Sunday, February 15, 2009

Face recognition biometric security badly broken

It was only a matter of time that this would be broken.  If you have one of these laptops that uses this software, you should disable it.

My guess would be that just a simple webcam is not going to be able to get enough information to be able to tell the difference between a fake 2-d picture of an individual and an actual 3-d person.  They probably need some sort of additional 3-d scanner that samples depths on a face as well or similar technique. 

The hack seems to rely on faking the image comparison algorithms since ultimately these systems are storing the original facial image and using image processing on it.

Researchers Hack Faces In Biometric Facial Authentication Systems
"There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function."

An attacker can edit and adjust the lighting and angle of a phony photo to ensure the system will accept it, according to the researchers. "Due to the fact that a hacker doesn't know exactly how the face learnt by the system looks like, he has to create a large number of images...let us call this method of attack 'Fake Face Bruteforce.' It is just easy to do that with a wide range of image editing programs at the moment," they wrote in their paper.




Facebook privacy settings to minimize ridicule and embarrassment

This is an excellent guide to the kinds of things that you may or may not be familiar with as possible sources of embarrassment on Facebook, or even just if you want to have more control over people monitoring you.  But you do have control over these things.  I might suggest the relationship one for many people -- so that you only post to your profile relationship status changes that you really want to broadcast.

Facebook | 10 Privacy Settings Every Facebook User Should Know




Saturday, February 14, 2009

Untrue email indicators

After sending out the umpteenth rebuttal of a demonstrably untrue email this week, I thought of at least two things that are negatively correlated with the truthfulness of the contents:
  • A claim by the author of the chain email that they "verified this on snopes" (with or without a link to snopes).  Note, this is a claim by the chain email author, not your friend who just forwarded it to you.  I have seen not only just the generic claim of verifying on snopes (without citation), but also an erroneous link to content on snopes that actually _refutes_ the content being peddled.
  • Pleading by the author to "send this to everyone you know".  Again, this is done by the anonymous or pseudonymous author of the untrue content, not your buddy who sent it to you.




Sunday, February 8, 2009

Font preview application in Flash

This is a very very cool site that allows searching by font names and even allows you to see a specific unicode font rendered in a variety of fonts local to your computer.

http://www.fileformat.info/info/unicode/font/fontlist.htm?text=%E2%86%91+-+UPWARDS+ARROW+(U%2B2191)


MS Office Wins a battle vs. OpenOffice calc

This is completely counter-intuitive.  The OpenOffice dialog for conditional formatting only lets you select from pre-defined "styles" by name (no autopreview) and no way to add a new style from the dialog.  I had to google this to find out how to modify existing styles.  Oy.  Sometimes the MS way is the better way...

OpenOffice.org Training, Tips, and Ideas: Conditional Formatting in OpenOffice Calc Spreadsheets


Saturday, February 7, 2009

Keep up with Basic Auto Maintenance

This compiles a few sets of auto maintenance tips that everyone should know about, not only for fuel economy, but to prolong the life of your vehicle.

I actually look forward to when the car will be smart enough and have a nice enough LCD display where it could tell you when your maintenance was due since it knows your mileage and driving habits.  Enough with the dumb blinky light patterns or general "service engine soon" lights.  There is a computer in the car -- it's time to catch the display up with the technology so people can actually use it.

Driving Less? Don't forget you still need some basic maintenance - AutoblogGreen


Wednesday, February 4, 2009

Finally, an explanation of why CAT.NET craps out

Ever since CAT.NET was released I have not been able to successfully use it for a typical solution/project.  It actually causes Visual Studio to crash after running for a while and taking all of the available memory with it...

Even with the command-line tool, any large set of assemblies being analyzed seems to consume more than CAT.NET can get the .Net framework to allocate (not to mention the entire system grinds to a halt while it is running).  The reason is due to how .Net needs to allocate contiguous pages of memory and the 32 bit per-process memory limitations.  The solution for now is to run the command-line tool on 64 bit windows or vista or to split up the analysis into smaller sets of assemblies.

BTW, I think that "Call Flow Super Graph" would be an _awesome_ band name.

The Connected Information Security Group : Current Memory Limitations of CAT.NET
Even with virtual memory there are limits to how much memory a single .NET application can allocate. As reported in recent blog post a 32-bit process, such as the CAT.NET Visual Studio plug-in version can only allocate about 1200 MB, even on a 4GB RAM (32-bit) system. Moreover another shortcoming of the current implementation is that when CAT.NET runs out of memory is it exits with an unhandled OutOfMemory (OOM) exception, unfortunately this does not get reported by the Visual Studio plug-in and the plug-in just seems to hang.


Tuesday, February 3, 2009

Intolerable Beauty

This artist's work is MASSIVE in size and in message.  I find this to be a simple yet powerful way to spread a message.  I have often wondered what it would look like to see all of the thrown-away batteries, plastic silverware, plastic bags, etc. piled all together.  Now you can in artistic ways.

You can even get a couple of prints 24x36 for the great price of $30 each

chris jordan photography
Intolerable Beauty: Portraits of American Mass Consumption

Exploring around our country’s shipping ports and industrial yards, where the accumulated detritus of our consumption is exposed to view like eroded layers in the Grand Canyon, I find evidence of a slow-motion apocalypse in progress. I am appalled by these scenes, and yet also drawn into them with awe and fascination. The immense scale of our consumption can appear desolate, macabre, oddly comical and ironic, and even darkly beautiful; for me its consistent feature is a staggering complexity.

The pervasiveness of our consumerism holds a seductive kind of mob mentality. Collectively we are committing a vast and unsustainable act of taking, but we each are anonymous and no one is in charge or accountable for the consequences. I fear that in this process we are doing irreparable harm to our planet and to our individual spirits.

As an American consumer myself, I am in no position to finger wag; but I do know that when we reflect on a difficult question in the absence of an answer, our attention can turn inward, and in that space may exist the possibility of some evolution of thought or action. So my hope is that these photographs can serve as portals to a kind of cultural self-inquiry. It may not be the most comfortable terrain, but I have heard it said that in risking self-awareness, at least we know that we are awake.


"You know your security is broken when..."

"... a $250 device can clone RFID passports and Driver's licenses at a distance"

Researchers built a mobile device for $250 that can
  1. identify and
  2. clone RFID chips in US passports and state REAL ID driver's licenses by war driving.
Do you think that they will listen to the security and privacy experts next time?  Probably not.

[ISN] Passport RFIDs cloned wholesale by $250 eBay auction spree
"It's one thing to say that something can be done, it's another thing completely to actually do it," Paget said in explaining why he built the device. "It's mainly to defeat the argument that you can't do it in the real world, that there's no real-world attack here, that it's all theoretical."


Monday, February 2, 2009

McLaughlin: Man of Myths

I watch The McLaughlin Group religiously.  I find the panel tends to lean right in general, but for the most part enjoy the varied opinions and the cross-section sampling of views from the right. 

But, I have been increasingly annoyed with John McLaughlin continuing to trot out some seriously flawed and ridiculous myths that have been roundly debunked.  And it's been more annoying that the panelists don't call him on them.  Here is my list that have come up fairly frequently of late, and details (sourced) as to why they are bogus. 
  1. It was a victory for Bush that we "haven't been attacked" since 9-11 by terrorists.

  2. How this is ridiculous:

    • It's NOT TRUE. We were attacked after 9-11. Remember the Anthrax Attacks, the perpetrators of which are still at large? And how about the attacks on US facilities abroad? More here.

    • It confuses correlation with causation. Clinton also didn't have another attack on his watch. Is there a causal relationship? But even worse, Bush's response was abhorrent to have the same effect as Clinton. I couldn't say it better than Bob Cesca "President Clinton went more than seven years without a second 1993 WTC attack, and he did it without invading and occupying Iraq; he did it without torture; he did it without illegally spying on American citizens and the rest of it."

    • 9-11 happened in large part because of FAILINGS of the Bush administration to heed the warnings of many people about the danger of Al-Quaeda.

  3. Obama is the most liberal senator in the US Senate.

  4. This has been debunked. Their study only looked at 2007 (probably because that was the only year that the results turned out the way they wanted; the previous years showed Obama as the 10th and 16th most liberal, using their methodology), not the entire career voting records of each senator.

    The National Journal's study methodology has been called into question. They made the same kinds of mistakes that people doing bad meta-analyses make -- they appeared to cherry-pick the data to fit their conclusion. For example, "Oh, yeah, he voted to require the Department of Homeland Security to check all cargo containers entering the United States for nukes and stuff. That’s one of the votes that counted as “liberal” in the study" http://blogs.e-rockford.com/applesauce/2008/03/26/its-amazing-what-passes-for-liberalism/ and see a fuller list here.

    For an actual scientific methodology, check out voteview.com, which assesses congressional votes based on a rigorous scientific methodology -- it is not swayed by cherry-picking of votes to include in the analysis or by arbitrary definitions of what constitutes "liberal". Liberal-Conservative Rankings Done Right This methodology shows that there are 8 senators and 80 house representatives more liberal than Obama.

  5. The US is a center-right country and/or Obama and his administration are center-right

  6. There are so many things that debunk this claim.

    • The majority of Americans favor progressive policy positions and reject their conservative counterparts. Election '08 -- The Center-Right Myth
      The latest Pew Research poll showed that only 25 percent of the public agrees with the centerpiece of the conservative tax program: making Bush's tax cuts permanent. The public also agrees by 58 percent to 35 percent that the government should guarantee "health insurance for all citizens even if it means raising taxes." Exit poll data showed that 60 percent of voters were worried about rising health care costs and that 66 percent of those people backed Obama. A majority of Americans also want to expand environmental protections, increase the minimum wage, recognize same-sex marriage, and end the Iraq war, to name a few.
    • Obama ran on the most progressive platform in years and won with a majority of the popular vote (by 7.4 million) and won 63 more electoral votes than Bush.
    • More and more democrats have been voted into congress in the past few elections, even unseating incumbents like Senator Ted Stevens of the very-conservative Alaska.
    • Polls show that people state-by-state self-identify as overwhelmingly democratic-leaning, with only a few exceptions.  And overall, a majority of Americans said they identified with or leaned to the Democratic party in 2008.