to data packets sent to another person’s mobile.

In this case, it’s not just eavesdropping. If that person uses mobile banking services, he’s at great risk. Typically, banks use TAN codes (transaction authentication number) from a one-time pad or a similar random number generator device, commonly referred to as TAN generator. In case of mobile banking, the bank simply sends such a code called “mTAN” to its client’s mobile via a SMS (text) message that the user can enter in order to complete a transaction. In theory, this works perfect, unless someone else gets that mTAN message too and uses it first to do a large money transfer to an off-shore account…

The discovery was made by Ultrascan-AGI last April (2008), a securty analysis consulting company, when it detected that the eBay prices of that particular mobile phone when from 100 euros to 1.000, then to 7.500, then to 10000, reaching 25.000 euros in late April 2008. The firmware hacking was tested and confirmed, but Nokia never admitted any key leaks for the firmware.

More on this subject: