Common data encryption problem in www.nettiauto.com

A regular wednesday morning starts, but with a small inspiration from yesturday evening. Being a car enthusiastic the best place to check out the price and sale status of cars is probably the www.nettiauto.com page. After checking it around for a while I noticed this interesting “Login” button. Simultaneously noticing that we’re not using HTTPS. Well, of course one needs to know what could it be possible?

In general using HTTP for transmitting username and plain-text passwords from browser to web server is bad, bad design. Though we can argue that someone needs to listen for the traffic and it requires quite an effort. Yes it does, in some level. Man-in-the-Middle -attacks are pretty easy nowdays to do if attacker is just in the same network than the victim is.

At this point I would like to point out that this experiment was conducted on my personal machine only affecting me.
Back to the Nettiauto. After a little time and effort, in the Wireshark was displayed very tempting HTTP POST -message to /login.php. Please see the clip of a screenshot below.

Screen Shot 2016-09-22 at 11.36.22

If you did not yet guess, I used “testiuser” as username and “researcherpassword” as the password. The impact in this case for getting userID stolen is quite minimal, but very unfortunate however. Since we all are using different passwords for all the services, we dont have to worry if one web page can leaks our password, right?

Text by an anonymous information security researcher

Posted in research | Leave a comment

Greetings from Salamanca, Spain

This fall I had the privilege to give a keynote at El Congreso Español de Informática (CEDI) or Spanish Conference of Computer Science, a collection of national Spanish conferences where  some 500 Spanish-speaking computer and software educators from different universities meet annually.

As you can expect, my topic was my pet research on Liquid Software, or how software should be built for numerous computers that we today use, instead of a single computer defining our whole digital identity.

Picture1

The actual talk combined elements (as well as slides) from numerous articles I, Kari Systä, and Antero Taivalsaari have been working on over the few last years, building on the assumption that  even today we have more computers we really want to manage, and that in the future the computers will be even less like pets that have names and identity, but more like cattle that are anonymous, only separable from each other by id numbers.

Picture2

The culmination point in the presentation was in the Liquid Manifesto  that lays a foundation for a true liquid computing environment.

Picture3

As a place for academic tourism, I have rarely visited a place nicer than Salamanca (although in Summer it is probably too hot for my taste). While I was considering where should I confess my many sins in the hotel – an old monastery, each room being a monk’s chamber – outside waited an old city originating from Roman times, a cathedral from medieval times (and apparently with a famous frog — if you find it, it brings you good luck), and more places with excellent Spanish wines and tapas than one can possibly visit in a trip shorter than several weeks. What more can one wish for from a conference location?

Picture4

Text: prof. Tommi Mikkonen

Posted in conference | Leave a comment

Empirical Software Engineering International Week

Last week I attended some of the events held during Empirical Software Engineering International Week (or ESEIW for short) in Ciudad Real, Spain. While the weather was scorching the week provided lots of interesting topics and discussions related to empirical software engineering research.

IMG_4289

The venue was the Escuela Superior de Informatica (the Computer Science Faculty) at the University of Castilla-La Mancha in Ciudad Real

The week was spent in somewhat warmer weather than back home in Finland

The week was spent in somewhat warmer weather than back home in Finland

 

 

 

 

 

 

 

 

 

The main reason for participating was to attend the 14th International Advanced School of Empirical Software Engineering (IASESE’16). During the one day advances school we had lively discussion on the different aspects of designing and conducting software engineering surveys. A key set of best practices from target population to questionnaire design were also among the topics. We also designed a preliminary survey for two different topics. My group’s topic was related to DevOps and thus might actually see the light of thorough research in the future.

Joe Peppard starting his keynote

Joe Peppard starting his keynote

After the advanced school, the 10th International Symposium on Empirical Software Engineering and Measurement (ESEM’16) took place. The two keynotes of the symposium were by Claes Wohlin, who spoke about “Is there a future for empirical software engineering?” and by Joe Peppard on “What about the benefits? A missing perspective in software engineering”.

IMG_4265

Breakfast, Spanish style

The most interesting session in the research track was Continuous Delivery which also had a nice participation from Finnish research colleagues. The research presented there is naturally of interest to us here in Pervasive Computing as one major research theme is modern software engineering approaches such as the practice of continuous delivery and the DevOps phenomenon.

Ciudad Real itself was located a convenient train trip away from the capital Madrid. The conference also gave us an opportunity to have a short visit in Toledo. What a lovely old town.

IMG_4290

Sunset in Toledo

 

 

Posted in conference | Leave a comment

The newest *PhD* acquisition to the team

Moi kaikille!

I am César, THE newest (maybe?) PhD student starting at Pervasive Computing, I am working on side-channel analysis and cryptography under Prof. Billy. My objective is to break things and then fix them – hopefully, security related.

I finished my Master’s degree last month at Aalto University, I had a lot of fun doing research so here I am.

Doing research.

Doing research.

I enjoy sauna, food, hiking and dancing – mostly latin/african music but you might find me at zumba, west-coast swing, forro, etc.

Puhun suomea huonosti but I appreciate if you say simple phrases in Finnish to me 🙂

I sit in TH209 so if you are interested to know more about the topic, collaborate, have a chat, get lunch, go to the sauna, gym, dancing or hiking don’t hesitate to come in.

Nähdään!

-César

Posted in Uncategorized | Leave a comment

EMBC conference 2016

In my last post, I promised that you’ll hear more from our project as ideas are set and now need to get implemented.

welcome

Welcome to Disney World EMBC conference! The place where dreams come true!

So here we are, Emre and I went to present some of the results to the 38th conference on Engineering in Medicine and Biology (EMBC 2016) which took place in Orlando, Florida. We had 3 papers there and I’m going to introduce them here for you.

DSC_0770 DSC_0759

The first one was written by Vafa Andalibi, Timo Aaltonen, myself and Tommi Mikkonen and is about our Simulator of neuronal cultures plated on Multi-Electrode Arrays (MEAs). This article is really interesting as it joins together simulations of neuronal morphologies plated in-vitro on MEAs with the dynamic electrophysiological behaviour of the network. I believe this is why it initially got selected for being in the final for the student competition. Unfortunately, Vafa couldn’t attend due to Visa issues.

DSC_0765

Presentation of our SiMEA paper at Disney World resort

The second one is about learning with in-silico and in-vitro neuronal networks. The title is “From in-silico Spiking Neural Nteworks to in-vitro Neural Networks” and was written by myself, Vafa Andalibi, Kerstin Lenk, Tommi Mikkonen and Jari Hyttinen. This article presents the use of a computational model of the dynamic activity of neuronal networks plated on MEA for applying stimulations on it. Learning is tested on the ability to recognize handwirtten digits and sort images into 10 classes (0 to 9).

For the third, Emre was presenting his new method for detecting synchrony between parts of a network according to their correlated amount of bursts. This method is based on a metric built on the concept of spectral entropy.

DSC_0983 DSC_0727

There was also plenty of other interesting papers and talks. In particular, I had the honour to see a talk from Kenneth Ford who is the CEO of Florida Institute for Human and Machine Cognition. He presented their robot who had just ranked 2nd at the DARPA Robotics Challenge and had a talk against the imitation game as an analogy between flying and imitating how birds flap their wings.

DSC_0773 DSC_0780

Otherwise, the extra-curricular activities were great and if you go as a group to a conference I can warmly recommend airbnb as we rented a TUT house (Perv., Elt. BioMediTech and ASE departments were represented) for the same price as a room for one in an hotel.

DSC_0711 DSC_0744 DSC_0865DSC_0877

Posted in conference, research | Leave a comment

Finnish-Chinese “Forest Course” of Design (Platinum course) took place in Pirkanmaa

On Friday the 5th of August we saw cool demos in Kampusareena Auditorium. The day was the last day of Platinum course’s first workshop week, and the day consisted of hard work (coding), restorative work (Brainwolk walking meeting in TUT Campus area) and presentations. Platinum is a Finnish-Chinese T3 course where the multidisciplinary and multicultural groups of students design and implement apps/games that utilize the restorative effects of nature. During the first workhop week, Finnish and Chinese students were doing their design work in a little bit different ways, i.e. hiking, experiencing and coding in nature places such as forests (Helvetinjärvi, Halimasjärvi) and near-distant nature areas (Pyynikinpuisto, TUT Campus area). This workshop week was just a part of the whole course. The course will continue with the second workshop in October in Hong Kong, where the students will get inspiration for their designs from the Chinese gardens. Yet, there will be two workshops in Finland and Beijing next year. From TUT, we have two students participating the course, and one supervisor (which is me).

The students were clearly impressed and touched about the Finnish nature and forest experiences, and the inspiration could be seen on the demos seen on Friday. For example, the tiny details from the nature were utilized on one game demo, where the player took a role of an ant and experienced everything from the ant’s perspective. The elements from nature were visible in all demos and what is most important, the students’ willingness to protect nature and animals was discussed a lot during the week – it seems that the Finnish nature had a message and many stories for the students, both for Chinese and Finnish, and they got those. Thank you, participating students, supervisors, other stakeholders, and thank you, nature!

Students enjoying and getting inspiration from the beautiful nature in Helvetinjärvi national park

Students enjoying and getting inspiration from the beautiful nature in Helvetinjärvi national park

A Pokemon caught in the forest?

A Pokemon caught in the forest?

Yes exactly, there was a Pokemon found on the trails in the middle of nowhere!

Yes exactly, there was a Pokemon found on the trails in the middle of nowhere!

Preparation of demos in Kampusareena auditorium

Preparation of demos in Kampusareena auditorium

Reflecting on the learnings from the course in Brainwolk walking meeting in TUT Campus area

Reflecting on the learnings from the course in Brainwolk walking meeting in TUT Campus area

One of the presentations with beautiful graphics - a game "journey of the fairy"

One of the presentations with beautiful graphics – a game “journey of the fairy”

On behalf of the Platinum people,
Aino A.

Posted in events, news, teaching | Leave a comment

New researcher and MEA conference

Moro!

I am the new guy in the department (not that new actually, started early this year but did not meet you guys so much since I am working in TAYS campus).
I am working in Bio-integrated SW project, thus if you see me in Titetotalo, most probably I am hanging around Francois’s office.

I am originally biological signal processing guy who mostly experienced on signal processing and analyzing of microelectrode array signals acquired from neuronal cultures (biological neuronal networks).

Here are some photos from the last conference meeting: MEA meeting 2016, Reutlingen, Germany. We went there together with Francois, 3 weeks ago.

BioMediTech crew at MEA Meeting 2016 – TUT was well represented

I am the one in the center (You can see a big group of green shirt workers in the background). No, they are not working for me; or do they? they just don’t know about it 🙂 Ok, in real, we decided to go there as whole BioMediTech in same color t-shirts. This photo taken more than 5 times where we missed some people in each picture out.

Hope to meet you guys in coming opportunities! Have a sunny summer for what there is left at least!

-Emre Kapucu

Posted in conference, new employee, news, research | Leave a comment

New Research Assistant – Liquid Software

I am a new Research Assistant working on Liquid Software applications, based on an open source framework XD-MVC.

pic

I am also a student in TUT (until I finish my thesis, hopefully soon). I started my Master’s in Information Technology in 2013. I have enjoyed meeting people from different countries, have been to a lot of interesting courses (including almost all of the Finnish courses and can manage to speak broken Finnish).

I worked with HCL Technologies in Chennai, India as a Software Engineer from 2004 to 2013. I had lots of fun, learned a lot about technologies, made some good friends, traveled a lot for work, went to trips and treks with my team and friends, wanted a big change and ended up here, in Finland.

In my free time, I read books, learn about plants and plant them when I can.

– Sivamani Thangavel

Posted in new employee, summer job | Leave a comment

Hyvää kesää! Happy Summer!

Kiitos kaikille blogaajille jäätelöpallon kera! Thank you and a scoop of ice cream to all bloggers!

Kiitos kaikille blogaajille jäätelöpallon kera!
A thank you and a scoop of ice cream to all bloggers!

Päivät alkavat taas pidetä, mutta sitä ennen on aika nauttia kesälaitumista. Tietotekniikan laitos aloittelee kesälomiaan juhannukselta ja toivottaa grillaillen kaikille oikein aurinkoista ja mukavaa kesää ja tietenkin rauhallista juhannusta.

Laitoksen henkilökunta näyttämässä grillausmallia juhannukseen Department staff showing for midsummer how to barbecue

Laitoksen henkilökunta näyttämässä grillausmallia juhannukseen
Department staff showing for midsummer how to barbecue

The days are starting to get longer again but first it is time to enjoy the summer time. The staff of Pervasive computing is starting the summer holiday season from Midsummer and wishes everybody a very sunny and nice summer and, of course, a peaceful midsummer!

Posted in wishes | Leave a comment

Kesätyöntekijöitä JOHOH:n hommissa

Kuten monet muutkin kollegamme, myös opintojakson Johdatus ohjelmointiin (JOHOH) henkilökunta on viimeaikoina pohdiskeltu erilaisten LMS:ien (eli Learning Management Systeemien) syvintä olemusta. Olisi opiskelijan kannalta kiva, jos kaikki kurssit olisivat samassa systeemissä. Toisaalta sekin olisi opiskelijan kannalta kiva, että se systeemi (oli mikä tahansa), toimisi hyvin tarkoituksessaan… Ja ainakaan meidän korvaamme ei vielä ole kantautunut sitä systeemiä, joka toimisi kaikissa tapauksissa parhaiten.

Tähän ongelmaan haetaan ratkaisua Villen diplomityössä, jonka otsikkona tällä hetkellä on ”Web-pohjainen opetusjärjestelmä ohjelmoinnin johdantokurssille”. Alkutilanne kurssilla on opetusjärjestelmän kannalta seuraavanlainen: Moodlea käytetään viikkoharjoitusten palauttamiseen ja automaattiseen tarkistamiseen sekä Repolaista vastaavasti isompien harjoitustöiden osalta. Lisäksi kurssilla on nettisivut, jotka sisältävät tehtävänannot ja esimerkiksi kooditorion päivystysajat. Opiskelijat koodaavat ohjelmansa JetBrains:in PyCharm IDE:llä ja palauttavat tehtävän perinteisesti fileuploadauksella järjestelmiin.

Uusi järjestelmä rakentuu Aallon lahjan maailmalle, A+:n, ympärille. Kysessä on LMS, jonka suunnittelussa on käytetty ajatusmallina heikon sidonnan periaatetta, minkä ansiosta sihen pystyy suhteellisen helposti liittämään muita järjestelmiä. A+ ei sisällä automaattista arvostelujärjestelmää, vaan tämän hoitaa saman lafkan tekemä Mooc-grader. Assareiden helpotukseksi on harkittu myös rubriikkipohjaiseen arvosteluun nojaavan Rubyric:in liittämistä järjestelmään. Oppilaille lisähelpotuksena aiomme liittää heidän käyttämänsä PyCharm IDE:n oman pluginimme avulla järjestelmään siten, että oppilas pystyy nappia painamalla lähettää suoraan IDE:stä tehtävänsä tarkastettavaksi. Tätä varten tosin joudutaan A+:n rajapintaa puukottamaan, joten laitamme kerralla senkin kokonaan uusiksi käyttäen apuna uljasta Django REST Framework:ia.

Kesätyön raskaan raatajat kumpikin omassa hommassaan

Kesätyön raskaan raatajat kumpikin omassa hommassaan

Tällä hetkellä työ on edennyt siihen pisteeseen, että A+:n ja Mooc-graderin combo on beta-testattavana JOHOH:n ensimmäisellä (mutta toivottavasti ei viimeisellä!) kesätoteutuksella, jonka puikoissa on Pietari.

Päätimme keväällä ennen kesäkurssin alkua, että yritetään jossain välissä kesäkurssilaisten kanssa testata uutta järjestelmää, jonka vielä silloin oli tarkoitus tulla varsinaisesti käyttöön vasta syksyn toteutukselle. Toisin kuitenkin kävi ja otimme ekasta päivästä lähtien Plussan kurssialustaksi. Tästä seurasi sekä hyvää että pahaa: kurssin alkaessa vasta ekan viikon tehtävät oli siirretty Plussaan ja tähän asti onkin nyt nelisen viikkoa saatu kaikki valmiiksi ehkä hieman myöhemmin kuin olisi ollut kaikista optimaalisinta. Toisaalta taas järjestelmä on osoittautunut… TOSI HYVÄKSI!

Plussa sopii erinomaisesti JOHOH:iin. Opiskelijat näkevät toimivasta, kivasta näkymästä tehtävät, omat pistesaldonsa, dedikset yms. ja voivat tosi helposti edetä kurssilla. Tämä tietysti toimii JOHOH:ssa erittäin mainiosti, koska kurssilla tehdään verrattain iso määrä sekä pieniä että isoja ohjelmointitöitä ja paneudutaan itsenäisesti materiaaliin. Plussan ehdottomana hyvänä puolena on vielä se, että mainittujen ympärille rakennettujen arvostelumekanismien yms. seurauksena opiskelija saa palautuksen jälkeen arvostelun ja mahdollisen vikaraportin nokkansa eteen välittömästi.

Opettajan näkökulmasta Plussa on myös erittäin jouheva: opiskelijoiden palautuksia on suht näppärä katsoa ja arvostella ja erilaiset jatkoajat ja lisäpalautukset on helppo laittaa. Järjestelmä ei kuitenkaan vielä ole täysin valmis, esimerkiksi kokonaisarvosanojen muodostus ja erilaisten pistetilanteiden tulkinta vaatii vielä omaa skriptinkirjoitusnäppäryyttä ellei halua tulkita mieletöntä matriisia.

Kun IDE-plugari ja muut lisätoiminnot valmistuvat, Plussa sopii sekä JOHOH:n että toivottavasti monen muun kurssin tarpeisiin hyvin tai sitäkin paremmin.

Teksti: Ville Vironmäki ja Pietari Heino, kuva: Essi

Posted in new employee, news, summer job, teaching | Tagged , , | Leave a comment