I attended EdTech 2008 which was on yesterday and today in Dundalk Institute of Technology. A former Masters student of mine, Ronan Carty, presented a paper based on his dissertation entitled "Oideachas 2.0" concerning the use of Web 2.0 by Irish computer science lecturers, and future directions of Web 2.0. Ronan researched a range of learning and teaching theories, and surveyed over 100 lecturers on their views and usage of Web 2.0. Following this he developed a prototype learning environment that incorporates Web 2.0 Tools.
Ronan's presentation was really splendid, he took the audience through his research, discussing in detail some of the responses that the lecturers had given, he did this with great insight, critial thinking, and humour. After that he showed them his prototype learning environment which clearly wowed them. His system is built in AJAX and allows both teachers and students to configure their learning environment dynamically, excellent stuff! His disseration can be found here;
http://www.comp.dit.ie/dgordon/Research/research8.html
There were other excellent papers presented at EdTech 2008, including; Crystal Fulton's paper on blogging as a facilitator in the learning process, Namgyal Damdul's paper on developing an eXtreme Programming (XP) game, and Seamus Fox's paper on the measurement of the quality and efficiency of online teaching.
Conferences are also an opportunity to catch up with old friends, it was my great pleasure to meet up with Tim Savage who is in the Department of Computer Science in Trinity. I knew Tim as a lecturer on Trinity's Masters in IT in Education which I also taught on for a while, plus we both worked on a report commissioned by the Information Society Commission entitled "Innovation in Learning in the Information Society: A Comparative International Study". Tim is doing some really interesting research into Blended learning, and his work on Immersive Virtual Worlds looks very great.
Friday, May 23, 2008
Friday, May 2, 2008
Hackers and Hollywood
I submitted a paper to the 3rd International Conference for Internet Technology and Secured Transactions and I'm pleased to say I just got word back that the paper has been excepted. The paper, whose title is "Hackers and Hollywood: Considering Filmic Cyberthreats in Security Risk Analysis", looks at the way computer hackers (really "crackers") are portrayed in movies to determine if that influnces the security policies of organisations.
Defining what exactly constitutes a hacker movie was the first step. To do this a large number of potential candidates movies were reviewed to determine whether or not they were truly hacker movies, and using Grounded Theory a series of guidelines were developed to explain why some movies were added and others rejected.
More detail here;
http://thetech.pbwiki.com/HackersandHollywood
Defining what exactly constitutes a hacker movie was the first step. To do this a large number of potential candidates movies were reviewed to determine whether or not they were truly hacker movies, and using Grounded Theory a series of guidelines were developed to explain why some movies were added and others rejected.
- GUIDELINE 1: A hacker movie must feature a hacker in it, it is insufficient to have an act of hacking in the movie, the hacker must appear in the movie as being either the main protagonist or antagonist, or at least be a well-developed character with their hacking being integral to the plot.
- GUIDELINE 2: Not all cyberpunk movies can automatically be considered as hacker movies.
- GUIDELINE 3: Only Science Fiction movies that feature recognisable hacker scenarios should be included.
- GUIDELINE 4: No animated movies will be considered.
- GUIDELINE 5: No movies will be considered whose sole focus is cryptography.
- GUIDELINE 6: No hacker documentaries will be considered, only movies.
More detail here;
http://thetech.pbwiki.com/HackersandHollywood
Wednesday, April 30, 2008
The Search for Creativity
Creativity is something I am very interested in; What is it? How does it work? Is it different from Innovation? Can we teach it? Are some people better than others at it? How does it relate to programming and design?
I have been investigating concepts related to creativity and have been looking for sources of creativity. Part of this research has been working on projects with Edward de Bono to look at models of supporting creativity, e.g. The Six Thinking Hats, the CoRT techniques and Po. Some of the other models of creativity I have investigated, experimented and published research additionally with the following techniques; MindMaps, BrainStorming, Analogies, and Freewriting.
But models are not enough, to help identify sources of creativity I am looking at a range of people in a range of fields to determine if there is any commonality. I'm looking at inventors and their approaches. I'm looking at how literature is created, and how different authors have created their works. I am also looking at comics to see if their writing differs significantly from books. By looking at Television writing I am hoping to see if writing for a medium that is not only visually-based, but action-based, is significantly different. Finally I am looking at RPGs to see if they can aid creativity.
http://www.comp.dit.ie/dgordon/Research/research11.html
I have been investigating concepts related to creativity and have been looking for sources of creativity. Part of this research has been working on projects with Edward de Bono to look at models of supporting creativity, e.g. The Six Thinking Hats, the CoRT techniques and Po. Some of the other models of creativity I have investigated, experimented and published research additionally with the following techniques; MindMaps, BrainStorming, Analogies, and Freewriting.
But models are not enough, to help identify sources of creativity I am looking at a range of people in a range of fields to determine if there is any commonality. I'm looking at inventors and their approaches. I'm looking at how literature is created, and how different authors have created their works. I am also looking at comics to see if their writing differs significantly from books. By looking at Television writing I am hoping to see if writing for a medium that is not only visually-based, but action-based, is significantly different. Finally I am looking at RPGs to see if they can aid creativity.
http://www.comp.dit.ie/dgordon/Research/research11.html
Thursday, March 20, 2008
A Vision of Students Today
A short video summarizing some of the most important characteristics of students today - how they learn, what they need to learn, their goals, hopes, dreams, what their lives will be like, and what kinds of changes they will experience in their lifetime. Created by Michael Wesch in collaboration with 200 students at Kansas State University.
Wow !
Wow !
Monday, March 3, 2008
IBTS and the Missing Laptop - Part III
I e-mailed the IBTS regarding this decrypt-recrypt thing, here's what I got;
from "Corrigan, Arthur"
to Damian Gordon
cc "Bowler, Patrick"
date 3 Mar 2008 08:20
subject Missing laptop
mailed-by ibts.ie
Dear Damian
Thank you for your recent email in relation to the stolen laptop in New York. The reason the information on the laptop was re-encrypted because the IBTS had provided the New York Blood Centre the data on an 256 bit encrypted CD and in order to load this information on to laptop they had to decrypt it and then re-encrypt it again as it was being loaded on to the laptop.
I hope this answers your query.
Regards,
Arthur Corrigan
IT Manager
Irish Blood Transfusion Service
This really didn't make a lot of sense to me, so I sent this;
from Damian Gordon
to "Corrigan, Arthur"
date 3 Mar 2008 16:18
subject Re: Missing laptop
mailed-by gmail.com
Hi,
I'm not trying to be difficult about this but I really don't understand what you mean, in your original email you said "The reason the information on the laptop was re-encrypted because the IBTS had provided the New York Blood Centre the data on an 256 bit encrypted CD and in order to load this information on to laptop they had to decrypt it and then re-encrypt it again as it was being loaded on to the laptop."
I don't get this, why couldn't they upload encrypted data onto the laptop from the CD, that shouldn't be an issue. You can copy encrypted data from a CD to a laptop without having to do this.
My main problem is this, if the CD was decrypted and re-encrypted "on the fly" or whatever, the reality is that as it was being decryped the results of that information had to be stored somewhere, to allow that data to be again re-encrypted, and chances are that it was on the virtual memory of the laptop. So even if there was never a file created on the laptop with the decrypted data, the decryption process had to happen somewhere, and if it was on the virtual memory of the laptop, then it could be possible to restore that data.
I would be very grateful if you could check for me exactly why the data had to be de-crypted and re-encrypted, and is it possible that it occured in the virtual memory of the laptop,
many thanks,
Damian
Looking forward to their response.
from "Corrigan, Arthur"
to Damian Gordon
cc "Bowler, Patrick"
date 3 Mar 2008 08:20
subject Missing laptop
mailed-by ibts.ie
Dear Damian
Thank you for your recent email in relation to the stolen laptop in New York. The reason the information on the laptop was re-encrypted because the IBTS had provided the New York Blood Centre the data on an 256 bit encrypted CD and in order to load this information on to laptop they had to decrypt it and then re-encrypt it again as it was being loaded on to the laptop.
I hope this answers your query.
Regards,
Arthur Corrigan
IT Manager
Irish Blood Transfusion Service
This really didn't make a lot of sense to me, so I sent this;
from Damian Gordon
to "Corrigan, Arthur"
date 3 Mar 2008 16:18
subject Re: Missing laptop
mailed-by gmail.com
Hi,
I'm not trying to be difficult about this but I really don't understand what you mean, in your original email you said "The reason the information on the laptop was re-encrypted because the IBTS had provided the New York Blood Centre the data on an 256 bit encrypted CD and in order to load this information on to laptop they had to decrypt it and then re-encrypt it again as it was being loaded on to the laptop."
I don't get this, why couldn't they upload encrypted data onto the laptop from the CD, that shouldn't be an issue. You can copy encrypted data from a CD to a laptop without having to do this.
My main problem is this, if the CD was decrypted and re-encrypted "on the fly" or whatever, the reality is that as it was being decryped the results of that information had to be stored somewhere, to allow that data to be again re-encrypted, and chances are that it was on the virtual memory of the laptop. So even if there was never a file created on the laptop with the decrypted data, the decryption process had to happen somewhere, and if it was on the virtual memory of the laptop, then it could be possible to restore that data.
I would be very grateful if you could check for me exactly why the data had to be de-crypted and re-encrypted, and is it possible that it occured in the virtual memory of the laptop,
many thanks,
Damian
Looking forward to their response.
Friday, February 29, 2008
IBTS and the Missing Laptop - Part II
Just got a call from the IBTS to clarify the situation for me, here are the highlights;
1. Yes, the IBTS knew that employees of the NYBC would be transporting confidential data around on their laptops and bringing it home because they would have to be working late hours on this project, so the IBTS gave them permission to do this.
2. Regarding the statement in the letter that the data was "encrypted with a 256-bit encryption. Those records were transferred to a laptop and re-encrypted with a 256-bit encryption", the person I spoke to said that he didn't really know what that actually meant, maybe the data was unencrypted at some stage and maybe it wasn't, but was happy to confirm that, yes, the laptop mentioned here was the laptop that was stolen.
3. I queried the statement "To our knowledge there has never been a report of a successful attack against a 256-bit encryption key.", he said that this was what he had been told by the NYBC and they took care of all of the encryption stuff.
1. Yes, the IBTS knew that employees of the NYBC would be transporting confidential data around on their laptops and bringing it home because they would have to be working late hours on this project, so the IBTS gave them permission to do this.
2. Regarding the statement in the letter that the data was "encrypted with a 256-bit encryption. Those records were transferred to a laptop and re-encrypted with a 256-bit encryption", the person I spoke to said that he didn't really know what that actually meant, maybe the data was unencrypted at some stage and maybe it wasn't, but was happy to confirm that, yes, the laptop mentioned here was the laptop that was stolen.
3. I queried the statement "To our knowledge there has never been a report of a successful attack against a 256-bit encryption key.", he said that this was what he had been told by the NYBC and they took care of all of the encryption stuff.
IBTS and the Missing Laptop - Part I
Yipee, it's like winning the lottery, I just got a letter today from the Irish Blood Transfusion Service (IBTS) telling me some great news, my donor records were one of the 171,324 records that were on a laptop that was stolen in New York on 7th February.
I have been dreading this since the news broke on the Irish news over a week ago. In summary, the IBTS 'loaned' this data to the New York Blood Centre (NYBC) because they need a new data extraction tool that it seems no one in Ireland is capable of developing. An employee of the NYBC had a copy of the data on his laptop and lost the laptop when he was mugged outside of his home. I find it very disturbing that anyone was allowed to bring this type of data outside of a secure centre.
According to the letter I recieved the data was "encrypted with a 256-bit encryption. Those records were transfered to a laptop and re-encrypted with a 256-bit encryption", what does this mean? Why did it have to be re-encrypted, does this mean at some point the data was unencrypted? If it was, and this is the same laptop that was stolen, that is bad news.
But it's OK because according to the CEO of the IBTS Andrew Kelly the chances of decrypting this information is "extremely remote", and, "To our knowledge there has never been a report of a successful attack against a 256-bit encryption key." He should read the 2005 paper "Cache Attacks and Countermeasures: the Case of AES" by Dag Arne Osvik, Adi Shamir and Eran Tromer who in one attack managed to obtain an entire 256-bit AES key after 65 milliseconds.
The Data Protection Commissioner undertook an investigation of the entire event and according to their conclusions the IBTS seems to have done everything correctly, well that's alright so.
I have been dreading this since the news broke on the Irish news over a week ago. In summary, the IBTS 'loaned' this data to the New York Blood Centre (NYBC) because they need a new data extraction tool that it seems no one in Ireland is capable of developing. An employee of the NYBC had a copy of the data on his laptop and lost the laptop when he was mugged outside of his home. I find it very disturbing that anyone was allowed to bring this type of data outside of a secure centre.
According to the letter I recieved the data was "encrypted with a 256-bit encryption. Those records were transfered to a laptop and re-encrypted with a 256-bit encryption", what does this mean? Why did it have to be re-encrypted, does this mean at some point the data was unencrypted? If it was, and this is the same laptop that was stolen, that is bad news.
But it's OK because according to the CEO of the IBTS Andrew Kelly the chances of decrypting this information is "extremely remote", and, "To our knowledge there has never been a report of a successful attack against a 256-bit encryption key." He should read the 2005 paper "Cache Attacks and Countermeasures: the Case of AES" by Dag Arne Osvik, Adi Shamir and Eran Tromer who in one attack managed to obtain an entire 256-bit AES key after 65 milliseconds.
The Data Protection Commissioner undertook an investigation of the entire event and according to their conclusions the IBTS seems to have done everything correctly, well that's alright so.
Subscribe to:
Posts (Atom)