Group members: Zekai Gao (zg6), Chengyang Wu (cw36)

CyanogenMod Account is a new “Find My iPhone” style service created by CyanogenMod. We are going to dig into this new feature to see whether this service preserve user privacy.

Here is the link for our blogs: cmaccount.blogs.rice.edu

The proposal of our project is : http://cmaccount.blogs.rice.edu/2013/10/05/comp-527-final-project-proposal/

Here are other references:

1. http://www.cyanogenmod.org/blog/cyanogenmod-account

2. http://www.cyanogenmod.org/docs/privacy

3. https://github.com/CyanogenMod/android_packages_apps_CMAccount

Thank you.

Country-by-Country Twitter view
Rima Tanash, Jack Reed & Tanmay Thakur

Background

On January 27, 2012, Twitter announced their new “Country-Withheld Content” policy in which Twitter will withhold tweets rather than deleting them in accordance with the policy of the country from which the tweet originated. Twitter currently has the capability to block a tweet from one country while leaving it visible to others [5].

Scope

In this Project, our goal is to examine a test Twitter account to see if the home news feed displays the same tweets when viewed from different counties. In this way, we can examine to what extent content is being withheld in these countries.

Steps

Proposed steps to tackle this problem:

1) Identify countries of interest to based on the availability of PlanetLab or Tor exit nodes

Current PlanetLabs: Country
The Hebrew University of Jerusalem: Israel/Palestine
Tel Aviv Yaffo College: Israel/Palestine
Jordan University of Science and Technology: Jordan
American University in Cairo: Egypt
American University of Beirut: Lebanon
PlanetLab: India, UK

2) Create a PlanetLab account for our test
3) Create a test Twitter account and follow chatty users from target countries
4) Use some python-twitter wrapper around Twitter API (for example, https://github.com/bear/python-twitter) to write a program to fetch most recent posted public Twitter statuses of the targeted users using their Twitter “name” or “id”
5) Run the program from different parts of the world preferably using PlanetLab to fetch news feed periodically and as often as allowed by Twitter
6) Compare the results to see if there are any mismatches

Project Deliverables

1) Examine current Twitter “Country-Withheld Content” policy to understand how it works
2) Examine any available related work in the literature
3) Write a program that fetches public tweets
4) Compare output and summarize results using tables or graphs
5) Produce final written report and references

References:

[1] http://finance.fortune.cnn.com/2011/12/19/saudi-prince-deal-for-twitter-is-a-secondary/
[2] http://venturebeat.com/2012/11/05/new-twitter-policy-for-offending-tweets-withhold-instead-of-remove/
[3] http://en.wikipedia.org/wiki/Cease-and-desist
[4] http://en.wikipedia.org/wiki/Chilling_Effects
[5] https://blog.twitter.com/2012/tweets-still-must-flow
[6] http://www.freedomhouse.org/report/freedom-net/2012/jordan
[7] http://www.policymic.com/articles/13746/sopa-arab-style-jordan-websites-go-dark-to-protest-internet-censorship-bill
[8] http://www.freedomhouse.org/report/freedom-net/2012/bahrain
[9] http://www.chillingeffects.org/weather.cgi?WeatherID=784
[10] http://surveillance.rsf.org/en/bahrain/

Hi Class,

Our Main Project web page is here with Research Proposal posted.

Feel free to visit it and leave comments.

Good Luck with every group!

~ Yijie & Cen Chen

Comp527 Final Project Proposal: Rich Text Editor Research

Group: Jun Zheng (jz33) Chao Zhang (cz15)

Category: Thing to go others

Date: Oct 05 2013

Introduction

Rich text, also known as formatted text, as opposed to plain text, has styling information beyond the minimum of semantic elements: colours, styles (boldface, italic), sizes, and special features (such as hyperlinks)[1]. A general rich text editor providing an interface to edit rich text which presents a “What You See is What You Get” (WYSIWYG)[2] tenet, can save the programmer from trivial HTML/CSS tags, attributes, values debugs. Several major browser manufactures provide free rich text editor

service, i.e., Google Forms[3], but not in open source regime. Moreover, several simple open source rich text editors lack of precaution to potential HTML riskes and maliciousness. Then our group’s work is to reseach on existed open source projects of rich text editor, analyze specifically on their possible security issues and try make improvement.

Strategy

First we will research on forms of potential HTML/CSS attacks and harms. Currenct topics are:

1. Invalid, unknown or deprecated(at HTML5) tags;

2. Inline styles;

3. Sandbox;

4. CSS risks

More paper research and thinking is needed at this step.

Second, we shall look into previous contributors and their commits in rich text editors. Currently we will look into source codes from GitHub, a social coding host site for open source programming languages like Javascript, Python, PHP, etc. Our starting source code is on projects “xing/wysihtml5″[4] and “mindmup/bootstrap-wysiwyg”[5]. But later we might move to other projectes. We will make comments on each projects about protection mechanism and potential risks. We might generate limited malicious codes to test tolerance and durability of each projects

Third, we will combine previous inspirations to create our own rich text editor, with functions like converting input to html view and vice versa. Hopefully, our editor will also be capable to convert a risky html file into a safety htm file based on our judge.

References & Links:

[1] http://en.wikipedia.org/wiki/Formatted_text

[2] http://en.wikipedia.org/wiki/WYSIWYG

[3] https://chrome.google.com/webstore/detail/google-forms/jhknlonaankphkkbnmjdlpehkinifeeg

[4] https://github.com/xing/wysihtml5

[5] https://github.com/mindmup/bootstrap-wysiwyg

The Chinese cyberspies behind the widely publicized espionage campaign against The New York Times have added Dropbox and WordPress to their bag of spear-phishing tricks.

The gang, known in security circles as the DNSCalc gang, has been using the Dropbox file-sharing service for roughly the last 12 months as a mechanism for spreading malware, said Rich Barger, chief intelligence officer for Cyber Squared. While the tactic is not unique, it remains under the radar of most companies.

“I wouldn’t say it’s new,” Barger said on Thursday. “It’s just something that folks aren’t really looking at or paying attention to.”

The gang is among 20 Chinese groups identified this year by security firm Mandiant thatlaunch cyberattacks against specific targets to steal information. In this case, the DNSCalc gang was going after intelligence on individuals or governments connected to the Association of Southeast Asian Nations. ASEAN is a non-governmental group that represents the economic interests of ten Southeast Asian countries.

The attackers did not exploit any vulnerabilities in Dropbox or WordPress. Instead, they opened up accounts and used the services as their infrastructure.

The gang uploaded on Dropbox a .ZIP file disguised as belonging to the U.S.-ASEAN Business Council. Messages were then sent to people or agencies that would be interested in the draft of a Council policy paper. The paper, contained in the file, was legitimate, Barger said.

When a recipient unzipped the file, they saw another one that read, “2013 US-ASEAN Business Council Statement of Priorities in the US-ASEAN Commercial Relationship Policy Paper.scr.” Clicking on the file would launch a PDF of the document, while themalware opened a backdoor to the host computer in the background.

Once the door was open, the malware would reach out to a WordPress blog created by the attackers. The blog contained the IP address and port number of a command and control server that the malware would contact to download additional software.

Dropbox is a desirable launchpad for attacks because employees of many companies use the service. “People trust Dropbox,” Barger said.

For companies that have the service on its whitelist, malware moving from Dropbox won’t be detected by a company’s intrusion prevention systems. Also, communications to a WordPress blog would likely go undetected, since it would not be unusual behavior for any employee with access to the Internet.

In general, no single technology can prevent such an attack. “There’s no silver bullet here,” Barger said.

The best prevention is for security pros to share information when their companies are targeted, so others can draw up their own defense, he said.

In The New York Times attack, the hackers penetrated the newspaper’s systems in September 2012 and worked undercover for four months before they were detected.

The attack coincided with an investigative piece the newspaper published on business dealings that reaped several billion dollars for the relatives of Wen Jiabao, China’s prime minister.

As you are hopefully now aware, you are expected to do a dry run of your presentation with me at least a week before your presentation.  (If your presentation is less than a week from now, let me know, and we will work something out.)  I wanted to share with you what we will be doing and what I will expect.

First, we will spend some time discussing the paper.  I will be looking to see how well you understand it, and can offer some clarifications if there are areas where you have questions.

Secondly, we will run through your slides.  I will not ask you to make the entire presentation, but ask you to explain the logic behind it (what are you trying to do – what is the structure,) and then ask you to walk through your slides one by one and explain to me how you are going to give the lecture.

If you have any questions, let me know.  My e-mail is tbook at rice.

1. http://arstechnica.com/tech-policy/2013/09/fbi-admits-what-we-all-suspected-it-compromised-freedom-hostings-tor-servers/

2. http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/

On September 12, 2013, an FBI official announced that the agency gained control over a server owned by Freedom Hosting (FH), which operates over Tor anonymity network.

Tor provides anonymity for its users for a good cause. For example, human rights activists may use the network to practice online freedom of speech. However, Tor was found to attract malicious users who need to conceal their identity.

In the case of FH, it was reported to the FBI that FH was allowing hosting child pornography, a federal felony in the United States. The FBI decided to investigate. As part of its plan, malware was used to track down the identity of their target. The FBI attack exploited a Firefox bug to embed arbitrary JavaScript code in iframe to collect users’ data to reveal the identity of the targeted Tor user. The embedded code collects the victim’s MAC address and Windows hostname, and sends it to a Command-and-Control (C&C) server.

On August 4, other benign sites hosted by FH reported receiving error messages with embedded hidden code containing IP addresses. These messages were traced back to the Verizon data center in Northern VA. The servers were used as the malware’s C&C. The packets were sent over HTTP, which made it easier for the researchers to analyze (good for us!!).  The exploit targeted Firefox 17 ESR.  17 ESR is the version of Firefox that enables the Tor Browser Bundle.

One independent researcher made an interesting observation. Due to the lack of sophistication of the JavaScript code and its functionality, it is very likely this exploit was crafted by the Government (interesting!)

I believe that although the FBI was trying to track down the identity of a pedophile, they also invaded the privacy of other non-suspect users and served Malware using public ISP provider’s infrastructure, is this lawful?

If you read Dan’s post, you know that you are now required to practice with me before your presentation. I will generally be available for an hour after class, but please e-mail me (tbook at rice) to schedule a time. I can help you with the technical details of your presentations and make some suggestions for improvements. You may still want to make use of Rice’s resources to work on your presentation skills.