Tuesday, April 26, 2011

What's the problem with Microsoft Word?

Microsoft logo
2008 HowStuffWorks
In 2006 and 2007, major security flaws were discovered in Microsoft Word.

In the last two months of 2006 alone, at least four major security flaws involving Microsoft Word were revealed. All are "zero day" flaws, meaning Microsoft and security organizations became aware of them at the same time that destructive hackers became aware of them. In many "zero day" cases, it's the exploitation of the flaw that brings it to the attention of the software companies; in other cases, the software companies announce the flaw and hackers immediately take advantage of it before a patch can be released. The strange thing about these Word problems is that almost eight weeks after the flaws were exploited by attackers, Microsoft still hadn't released a patch to fix it.

The first in this string of security holes popped up in early December 2006. This flaw affects computers running Word 2000, 2002 and 2003; Word 2004 for Mac and Word 2004 version X for Mac; Word Viewer 2003; and Microsoft Works 2004, 2005 and 2006. An attacker hides a piece of code in a Word document and puts it on a Web site for download or sends it out as an e-mail attachment. When a user downloads or opens the document, the attacker can remotely control the user's computer and execute a wide array of codes under the user's own login. This flaw came to Microsoft's attention on December 5, 2006, when people started reporting attacks.

A second, previously unknown flaw started to draw attention just a week later, this one also allowing a remote attacker to take control of a user's PC. According to Microsoft, though, this flaw exploits a entirely different security hole -- one that opens when Word undergoes a specific error. Apparently, this attack doesn't require a user to download a malicious file; it only requires the Word program on the person's computer to experience this error, at which point an attacker can enter the system and run malicious code. It affects Word 2000, 2002 and 2003 and Word Viewer 2003.

computer monitor
2008 HowStuffWorks
Software flaws can cause a lot problems through malicious hacking.

Security experts have attributed these two security holes to memory-corruption flaws
in the Word programs. Days later, a third flaw was revealed. This one also allows for remote access and control of a user's machine and has been tied to a buffer-overflow problem in Word. It came to public attention when a software expert called "Disco Johnny" published a proof-of-concept code on the Web that showed how a malicious hacker could exploit it, essentially providing instructions for running an attack in addition to showing Microsoft it has yet another problem.

And about five weeks later, on January 25, a fourth security hole became the subject of a malicious attack that begins when a user opens a rigged Word file sent as an e-mail attachment and has similar results to the previous attacks: Remote access and control of an entire system if it's running Word 2000. If the computer is running Word 2003 or Word XP, it only crashes the computer, as opposed to opening it up to remote control.

These four issues were only the latest in a series of attacks exploiting previously undiscovered flaws in a wide array of Microsoft Office applications. In September 2006, hackers started exploiting another zero-day Word flaw, this one only affecting Word 2000. A user had to open an infected Word 2000 document using the Word 2000 program in order for the virus, MDropper.Q, to drop a piece of code in the user's PC. This allowed a remote attacker to take control of the infected PC.

Microsoft recommends installing multiple layers of security software and updating the versions vigilantly. Beyond that, we can only use the wariness we've become accustomed to when opening attachments or downloading files, with an extension into a traditionally safer area: Now, if it ends with .doc, don't touch it unless you know and trust the source.

How facebook works

Some people are online social butterflies, deftly managing to interact with hundreds of Facebook friends on a daily basis. To them, there's no challenge in wading through a dozen event invites, wishing a happy birthday to the appropriate people, responding to Wall posts and making the next move in one of the thousands of games permeating the site.

For the rest of us, Facebook can sometimes seem a little overwhelming. If you've got a lot of Facebook friends, you may find it impossible to keep up with everything. And if your friends are the sensitive type, you may give off the impression that you don't care about them. There's nothing quite like finding out a friend is in a tizzy because you didn't respond to an invite on Facebook to go bowling.

Then there are the people who'd rather never get on Facebook at all. As our culture embraces social networking sites and services, people begin to feel the pressure to participate. That might not be a big deal to everyone but some people just aren't that comfortable sharing information with others. How do you balance being a contributing member of society with reluctance to join the online social world?

Learn More

The answer for people who have trouble maintaining a Facebook profile -- or those who wish to avoid it as much as possible -- may be Fakebook. It's a new Facebook application that responds to requests automatically and takes care of the everyday virtual housekeeping your profile needs to avoid drama. For people with a lot of Facebook friends, it takes the pressure out of responding to various invitations and status updates. For the shyer among us, Fakebook can provide the online interaction we're otherwise reluctant to do.

Thursday, April 21, 2011

Imagine driving to a job interview and realizing that you're lost. Your first impulse would probably be to call the business that's interviewing you and ask for directions. But if you're not sure where you are, getting directions can be tricky.

But suppose you use your phone for another purpose -- to figure out exactly where you are and to get turn-by-turn directions to where you're going. New phones that include global positioning system (GPS) receivers can do exactly that. With the right software or service package, they can pinpoint your location, give directions to your destination and provide information about nearby businesses.

In this article, we'll review the basics of how cell phones and GPS receivers work. Then, we'll explore how phones combine these technologies.

Cell Phone Basics
A cell phone is basically a sophisticated two-way radio. Towers and base stations, arranged into a network of cells, send and receive radio signals. Cell phones contain low-power transmitters that let them communicate with the nearest tower.

As you travel, you move from one cell to another, and the base stations monitor the strength of your phone's signal. As you move toward the edge of one cell, your signal strength diminishes. At the same time, the base station in the cell you are approaching notices the strength of your signal increasing. As you move from cell to cell, the towers transfer your signal from one to the next.


As you travel, the signal is passed from cell to cell.

Related Articles

­In remote locations, towers may be so far apart that they can't provide a consistent signal. Even when towers are plentiful, mountains and tall buildings can interrupt their signals. Sometimes people have a hard time getting clear signals inside buildings, especially in elevators.

­Even without a GPS receiver, your cell phone can provide information about your location. A computer can determine your location based on measurements of your signal, such as:

  • Its angle of approach to the cell towers
  • How long it takes the signal to travel to multiple towers
  • The strength of your signal when it reaches the towers

Monday, April 18, 2011

ROBOTICS

Want a robot to cook your dinner, do your homework, clean your house, or get your groceries? Robots already do a lot of the jobs that we humans don't want to do, can't do, or simply can't do as well as our robotic counterparts. In factories around the world, disembodied robot arms assemble cars, delicately place candies into their boxes, and do all sorts of tedious jobs. There are even a handful of robots on the market whose sole job is to vacuum the floor or mow your lawn.

Robots Image Gallery

The ASIMO Robot
Photo courtesy Honda Motor Co., Ltd.
Honda's ASIMO robot. See more pictures of robots.

Many of us grew up watching robots on TV and in the movies: There was Rosie, the Jetsons' robot housekeeper; Data, the android crewmember on "Star Trek: The Next Generation"; and of course, C3PO from "Star Wars." The robots being created today aren't quite in the realm of Data or C3PO, but there have been some amazing advances in their technology. Honda engineers have been busy creating the ASIMO robot for more than 20 years. In this article, we'll find out what makes ASIMO the most advanced humanoid robot to date.

Can't be Too Careful
It has been reported that because ASIMO's walk is so eerily human-like, Honda engineers felt compelled to visit the Vatican just to make sure it was okay to build a machine that was so much like a human. (The Vatican thought it was okay.)
The Honda Motor Company developed ASIMO, which stands for Advanced Step in Innovative Mobility, and is the most advanced humanoid robot in the world. According to the ASIMO Web site, ASIMO is the first humanoid robot in the world that can walk independently and climb stairs.

In addition to ASIMO's ability to walk like we do, it can also understand preprogrammed gestures and spoken commands, recognize voices and faces and interface with IC Communication cards. ASIMO has arms and hands so it can do things like turn on light switches, open doors, carry objects, and push carts.

Rather than building a robot that would be another toy, Honda wanted to create a robot that would be a helper for people -- a robot to help around the house, help the elderly, or help someone confined to a wheelchair or bed. ASIMO is 4 feet 3 inches (1.3 meters) high, which is just the right height to look eye to eye with someone seated in a chair. This allows ASIMO to do the jobs it was created to do without being too big and menacing. Often referred to as looking like a "kid wearing a spacesuit," ASIMO's friendly appearance and nonthreatening size work well for the purposes Honda had in mind when creating it.

ASIMO is 4 feet, 3 inches tall
Photo courtesy Honda Motor Co., Ltd.
ASIMO is just 4 feet 3 inches tall

ASIMO could also do jobs that are too dangerous for humans to do, like going into hazardous areas, disarming bombs, or fighting fires.

This looks like a job for ASIMO!
Although ASIMO isn't quite ready for prime time (there are still improvements that need to be made to allow it to fully function as Honda hopes), Honda has put ASIMO to work as a receptionist in its office in Wako in Saitama prefecture, just north of Tokyo. ASIMO spends its time greeting guests and leading them around the facilities.

To perform these duties, ASIMO has to be specially programmed to know the layout of the buildings and the appropriate way to greet visitors and answer questions.

If the thought of an army of ASIMO robots gives you the heebie jeebies, you can relax. Honda says that ASIMO will never be used in military applications.

Sunday, April 17, 2011

Pros and Cons

There are several ways a security system can verify that somebody is an authorized user. Most systems are looking for one or more of the following:
  • What you have
  • What you know
  • Who you are

To get past a "what you have" system, you need some sort of "token," such as an identity card with a magnetic strip. A "what you know" system requires you to enter a password or PIN number. A "who you are" system is actually looking for physical evidence that you are who you say you are -- a specific fingerprint, voice or iris pattern.

"Who you are" systems like fingerprint scanners have a number of advantages over other systems. To name few:

  • Physical attributes are much harder to fake than identity cards.
  • You can't guess a fingerprint pattern like you can guess a password.
  • You can't misplace your fingerprints, irises or voice like you can misplace an access card.
  • You can't forget your fingerprints like you can forget a password.

But, as effective as they are, they certainly aren't infallible, and they do have major disadvantages. Optical scanners can't always distinguish between a picture of a finger and the finger itself, and capacitive scanners can sometimes be fooled by a mold of a person's finger. If somebody did gain access to an authorized user's prints, the person could trick the scanner. In a worst-case scenario, a criminal could even cut off somebody's finger to get past a scanner security system. Some scanners have additional pulse and heat sensors to verify that the finger is alive, rather than a mold or dismembered digit, but even these systems can be fooled by a gelatin print mold over a real finger.

To make these security systems more reliable, it's a good idea to combine the biometric analysis with a conventional means of identification, such as a password (in the same way an ATM requires a bank card and a PIN code).

The real problem with biometric security systems is the extent of the damage when somebody does manage to steal the identity information. If you lose your credit card or accidentally tell somebody your secret PIN number, you can always get a new card or change your code. But if somebody steals your fingerprints, you're pretty much out of luck for the rest of your life. You wouldn't be able to use your prints as a form of identification until you were absolutely sure all copies had been destroyed. There's no way to get new prints.

But even with this significant drawback, fingerprint scanners and biometric systems are an excellent means of identification. In the future, they'll most likely become an integral part of most peoples' everyday life, just like keys, ATM cards and passwords are today.

Analysis

In movies and TV shows, automated fingerprint analyzers typically overlay various fingerprint images to find a match. In actuality, this isn't a particularly practical way to compare fingerprints. Smudging can make two images of the same print look pretty different, so you're rarely going to get a perfect image overlay. Additionally, using the entire fingerprint image in comparative analysis uses a lot of processing power, and it also makes it easier for somebody to steal the print data.

Instead, most fingerprint scanner systems compare specific features of the fingerprint, generally known as minutiae. Typically, human and computer investigators concentrate on points where ridge lines end or where one ridge splits into two (bifurcations). Collectively, these and other distinctive features are sometimes called typica.

The scanner system software uses highly complex algorithms to recognize and analyze these minutiae. The basic idea is to measure the relative positions of minutiae, in the same sort of way you might recognize a part of the sky by the relative positions of stars. A simple way to think of it is to consider the shapes that various minutia form when you draw straight lines between them. If two prints have three ridge endings and two bifurcations, forming the same shape with the same dimensions, there's a high likelihood they're from the same print.

To get a match, the scanner system doesn't have to find the entire pattern of minutiae both in the sample and in the print on record, it simply has to find a sufficient number of minutiae patterns that the two prints have in common. The exact number varies according to the scanner programming.

Capacitance Scanner

Like optical scanners, capacitive fingerprint scanners generate an image of the ridges and valleys that make up a fingerprint. But instead of sensing the print using light, the capacitors use electrical current.

The diagram below shows a simple capacitive sensor. The sensor is made up of one or more semiconductor chips containing an array of tiny cells. Each cell includes two conductor plates, covered with an insulating layer. The cells are tiny -- smaller than the width of one ridge on a finger.


The sensor is connected to an integrator, an electrical circuit built around an inverting operational amplifier. The inverting amplifier is a complex semiconductor device, made up of a number of transistors, resistors and capacitors. The details of its operation would fill an entire article by itself, but here we can get a general sense of what it does in a capacitance scanner. (Check out this page on operational amplifiers for a technical overview.)

Like any amplifier, an inverting amplifier alters one current based on fluctuations in another current (see How Amplifiers Work for more information). Specifically, the inverting amplifier alters a supply voltage. The alteration is based on the relative voltage of two inputs, called the inverting terminal and the non-inverting terminal. In this case, the non-inverting terminal is connected to ground, and the inverting terminal is connected to a reference voltage supply and a feedback loop. The feedback loop, which is also connected to the amplifier output, includes the two conductor plates.

As you may have recognized, the two conductor plates form a basic capacitor, an electrical component that can store up charge (see How Capacitors Work for details). The surface of the finger acts as a third capacitor plate, separated by the insulating layers in the cell structure and, in the case of the fingerprint valleys, a pocket of air. Varying the distance between the capacitor plates (by moving the finger closer or farther away from the conducting plates) changes the total capacitance (ability to store charge) of the capacitor. Because of this quality, the capacitor in a cell under a ridge will have a greater capacitance than the capacitor in a cell under a valley.

To scan the finger, the processor first closes the reset switch for each cell, which shorts each amplifier's input and output to "balance" the integrator circuit. When the switch is opened again, and the processor applies a fixed charge to the integrator circuit, the capacitors charge up. The capacitance of the feedback loop's capacitor affects the voltage at the amplifier's input, which affects the amplifier's output. Since the distance to the finger alters capacitance, a finger ridge will result in a different voltage output than a finger valley.

The scanner processor reads this voltage output and determines whether it is characteristic of a ridge or a valley. By reading every cell in the sensor array, the processor can put together an overall picture of the fingerprint, similar to the image captured by an optical scanner.

The main advantage of a capacitive scanner is that it requires a real fingerprint-type shape, rather than the pattern of light and dark that makes up the visual impression of a fingerprint. This makes the system harder to trick. Additionally, since they use a semiconductor chip rather than a CCD unit, capacitive scanners tend to be more compact that optical devices.

Optical Scanner

A fingerprint scanner system has two basic jobs -- it needs to get an image of your finger, and it needs to determine whether the pattern of ridges and valleys in this image matches the pattern of ridges and valleys in pre-scanned images.

There are a number of different ways to get an image of somebody's finger. The most common methods today are optical scanning and capacitance scanning. Both types come up with the same sort of image, but they go about it in completely different ways.

The heart of an optical scanner is a charge coupled device (CCD), the same light sensor system used in digital cameras and camcorders. A CCD is simply an array of light-sensitive diodes called photosites, which generate an electrical signal in response to light photons. Each photosite records a pixel, a tiny dot representing the light that hit that spot. Collectively, the light and dark pixels form an image of the scanned scene (a finger, for example). Typically, an analog-to-digital converter in the scanner system processes the analog electrical signal to generate a digital representation of this image. See How Digital Cameras Work for details on CCDs and digital conversion.

The scanning process starts when you place your finger on a glass plate, and a CCD camera takes a picture. The scanner has its own light source, typically an array of light-emitting diodes, to illuminate the ridges of the finger. The CCD system actually generates an inverted image of the finger, with darker areas representing more reflected light (the ridges of the finger) and lighter areas representing less reflected light (the valleys between the ridges).

Before comparing the print to stored data, the scanner processor makes sure the CCD has captured a clear image. It checks the average pixel darkness, or the overall values in a small sample, and rejects the scan if the overall image is too dark or too light. If the image is rejected, the scanner adjusts the exposure time to let in more or less light, and then tries the scan again.

If the darkness level is adequate, the scanner system goes on to check the image definition (how sharp the fingerprint scan is). The processor looks at several straight lines moving horizontally and vertically across the image. If the fingerprint image has good definition, a line running perpendicular to the ridges will be made up of alternating sections of very dark pixels and very light pixels.

If the processor finds that the image is crisp and properly exposed, it proceeds to comparing the captured fingerprint with fingerprints on file. We'll look at this process in a minute, but first we'll examine the other major scanning technology, the capacitive scanner.

FINGERPRINT BASICS

Fingerprints are one of those bizarre twists of nature. Human beings happen to have built-in, easily accessible identity cards. You have a unique design, which represents you alone, literally at your fingertips. How did this happen?

People have tiny ridges of skin on their fingers because this particular adaptation was extremely advantageous to the ancestors of the human species. The pattern of ridges and "valleys" on fingers make it easier for the hands to grip things, in the same way a rubber tread pattern helps a tire grip the road.


The other function of fingerprints is a total coincidence. Like everything in the human body, these ridges form through a combination of genetic and environmental factors. The genetic code in DNA gives general orders on the way skin should form in a developing fetus, but the specific way it forms is a result of random events. The exact position of the fetus in the womb at a particular moment and the exact composition and density of surrounding amniotic fluid decides how every individual ridge will form.

So, in addition to the countless things that go into deciding your genetic make-up in the first place, there are innumerable environmental factors influencing the formation of the fingers. Just like the weather conditions that form clouds or the coastline of a beach, the entire development process is so chaotic that, in the entire course of human history, there is virtually no chance of the same exact pattern forming twice.

Consequently, fingerprints are a unique marker for a person, even an identical twin. And while two prints may look basically the same at a glance, a trained investigator or an advanced piece of software can pick out clear, defined differences.

This is the basic idea of fingerprint analysis, in both crime investigation and security. A fingerprint scanner's job is to take the place of a human analyst by collecting a print sample and comparing it to other samples on record. In the next few sections, we'll find out how scanners do this.

HOW FINGERPRINT SCANNER WORKS


Photo courtesy Siemens
A computer mouse with a built-in fingerprint scanner
Computerized fingerprint scanners have been a mainstay of spy thrillers for decades, but up until recently, they were pretty exotic technology in the real world. In the past few years, however, scanners have started popping up all over the place -- in police stations, high-security buildings and even on PC keyboards. You can pick up a personal USB fingerprint scanner for less than $100, and just like that, your computer's guarded by high-tech biometrics. Instead of, or in addition to, a password, you need your distinctive print to gain access.

In this article, we'll examine the secrets behind this exciting development in law enforcement and identity security. We'll also see how fingerprint scanner security systems stack up to conventional password and identity card systems, and find out how they can fail.

GO TO THIS SITE!!!!!!!


Is the Internet Bad for Society and Relationships?

The Internet becomes a bigger part of our lives everyday, making life more convenient but also taking away the human element of living in t...