- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - While start-up funding and the emergence of exciting new network startups has fizzled over the past year, research projects at university and other labs continue to sizzle. Here's look at 20 of the coolest:
Plotting a cheap, distributed zero-day worm defense
Shutting down zero-day computer attacks could be carried out inexpensively by peer-to-peer software that shares information about anomalous behavior, say researchers at the University of California at Davis. The software would interact with existing personal firewalls and intrusion detection systems to gather data about anomalous behavior, says Senthil Cheetancheri, the lead researcher on the project he undertook as a grad student at UC Davis from 2004 to 2007. The software would share this data with randomly selected peer machines to determine how prevalent the suspicious activity was, he says. If many machines experience the identical traffic, that increases the likelihood that it represents a new attack for which the machines have no signature. The specific goal would be to detect self-propagating worms that conventional security products have not seen before.
MIT's sticky notes killer (though they say it isn't)
MIT computer science professor David Karger's research team has developed software dubbed List.it that's designed to computerize many of the things people currently do through sticky notes: organize email addresses, passwords and the like. The software lives in your Firefox browser and can be downloaded here. The software comes out of MIT's Computer Science and Artificial Intelligence Lab (CSAIL), a perennial hotbed for IT inventions. "I would never make the claim that we're trying to replace Post-its," says Michael Bernstein, a graduate student in Karger's lab. "We want to understand the classes of things people do with Post-its and see if we can help users do more of what they wanted to do in the first place."
Researchers devise undetectable phishing attack
With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack. To do this, they've exploited a bug in the digital certificates used by Web sites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack VeriSign's RapidSSL.com certificate authority and create fake digital certificates for any Web site on the Internet. Although the researchers believe that a real-world attack using their techniques is unlikely, they say that their work shows that the MD5 hashing algorithm should no longer be used by the certificate authority companies that issue digital certificates. "It's a wake-up call for anyone still using MD5," said David Molnar a Berkeley graduate student who worked on the project.
Web sites that automatically customize themselves for each visitor so they come across as more appealing or simply less annoying can boost sales for online businesses by close to 20%, MIT research says. These sites adapt to display information so everyone who visits sees a version best suited to their preferred style of absorbing information, say the four researchers who wrote about such sites in "Website Morphing", a paper published in Marketing Science last year. So the site might play an audio file and present graphics to one visitor, but present the same information as text to the next depending on each person's cognitive style. Morphing sites deduce that style from the decisions visitors make as they click through pages on the site.