【Native Speaker每日综合训练—40系列】【40-08】科技 Black Hat

cherry6891

内容:cherry6891   编辑: cherry6891

公益申请，每月一名  

Stay tuned to our latest post! Follow us here ---> http://weibo.com/u/3476904471

Part I: Speaker

Cyber Currencies Get Boost from High-Profile Endorsements
Virtual currency was on the ropes earlier this year. Bitcoin, the preeminent peer-to-peer online payment system, saw its value slashed by more than half after its largest exchange was hacked and shut down. Yet the fortunes of cryptocurrency have recently rebounded.

Apple used to block programs from its App Store that managed or otherwise dealt in bitcoin and its ilk. Now, though, Apple will allow iOS developers to support the use of certain cyber coinage. Apple has yet to say which of the dozens of cyber currencies out there it will now honor.

Meanwhile, satellite TV provider Dish Network will soon start letting its 14 million household subscribers pay their monthly bills using bitcoin. And rapper 50 Cent is accepting bitcoin as payment for his latest album. By the way, at this moment’s exchange rate, 50 Cent would also be known as 0.00075 Bitcoin. Not as catchy.

Such high-profile endorsements should help bring cyber tokens closer to the mainstream, even though there’s a risk that they’ll go down in value once you buy them. Still, U.S. consumers might be open to the idea. They’ve been hooked on a virtual currency for decades. It’s called credit cards.

source: Scientific American
http://www.scientificamerican.com/podcast/episode/cyber-currencies-get-boost-from-high-profile-endorsements1/
[Rephrase 1, 1:24]

cherry6891

Part II: Speed

Black Hat: Google Glass Can Steal Your Passcodes
Footage of people unlocking their phones can be used to steal mobile passcodes even if the typing can’t be seen.
By Tom Simonite on August 7, 2014

Time2
Criticism of Google Glass has often focused on the way its camera makes surreptitious video recording too easy. Now researchers have shown that footage captured by the face-mounted camera could also pose a security threat.

Software developed by the researchers can automatically recover the passcodes of people recorded on video as they type in their credentials, even when the screen itself is not visible to the camera. The attack works by watching the movement of the fingers to work out what keys they are touching. It also works on footage from camcorders, webcams, and smartphones, but Glass offers perhaps the subtlest way to stage it.

The work suggests that “shoulder surfing”—stealing passwords or other data by watching someone at a computer—could become more of a threat as digital cameras and powerful image processing software become more common.

In tests where people stood three meters away from the camera, the software was around 90 percent accurate at capturing four-character-long strings typed on the iPhone’s QWERTY keyboard. The researchers say that the method could theoretically reconstruct a short e-mail or SMS.

“With Glass it’s very sneaky,” says Qinggang Yue, a grad student at the University of Massachusetts, Lowell, who carried out the research with colleagues Xinwen Fu and Zhen Ling.

When Yue met with MIT Technology Review at the Black Hat security conference, where he had presented his findings on Wednesday, he glanced around the busy press room and instantly identified a handful of people pecking away on touch screens that might be vulnerable to such an attack.

Yue has also shown that video footage can be used to recover passcodes at some distance. In one set of experiments, a camcorder held by someone at a first-floor window was used to successfully capture the passcode of someone using an iPad just over 43 meters away. “With a long-focal-length camera it could be much further,” says Yue.[316 words]

Time3
To capture a passcode, the software must identify the position and orientation of a device’s screen as well as the position of a person’s fingertips tapping on it. Yue and colleagues used machine learning to train software to tackle both those problems. The software runs on a PC, so footage captured with Google Glass must be downloaded to extract any passcodes.

The software automatically finds a device captured in a piece of footage. It then identifies the position of its screen’s four corners, and tracks the velocity of a person’s fingertip.

The researchers are currently testing ways to defend against such software-enhanced shoulder surfing. One countermeasure involves randomly swapping the keys on a standard keypad around, so that software can’t correctly translate each tap. Another involves having buttons drift around instead of staying fixed to a standard grid.[138 words]

source:MIT Technology Review
http://www.technologyreview.com/news/529896/black-hat-google-glass-can-steal-your-passcodes/

Car Security Is Likely to Worsen, Researchers Say
In-car applications and wireless connectivity are a boon to hackers who take aim at cars.
By Robert Lemos on August 8, 2014

Time4
As more cars come with wireless connectivity and in-car apps, more of them will be vulnerable to potentially dangerous hacking, two well-known researchers warned at the Black Hat security conference in Las Vegas on Wednesday.

In a study of nearly 20 different vehicles, Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of vehicle security research with security services firm ioActive, concluded that most control systems were not designed with security in mind and could be compromised remotely. The pair created cybersecurity ratings for the vehicles, which will be published in a paper later this week.

When you are looking to buy a car, you can pick up a magazine and it will tell you, ‘Here are the safety features of this car,’” Valasek said. “Why can’t we, as the security industry, start making reports that say, ‘These cars have good cybersecurity and these cars don’t have good cybersecurity’?”

As the automotive industry has added more digital control systems and embedded computers, vehicles have become easier to hack. In 2011, researchers from the University of Washington and the University of California San Diego analyzed  a midpriced sedan, discovering that it could be compromised via either a disk inserted in its CD player, the diagnostic equipment used by mechanics, or a cellular connection.[214 words]

Time5
Since then, other research groups have studied car security and demonstrated ways to take control of brakes, acceleration, and other functions. High-end vehicles often have computerized control of the brakes and acceleration, for collision prevention and intelligence cruise control, and automated steering to allow self-parking and the ability to remain centered in a lane.

Attacks on automotive control systems involve three steps, according to Valasek and Miller. An attacker must first find a way to exploit a vehicle system, then use that vulnerability to send a command to the electronic control unit (ECU), and finally get the ECU to execute the command.

Because of the proliferation of wireless access in vehicles, especially Bluetooth and cellular connectivity, remote execution is increasingly possible. The feasibility of sending commands to the electronic control units that manage different vehicle functions depends on the design of the car.

Car companies need to design their systems to detect exploitation attempts and prevent security from being compromised, Miller said: “You want to make each of these three steps harder for the attacker.”

But with car manufacturers competing on features, the addition of in-car applications from navigation to streaming music could leave more vehicles vulnerable, Miller added. “In-car apps and desktop-like features pose huge upcoming threats,” he said.

Designing security into vehicles is especially important because applying software patches is problematic. Updating the software in a car means bringing the vehicle to a dealer for service, a step that most owners will not take.

When you get [recall] notices in mail, you ignore them,” Valasek said. “It is going to be really hard, if a real live exploit comes out, to patch the problem.”
[276 words]

source:
http://www.technologyreview.com/news/529681/black-hat-car-security-is-likely-to-worsen-researchers-say/

Most Smartphones Come with a Poorly Secured Back Door
A system designed to let carriers remotely install software on phones, or change their settings without a user noticing, is open to abuse.
By Tom Simonite on August 7, 2014

Time6
A powerful remote-control system installed on most smartphones could be used by hackers to secretly take control of many devices, allowing theft of data or eavesdropping on communications.

Wireless carriers install the mechanism, known as ODM, in phones, tablets, and even cars as a way to distribute software updates and make configuration changes. Researchers with the computer security company Accuvant uncovered a series of flaws with ODM that could be exploited to gain the same remote-control powers.

In their tests, the Accuvant researchers could take over devices made by Apple and other major manufacturers. They gained the power to install any software on the devices, which would allow them to steal sensitive data. “An attacker can take full control,” said Mathew Solnik, a research scientist at Accuvant who presented the research at the Black Hat computer security conference Wednesday with colleague Marc Blanchou.

The attacks could also be used to reconfigure settings on a device—for example, to cause all data to flow via a server designed to collect communications. Many such settings are installed into a devices “baseband” and are more or less impossible to erase. “Even if you ‘factory reset,’ you still can’t get rid of it,” says Solnik.

An estimated two billion cellular devices around the world have the ODM protocol installed, according to the researchers. Somewhere between 70 and 90 percent of those devices have been equipped with the same software package, made by Red Bend Software of Waltham, Massachusetts, to handle the remote-control functionality.

Despite its crucial role, that package hasn’t been updated substantially since 2004, said Solnik. He and Blanchou performed their proof-of-principle attacks using a suite of flaws found in that software, as well as in the design of the ODM protocol itself.

An attack requires either using a carrier’s infrastructure to communicate with phones or using a base station of your own. That’s easier than it might sound. Accuvant’s researchers were able to use off-the-shelf hardware and an open-source software package to create a system that would connect to phones within a 30-foot radius at relatively low cost (see “Build Your Own Cellular Network”). “With a single silent message, someone who is not your carrier can access the full functionality of your device,” said Solnik.

Android devices were found to be most vulnerable. The researchers could take over Apple devices only on Sprint’s network. Fully unlocked devices bought directly from a phone manufacturer were the most secure, because most didn’t have ODM software installed.

Accuvant disclosed its findings 90 days ago to Red Bend, the device manufacturers, and the wireless carriers affected. Several, including Red Bend, have already released patches to fix the problems, although it is unknown how widely they have been distributed.

Solnik believes attacks via ODM will remain possible even after those patches are applied. Flaws discovered in the way the ODM protocol connects to a device can’t be fixed until the industry agrees on a new design, he says.

The problems uncovered by Accuvant could also be of interest to law enforcement and surveillance agencies, which increasingly use malware to collect data. In the United States, it has become common for them to use mobile base stations to intercept text messages, phone calls, and data sent by nearby phones. Solnik told MIT Technology Review the same technology could be used as a platform for attacks like those he developed. For example, it could silently push malware onto phones. “It would be a similar type of device,” he said. [580 words]

source:
http://www.technologyreview.com/news/529676/black-hat-most-smartphones-come-with-a-poorly-secured-back-door/

cherry6891

Part III: Obstacle

Bitcoin Transaction Malleability – Lies Decrypted
One week. Four headline events. Culprit: Transaction Malleability. Although the media grouped the events under the single banner of Transaction Malleability, a closer look reveals that the three incidents involving Mt.Gox, a DDoS attack, Silk Road 2.0 and the Bitcoin client were in fact each unique and in two cases not even related to transaction malleability at all.
To understand Transaction Malleability we have to define some terms:

Malleability – the quality of being pliable without breaking – often used in reference to metals, but in this context it simply means “changeable without breaking the transaction”

Hash – a hash function is an algorithm that maps data of arbitrary length to data of a fixed length. The fixed length data so obtained is called a hash and it is irreversible, ie. the original data cannot be deduced from it’s hash.

Signature – a digital signature is a mathematical scheme for demonstrating the authenticity of a digital message, document, or in this case, a digital transaction. Bitcoin uses public and private key pairs to encrypt transactions and digitally sign them.

Transactions and Malleability
The transaction id that we’re familiar with is a hash of all of the components that make up a Bitcoin transaction. The transaction components include various facts (transaction amount, date, target address, etc), as well as, digital objects such as encryption signatures and what are referred to as “inputs”. Transaction inputs contain information about previous transactions involving the same bitcoins currently being spent. To protect this data from tampering, hashes of certain components are calculated and signed – amongst them the transaction inputs, whose signature (called “input.scriptSig”) is also used to sign the entire transaction and this produces the hash we know as the transaction id.

Since it is not logically possible for a signature to sign itself (chickens and eggs!), a final signature will always be an appendage – an attached but separate part of the digital package (in this case a transaction) it has signed. Whilst the transaction as a whole, or in part, cannot be changed without breaking validity in relation to the signature, the signature can be changed. The extent to which the signature can be changed before the change breaks validity in relation to the transaction is what is referred to as “Malleability”.

So, given a transaction and its accompanying valid digital signature, it is possible for someone to generate an equivalent signature, but with the caveat that the transaction id hash will also change in response. When injected into the network, both the original and malleated version of the transaction are equally “real” as far as the nodes on the network are concerned. Remember that the transaction itself has not changed. In fact, a change to any aspect of the transaction other than the input.scriptSig would render the entire transaction invalid and it would be rejected by network nodes. Since nothing about the transaction inputs or outputs (amount, timestamp, target address) has changed, our malleated transaction may be included in a block by a miner, thereby being confirmed, and the receiving party will get paid. The equally valid original transaction will in this case be picked up as an attempt to double spend and the network will reject it. Hence, transaction malleability does not pose a security threat on the network and it’s exploitation does not make double-spending possible in the normal protocol flow.

Transaction Malleablity score: 1/10
Whereas the Bitcoin protocol and standard wallet are able to function correctly in the face of malleated transactions – which kind of renders “malleation” pointless – the scenario changes quite drastically when we consider a non-standard wallet that has failed to make provision for transaction malleability in its design. If a custom wallet were to, say, use transaction id as a primary identifier when looking to the network for transaction confirmation, then malleation would compromise its ability to do so.

Miners have no preference (or ability to distinguish) between an original transaction and its malleated version, so it is a matter of fate as to which one gets mined first and thus confirmed on the network. Confirmation is made by transaction id: whichever version of the transaction confirms first, that will be the txn id referenced in each subsequent confirmation. If the original version confirms first then all is well: the recipient gets paid and the custom wallet will see the confirmation by looking for the transaction id in the blockchain. However, were the malleated transaction  confirmed first, then the scenario for the custom wallet becomes an exception: although the receiver would have been paid (and the malleated version of the transaction confirmed); the custom wallet will not see confirmation of the original trxnid it sent out. Combine this with a support policy of resubmitting payment of unconfirmed transactions and you can see the exploit:
A person withdraws bitcoins from their Mt.Gox account to their private wallet and at the same time injects a malleated version of the transaction into the network. If the malleated version is confirmed first then it would be certain that Mt.Gox will not receive confirmation of the original. The person then emails support: “I withdrew 10BTC yesterday – it left my account but i never received it…” Support staff look for confirmation of the transaction and don’t find it, although the BTC had clearly left the customer’s account. And, so, they resubmit payment – but not via the same transaction id or transaction inputs – but a completely new transaction spending different coins!

Had Mt.Gox only used the same inputs as used in the original unconfirmed transaction, that would have registered on the network as a double-spend and would have set off some alarm bells. That this definitely happened at Mt.Gox can be deduced from both their actions and statements during the past several months. The extent to which this affected them is unknown, but it certainly was severe enough to halt all BTC withdrawals, risk customer defection and leave them to watch their exchange for BTCUSD get traded into the ground.

Distributed Denial of Service (DDoS) Attack
Transaction Malleablity score: 7/10

After Mt.Gox publicized the issue of malleability, and word got about of their wallet not taking it into account, it was only a matter of time before some opportunists turned it on the Bitcoin network. The attackers took full advantage of the transaction malleability issue and opened the flood gates. Poor custom wallet implementations at Bitstamp and BTC-e were immediately shown up and their suspension of BTC withdrawals indicated that they were using transaction id to verify confirmations.

The Bitcoin developers offered support in the IRC channels and soon the DDoS attack was circumvented and BTC withdrawals were resumed. Note that the DDoS affected those exchanges that had poor wallet implementations – the Bitcoin network remained unscathed thanks to proper implementation of the standard Bitcoin QT wallet.

Bitcoin QT Wallet Client
Transaction Malleablity score: 0/10
The client was not handling the display of attempted double-spend gracefully and during the past week this issue came to the fore. The score here is zero because the wallet is implemented with transaction malleability in mind and the bug being fixed for the upcoming release is merely a display bug. Due to the complexity of the Bitcoin protocol’s encryption and signature model, the developers only expect to eliminate this issue after a few years. In IRC, Jeff Garzik said in response to a question about whether transaction malleability can be solved:

Silk Road 2.0
Transaction Malleablity score: 0/10

The spin that transaction malleability caused all client funds to be stolen from the Silk Road mainframe is so thin that no-one even bothers to debate it!
[1262 words]
source:
http://www.cryptocoinsnews.com/news/bitcoin-transaction-malleability/2014/02/16

vivianpdn

啊哈，sofa~~~明天再来拜

-------------------------------------------------------------

2'38
1)today software is more vulnerable to passcodes .
2)"shoulder surfing"--more common in losing private information.
3)video footage is make it possible to recover passcodes.

50''
1)scientists have found ways to solve the problem of capturing passcodes.
2)they are testing ways to defend against shoulder surfing.

1'41
1)cars are equipped with wireless connectivity,which is more vulnerable to potentially hacking.
2)vehicles are now getting easier to hack.

1'50
1)other research groups are illustrate ways to take control of functions such as brakes and acceleration.
2)design security into vehicles are important because applying software is problematic.

3'36
1)remote-control system in smartphones is more vulnerable to hacker.
2)though ODM protocal device is play a crucial in security,the package has not been updated substantially since 2004.
3)Androids found to be most vulnerable to hackers.

charming9386

晚安

菜农人民

speaker:
Although virtual currencies was on the ropes, the fortune of such tokens were rebounded. like Apple who support programs of payment of cyber coinage in apple shop, DN let its users pay their bills by bitcoin. Even rapper accepted bitcoin.

Time2：3:14
Time3: 1:33
Time4: 2:19
Time5: 3:02
Time6: 6:33

cynthia0114

所以每天的阅读任务是在这里回帖吗？

疏离无罪

先占～～～～～～～
感觉这个要成第一个被删的回帖了

ZOEYZHANG114

thank you sooo much

yding49149

2'01
49'
1'02
1'08
2'38
7'04