Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim's device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.Comment: A preliminary version of this paper appears in the Proceedings of ACM WiSec 2015. This is the full versio

Engaging students with mobile web2.0.

Abstract: Blogs, wikis, podcasting, and a host of free, easy to use web2.0 social software provide opportunities for creating social constructivist learning environments focusing upon student-centred learning and end-user content creation and sharing. Building on this foundation, mobile web2.0 has emerged as a viable teaching and learning environment, particularly with the advent of the iPhone (Nicknamed “the Jesus phone” (Goldman, 2007)) and iPod Touch. Today’s wifi enabled smartphones provide a ubiquitous connection to mobile web2.0 social software and the ability to view, create, edit and upload user generated web2.0 content. This paper outlines how mobile web2.0 technologies can be harnessed to enhance and engage students in a social constructivist learning environment. Examples of student and teaching staff feedback are drawn from several mobile learning trials that have been conducted at Unitec New Zealand. Additionally the presentation will involve mobile web2.0 demonstrations and facilitate a discussion around the practicalities of integrating and supporting mobile web2.0 within a tertiary course

Context-aware and automatic configuration of mobile devices in cloud-enabled ubiquitous computing

This is the author's accepted manuscript. The final publication is available at Springer via http://dx.doi.org/10.1007/s00779-013-0698-3. Copyright @ Springer-Verlag London 2013.Context-sensitive (or aware) applications have, in recent years, moved from the realm of possibilities to that of ubiquity. One exciting research area that is still very much in the realm of possibilities is that of cloud computing, and in this paper, we present our work, which explores the overlap of these two research areas. Accordingly, this paper explores the notion of cross-source integration of cloud-based, context-aware information in ubiquitous computing through a developed prototypical solution. Moreover, the described solution incorporates remote and automatic configuration of Android smartphones and advances the research area of context-aware information by harvesting information from several sources to build a rich foundation on which algorithms for context-aware computation can be based. Evaluation results show the viability of integrating and tailoring contextual information to provide users with timely, relevant and adapted application behaviour and content

Automating Self Evaluations for Software Engineers

Software engineers frequently compose self-evaluations as part of employee perfor- mance reviews. These evaluations can be a key artifact for assessing a software engineer’s contributions to a team and organization, and for generating useful feed- back. Self-evaluations can be challenging because a) they can be time consuming, b) individuals may forget about important contributions especially when the review period is long such as a full year, c) some individuals can consciously or unconsciously overstate their contributions, and d) some individuals can be reluctant to describe their contributions for fear of appearing too proud [24]. UNBIASED, Useful New Basic Interactive Automated Self-Evaluation Demon- stration, is a web application designed to tackle the challenges of performing a self- evaluation by automatically gathering data from existing third party APIs, perform- ing an analysis on the data, and generating a self-evaluation starting point for soft- ware engineers to build off. The third party APIs currently supported are: Bitbucket, Gmail, Google Calendar, GitHub, and JIRA

The Crescent Student Newspaper, November 12, 2008

Student newspaper of George Fox University.https://digitalcommons.georgefox.edu/the_crescent/2318/thumbnail.jp

Comparison of email browsers and their search capabilities

Paberkandjatel kirjade saatmine on tänapäeva maailmas end ammendamas ja suur osa inimeste vahelisest suhtlusest toimub elektroonse meedia vahendusel. Kirjade posti teel saatmine on pea täielikult asendunud elektroonposti ehk meilide saatmisega. Viimase aastakümne jooksul on see muutunud nii populaarseks, et inimeste elektroonpostkastid on üle kuhjatatud meilidega, millest soovitud kirja leidmine võib olla aeganõudev ja tülikas. Töö eesmärk on anda ülevaade olemasolevatest meili teenustest ja programmidest ning tuua välja nende plussid ja miinused. Selle tööga tahan aidata tavakasutajal leida sobivaid alternatiive oma harjumuspärase veebipõhise meili kliendi kasutamisel, mis potentsiaalselt säästaks kiires töökeskkonnas aega. Selleks võrdlesin kuut enim kasutuses olevat meili teenust ja programmi. Uurisin kui mugav ja lihtne on neid kasutada ning kõrvutasin otsingute parameetreid ja võimalusi, samuti hindasin erinevate kasutuslugude otsingute tulemusi. Võrreldavateks programmideks olid Outlook, Thunderbird, Opera ja Windows Live Mail ning veebipõhistest meili klientidest lisasin ka Gmaili ja Hotmaili. Eraldiseisvate tarkvarapõhiste ja veebipõhiste meili kleintide üheks suurimaks erinevuseks on Internetiühenduse vajadus meilide sirvimisel. Selle töö tulemuste põhjal võib soovitada Gmaili eelistamist Hotmailile, kuna Gmail on ühilduv ka teiste Google teenustega ja toetab IMAP’i, ning Gmaili kasutajaliides on Hotmailiga võrreldes intuitiivsem ja soliidsem. Kui kasutajatel on oluline varasemalt loetud meile lugeda ka ilma Interneti ühenduseta, on soovitatav alla laadida eraldiseisev tarkvarapõhine meili klient. Käesolevas töös võrreldud meili klientidest võib soovitada Thunderbirdi ja Outlooki, mis jätsid teistest võrreldud tarkavarapõhistest meili klientidest, otsingute tulemuste ja võimaluste põhjal, oluliselt parema üldmulje. Thunderbirdi plussideks on see, et erinevalt Outlookist on tegemist tasuta programmiga ja keskendutakse ainult meilide esitamisele. Samas kuigi Outlook on tasuline tarkvara, hõlmab ta endas lisaks meilide sirvimisele ka võimalust samas kohas koostada tegevusnimekirju ja talletada sündmusi isiklikku kalendrisse. Seega on tegemist programmiga, mis lisaks meilide lugemisele, aitab kasutajatel planeerida tegevusi ja koostada tegevusnimekirju.The way people interact with each other has changed drastically during last few decades. Daily face to face communication has decreased due to a chance to catch anyone anywhere on a phone or through electronic communication over different media devices like MSN messenger or Skype. Writing and sending regular mail is losing its purpose and disappearing, it has come down to being an old and traditional medium for sending postcards for Christmas and other celebrations. Whether it is communication in workplace or everyday private life most people have switched from regular mail to email. That kind of change in our way of communication is brought to us by our own comfortable and fast pace lives. Sending and communicating over emails has become so popular that without email account it is hard to cope in our society. Even my 75 year old grandma was compelled to create an email account and learn to use it. In work environment sending emails has become almost irreplaceable medium. It is usual that in a day one might have to read and answer to anywhere between ten to fifty emails which means that in one year the number of emails received is from 2000 to 10 000. As a college student I can find over 11000 emails from my mailbox and 10 000 of them I received in last three years. In 2010 I received little bit over 3400 emails and sent out 1500. The Institute of Computer Science in University of Tartu is involved in research of social networks and how to orienteer in email accounts with such capacity [1, 2]. The goal of my work is to compare and test the existing email clients search capabilities, qualities and ease of use. In the first section I will explain the differences of popular email forwarding protocols and how these effect users email browsing. Since there are hundreds of different email browsers, I have selected six most popular ones. In the second and third section I will give a short review of these email clients and compare their search capabilities and how fast and easy it is to use them because in working environment it is important that finding a certain letter or document from tens of thousands of other emails is fast and easy. In the fourth section I will put the different email clients to a test, to see which of these give us most accurate answers. With my work I hope to clarify if today’s search capabilities are sufficient and efficient to work with such capacities and to find out which email clients/browsers handle that the best

Finding the potential privacy gap in the Big Data Supply Chain

We live in a digitalized society. All the abundant data we produce, today called “Big Data” it changing our lives, and will soon disrupt it. Different studies and analysis argue about the advantages that Big Data comes in, not only as a competitive advantages for the data holders, but also in health, government, for the citizens and society as a whole. Nevertheless, Big Data comes with significant questions and poses challenges toward the privacy concern. So the path to Big Data gains is risky and also rocky. The decision we take over that data have a real human consequences such as ethical issues. Any data on social subjects raise privacy issues, and when the risk of misuse, intentionally or not, is huge it becomes an issue for the entire information society. In this research, we explore potential gaps among the participants and deduct various reasons of these breaches reaching thus to reasons for improving the interplay among them. The study reflects on the interplay between government, business and consumer in a Big Data Supply Chain. It shows an existing inconsistency partly because of the lack of enforcement government legacy that is also attributed to lack of educated public. Data holders lack transparency and consumers retain their trust toward them. The communication, barriers and legal rights between their interplay are vague, leading so to an important question toward ownership. When data sets are available to be gathered and used in analysis, there is a mist about its usage rights and requirements