Search This Blog

Monday, July 23, 2007

LHC- My Space & Earth: Security flaw found in iPhone

Its Happy News that the blog is helping to know detail LHC- My Space & Earth: Security flaw found in iPhone

Security flaw found in iPhone


A team of independent security experts has found a flaw in the Apple iPhone that allows hackers to take control of the device, the New York Times reported today.
The researchers at Independent Security Evaluators, which test the security of devices by hacking them, found that the Wi-Fi connectivity of the iPhone allowed them to take control of it and mine the wealth of private information the phones contain. The researchers also said that they could redirect users to a malicious Web site that could also circumvent the security on the phone.
The story quotes Lynn Fox, spokeswoman for Apple, saying, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."




Welcome iphone
Shortly after the iPhone was released, a group of security researchers at Independent Security Evaluators decided to investigate how hard it would be for a remote adversary to compromise the private information stored on the device. Within two weeks of part time work, we had successfully discovered a vulnerability, developed a toolchain for working with the iPhone's architecture (which also includes some tools from the #iphone-dev community), and created a proof-of-concept exploit capable of delivering files from the user's iPhone to a remote attacker. We have notified Apple of the vulnerability and proposed a patch. Apple is currently looking into it.
A member of our team, Dr. Charlie Miller, will be presenting the full details of discovering the vulnerability and creating the exploit at BlackHat on August 2nd. This site will be updated to reflect those details at that time; until then, we have decided only to release general information about exploiting the iPhone.
How the exploit works

The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a web page. For example:
An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit.
A misconfigured forum website: If a web forum's software is not configured to prevent users from including potentially dangerous data in their posts, an attacker could cause the exploit to run in any iPhone browser that viewed the thread. (This would require some slight changes in our proof of concept exploit, however.)
A link delivered via e-mail or SMS: If an attacker can trick a user into opening a website that the attacker controls, the attacker can easily embed the exploit into the main page of the website.
When the iPhone's version of Safari opens the malicious web page, arbitrary code embedded in the exploit is run with administrative privileges. In our proof of concept, this code reads the log of SMS messages, the address book, the call history, and the voicemail data. It then transmits all this information to the attacker. However, this code could be replaced with code that does anything that the iPhone can do. It could send the user's mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker

MICROSOFT is moving to protect consumer privacy in web search and advertising and has called on the internet industry to support it.


MICROSOFT is moving to protect consumer privacy in web search and advertising and has called on the internet industry to support it.
Microsoft said it was responding to public concern over the recent consolidation of the online ad industry as well as stepped-up interest from government regulators in its call for a comprehensive rather than piecemeal approach to privacy.
"We think it's time for an industry-wide dialogue," Peter Cullen, Microsoft's chief privacy officer, said in an interview. "The current patchwork of protections and how companies explain them is really confusing to consumers."
Specifically, Microsoft said it would make all web search query data anonymous after 18 months on its "Live Search" service, unless it receives user consent to store it longer. The policy changes are retroactive and worldwide, it said.
Microsoft planned to store customer search data separately from data tied to people, email addresses or phone numbers and take steps to ensure no unauthorised correlation of these types of data could be made. It would also permanently remove "cookie" user identification data, web address, or other identifiers.
"Microsoft is going to do a more thorough scrub of customer data once it is too old," said Peter Swire, a law professor at Ohio State University who served as US privacy czar in the 1990s. "Previously, the practice was to do a partial scrub."
As part of Microsoft's push, Ask.com, the web search business of Barry Diller's IAC/InterActiveCorp, has agreed to join Microsoft in calling on the industry to adopt a common set of privacy practices for data collection, commercial use and consumer protection in search and online advertising. Last week, it unveiled AskEraser, a service that will allow Ask customers to change their privacy preferences at any time.
Microsoft's initiatives follow recent moves by Google, the dominant provider of web searches and the company most under fire by privacy advocates concerned at how rapid advances in search technology may pose unprecedented threats to consumer privacy.
Google set in motion industry efforts to limit how long web search data is stored by being first to say it will in the future cleanse personal information from its databases after 18 months. Microsoft is one-upping Google by making its move retroactive.
Google has stepped up its own efforts to reach compromises with European Union and US policy-makers in recent months.
Microsoft said it was taking new steps to notify users how technologies affected them, giving users more specific controls over their privacy and setting tighter limits on how long it kept search data. It will also minimise the amount of data it collects via its "Live Search" and online advertisement targeting services.
"Search, itself, is a relatively new business and advertising-supported search, and the issues it raises, are also relatively new," Mr Cullen said. "You have almost a collision of these two things."
Both Google and Microsoft have faced scrutiny from US and European regulators over their plans to merge with major players in the online advertising industry.
Google is seeking approval to buy advertising services firm DoubleClick for $US3.1 billion ($3.5 billion) , a move analysts said would more than double the number of web users to whom it serves up online ads. Similarly, Microsoft plans to buy diversified ad services company aQuantive, a DoubleClick rival, for $US6 billion. A shareholder meeting to approve the deal is set for August.
The DoubleClick deal, in particular, faces congressional hearings over the potential privacy issues that could arise from the concentration of data about consumer web-surfing habits, buying behaviour and advertising data.
Forrester privacy analyst Jennifer Albornoz Mulligan said the internet industry was feeling the heat from customers who were confused by the many conflicting state and federal privacy policies across banking, retail, advertising and elsewhere.
Most consumers had given up reading the detailed privacy notices contained in footnotes on websites because everyone knew that "you can adopt privacy principles without really doing a great job of protecting privacy", Ms Mulligan said.
Mr Cullen said ,Microsoft did not believe a one-size-fits-all approach to online privacy could work. It wanted consumers who sought anonymity online to have the power to do so, while giving customers who prized convenience over anonymity the access to a new class of personalised services that depend on user data.
"People want a high degree of personalisation, but they don't want to feel like they are being surveilled," he said


Back Story of Peter Cullen


REDMOND, Wash., June 23, 2003 — Microsoft Corp. today announced that Peter Cullen, a recognized privacy leader and current corporate privacy officer for Royal Bank of Canada (RBC), is joining the company as chief privacy strategist.
Cullen, who will join Microsoft on July 14, brings more than a decade of experience in privacy and data protection work to Microsoft's Trustworthy Computing initiative. Cullen will report to Scott Charney, chief Trustworthy Computing strategist, working closely with him to help ensure that privacy protections and best practices are incorporated into all Microsoft® products, services, systems and internal processes.
"Peter Cullen has the experience to drive Microsoft's commitment to privacy protections to the next level. With his deep background in privacy and data protection practices and their relationship to customer value, Peter will be an effective advocate for strong and innovative consumer privacy safeguards," Charney said. "We look forward to having Peter apply his experiences and skills to benefit Microsoft's customers and partners through the privacy pillar of our Trustworthy Computing initiative."
Cullen is widely recognized as a pioneer in privacy and helped develop the financial industry's best practices around the collection and use of information. His work resulted in Royal Bank of Canada (RBC) establishing important competitive differentiation that remains an example to several industries.
While at RBC, Cullen established the Corporate Privacy Group and its practices, a first for a Canadian financial institution. He also implemented an integrated privacy management/compliance structure for U.S. operations, which included six affiliate companies. As a result, Cullen helped RBC become recognized as a North American leader in the area of privacy management.
Microsoft's Trustworthy Computing initiative reflects the company's belief that technology must truly be trustworthy if it is ever to realize its full potential to enhance people's lives. Microsoft's Trustworthy Computing effort is focused on four key pillars: security, privacy, reliability and business integrity.
• Security means ensuring that one's information and data are safe. • Privacy means placing people in control of their personal information as well as respecting their right to be left alone. • Reliability means ensuring that technology works every time people need it. • Business integrity means being clear, open, fair, respectful and responsive to customers and the public.
Cullen said he decided to join Microsoft because of its commitment to driving privacy protections and programs within the company and throughout its industry.
"I look forward to joining Microsoft to help the company deliver on its vision of trustworthy computing," Cullen said. "Microsoft has placed a priority on privacy, and I look forward to applying my experience in developing innovative privacy practices and programs to deliver high-quality technologies and services to our customers and partners."
Cullen holds an MBA from Richard Ivey School of Business at the University of Western Ontario. He is a founding member of two networks of chief privacy officers and is an active public speaker.

price of space vacations boosted to higher orbit

American tourists traveling to Europe have nothing on tourists headed into space.


The cost of flying to the international space station aboard a Russian Soyuz spaceship has increased from $25 million earlier this year to between $30 million and $40 million for trips planned in 2008 and 2009.

"It's mostly because of the fallen dollar," Eric Anderson, president and CEO of Space Adventures, said Wednesday. His company brokers the trips with Russia's space agency.
A U.S. dollar currently is worth about 25½ Russian rubles, compared with 32 rubles in 2002.
Five space tourists have paid $20 million to $25 million to visit the
space station via the Soyuz vehicles through trips arranged by Space Adventures. The company announced Wednesday that two more Soyuz seats have been purchased for tourists to fly in 2008 and 2009.

Anderson said the space tourists flying in the two new seats probably would be an American and an Asian, but he offered no details. Prospective space tourists must put down a 20 percent deposit, pass physical examinations and later undergo training at a Russian space facility.
About a dozen prospective space tourists are in the process of reserving flights to the space station, even as the number of available seats on the three-man Soyuz vehicles is likely to diminish after space shuttles are grounded in 2010.


NASA is going to rely on the Soyuz vehicles to deliver astronauts to the space station between the end of the shuttle program in 2010 and the expected first manned flight in 2015 of the next-generation spacecraft, Orion, which NASA hopes takes astronauts back to the moon by 2020. Additionally, the three-member space station crew, consisting of U.S. astronauts and Russian cosmonauts, is expected to double in size in 2009.

CERN believes that the LHC will let scientists re-create how the universe behaved immediately after the Big Bang,Search for God (Particles) Drives Mas


About CERN (the European Organization for Nuclear Research) and its massive particle accelerators in Angels & Demons by Dan Brown of The Da Vinci Code fame. In that book, the lead character travels to the cavernous research institute on the border of France and Switzerland to help investigate a murder. In real life, one of CERN's grisliest problems is finding storage for the massive amounts of data derived from its four high-profile physics experiments making use of the institute's large hadron collider (LHC). Due for operation in May 2008, the LHC is a 27-kilometer-long device designed to accelerate subatomic particles to ridiculous speeds, smash them into each other and then record the results.



The LHC experiments will study everything from the tiniest forms of matter to the questions surrounding the Big Bang. The latter subject provided Pierre Vande Vyvre, a project leader for data acquisition for CERN, with a particularly thorny challenge: He had to design a storage system for one of the four experiments, ALICE (A Large Ion Collider Experiment). It's one of the biggest physics experiments of our time, boasting a team of more than 1,000 scientists from around the world.


For one month per year, the LHC will be spitting out project data to the ALICE team at a rate of 1GB per second. That's 1GB per second, for a full month, "day and night," Vande Vyvre says. For this month, that data rate is an entire order of magnitude larger than each of the other three experiments being done with the LHC. In total, the four experiments will generate petabytes of data.CERN believes that the LHC will let scientists re-create how the universe behaved immediately after the Big Bang. At that time, everything was a "sort of hot dense soup...composed of elementary particles," the project's webpage explains. The LHC can trigger "little bangs" that let ALICE scientists study how the particles act and come together, helping answer questions about the actual structure of atoms.

"The data is what the whole experiment is producing," Vande Vyvre says. "This is the most precious thing we have.”Vande Vyvre is charged with managing the PCs, storage equipment, and custom and homegrown software surrounding the ALICE project's data before it hits the data center and gets archived. The ALICE group's experiments will start running in May 2008, but the storage rollout began in September 2006.

The ALICE experiment grabs its data from 500 optical fiber links and feeds data about the collisions to 200 PCs, which start to piece the many snippets of data together into a more coherent picture. Next, the data travels to another 50 PCs that do more work putting the picture together, then record the data to disk near the experiment site, which is about 10 miles away from the data center. "During this one month, we need a huge disk buffer,


" News Inside News,The European Organization for Nuclear Research (French: Organisation européenne pour la recherche nucléaire), commonly known as CERN (see Naming), pronounced [sɝn] (or [sɛʀn] in French), is the world's largest particle physics laboratory, situated just northwest of Geneva on the border between France and Switzerland. The convention establishing CERN was signed on 29 September 1954. From the original 12 signatories of the CERN convention, membership has grown to the present 20 member states. Its main function is to provide the particle accelerators and other infrastructure needed for high-energy physics research. Numerous experiments have been constructed at CERN by international collaborations to make use of them.






Find here

Home II Large Hadron Cillider News