Posts

The Linux Foundation’s demands to the University of Minnesota for its bad Linux patches security project


To say that Linux kernel developers are livid about a pair of University of Minnesota (UMN) graduate students playing at inserting security vulnerabilities into the Linux kernel for the purposes of a research paper “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” is a gross understatement. 

Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch and well-known for being the most generous and easy-going of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been “obviously submitted in bad faith with the intent to cause problems.” 

The researchers, Qiushi Wu and Aditya Pakki, and their graduate advisor, Kangjie Lu, an assistant professor in the UMN Computer Science & Engineering Department of the UMN then apologized for their Linux kernel blunders. 

That’s not enough. The Linux kernel developers and the Linux Foundation’s Technical Advisory Board via the Linux Foundation have asked UMN to take specific actions before their people will be allowed to contribute to Linux again. We now know what these demands are.

The letter, from Mike Dolan, the Linux Foundation’s senior VP and general manager of projects, begins:

It has come to our attention that some University of Minnesota (U of MN) researchers appear to have been experimenting on people, specifically the Linux kernel developers, without those developers’ prior knowledge or consent. This was done by proposing known-vulnerable code into the widely-used Linux kernel as part of the work “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”; other papers and projects may be involved as well. It appears these experiments were performed without prior review or approval by an Institutional Review Board (IRB), which is not acceptable, and an after-the-fact IRB review approved this experimentation on those who did not consent.

This is correct. Wu and Lu opened their note to the UMN IRB by stating: “We recently finished a work that studies the patching process…

Source…

Understanding Android Malware Families (UAMF) – The Foundations (Article 1)

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Android malware is one of the most serious threats on the internet and has witnessed an unprecedented upsurge in recent years. There is a need to share the fundamental understanding of behaviour exhibited by prominent Android malware categories and families.

With the increasing number of Android users and devices, the number of exploits on Android apps is also on the rise. It has affected all sectors of business including healthcare, finance, transportation, government, and e-commerce. As the current trend continues, mobile attackers are developing more sophisticated intrusions by deploying malicious apps and malware. The Understanding Android malware families (UAMF) series features six articles that will highlight the main Android malware categories and families. Readers will learn about the threats’ behaviour and examine mitigation procedures. The articles in this series present the results of our Android malware analysis research project, which has been underway since 2017. We generated four datasets AAGM2017, AndMAl2017, InvestAndMAl2019, and AndMal2020 and related academic articles along with proposed Android malware detection and characterization solutions and techniques. 

Introduction

Android is the leading operating system that provides high-performance platforms for users. According to a report published by the International Data Corporation (IDC), Android is dominating the market with 85 per cent of the global market share in the last quarter of 2020. Further, the annual shipment rate of Android is expected to grow by 150 million units in 2021. With the surging demand for Android in the global market, the challenges associated with Android malware are also escalating at a rapid rate. According to a report, as of March 2020, the total number of Android malware samples amounted to 482,579 per month [3]. These statistics are alarming and draw our attention to the menace accompanied by the legacy of the Android operating system. These malware samples can create havoc, if not detected.

Android malware is malicious software that targets smartphone devices running Android operating systems. It is like other malware samples that run on desktops or laptop computers. Android…

Source…

Mobile Electronic Commerce: Foundations, Development, and Applications (Industrial and Systems Engineering Series)


Mobile Electronic Commerce: Foundations, Development, and Applications (Industrial and Systems Engineering Series)

Mobile commerce transactions continue to soar, driven largely by the ever-increasing adoption and use of smartphones and tablets. The use of this technology gives consumers the flexibility to shop whenever and wherever they want. Mobile Electronic Commerce: Foundations, Development, and Applications addresses the role of industry, academia, scientists, engineers, professionals, and students in developing innovative new mobile commerce technologies and systems to further improve the consumer exp

Indoor Location-Based Services: Prerequisites and Foundations


Indoor Location-Based Services: Prerequisites and Foundations

This book delivers concise coverage of classical methods and new developments related to indoor location-based services. It collects results from isolated domains including geometry, artificial intelligence, statistics, cooperative algorithms, and distributed systems and thus provides an accessible overview of fundamental methods and technologies. This makes it an ideal starting point for researchers, students, and professionals in pervasive computing.Location-based services are services using t