THE CREATIVE LEGACY

The two-qubit processor is the first solid-state quantum processor that resembles a conventional computer chip and is able to run simple algorithms. (Credit: Blake Johnson/Yale University)

ScienceDaily (June 29, 2009) — A team led by Yale University researchers has created the first rudimentary solid-state quantum processor, taking another step toward the ultimate dream of building a quantum computer.

They also used the two-qubit superconducting chip to successfully run elementary algorithms, such as a simple search, demonstrating quantum information processing with a solid-state device for the first time. Their findings will appear in Nature'sadvanced online publication June 28.

"Our processor can perform only a few very simple quantum tasks, which have been demonstrated before with single nuclei, atoms and photons," said Robert Schoelkopf, the William A. Norton Professor of Applied Physics & Physics at Yale. "But this is the first time they've been possible in an all-electronic device that looks and feels much more like a regular microprocessor."

Working with a group of theoretical physicists led by Steven Girvin, the Eugene Higgins Professor of Physics & Applied Physics, the team manufactured two artificial atoms, or qubits ("quantum bits"). While each qubit is actually made up of a billion aluminum atoms, it acts like a single atom that can occupy two different energy states. These states are akin to the "1" and "0" or "on" and "off" states of regular bits employed by conventional computers. Because of the counterintuitive laws of quantum mechanics, however, scientists can effectively place qubits in a "superposition" of multiple states at the same time, allowing for greater information storage and processing power.

For example, imagine having four phone numbers, including one for a friend, but not knowing which number belonged to that friend. You would typically have to try two to three numbers before you dialed the right one. A quantum processor, on the other hand, can find the right number in only one try.

"Instead of having to place a phone call to one number, then another number, you use quantum mechanics to speed up the process," Schoelkopf said. "It's like being able to place one phone call that simultaneously tests all four numbers, but only goes through to the right one."

These sorts of computations, though simple, have not been possible using solid-state qubits until now in part because scientists could not get the qubits to last long enough. While the first qubits of a decade ago were able to maintain specific quantum states for about a nanosecond, Schoelkopf and his team are now able to maintain theirs for a microsecond—a thousand times longer, which is enough to run the simple algorithms. To perform their operations, the qubits communicate with one another using a "quantum bus"—photons that transmit information through wires connecting the qubits—previously developed by the Yale group.

The key that made the two-qubit processor possible was getting the qubits to switch "on" and "off" abruptly, so that they exchanged information quickly and only when the researchers wanted them to, said Leonardo DiCarlo, a postdoctoral associate in applied physics at Yale's School of Engineering & Applied Science and lead author of the paper.

Next, the team will work to increase the amount of time the qubits maintain their quantum states so they can run more complex algorithms. They will also work to connect more qubits to the quantum bus. The processing power increases exponentially with each qubit added, Schoelkopf said, so the potential for more advanced quantum computing is enormous. But he cautions it will still be some time before quantum computers are being used to solve complex problems.

"We're still far away from building a practical quantum computer, but this is a major step forward."

Authors of the paper include Leonardo DiCarlo, Jerry M. Chow, Lev S. Bishop, Blake Johnson, David Schuster, Luigi Frunzio, Steven Girvin and Robert Schoelkopf (all of Yale University), Jay M. Gambetta (University of Waterloo), Johannes Majer (Atominstitut der Österreichischen Universitäten) and Alexandre Blais (Université de Sherbrooke).

(Courtesy: http://www.sciencedaily.com/releases/2009/06/090628171949.html )

It took me three days to figure out that there was another side to the tape. That was not the only naive mistake that I made; I mistook the metal/normal switch on the Walkman for a genre-specific equaliser, but later I discovered that it was in fact used to switch between two different types of cassette.

Another notable feature that the iPod has and the Walkman doesn't is "shuffle", where the player selects random tracks to play. Its a function that, on the face of it, the Walkman lacks. But I managed to create an impromptu shuffle feature simply by holding down "rewind" and releasing it randomly - effective, if a little laboured.

I told my dad about my clever idea. His words of warning brought home the difference between the portable music players of today, which don't have moving parts, and the mechanical playback of old. In his words, "Walkmans eat tapes". So my clumsy clicking could have ended up ruining my favourite tape, leaving me music-less for the rest of the day

(Courtesy:

http://www.boingboing.net/2009/06/29/13-year-old-kid-revi.html)

A while back I wrote about a subtle JSON vulnerability which could result in the disclosure of sensitive information. That particular exploit involved overriding the JavaScript Array constructor to disclose the payload of a JSON array, something which most browsers do not support now.

However, there’s another related exploit that seems to affect many more browsers. It was brought to my attention recently by someone at Microsoft and Scott Hanselman and I demonstrated it at the Norwegian Developers Conference last week, though it has been demonstrated against Twitter in the past.

Before I go further, let me give you the punch line first in terms of what this vulnerability affects.

This vulnerability requires that you are exposing a JSON service which…

• …returns sensitive data.
• …returns a JSON array.
• …responds to GET requests.
• …the browser making the request has JavaScript enabled (very likely the case)
• …the browser making the request supports the __defineSetter__ method.

Thus if you never send sensitive data in JSON format, or you only send JSON in response to a POST request, etc. then your site is probably not vulnerable to this particular vulnerability (though there could be others).

I’m terrible with Visio, but I thought I’d give it my best shot and try to diagram the attack the best I could. In this first screenshot, we see the unwitting victim logging into the vulnerable site, and the vulnerable site issues an authentication cookie, which the browser holds onto.

At some point, either in the past, or the near future, the bad guy spams the victim with an email promising a hilariously funny video of a hamster on a piano.

But the link actually points to the bad guy’s website. When the victim clicks on the link, the next two steps happen in quick succession. First, the victim’s browser makes a request for the bad guy’s website.

The website responds with some HTML containing some JavaScript along with a script tag. When the browser sees the script tag, it makes another GET request back to the vulnerable site to load the script, sending the auth cookie along.

The bad guy has tricked the victim’s browser to issue a request for the JSON containing sensitive information using the browser’s credentials (aka the auth cookie). This loads the JSON array as executable JavaScript and now the bad guy has access to this data.

To gain a deeper understanding, it may help to see actual code (which you can download and run) which demonstrates this attack.

Note that the following demonstration is not specific to ASP.NET or ASP.NET MVC in any way, I just happen to be using ASP.NET MVC to demonstrate it. Suppose the Vulnerable Website returns JSON with sensitive data via an action method like this.

[Authorize]
public JsonResult AdminBalances() {
  var balances = new[] {
    new {Id = 1, Balance=3.14}, 
    new {Id = 2, Balance=2.72},
    new {Id = 3, Balance=1.62}
  }; 
return Json(balances);

 




}

Assuming this is a method of HomeController, you can access this action via a GET request for /Home/AdminBalances which returns the following JSON:

[{"Id":1,"Balance":3.14},{"Id":2,"Balance":2.72},{"Id":3,"Balance":1.62}]

Notice that I’m requiring authentication via the AuthorizeAttribute on this action method, so an anonymous GET request will not be able to view this sensitive data.

The fact that this is a JSON array is important. It turns out that a script that contains a JSON array is a valid JavaScript script and can thus be executed. A script that just contains a JSON object is not a valid JavaScript file. For example, if you had a JavaScript file that contained the following JSON:

{"Id":1, "Balance":3.14}

And you had a script tag that referenced that file:

You would get a JavaScript error in your HTML page. However, through an unfortunate coincidence, if you have a script tag that references a file only containing a JSON array, that would be considered valid JavaScript and the array gets executed.

Now let’s look at the HTML page that the bad guy hosts on his/her own server:

<html> 
...
<body> 
    <script type="text/javascript"> 
        Object.prototype.__defineSetter__('Id', function(obj){alert(obj);});
    script> 
    <script src="http://example.com/Home/AdminBalances">script> 
body> 
html>

What’s happening here? Well the bad guy is changing the prototype forObject using the special __defineSetter__ method which allows overriding what happens when a property setter is being called.

In this case, any time a property named Id is being set on any object, an anonymous function is called which displays the value of the property using the alert function. Note that the script could just as easily post the data back to the bad guy, thus disclosing sensitive data.

As mentioned before, the bad guy needs to get you to visit his malicious page shortly after logging into the vulnerable site while your session on that site is still valid. Typically a phishing attack via email containing a link to the evil site does the trick.

If by blind bad luck you’re still logged into the original site when you click through to the link, the browser will send your authentication cookie to the website when it loads the script referenced in the script tag. As far as the original site is concerned, you’re making a valid authenticated request for the JSON data and it responds with the data, which now gets executed in your browser. This may sound familiar as it is really a variant of a Cross Site Request Forgery (CSRF) attack which I wrote about before.

If you want to see it for yourself, you can download this ASP.NET MVC project and run it locally. Make sure to login first and then go visithttp://haacked.com/demos/JsonAttack.html.

Note that this attack does not work on IE 8 which will tell you that__defineSetter__ is not a valid method. Last I checked, it does work on Chrome and Firefox.

The mitigation is simple. Either never send JSON arrays OR always require an HTTP POST to get that data (except in the case of non-sensitive data in which case you probably don’t care). For example, with ASP.NET MVC, you could use the AcceptVerbsAttribute to enforce this like so:

[Authorize]
[AcceptVerbs(HttpVerbs.Post)]
public JsonResult AdminBalances() {
  var balances = new[] {
    new {Id = 1, Balance=3.14}, 
    new {Id = 2, Balance=2.72},
    new {Id = 3, Balance=1.62}
  }; 
return Json(balances);

 




}

One issue with this approach is that many JavaScript libraries such as jQuery request JSON using a GET request by default, not POST. For example,$.getJSON issues a GET request by default. So when calling into this JSON service, you need to make sure you issue a POST request with your client library.

ASP.NET and WCF JSON service endpoints actually wrap their JSON in an object with the “d” property as I wrote about a while back. While it might seem odd to have to go through this property to get access to your data, this awkwardness is eased by the fact that the generated client proxies for these services strip the “d” property so the end-user doesn’t need to know it was ever there.

With ASP.NET MVC (and other similar frameworks), a significant number of developers are not using client generated proxies (we don’t have them) but instead using jQuery and other such libraries to call into these methods, making the “d” fix kind of awkward.

What About Checking The Header?

Some of you might be wondering, “why not have the JSON service check for a special header such as the X-Requested-With: XMLHttpRequest or Content-Type: application/json before serving it up in response to a GET request?” I too thought this might be a great mitigation because most client libraries send one or the other of these headers, but a browser’s GET request in response to a script tag would not.

The problem with this (as a couple of co-workers pointed out to me) is that at some point in the past, the user may have made a legitimate GET request for that JSON in which case it may well be cached in the user’s browser or in some proxy server in between the victim’s browser and the vulnerable website. In that case, when the browser makes the GET request for the script, the request might get fulfilled from the browser cache or proxy cache. You could try setting No-Cache headers, but at that point you’re trusting that the browser and all proxy servers correctly implement caching and that the user can’t override that accidentally.

Of course, this particular caching issue isn’t a problem if you’re serving up your JSON using SSL.

The real issue?

There’s a post at the Mozilla Developer Center which states that object and array initializers should not invoke setters when evaluated, which at this point, I tend to agree with, though a comment to that post argues that perhaps browsers really shouldn’t execute scripts regardless of their content type, which is also a valid complaint.

But at the end of the day, assigning blame doesn’t make your site more secure. These type of browser quirks will continue to crop up from time to time and we as web developers need to deal with them. Chrome 2.0.172.31 and Firefox 3.0.11 were both vulnerable to this. IE 8 was not because it doesn’t support this method. I didn’t try it in IE 7 or IE 6.

It seems to me that to be secure by default, the default behavior for accessing JSON should probably be POST and you should opt-in to GET, rather than the other way around as is done with the current client libraries. What do you think? And how do other platforms you’ve worked with handle this? I’d love to hear your thoughts.

In case you missed it, here are the repro steps again: Download this ASP.NET MVC project and run it locally. Make sure to login first and then go visit http://haacked.com/demos/JsonAttack.html in the same browser.

(Courtesy: http://haacked.com/archive/2009/06/25/json-hijacking.aspx )

There's an interesting article in the Washington Post today exploring one line of reasoning suggesting that the Iranian election is fraudulent. Basically, it comes down to this: the results aren't random enough. In a fair election, you'd expect that each digit, from 0 to 9, would be the final digit the results in each region roughly ten percent of the time: you'd see a vote count like 12,437 just as often as 12,435. But in fact certain digits come up more often:

The numbers look suspicious. We find too many 7s and not enough 5s in the last digit. We expect each digit (0, 1, 2, and so on) to appear at the end of 10 percent of the vote counts. But in Iran's provincial results, the digit 7 appears 17 percent of the time, and only 4 percent of the results end in the number 5. Two such departures from the average -- a spike of 17 percent or more in one digit and a drop to 4 percent or less in another -- are extremely unlikely. Fewer than four in a hundred non-fraudulent elections would produce such numbers.

You can't expect the first digits in a result to be random, because they represent tens of thousands of voters, and in any given region, one candidate probably is supported by more voters than the other candidates. But the final digits should be random in a fair election.

For some reason, people seem to pick numbers ending in "7" as more "random" than other numbers. When we asked our readers to generate random numbers from 1 to 20, 7 and 17 were the most common answers, appearing almost three times as often as you'd expect if the numbers were truly randomly generated. Meanwhile numbers ending in 5 only came up about half as often as they should have. In fact, our results were quite similar to the Iran election results for those digits:

Beber and Scacco also found that the patterns in the last two digits of each number are not random. They calculate the chance of these two anomalous results in the elections occurring due to chance as less than 1 in 200.

(Courtesy: http://scienceblogs.com/cognitivedaily/2009/06/nice_analysis_of_why_the_irani.php)

Michael Jackson, the show-stopping singer whose best-selling albums -- including "Off the Wall," "Thriller" and "Bad" -- and electrifying stage presence made him one of the most popular artists of all time, died Thursday, CNN has confirmed.

Michael Jackson, shown in 2008, was one of the biggest pop stars in history.

He was 50.

He collapsed at his residence in the Holmby Hills section of Los Angeles, California, about noon Pacific time, suffering cardiac arrest, according to brother Randy Jackson. He died at UCLA Medical Center.

Lt. Fred Corral of the Los Angeles County Coroner's Office said an autopsy would probably be done on the singer Friday, with results expected that afternoon. Watch crowds gather at Jackson's hospital »

"Michael Jackson made culture accept a person of color," the Rev. Al Sharpton said. "To say an 'icon' would only give these young people in Harlem a fraction of what he was. He was a historic figure that people will measure music and the industry by."

Jackson's blazing rise to stardom -- and later fall from grace -- is among the most startling of show business tales. The son of a steelworker, he rose to fame as the lead singer of the Jackson 5, a band he formed with his brothers in the late 1960s. By the late '70s, as a solo artist, he was topping the charts with cuts from "Off the Wall," including "Rock With You" and "Don't Stop 'Til You Get Enough." Watch Jackson perform at a 1988 concert »

In 1982, he released "Thriller," an album that eventually produced seven hit singles. An appearance the next year on a Motown Records 25th-anniversary special cemented his status as the biggest star in the country. Timeline: The life of Michael Jackson »

For the rest of the 1980s, they came no bigger. "Thriller's" follow-up, 1987's "Bad," sold almost as many copies. A new Jackson album -- a new Jackson appearance -- was a pop culture event. iReport: Share your memories of Michael Jackson

The pop music landscape was changing, however, opening up for rap, hip-hop and what came to be called "alternative" -- and Jackson was seen as out of step.

His next release, 1991's "Dangerous," debuted at No. 1 but "only" produced one top-ranking single -- "Black or White" -- and that song earned criticism for its inexplicably violent ending, in which Jackson was seen smashing car windows and clutching his crotch.

And then "Dangerous" was knocked out of its No. 1 spot on the album charts by Nirvana's "Nevermind," an occurrence noted for its symbolism by rock critics.

After that, more attention was paid to Jackson's private life than his music career, which faltered. A 1995 two-CD greatest hits, "HIStory," sold relatively poorly, given the huge expense of Jackson's recording contract: about 7 million copies, according to Recording Industry of America certifications.

A 2001 album of new material, "Invincible," did even worse.

In 2005, he went to trial on child-molestation charges. He was acquitted.

In July 2008, after three years away from the spotlight, Jackson announced a series of concerts at London's O2 Arena as his "curtain call." Some of the shows, initially scheduled to begin in July, were eventually postponed until 2010. Watch the reaction to Jackson's passing

Rise to stardom

Michael Jackson was born August 29, 1958, to Joe Jackson, a Gary, Indiana, steelworker, and his wife, Katherine. By the time he was 6, he had joined his brothers in a musical group organized by his father, and by the time he was 10, the group -- the Jackson 5 -- had been signed to Motown. Watch Michael Jackson's life in video

He made his first television appearance at age 11.

Jackson, a natural performer, soon became the group's front man. Music critic Langdon Winner, reviewing the group's first album, "Diana Ross Presents the Jackson 5," for Rolling Stone, praised Michael's versatile singing and added, "Who is this 'Diana Ross,' anyway?"

The group's first four singles -- "I Want You Back," "ABC," "The Love You Save" and "I'll Be There" -- went to No. 1 on the Billboard pop chart, the first time any group had pulled off that feat. There was even a Jackson 5 cartoon series on ABC. Watch reaction from Motown Studios »

In 1972, he hit No. 1 as a solo artist with the song "Ben."

The group's popularity waned as the '70s continued, and Michael eventually went solo full time. He played the Scarecrow in the 1978 movie version of "The Wiz," and released the album "Off the Wall" in 1979. Its success paved the way for "Thriller," which eventually became the best-selling album in history, with 50 million copies sold worldwide.

At that point, Michael Jackson became ubiquitous.

Seven of "Thriller's" nine cuts were released as singles; all made the Top Ten. The then-new cable channel MTV, criticized for its almost exclusively white playlist, finally started playing Jackson's videos. They aired incessantly, including a 14-minute minimovie of the title cut. ("Weird Al" Yankovic cemented his own stardom by lampooning Jackson's song "Beat It" with a letter-perfect parody video.)

On the Motown Records' 25th-anniversary special -- a May 1983 TV extravaganza with notable turns by the Temptations, the Four Tops and Smokey Robinson -- it was Michael Jackson who stopped the show.

Already he was the most popular musician in America, riding high with "Thriller." But something about his electrifying performance of "Billie Jean," complete with the patented backward dance moves, boosted his stardom to a new level. Watch Jackson perform "Thiller" »

People copied his Jheri-curled hair and single-gloved, zippered-jacket look. Showbiz veterans such as Fred Astaire praised his chops. He posed for photos with Ronald and Nancy Reagan at the White House. Paul McCartney teamed with him on three duets, two of which -- "The Girl Is Mine" and "Say Say Say" -- became top five hits. Jackson became a Pepsi spokesman, and when his hair caught fire while making a commercial, it was worldwide news.

It all happened very fast -- within a couple years of the Motown special. But even at the time of the "Motown 25" moonwalk, fame was old hat to Michael Jackson. He hadn't even turned 25 himself, but he'd been a star for more than half his life. He was given the nickname the "King of Pop" -- a spin on Elvis Presley's status as "the King of Rock 'n' Roll" -- and few questioned the moniker.

Relentless attention

But, as the showbiz saying has it, when you're on top of the world, there's nowhere to go but down. The relentless attention given Jackson started focusing as much on his eccentricities -- some real, some rumored -- as his music.

As the Web site Allmusic.com notes, he was rumored to sleep in a hyperbaric chamber and to have purchased the bones of John Merrick, the "Elephant Man." (Neither was true.) He did have a pet chimpanzee, Bubbles; underwent a series of increasingly drastic plastic surgeries; established an estate, Neverland, filled with zoo animals and amusement park rides; and managed to purchase the Beatles catalog from under Paul McCartney's nose, which displeased the ex-Beatle immensely.

In 1990s and 2000s, Jackson found himself pasted across the media for his short-lived marriages, the first to Elvis Presley's daughter, Lisa Marie; his 2002 claim that then Sony Records head Tommy Mottola was racist; his behavior and statements during a 2003 interview with British journalist Martin Bashir done for a documentary called "Living With Michael Jackson;" his changing physical appearance; and, above all, the accusations that he sexually molested young boys at Neverland. Watch report on legacy on Michael Jackson »

The first such accusation, in 1993, resulted in a settlement to the 13-year-old accuser (rumored to be as high as $20 million), though no criminal charges were filed, Allmusic.com notes.

He also fell deeply in debt and was forced to sell some of his assets. Neverland was one of many holdings that went on the block. However, an auction of material from Neverland, scheduled for April, was called off and all items returned to Jackson.

Interest in Jackson never faded, however, even if some of it was prurient. In 2008, when he announced 10 comeback shows in London, beginning in July 2009, the story made worldwide news. The number of concerts was later increased to 50.

Seventy-five thousand tickets sold in four hours when they went on sale in March.

However, when the shows were postponed until 2010, rumors swept the Internet that Jackson was not physically prepared and possibly suffering from skin cancer. Watch discussion of his tough life, brilliant career »

At the time, the president and CEO of AEG Live, Randy Phillips, said, "He's as healthy as can be -- no health problems whatsover."