TriNetre - Archive for June 09, 2004
(no longer updated)
Mobisys 2004 has an interesting paper titled "DOMINO: A System to Detect Greedy Behavior in IEEE 802.11 Hotspots" (pdf file) which starts with a description of how the MAC level etiquette can be exploited by a 'cheater' to get a more than fair share of the bandwidth. It is an interesting paper that highlights a major issue in protocol development - how to take care of participants who do not behave well. A lot of designers still avoid the issue of non-conforming and cheating participants when designing systems and protocols, Those interested in this paper may also want to read the paper "Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP"
What is amazing is that even from such a technical paper on a fundamental issue with 802.11 protocol, the people at New Scientist were able to cook up an article titled "Greedy hackers can hog Wi-Fi bandwidth" and in the process drag Linux into the whole issue!
Greedy computer hackers using open-source Linux machines could steal more than their fair share of bandwidth from Wi-Fi hotspots, Swiss computer scientists have warned.
What can I say!
Recently Slashdot covered the CNN report on the use of one-time passwords for Internet baking applications of banks. While the Slashdot story calls it "one-time pad", in the strict sense of the word, they are one-time passcodes rather than one-time pad.
In Singapore, the access to internet banking facility of the three banks I used were all controlled by username and password (alphabetic, numberic or alphanumeric). However in ABN AMRO bank in Netherlands where I have an account now, the system uses a challenge-response scheme that is much more secure. You can see a demo here (Flash needed) . In short, when you enter your account number and PIN on the website form, it gives back a code. You then power up what the bank calls a e-dentifier (everyone who has Internet banking enabled, gets one), that asks for your PIN and the code generated by the website, when the card is inserted into the system and outputs a response code. This has to be enterd into the website. If this is the correct code, you are let in. Three consecutive unsuccessful tries locks down the account and one has to visit the local bank branch in person to re-activate the account.
The use of static password for something as sensitive as Internet banking will just not do. Considering that an average user uses Windows software, and will click "Yes" to almost everything, any system that should be designed for future should take for granted that key-logging software is installed on the user's machine. Thus the use of offline systems for authenticalion (whether it be for login or a transaction request) is going to be unavoidable. The use of systems like e-dentifier and SMS provides such offline mechanisms.
After a lot of deliberations on dates, a couple of us finally went down to World Press Photo Exhibition 2004 yesterday. As expected it was a powerful exhibition giving us a glimpse of the harsh realities around us. But what struck most of us (including me) was the absence of any picture that conveyed hope and optimism. War, genocide, poverty and disease were the main themes. Given the time we live in, this is not unexpected, but has hope vanished? Is it not news worthy at all?
While the photos were powerful and raw (what else can you say of a snap of an Afghan woman who had set herself on flames because she did not want to face her husband whose TV she had accidently short circuited), as we came out I agreed with the sentiments of one of my friends who said he felt like a vulture preying on the misfortunes of other.
More photos in the Amsterdam gallery.
