Privacy Issues of the W3C Geolocation API

The W3C's Geolocation API may rapidly standardize the transmission of location information on the Web, but, in dealing with such sensitive information, it also raises serious privacy concerns. We analyze the manner and extent to which the current W3C Geolocation API provides mechanisms to support privacy. We propose a privacy framework for the consideration of location information and use it to evaluate the W3C Geolocation API, both the specification and its use in the wild, and recommend some modifications to the API as a result of our analysis

Horizon Report 2009

El informe anual Horizon investiga, identifica y clasifica las tecnologías emergentes que los expertos que lo elaboran prevén tendrán un impacto en la enseñanza aprendizaje, la investigación y la producción creativa en el contexto educativo de la enseñanza superior. También estudia las tendencias clave que permiten prever el uso que se hará de las mismas y los retos que ellos suponen para las aulas. Cada edición identifica seis tecnologías o prácticas. Dos cuyo uso se prevé emergerá en un futuro inmediato (un año o menos) dos que emergerán a medio plazo (en dos o tres años) y dos previstas a más largo plazo (5 años)

Development and Impact of a Mobile Application that Allows Users to Track Their Location on an Educational Institution Campus

This research study aims to solve user location issues within the campus at an educational institution. As this campus comprises a large number of places and departments, users often get confused about how to reach a specific location. To address this problem, the “Ubícate” (“locate by yourself” in Spanish) application was developed following the CDIO methodology, which encompasses four creative process steps: conceive, design, implement, and operate. The “Ubícate” app provides users with information on places of interest such as schools, departments, halls, auditoriums, and sports venues, offering a visual reference of available locations through 360-degree images. The application also uses Google Maps to track user location within the campus, thus marking a reference route between university gates and the different locations available, in addition to providing information on university-sponsored events. In this paper, Section 2 describes the methodology and each of the stages that were addressed in the following sections. Section 3 presents the development itself and the data used for the purposes thereof. Next, Section 4 reveals the results from this study. Later, Section 5 assesses these results and the findings from the study. In Section 6, our conclusions are discussed. Finally, Section 7 lists topics for future research. The application did indeed contribute to improving the attendance of the academic community at events. Where the application was used, the first-hand perception of visitors and their own was very positive and enhanced the institutional image and sense of belonging. The contribution of this study consists of presenting a mobile application as a solution from three approaches: the technical aspects for application development, the business vision to satisfy the user’s needs, and the end user’s perception. All three approaches provide a technical reader, an entrepreneur, or an end user an overview of a scalable solution to different types of implementations in different types of businesses that require indoor location through the use of technologies in mobile applications. The mobile application performs the location indoors using the Google Maps platform, allowing a more agile development in implementing the APP

Prevention of sexually transmitted infections using mobile devices and ubiquitous computing

Advances in the development of information and communication technologies have facilitated social interrelationships, but also sexual contacts without appropriate preventive measures. In this paper, we will focus on situations in which people use applications to meet sexual partners nearby, which could increase their chance of exposure to sexually transmitted infections (STI). How can we encourage users to adopt preventive measures without violating their privacy or infringing on the character of the application

Mobile Security Education with Android Labs

The recent consumer explosion of smartphones and tablets has led to the proliferation of sensitive data stored on mobile devices and the cloud. In 2015, it was reported that 16.2% of files uploaded to file sharing services contain sensitive data (Skyhigh Networks). With users having so much personal data on their devices and the cloud, security becomes an imperative subject. Unfortunately, security is often overlooked or implemented improperly in many commercial devices. Knowledge of security fundamentals is essential to ensure users maintain their privacy and security. The work in this thesis designs and implements five labs for a potential undergraduate mobile security course with a focus on the Android operating system. The purpose of these labs is to give students practical experience and awareness in mobile security. In the first lab, I teach the basics of the Android Software Development Kit (SDK), such as accessing device hardware components and getting user permissions. The second lab teaches students how to inject malicious code into an existing app. The third lab teaches students how to implement a man in the middle attack using a WiFi Pineapple and setup an OAuth 2.0 session. In the fourth lab, students learn how to use Metasploit to run an exploit to get remote shell access to a device. In the fifth lab, I teach students how to get a device\u27s WiFi information and how to interface with the WiGLE.net and Google Maps Android APIs

Untangling the Web: A Guide To Internet Research

[Excerpt] Untangling the Web for 2007 is the twelfth edition of a book that started as a small handout. After more than a decade of researching, reading about, using, and trying to understand the Internet, I have come to accept that it is indeed a Sisyphean task. Sometimes I feel that all I can do is to push the rock up to the top of that virtual hill, then stand back and watch as it rolls down again. The Internet—in all its glory of information and misinformation—is for all practical purposes limitless, which of course means we can never know it all, see it all, understand it all, or even imagine all it is and will be. The more we know about the Internet, the more acute is our awareness of what we do not know. The Internet emphasizes the depth of our ignorance because our knowledge can only be finite, while our ignorance must necessarily be infinite. My hope is that Untangling the Web will add to our knowledge of the Internet and the world while recognizing that the rock will always roll back down the hill at the end of the day

Global Keyword Tracking in Archaeology

With the digitization of information, discoveries of events that previously took much human effort can now be found automatically. As example, we investigate several scandals in the art and antiques area that occurred between 1985 and 2005. In these events, the auction house Sotheby's was suspected to accept or even help the trading of smuggled paintings or antiques and the famous Getty Museum was exposed as purchasing antiques linked to treasure hunters. Discovering these secrets required the hard work of journalists, detectives, TV producers, and so on. The investigators were involved in illegal trades and various dangerous situations during their process of investigation. In comparison, today, with the access to digital version of large datasets, we are able to discover similar events using computationally-based techniques without the high risk and the cost of human labour needed before. This thesis introduces our tool for extracting keywords, terms and peoples' names from news articles, books, and marking them on an interactive map. We use the New York Times as the main resource, extract location terms in each news articles using Gazetteer, extract keywords and people's names in each articles and reduce ambiguity using WordNet. Combining them, we are able to form location-keyword-time pairs for each articles, and together they form a database. Then we build an interactive map based on the database. The map is able to show the relationships between location and keywords. The linkages between two or more people or locations is able to show on the map. The demonstration was able to perform similar detection process as those journalists did in the late 90s. The paper also introduces additional findings during the examination of the original datasets. As a news media outlet based in New York, we see evidence that the New York Times turns out to focus much more on New York City and the United States compared with other countries. With the extraction of locations inside the articles, we were able to see the distribution of articles mentioning different countries differs a lot when comparing the different continents. Our visualization also shows how locations names were changed throughout time, and how the terms people use describing a certain object changes

Investigation of open resolvers in DNS reflection DDoS attacks

Les serveurs du système de noms de domaine (DNS) représentent des éléments clés des réseaux Internet. Récemment, les attaquants ont profité de ce service pour lancer des attaques massives de déni de service distribué (DDoS) contre de nombreuses organisations [1, 2, 3]. Ceci est rendu possible grâce aux différentes vulnérabilités liées à la conception, implantation ou une mauvaise configuration du protocole DNS. Les attaques DDoS amplifiées par DNS sont des menaces dangereuses pour les utilisateurs d’Internet. L’objectif de cette étude est d’acquérir une meilleure compréhension des attaques DDoS amplifiées par DNS par l’investigation des résolveurs DNS ouverts à travers le monde. Dans ce contexte, il est nécessaire d’adopter une approche en phase précoce pour détecter les résolveurs DNS ouverts. Cela devient cruciale dans le processus d’enquête. Dans cette thèse, nous nous intéresserons à l’utilisation de résolveurs DNS ouverts dans les attaques DDoS amplifiées par DNS. Plus précisément, la principale contribution de notre recherche est la suivante : (i) Nous profilons les résolveurs DNS ouverts, ce qui implique : détecter les résolveurs ouverts, les localiser, détecter leur système d’exploitation et le type de leur connectivité, et étudier le but de leur vivacité. (ii) Nous effectuons une évaluation de la sécurité des résolveurs DNS ouverts et leurs vulnérabilités. De plus, nous discutons les fonctions de sécurité des résolveurs DNS, qui fournissent, par inadvertence, les attaquants par la capacité d’effectuer des attaques DDoS amplifiées par DNS. (iii) Nous présentons une analyse pour démontrer l’association des résolveurs DNS ouverts avec les menaces de logiciels malveillants.Domain Name System (DNS) servers represent key components of Internet networks. Recently, attackers have taken advantage of this service to launch massive Distributed Denial of Service (DDoS) attacks against numerous organizations [1, 2, 3]. This is made possible due to the various vulnerabilities linked to the design, implementation or misconfiguration of the DNS protocol. DNS reflection DDoS attacks are harmful threats for internet users. The goal of this study is to gain a better understanding of DNS reflection DDoS attacks through the investigation of DNS open resolvers around the world. In this context, there is a need for an early phase approach to detect and fingerprint DNS open resolvers. This becomes crucial in the process of investigation. In this thesis, we elaborate on the usage of DNS open resolvers in DNS reflection DDoS attacks. More precisely, the main contribution of our research is as follows : (i) We profile DNS open resolvers, which involves : detecting open resolvers, locating them, fingerprinting their operating system, fingerprinting the type of their connectivity, studying the purpose of their liveness. (ii) We conduct an assessment with respect to DNS open resolvers security and their vulnerabilities. Moreover, we discuss the security features that DNS open resolvers are equipped with, which inadvertently provide the capability to the attackers in order to carry out DNS reflection DDoS attacks. (iii) We present an analysis to demonstrate the association of DNS open resolvers with malware threats

StickARs: Effortlessly Apply a Fun Overlay to the Real World

Augmented Reality (AR) technology has slowly seeped into the mainstream as many mobile phone manufacturers increasingly develop hardware and software that enable AR applications. While the technology has been available for the past few years, there are not many compelling AR applications available on mobile phones. Additionally, shared AR experiences are difficult to produce and share. In order to create a compelling AR application, we created StickARs, an iOS application that makes it easy to create and share AR experiences , by placing virtual stickers anywhere in the world. StickARs allows users to choose from a predefined set of sticker templates, add text to stickers, and place them share them with the public, or with specific friends. Users can opt to add tags to their stickers, and subscribe to tags to see stickers that interest them. The greatest obstacle we faced was our ability to create a world-scale shared experience. We split the entire world into equal sized chunks called worldmaps that users instantiate the first time they place a sticker at that location. This allows users to only download the worldmaps they actually visit. However due to geolocation and AR limitations, the transition between worldmaps is not quite as smooth as we had originally hoped. We hope that in the future, Apple will extend the functionality of their AR Application Programming Interface to allow larger-scale experiences, which will allow us to create a smoother shared AR experience