News

[Conference News] A Benchmark for Bug-Linking Software

2013-05-16T15:38:19Z

Development teams often set up tracking systems such as Bugzilla to collect software bugs found by users. The developers can then fix some of these bugs and commit the corresponding code changes into version control systems such as svn or git.

Unfortunately, the links between bug reports and code changes are missing for many software projects because the bug tracking and version control systems are often maintained separately. Proposed linking solutions, such as ReLink, still face several issues, including their reliability with ground-truth datasets and the extent of their measurements.

In a paper presented at the 17th European Conference on Software Maintenance and Reengineering (CSMR 2013), researchers from XXXX present a benchmark they developed for evaluating bug linking solutions. The benchmark includes a dataset of about 12,000 bug links from 10 programs. The authors present results of applying the benchmark to ReLink to assess its strengths and limitations.

“Empirical Evaluation of Bug Linking” and other papers from CSMR 2013 are available to both IEEE Computer Society members and paid subscribers via the Computer Society Digital Library.

US Blocks Some Major Bitcoin Exchange Transactions

2013-05-17T13:23:16Z

The US Department of Homeland Security’s (DHS’s) Immigration and Customs Enforcement agency has taken legal action to stop the Dwolla online payment service from processing bitcoin virtual-currency transactions. Dwolla can now no longer send funds to Mt. Gox, the world’s largest bitcoin exchange. Some Bitcoin exchanges let users buy bitcoins with money transferred via Dwolla and then sell bitcoins with the proceeds transferred to them via Dwolla. In a warrant, DHS accused Mt. Gox of operating an unlicensed money transmitting business. In its investigation, DHS said, it used an undercover informant who bought bitcoins using Dwolla and subsequently had them converted to dollars. In a statement posted on its Google+ account, Mt. Gox said “we have not been provided with a copy of the court order and/or warrant, and do not know its scope and/or the reasons for its issuance. Mt. Gox is investigating and will provide further reports when additional information becomes known.” (CNET)(Ars Technica)(The New York Post)(Mt. Gox)

Expert: Exaflops Supercomputing Is Unlikely in the Near Future

2013-05-17T13:19:42Z

The much-discussed idea that supercomputing performance could soon reach exaflops (1018 floating point operations per second) levels will not be possible before the end of the decade, according to Horst Simon, the US Lawrence Berkeley National Laboratory’s deputy director. A combination of technical challenges are proving an obstacle, including the total power needed by such a system, increased chip power efficiency, and the cost of data movement and memory. “I also think calling the system exa-anything is a bad idea. It’s become a bad brand, associated with buying big machines for a few national labs,” he told HPCWire. “It also sets the community up for a perceived failure if we don’t get to exaflops.” And measuring the system’s performance once it is built also poses a challenge, he adds, estimating an exascale system will need five to six days to run the LINPACK benchmark. A reasonable goal toward exascale computing, Simon said, would be constructing an exascale system that could rank first in the TOP500 supercomputing-performance list by 2020. He says there are projects working in that direction, including the US Department of Energy’s FastForward. Simon says the US needs exascale computing resources to maintain a competitive advantage in manufacturing as well as for national security. (SlashDot)(HPCWire)(Scientific Computing)(“No Exaflops for You,” Horst Simon)

Robots Are Taking Over Chinese Jobs

2013-05-17T13:12:14Z

A new entrant into the Chinese labor pool is sending ripples into the nation’s economy and labor pool. Companies are increasingly using robots for simple jobs such as peeling noodles from dough lumps and placing them into boiling water in many of China’s noodle shops. A cook doing that job earns about 40,000 yuan per year (about $6,400 per year). The noodle-making robot costs 10,000 yuan (about $1,600) and its price is continuing to drop. Inventor Cui Runquan said he has sold the robots to about 3,000 restaurants since 2010. China is on pace to become the world’s largest market for robotics. Recently, the China Machinery Industry Federation launched the Robot Industry Alliance, a nonprofit group focused on robotics research and development. In addition to noodle-making, newer industrial robots are expected to tackle tasks such as welding, painting, ironing, and packaging. Experts say robots will threaten Chinese jobs based on how quickly they are adopted compared to how fast the domestic labor force shrinks. China’s labor force declined in 2012 and could continue to do so as its population ages. (SlashDot)(Singularity Hub)(ZDNet)(MIT Technology Review)(Xinhua News Agency)

Java-Based Exploits Exploding

2013-05-17T13:35:41Z

New security research from Microsoft shows that Java attacks have increased sharply since the third quarter of 2011 making Java by far the biggest malware target. “The recently released Microsoft Security Intelligence Report said this is the case because Java is widely used across multiple platforms and has many possible vulnerabilities. The study said that attackers are focused on older, patched vulnerabilities in Java in order to take advantage of those systems that have not applied the fixes and are also trying to take advantage of vulnerabilities across multiple Java versions. The report (www.microsoft.com/security/sir/default.aspx) studied attacks between July 2012 and December 2012. (SlashDot)(ThreatPost)(Microsoft Security Intelligence Report)

Amazon Buys Display-Technology Firm, May Release a Color Kindle

2013-05-17T13:27:21Z

Amazon has purchased Liquavista, a Netherlands-based screen technology company. The company, which Samsung had owned, is best known for its electrowetting display technology, which uses colored oils over transparent electrodes atop a white substrate. The technology was originally developed at Philips Research in the Netherlands. Philips subsequently created Liquavista in 2006 to commercialize the technology; Samsung acquired the firm in late January 2011. The exact transaction price was not disclosed, but sources say it was less than $100 million. Industry-watchers expect the deal signals that Amazon plans to release a Kindle with a color display. (SlashDot)(The Digital Reader)(Forbes)(Reuters)(“Researchers Develop Paper Display,” Computer, April 2011 (Vol. 44, No. 4), pp. 18-21.)

[Conference News] Implementation Results for Intel’s CnC Programming Model

2013-05-10T21:05:43Z

Finding and expressing scalable parallelism is one of software development’s most difficult tasks. Intel’s Concurrent Collections (CnC) programming model aims to make this easier by specifying the semantically required dependencies between individual computation kernels. The CnC model has been shown conceptually to be deterministic and independent of the target platform, but it's lacked a concrete implementation to prove that its concepts could be exploited in practice.

At the 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2013), Intel researchers presented a paper describing a CnC implementation that exposes its benefits in a single model for shared and distributed memory. The paper includes experimental results to show the implementation’s competitive performance with existing parallel programming models.

“Concurrent Collections on Distributed Memory: Theory Put into Practice” and other papers from PDP 2013 are available to both IEEE Computer Society members and paid subscribers via the Computer Society Digital Library.

Hacker Network Steals Millions from ATMs

2013-05-11T17:38:57Z

A sophisticated, global hacking network committed a series of thefts from ATMs in two dozen different countries -- including the United States, Japan, Russia, Romania, Egypt, Colombia, Britain, Sri Lanka, and Canada -- that netted the criminals $45 million. Officials arrested seven people in the US in connection with the thefts, which a dozen law-enforcement agencies worldwide have been investigating. Law-enforcement officials said the network’s leaders deployed operatives operating in cells in 27 countries, including this group in the US. According to authorities, the hackers infiltrated the databases of two Middle Eastern banks. They then reportedly eliminated withdrawal limits on prepaid debit cards and created passwords for the accounts. They then allegedly loaded the stolen account information onto plastic cards—including even old hotel key cards or expired credit cards—with a magnetic stripe. The hackers then reportedly coordinated the use of these cards with the different cells or groups of “cashers” they set up to quickly withdraw funds from various ATMs. Those cells retrieving the cash took their cut, laundered the money, and sent it in the form of goods or cash to the network’s leaders. In the first operation, the hackers took $5 million. In the second operation, officials claim that within 10 hours, the hackers took $40 million in a series of 36,000 transactions. They made 40,500 withdrawals overall in the two different operations. Security experts say the problem is that many banks and merchants in the United States use cards with magnetic strips rather than those with chips that are difficult to duplicate. Investigators say the suspects from the US cell are US citizens originally from the Dominican Republic living in Yonkers, New York, and face charges of conspiracy and money laundering after allegedly stealing $2.8 million. (CNBC)(The Associated Press @ The Telegraph)(Reuters @ NBCNews)(The New York Times -- 1) (The New York Times -- 2)(The Los Angeles Times)

US Government Demands Removal of Online 3D-Gun Blueprints

2013-05-11T17:32:58Z

Defense Distributed, an open source, nonprofit firearms designer, has removed from its website blueprints for a gun that can be made with high-density plastic on an industrial 3D printer, after receiving pressure to do so from the US State Department. However, the plans reportedly have already been downloaded 100,000 times and are being hosted on other servers, including those belonging to The Pirate Bay file-sharing site. US officials indicate that publication of the blueprints so that they would be available internationally may have breached arms-control regulations regarding the shipping of weapons overseas. Defense Distributed claims it is in compliance with the US International Traffic in Arms Regulations. (BBC)(CNET)

Microsoft Issues a Fix for Windows Zero-Day Vulnerability

2013-05-11T18:02:30Z

Microsoft released a fix for a critical zero-day vulnerability in Internet Explorer 8 for all Windows versions being actively exploited. Some hackers took advantage of the flaw to launch watering-hole attacks on US government employees. The vulnerability is reportedly related to how the browser processes page layout information. In these attacks, hackers use website flaws to implant malware, which infects subsequent visitors. The Microsoft patch is a temporary solution until the company develops a security update that more thoroughly addresses the problem. (ZDNet)(Dark Reading)(Computing Now NewsFeed – 2013 May 6)(Microsoft Security Advisory)

Syria Restores Internet Connectivity

2013-05-11T18:00:17Z

The Syrian government restored Internet access in the country, ending a widespread, 19-hour outage The government blamed a problem with fiber optic cables. The country has been locked in a civil war that has lasted about two years. However, diplomats and human-rights organizations claim the Syrian military is responsible for this outage and one that lasted three days in November 2012, as part of an effort to stifle opposition forces. The Syrian Observatory for Human Rights, a UK-based group monitoring both sides in the civil war told Britain’s Daily Telegraph that the latest blackout was part of a government operation. Both sides in the ongoing civil war are using cyberattacks. US Ambassador to Syria Robert Ford said the Syrian government, with Iranian help, has been monitoring the Internet and using it to track, arrest, and kill opposition activists. (The Telegraph)(CNN)

Google Adds Languages, Features to Translation Application

2013-05-11T17:57:27Z

Google Translate for Android now has additional features that Google says will make the application’s smartphone version considerably more functional for travelers. Users can now save sentences of their choosing to the Google Translate’s Phrasebook that can be automatically synched with their device so the information can be readily accessed. The smartphone application can now also be used in offline mode. Google Translate for Android will now also support 16 new languages with the application’s camera input feature, including Catalan, Danish, Indonesian, Icelandic, Latvian, Slovenian, and Swedish. The feature allows users to point their camera at text that may be difficult to input using traditional keyboard methods, and provides an immediate translation. Google Translate for Android does not yet support all the languages that the Web application offers. (Lifehacker)(SlashGear)(The New Age)(The Official Google Translate Blog)

Internet Access Halts in Syria

2013-05-11T18:36:17Z

Internet traffic to and from Syria halted abruptly Tuesday. The Syrian government claims the disruption is the work of terrorists. Western security analysts claim the more likely explanation is that the Syrian government shut down the Internet as it did for three days in November 2012. David Belson, product line director for custom analytics and MCDN, Akamai Technologies, an Internet-content delivery service provider, told the BBC “the failure of a single optical cable [due to being cut] is unlikely to cause a complete internet outage for the country.” Observers assume the move is meant to subvert communication among opposition members who have fought a civil war against President Bashar al-Assad’s regime for two years. The government-owned Syrian Arab News Agency reported that the fault would be fixed “as soon as possible.” (The Washington Post)(BBC)(CloudFlare)

Microsoft Plans to Update Controversial Windows 8

2013-05-11T18:33:52Z

Microsoft executives are dropping hints about an update for the oft-criticized Windows 8 scheduled for later this year. Codenamed “Blue,” the update would enable the company’s software products to work on devices with smaller screens. Julie Larson-Green, Microsoft’s corporate vice president for Windows, said during the Wired Developer Conference that a public preview of the Windows 8 update will be available prior to the Microsoft developers’ conference in June. This Windows version has come under fire for its new user interface, which International Data Corp., a market research firm, says is significantly contributing to the PC market’s erosion. Although there have been rumors the impending update might address some of the rampant criticism, Larson-Green claims there will be no major changes. (CNET -- 1)(ZDNet)(CNET -- 2)(Windows Blog)

Decoy Password Strategy Could Protect Users

2013-05-11T18:30:47Z

Security researchers say mixing honeywords—decoy passwords—along with a real hashed password could prevent hackers from accessing websites and online services. Ari Juels, chief scientist at security firm RSA, and cryptographer and MIT professor Ronald Rivest say that storing multiple possible passwords on a system could not only provide security but also determine when an intrusion is occurring. Passwords are now considered a weak security strategy in part because users make poor password choices. This approach uses a honeychecker system with information about which passwords are legitimate and which are honeywords. This system stores randomly selected integers that point to the location where the password is stored to check whether a user is entering the correct password. If attackers accessed the honeychecker, they could not find the password. Their presence could be detected when they attempt to use one of the honeywords to access the system. (ZDNet)(The Honeywords Project)(MIT CSAIL)

Report: Cybercrime Rising in Caribbean, Latin America

2013-05-11T18:19:21Z

New research shows cybercrime is increasing in the Caribbean and Latin America, with the number of incidents reported in regional countries up by as much as 40 percent. The new report, in which security vendor Trend Micro , compared statistics from 2011 and 2012, for the Organization of American States (OAS), suggests the percentages may actually be low because of a lack of reporting or inadequate detection of problems. Critical infrastructure, industrial control systems, and financial institutions are frequent targets of attacks in the Caribbean and Latin America. Trend Micro contends the traditional organized crime syndicates are responsible for creating sophisticated cybercrime tools used in these attacks. The report also finds hacktivism, attacking sites in the name of promulgating a particular cause, on the rise; Mexico alone saw a 40 percent increase in such attacks, particularly during the presidential election campaign. Trend Micro worked on the study with the OAS’s Secretariat for Multidimensional Security. They invited all 32 OAS member states to participate, but only 20 responded. Despite the overall upward cybercrime trend, Chile and Columbia reportedly saw fewer attacks in 2012. (Dark Reading)(ZDNet)(Trend Micro)

US Senate Passes Internet Tax Bill

2013-05-08T13:49:09Z

By a vote of 69 to 27, the US Senate passed a bill that would enable sales taxes to be collected from Internet transactions, regardless of where in the United States the seller is based. The Marketplace Fairness Act, which received support from most Democrats and some Republicans, was opposed by hard-line conservatives, states without sales taxes, and antitax activists. The House of Representatives and President Barack Obama will have to approve the measure before it becomes law. Businesses with less than $1 million in online sales would be exempt. Currently, a state can require retailers to collect sales taxes only if it has a store or other physical presence in the state. This exempts Internet-only firms such as eBay and Amazon, which collect taxes only in states where they have offices or distribution centers. (SlashDot)(The Washington Post)(The Wall Street Journal)

Cray Releases Low-Cost Supercomputer

2013-05-08T13:45:22Z

Supercomputers typically sell for millions of dollars, but Cray Inc. is now offering a system for $500,000. The XC30-AC reportedly has the same software and processors as the XC-30, which sells for between $10 and $30 million. The system costs less because it is, in part, air cooled and does not use optical cables. For its new computer, Cray is targeting manufacturers from the Fortune 100 to 1,000, as well as pharmaceutical, oil and gas firms; smaller universities; government agencies; and research labs. Supercomputer sales are increasing with purchases up 30 percent in 2012, according to market-research firm IDC, as the hardware has become increasingly affordable for a greater number of organizations. Analysts expect the new Cray offering to attract first-time supercomputer buyers. (CNNMoney)(Information Week)

Study: Quality of Open Source and Proprietary Software Exceeds Industry Standards

2013-05-08T13:46:12Z

A new analysis of software integrity finds that the quality of both open source and proprietary software code surpasses industry quality standards. Coverity, a software-quality testing firm, conducted the analysis, based on code submitted to Coverity Scan, as it has been doing annually for the past seven years. The project originated in 2006 and was initially undertaken with the US Department of Homeland Security. Since then Coverity has analyzed almost 850 million lines of code from open source projects including Apache, Linux, and PHP and found an average defect density—defined as the number of defects found in every 1,000 lines of code—of 0.69. Coverity found that proprietary code’s defect density is 0.68. This is the second year both groups have had a defect density of less than 1.0, which is the industry standard, according to Coverity, which offered no additional details regarding the specific standard on which it bases the claim. (SlashDot)(Help Net Security)(Coverity Scan)

Microsoft Zero-Day Vulnerability Targets US Nuclear Researchers

2013-05-06T21:07:59Z

Microsoft has confirmed that a zero-day vulnerability exists in all versions of Internet Explorer 8, the company’s most popular browser. Security researchers say hackers have used the vulnerability in attacks against US Department of Energy nuclear-weapons scientists as well as US Department of Labor employees. The DoE’s Site Exposure Matrices website, used for information related to illnesses in employees who work in developing or disarming nuclear weapons, was specifically targeted in a watering-hole attack. In these attacks, hackers use website flaws to implant malware, which infects subsequent visitors. One security expert says these types of attacks will be successful unless users begin utilizing advanced browser protection software, such as virtual containers. Similar recent attacks have affected the Council on Foreign Relations think tank, NBC, and Capstone Turbine, a renewable energy firm, according to NextGov, a news and analysis website for US federal IT managers. Microsoft indicated it will issue a fix for its browser vulnerability but has not said when. The company’s next regularly scheduled security update will be on 14 May. (Computerworld)(ZDNet)(NextGov)