An Art Movement Where Art and Science Collide

Science Friday is one of my favorite podcasts. Filled with tons of interesting interviews, comments and reports, this is my weekend "radio station."

In last Friday's, one of the topics was "An Art Movement Where Art and Science Collide". The part that totally baffled me was the two tunes: one is from Johann Sebastian Bach, the other was generated by an algorithm written by David Cope (here are some other references: 1, 2 and 3). While I had no difficulties identifying the "real" Bach (I know that piece for having played it), I was really impressed by the likeliness to the real works composed by JS Bach.

I do remember, in the olden days of the 3DO, a program by Sid Meyer called "CPU Bach" that composed works "in the style of" Johann Sebastian Bach. This one goes a step further. I wonder if we should create a "Music Turing Test"

There is another piece on David Cope's page on the USCS website. Though I think that some parts would not have been written that way by Johann Sebastian Bach, the end result is truly amazing.

PoS malware found targeting mass transit systems

The security company InterCrawler has found a new malware strain that targets the mass transit systems. 

In the report, a sentence had both my eyebrows raise and my jaw drops at the same time:

"During ongoing POS investigations it was determined that some operators of Point-of-Sale terminals have violated their own internal security policies and have used their terminal for gaming and WEB-surfing, checking e-mail from it, sending messages, and viewing social networks. These cases have a common denominator of weak passwords and logins, many of which were found in large 3rd party credential exposures."

This is almost 2015 and still people operating Point of Sale terminals are still incapable of realizing that their actions can result in huge dramas. 

To the casual reader, this seems bad. To the security-minded, this is even worse: it means that these machines had, at the time of the breach, access to the Internet. This is in direct violation of the PCI standard. 

Last Friday was Black Friday in the US, I am curious to discover how many retailers were compromised and how much money cybercriminals have amassed.

AstroViz - Colliding Galaxies

If you don’t know the American Museum of Natural History, now is a good tile to be acquainted. Among the various research groups, the astrophysics, led by Dr. Tyson, is very active and has a nice visualization section.

Recently, it has been announced that our galaxy and the Andromeda galaxy are on a collision course. While this is the correct technical term, the result will mostly be that the 2 galaxies will go through each other a few times before merging and creating an even bigger galaxy. That is in about 3 billion years.

The AMNH has created a nice visual on this: Colliding Galaxies. Enjoy!

About the Home Depot breach

This is no longer a secret: the Home Depot was breached and scoundrels potentially got their hands on credit card information. What is unteresting, though, is the bits of information that were published by Ars Technica: 

• The security architect had a run in with justice for sabotaging the network of his previous company 
• Some of the personal in the security team left due to management ignoring their warnings and recommendations

The former may be okay: I am about giving second chances to people, however hiring someone who demonstrated a lack of maturity in handling a previous departure as the main  security guy for a big store that handles millions of credit card transactions per day is risky at the very least.

The second seems like a broken record: security people got really concerned, put the info in an email or a document, and are ignored by the management, who claims that security people cry "wolf!" all the time. That may be, but given the number of recent breaches, I think that we don't hear enough "wolf."

However, what concerned me the most is a sentence in the NY Times article: 

Thefts like the one that hit Home Depot — and an ever-growing list of merchants including Albertsons, UPS, Goodwill Industries and Neiman Marcus — are the “new normal,” according to security experts.

That is really saying that your banker can claim it's normal for a bank to be rob but they won't close the vault, or for a surgeon that people die all the time, but they won't clean their hands before surgery. 

 It doesn't have to be this way, but security costs (a bit) and requires people to adapt. The latter is, from what I have encountered so far, the hardest: people don't change their habits even when these very habits are dangerous and putting the company and its clients at risk. How many times have I heard "yeah, these servers absolutely need access to the Internet" or "yeah, all our employees can connect to the network any time of the day or the night, any day."

I have read estimates that put the Target breach at around $1 billion for the resulting credit card fraud. The one from the Home Depot is slated around $3 billion. All together, that's $4 billion, roughly the cost of a team of 50 security specialists for more than 50 years. It would be naive to say that this is a victimless crime: in the long run, we all pay for the mistakes of these companies, through higher credit card bills and premiums.

Randall Munroe's "What If" book is out!

Randall Munroe - the talented author of xkcd  - launched his book "What If?: Serious Scientific Answers to Absurd Hypothetical Questions." Check it out!

Neil deGrasse Tyson Is Worried That Humans Are Too Stupid For Aliens

Ah! This is a must see: Dr deGrasse Tyson putting our modern technology in perspective - Just for giggles, in his scale, Voyager 1 would be about 280 miles away. Assuming Dr. Tyson sits in his office at the Hayden Planetarium, that is past Boston, MA. I also love the part where he explains why Dr. Stephen Hawking is a bit concerned by aliens landing on earth.







There is also the possibility that the first aliens to visit us will be either microbes or viruses, something small and that will sustain the cold and vacuum of space for a long time without dying.

Google, Asian telecoms to build $300 mln undersea cable to Japan

Interesting: Google has come to an agreement with five Asian telecom operators to deploy an undersea cable between the US and Asia.