The Mercury 04/28

Page 1

April 28, 2014

facebook.com/theutdmercury | @utdmercury

OPINION

Save the Art Barn: Realizing the value of history

3

SPORTS

The best of the best in 2013-14 Comet sports

11

THE MERCURY | UTDMERCURY.COM

Mass email alarms Chinese community Severe charges leveled against TA MERCURY STAFF REPORT

An anonymous person sent out a mass email to UTD’s Chinese network on April 15, accusing a male international graduate TA of severe crimes, including assault, attempted rape and sexual misconduct toward students. The allegations were not reported to the police, and could not be confirmed or denied at the time this edition went to print. The email was seen by thousands of students and alumni from the Yahoo! and Google groups and listserv for UTD’s Friendship Association of Chinese Students and Scholars, or FACSS. The contents of the email are now widely known throughout the Chinese international student community, said former vice president for FACSS and

‘Red Herring’ turns tables on hackers ‘Heartbleed’ countermeasure conceived in UTD’s laboratories

→ SEE EMAIL, PAGE 14

Code Red: a timeline of the Heartbleed story » Friday, March 21 or before

Neel Mehta of Google Security discovers Heartbleed vulnerability.

» Friday, March 21 12:23 (CST) Google commits a patch for the flaw. The patch is then progressively applied to Google services/servers across the globe.

» Tuesday, April 1

Google Security notifies “OpenSSL team members” about the flaw it has found in OpenSSL, which later becomes known as “Heartbleed.”

Food, retail center at north campus could arrive by ’16

» Wednesday, April 3 ~01:30 Codenomicon separately discovers the same bug.

» Saturday, April 5 17:13 STORY BY PARTH SAMPAT | SPORTS EDITOR ILLUSTRATION & DESIGN BY LINA MOON | GRAPHICS EDITOR

LINA MOON | GRAPHICS EDITOR

Traditional college town living marks shift to residential focus ESTEBAN BUSTILLOS Mercury Staff

Construction on Comet Town, a housing complex that will feature shops, restaurants, entertainment venues and a DART station, is slated to begin sometime in 2015, according to UTD Vice President Calvin Jamison. The DART station, which is part of the longterm plans for Comet Town, will be a part of the Cotton Belt Regional Corridor and connect to DFW airport. Set to go before the Richardson City Council for zoning approval in May, Comet Town has already been approved by the Richardson Planning Commission. Zoning for Comet Town needs to be approved before any work on the project can begin. Headed by Jamison, vice president of the Office of Administration, the project is still early in its development phase. An outside developer has been chosen to work on Comet Town and will be responsible for the construction. This will not cause an increase in tuition for students, Jamison said. “The city council has been very positive to what we’re trying to do,” he said. “This is the initial stage, and we have approximately 11 to 13 acres that have been designated for development.” The land that has been assigned is located north of the Natural Science and Engineering Research Laboratory, across Synergy Parkway. The idea for Comet Town was inspired by other college towns that have more of a traditional campus life, Jamison said. He sees Comet Town as a major step toward Tier One status for the university. A history of commuter culture has made it difficult to develop a traditional campus environment at UTD, but with a growing number of students, that may change. “The concept of Comet Town is to have a college town environment where the entire campus can take advantage of key amenities,” Jamison said. “If you look at what we’re doing with additions to the School of Management, the new parking garage and the development of the North Mall, we’re taking what was a commuter campus and making it into a very lively community.” Student opinions have been taken into consideration, with a series of focus groups taking place

The most serious security problem to ever affect the modern web left about two-thirds of the Internet at risk, including UTD systems and servers. Researchers at UTD have a solution, dubbed ‘Red Herring,’ that not only patches the issue, but can also detect and entrap attackers that might try to exploit the vulnerability to gain sensitive information. The Heartbleed Bug The Heartbleed Bug is a weakness in the popular OpenSSL cryptography software library, which implements the basic cryptographic functions to maintain data security during transmission. “There is a misconception out there that it is a virus, but it is not a virus,” said Kevin Hamlen, team lead of Red Herring project. “It is a weakness in software products, and it mainly affects web servers or web clients, so client browsers.” The vulnerability was present in popular websites like Google, Yahoo, Facebook, Dropbox and many more, as they used the exposed implementation of OpenSSL. The bug resulted from incorrect implementation of the Heartbeat feature of OpenSSL. This feature, which was introduced two years ago, passes bogus information over the wire to keep the

connection between server and client browser open. The client browser usually initiates the Heartbeat request and sends mock data along with the size of the data to the server. The server, in return, replies back with the same mock data sent by the client. However, an attacker can send a mock packet of data with the wrong data size. The incorrect implementation resulted in the server failing to verify if the packet size and the data size matched. In the case of a mismatch, the server would send back what was originally transmitted and some additional information drawn from the address space of the application, which could potentially be sensitive information like passwords, social security numbers, or worse, private encryption keys. “The attacker can’t precisely control which information he gets on any particular request,” Hamlen said. “But the attacker can wallpaper you with many, many requests over a long period of time and probably get any information in the address space that is available.”

→ SEE HEARTBLEED, PAGE 14

» Prior to Monday, April 7 or early April 7 Facebook gets a heads up.

» Monday, April 7 12:21:29

A new OpenSSL version is uploaded to OpenSSL's web server with the filename “openssl1.0.1g.tgz.”

» Monday, April 7 12:27

OpenSSL publishes a Heatbleed security advisory on its website (website metadata shows time as 10:27 PDT).

» Monday, April 7 ~15:13

Most of the world finds out about the issue through heartbleed.com.

» Tuesday, April 8

UTD researchers decide to implement the prototype to counter Heartbleed.

» Wednesday, April 9 02:30

UTD researchers successfully implement Red Herring.

Source: The Sydney Morning Herald, in collaboration with Ben Grubb of Fairfax Media.

CHRISTOPHER WANG | PHOTO EDITOR

→ SEE COMET TOWN, PAGE 14

Codenomicon purchases the Heartbleed.com domain name, where it later publishes information about the security flaw.

Software engineering doctoral student Frederico Araujo worked with professor Kevin Hamlen to develop Red Herring, a counter to a bug that affected two-thirds of the Internet.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.