Free Service Botnets

maxsroom / July 27, 2014 / No comments

How Hackers Hid a Money-Mining Botnet in the Clouds of Amazon and Others: a couple of security researchers build a botnet out of free accounts, potentially legally they claim, rather than from hijacked computers. They proof of concept tested Litecoin mining, suggesting they could have brought in $1750/week with their constructed botnet if left running.

While the article cites Amazon and Google’s services as examples, the following suggests an alternate source for these vulnerable accounts:

Choosing among the easy two-thirds, they targeted about 15 services that let them sign up for a free account or a free trial. The researchers won’t name those vulnerable services, to avoid helping malicious hackers follow in their footsteps. “A lot of these companies are startups trying to get as many users as quickly as possible,” says Salazar. “They’re not really thinking about defending against these kinds of attacks.”

A brief mention late in the article about companies (not Amazon or Google) turning off services or shutting down because of this type of malicious use suggests this may be a real barrier to entry into the market for cloud computing.

Category: Security, Technology /

Buy your donuts with cash

maxsroom / June 29, 2014 / No comments

I read this story wanting to understand if the data mining they’re doing is really appropriate for making individualized statements in the way they are claiming when they suggest that hospitals will get risk assessments based on patient shopping data through credit cards, store cards, etc. Will receiving doctors get sufficient training in the ways in which these predictions are like and unlike the predictions that medical tests make about health risks?

Additionally, I read through the list of hypothesized triggers for heath risks and they seem to bank on the idea that everything I’m purchasing is for myself. Just in the first paragraph the article suggets issues if “ou’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores” which could nicely match my patterns this year of regularly picking up candy for the lab and buying some clothes for an elderly relative who can’t get out to stores as easily anymore. The majority of the time I buy donuts, I do not actually eat any of the donuts – and I have colleagues whose donut-eating patterns may more closely match my shopping trends than theirs.

And then you get this statement: “While the hospital can share a patient’s risk assessment with their doctor, they aren’t allowed to disclose details of the data, such as specific transactions by an individual, under the hospital’s contract with its data provider.”

I’m not sure if that’s good — hooray for not sharing personal details! — or worse — so the computer says I’m at risk but we can’t sit down and talk about whether the patterns it’s identifying are real. And, going back to my opening question – what sorts of algorithms are being used and given that, what sorts of conclusions are even valid to draw.

Category: Technology /

Summer fun with data

maxsroom / May 21, 2014 / No comments

With the semester over, I’m looking to what projects I’ll be taking on for the next couple of months, and I know many of my students are as well. Here are a few fun options people may want to consider, particularly focused on opportunities to get involved with data analysis:

Category: Technology /

I’m not confused I lost my glasses

maxsroom / May 3, 2014 / No comments

I am always fascinated and creeped out by these stories about adapting system behavior to user emotion. The system described here is being tested out by analyzing facial expressions to detect engagement with educational materials which are then used to predict test performance. I’d love to see some extracted data of what engaged expressions look like. I’ve had too many conversations with colleagues where I’ve asked “You teach X a lot, is that angry look they get their thinking look?” to expect that engaged expressions must look like entertained or pleased expressions, and I know my students have that conversation about my own facial expressions as well. The applications of this also seem significantly more useful (and easier to consider managing the flow of personal data about one’s emotions) if such a system were embedded in one’s own computer and thus tuned to the vagarities of one’s own facial expressions.

I am sure the intended use for such a tool would be online educational materials, whether from a flipped classroom setting or a MOOC or what have you. But I can’t help but picture physical classrooms fixed with cameras at the front of the room, scanning all of the students and registering real-time engagement graphs on a lectern at the front. So file this away, along with Google Glass, as another piece of evidence we’ll be seeing camera-blocking devices, or straight-up masks as a fashion accessory, becoming more prominent in the coming decades.

Category: Education, Technology /

Sparkleponies for all

maxsroom / April 2, 2014 / No comments

IEEE’s prediction that 85% of the tasks in our daily life will include game elements by 2020 sounds to me like a prediction that requires thinking about game elements broadly enough, it might already be true. Considering this quote in particular, “by 2020, however many points you have at work will help determine the kind of raise you get or which office you sit in”, if you’ve ever had a performance review rating you on a number scale for different job functions, congratulations, your job is gamified! Does grocery shopping get you gas points? Your errands are gamified! Students, grades aren’t a drag, they’re a gamification of your learning!

I’m not trashing on gamification – I’m intrigued by it and always love when my games students experiment with it in their projects. But, I’m dubious of the 85% number cited in the article. Even if we all start getting Sparkleponies.

Category: Games /

Most fun you’ll have debugging all day

maxsroom / March 2, 2014 / No comments

Weird Bug starts off for the first, say, 30 seconds looking like your standard puzzle-maze game, until you realize the first maze isn’t beatable, and that the real puzzle is how to go into the source code for the maze and fix it so the maze can be beat. The mazes are implemented in PuzzleScript, and the bulk of the game you’re in an IDE interface, changing the code, rebuilding, and playing your fixed level to get on to the next, broken level.

If you’ve ever coded before, you’ll be able to figure out PuzzleScript in just a minute or two of scanning the code, but there’s some tutorial information embedded in the game for those just getting started looking at code. Once you figure out the structure, you can really choose how you want to beat the mazes – I haven’t played it all the way through but I suspect you can always take the easy way out and place the goal right next to the player and move on. Which also makes the game a nice platform for thinking about level design.

Category: Games /

Don’t leave the panopticon

maxsroom / February 23, 2014 / No comments

I’m pretty blown away by Nothing To Hide, a currently free, browser-based puzzle game with a great premise and one of the most interesting introductory “scenes” I’ve come across. You play a character who must ensure that they are being surveilled at all times while moving around the world (for reasons the opening will make clear). The web-version is actually a demo being used to raise funds for a full version, but it’s as polished and fleshed out as any number of full online games I’ve played. Even in its handful of levels, you get a taste of the variety of elegant little puzzles you can create with the game’s premise and small set of game resources. Well worth a play, and an eye out for the extended version!

Category: Games /

Math, Music, Ciphers

maxsroom / February 16, 2014 / No comments

I hadn’t run into the unsolved Dorabella cipher before (that I remember). If you enjoy such things I highly recommend this account of it, with its many proposed decryptions that make clear why one of the conditions for a verified solution is that it “be self-evident”. It’s an excellent example of why decyphering without context is hard (maybe impossible?). And I enjoy the proposed solution that takes encryptions errors into account as a possibility, considering that it was done by hand, and by someone considered prone to such errors.

Category: Technology /

Myself, I went with the LEGO calendar

maxsroom / January 1, 2014 / No comments

Ringing in 2014 by shopping for a new office wall calendar, I’m happy to be able to bring you the weirdest wall calendars available right now on Amazon – free shipping for Prime members, so you know you want one of these!

I Could Pee on This 2014 Wall Calendar: So many cats, reminding you that they have a whole year’s worth of peeing on your belongings ahead of them.

Food Landscapes 2014 Wall Calendar: A Year of Scrumptious Scenes: Sure you could have a calendar of beautiful landscapes, but a calendar of beautiful landscapes reimagined through food is so much better.

Fire Trucks in Action 2014: Flame, smoke, tragic desctruction of people’s homes and workplaces, and firetrucks!

Extraordinary Chickens 2014 Wall Calendar and Just Us Chickens 2014 Wall Calendar: It’s a tie for which chicken-themed wall calendar I find most entertaining.

Sharknado 2014 Wall Calendar: 2013 brought you Sharknado; 2014 brings you Sharknado the Wall Calendar.

Menswear Dog 2014 Wall Calendar: Check out the image of the back cover to see what twelve dogs all awkwardly stuffed into suits look like. Actually, I think it is all just one dog, wearing twelve different suits.

Fold Your Own Zombie 2014 Wall Calendar: Start the year with a funny papercraft zombie! End the year trying to figure out where to keep your collection of twelve papercraft zombies! Zombies!

2014 Toilets Around the World Wall Calendar: Really, more Outhouses and Porti-Potties Around the World, but I’ll give it to them, these are some of the most scenic toilets I’ve ever seen.

Cow Abductions! 2014 Wall Calendar: Beautifully rendered images of alien’s proclivities for probing our bovine friends, with moon phase information included with each month as well (obviously).

Goats in Trees 2014 Calendar: If you only click through one of these links, click through here to enjoy both the blurb (“Simply the best Goats in Trees calendar published.”) and the single five-star review (“- All of the days in 2014 are accounted for. Check. – There are pictures of goats. Check. – The aforementioned goats are in trees. Check.”) of this amazing calendar.

Category: Internet Fun /

How It Works: Bitcoin Edition

maxsroom / December 31, 2013 / No comments

Nothing like avoiding end-of-the-year physical cleanup with end-of-the-year virtual cleanup! I finally got around to reading this detailed description of how Bitcoin works, recommended by Schneier on his weblog, and I need to hang on to this for next time I’m teaching security. From a teaching perspective, it does a nice job of showing how all of the various types of cryptography come together in an interesting way in this protocol. This is the part that always seems sort of wild to me:

The idea is to make it so everyone (collectively) is the bank. In particular, we’ll assume that everyone using Infocoin keeps a complete record of which infocoins belong to which person. You can think of this as a shared public ledger showing all Infocoin transactions. We’ll call this ledger the block chain, since that’s what the complete record will be called in Bitcoin, once we get to it.

The article does assume you have some cryptographic background, but I suspect that reading along as far as you can through the article would at least explain what some of the problems that Bitcoin has to solve are. A nice read with a cup of tea on a snowy day, especially if you’re a student getting your brain back into gear for school in another day or two!

Category: Technology /
« Older Entries