I am increasingly concerned with the possibility that the SHA1 algorithm, that is at the heart of e-commerce, may be on the verge of succumbing to the relentless march of Moore’s Law.
A very convincing calculation by Jesse Walker (shown in Bruce Schneier’s blog), estimates the cost of a single collision attack to fall bellow $200,000 by 2018, and below $50,000 by 2021. This simply means that a determined hacker with a strong financial motive will soon be able to launch a successful attack on 99% of all organizations that engage in online commerce.
We recently discussed major differences between how Apple’s app-store is set up versus how Google’s android market is set up, especially regarding the process (or lack thereof) of screening the applications that are offered through their markets.
Last week Symantec identified 13 different malicious applications in the Android market with 5 million combined downloads between them. Symantec’s announcement was, of course, highly embarrassing for the “self-policed” system set up by Google. However what was even more embarrassing was Ars Technica’s report yesterday that a week later, six of these applications were still available in the Android market!
I know that we explained in class that the process differences reflect fundamentally different strategies from Google and Apple in the management of their platforms, but it is getting very hard to justify Google’s complete hands-off approach…
Pic by Don, Flickr (cc license)
In our discussion on the increasing importance of consumer reviews we talked about businesses’ efforts to enhance and even manipulate their image online. A collection of carefully staged hotel pictures can be found at oyster.com. Note that most these pictures are not digitally manipulated (photoshopped) and it is unlikely that we will soon be able to develop automated tools to detect this type of manipulation.
It is easier to detect photoshopped images, which are usually employed to sell beauty and lifestyle products. A recent scientific article on the topic can be found here and a relevant funny video (that also features a well known Greek pop-star @ 1:45) is available from you tube.
Researchers also try to develop tools that will analyze the language of text reviews and spot fakes. A nice article on this was posted in the New York Times.