The Perfect Trojan Horse

Giovanni Russello, a security expert, writes a post about Android security.
The launch of the new Galaxy S4 has been celebrated a couple of weeks ago. Indeed, it looks like a slick device with lots of nice features that is making Apple really nervous. At the software level, the S4 ships with Android 4.2 Jelly Bean. Together with the Samsung pre-installed apps, we will find in the S4 Knox. Knox is a security solution developed by Samsung for supporting the Bring Your Own Device (BYOD) policy in enterprises. Knox allows the creation of different environments in your phone. Essentially, a secure environment will be used for containing enterprise-related data and apps; while an open environment will be used for personal content. The work environment can be managed by the IT admin of the enterprise. Your personal environment is entirely yours to populate with whatever junk you might like. The content of one environment is not accessible to apps from the other environment, keeping everyone happy.
   Knox relies on the Mandatory Access Control (MAC) mechanism provided by SELinux. So how did SELinux ended up in a Samsung phone? The news that people were at work to port SELinux on to Android is not new actually. What is news is that SELinux is now (or is going be) fully integrated in the Android Open Software Project (AOSP), the official Android trunk that Google provides to vendors. And it is not a simple matter of swapping a Linux kernel for another. In a recent paper at NDSS 13, Smalley describes in details the changes required at the level of the Android middleware to be able to integrate the SELinux MAC mechanism seamless with the Android application framework.
    What are the implications of having SELinux as part of the AOSP? From now on, Android code will have SELinux modules as part of its base distribution. In terms of security, SELinux can really help in solving some of the Android security issues. However, we have to realise here that SELinux is a research project of the National Security Agency (NSA). The NSA is one of the most nosey agencies in the US. One of the NSA main activities is to look for vulnerabilities that allow them to eavesdrop and in some cases even attacking “enemy” systems (see the case of Stuxnet).
   Now Google has teamed up with NSA and any new Android phones will have NSA code running on it.  Even though SELinux can help in keeping the bad guys out, are we sure that will keep the good guys’ noses out from our phones?
    Timeo Danaos et dona ferentes

from The Universal Machine

Orion launches bid to boost NZ ICT talent

Orion Health founder Ian McCrae

Orion Health, a local software company that specialises in medical informatics, has a close relationship with the University of Auckland CS department (they sponsor both the Orion Award for Excellence in Computer Science and the Computer Science Poster Competition). Orion recognises that its current and future success is heavily dependent on the quality and skills of the people it employs; put simply if it can’t find enough talented people to employ it can’t grow. It is therefore entirely in Orion’s self-interest that it has launched an initiative, called Codeworx, aimed at changing the perception of computer science in schools and building the pool of talent the ICT industry needs. Codeworx says: “New Zealanders are a nation of innovators, people who like to tinker, build and create. Codeworx is about letting students develop their future potential through programming, hacking and learning to build cool tech! Students need not just be users of computers, we want to support students in being the creators of software and the digital tools of the future.

from The Universal Machine

Stephen Fry votes for #Turing’s Universal Machine

The UK Royal Society (amongst others) has organised the Great Innovation Vote where Stephen Fry, comedian. actor, writer and technophile, has voted for Alan Turing’s Universal Machine as his greatest innovation. You can listen to his reasons below.

(function() { var po = document.createElement(“script”); po.type = “text/javascript”; po.async = true; po.src = “”; var s = document.getElementsByTagName(“script”)[0]; s.parentNode.insertBefore(po, s); })();

from The Universal Machine

Pakistan arrests over Daniel Pearl killing

Daniel Pearl

The Guardian reports that Pakistan has arrested a former militant leader over the Daniel Pearl killing in 2002. Daniel Pearl, a  Wall Street Journal reporter, was kidnapped in Karachi and subsequently beheaded. You might be wondering what place this grim story has in a blog that’s (mostly) about computing – Daniel’s father is the Turing Award winning computer scientist Judea Pearl. Research communities are often surprisingly close and when the terrible news broke the Artificial Intelligence community was shocked at the savage killing of a colleague’s son.      Since his son’s murder Judea Pearl and his family has established the Daniel Pearl Foundation “to continue Daniel’s life-work of dialogue and understanding and to address the root causes of his tragedy. The Daniel Pearl Foundation sponsors journalism fellowships aimed at promoting honest reporting and East-West understanding, organizes worldwide concerts that promote inter-cultural respect, and sponsors public dialogues between Jews and Muslims to explore common ground and air grievances.

from The Universal Machine

And the 2012 #Turing Award goes to…

Prof. Shafi Goldwasser

…Professor Shafi Goldwasser and Professor Silvio Micali “for transformative work that laid the complexity-theoretic foundations for the science of cryptography, and in the process pioneered new methods for efficient verification of mathematical proofs in complexity theory.
   The A.M. Turing Award, the ACM‘s most prestigious technical award, is given for major contributions of lasting importance to computing. Recipients are invited to give the annual A.M. Turing Award Lecture. The award is also accompanied by a cash prize of $250,000, which in recent years has been underwritten by the Intel Corporation and Google, Inc.

from The Universal Machine

100 years of stainless steel

We have another centenary to celebrate – 100 years of stainless steel. It’s worth thinking about what a remarkable material stainless steel is: strong, corrosion resistant and able to maintain a sharp cutting edge. It’s everywhere around us; in our homes, buildings, farms, industry and commerce, yet it didn’t exist until relatively recently. In October 17, 1912, Krupp engineers Benno Strauss and Eduard Maurer patented a type of stainless steel. The following year, in Sheffield England, Harry Brearley of the Brown-Firth research laboratory, developed an industrial process for manufacturing stainless steel and Sheffield became synonymous with stainless steel. There’s a website celebrating 100 Years of Stainless Steel, and they’ve produced the video below, which outlines its history and many uses – the modern world really wouldn’t be so shiny with out it!

from The Universal Machine

How NOT to launch your new game

Well, it’s not a new game, just a new version of SimCity. If you’ve already bought the new version (approx. $100) you’ll already probably have encountered the main problem – the game doesn’t work! Well it does work, but only if your game session can connect to the over-loaded SimCity servers. That’s right, to play the game you must be connected to a SimCity server – no connection equals no game play. You’d have thought that Electronic Arts, probably the most well known game house, would have anticipated the demand and built in enough capacity, and then some some, just to be on the safe side. Amazon stopped selling the game for a while because it didn’t work and Electronic Arts have offered an apology and a free game to purchasers. Over 60,000 users have signed a petition demanding that Electronic Arts remove the online DRM from SimCity, which is the root cause of the problem. In 2013 it’s remarkable that experienced companies can still stuff up like this.

from The Universal Machine