Friday, August 23, 2013

Why is 3D Printing important



As I explained in another video, 3D printing is essentially a way of constructing a 3-dimensional object by putting down thin layers of material. The 3D printer deposits the layers by using information from a computer file that describes the object’s 3-dimensional shape. So, in essence, you can create any object once you have a 3D printer, the material for the object, and the computer file that describes the object’s shape. This can really shake things up when it comes to manufacturing products, which is why 3D printing is so important and is getting so much attention.

For starters, you can now buy a desktop 3D printer and build complex (but small) products at home. This is like the early days of personal computing -- only, this time, it’s “personal manufacturing.” We’ll have to wait and see what the hobbyists achieve with 3D printing, but it’s exciting because “personal manufacturing” could shake things up just as personal computers did.

On the commercial side, engineers are now able to “3D print” fully functional metal parts using titanium and steel. If commercial manufacturing moves to 3D printing, you won’t need factories with assembly lines to make products, instead they can be built in one or more 3D printers. And a single 3D printing facility could print many different types of products. You would be able to “print” products on demand and at many different locations -- all you have to do is send over the data file for the product. It’d make sense to print products at locations near customers.

On the other hand, you need far fewer people to operate 3D printers than assembly lines. That could mean less jobs, but that could also be helpful for an aging society. If 3D printing is the way products are manufactured, then there won’t be any need to set up factories in countries with cheap labor. That’s something to think about.

Finally, 3D printing is not limited to just the types of products we currently know -- researchers are working on printing many different types of objects, including, for example, tissues and human organs. Who knows, someday in the future, there’d be 3D-printed artificial organs for people who need transplants!

Monday, August 19, 2013

What is 3D Printing



3D printing is a lot in technology news nowadays. It’s essentially a way of constructing a 3-dimensional object by putting down thin layers of material. You can understand it best by looking at an example (see my video for the details).


Suppose you needed an object of a certain shape for a project. In the past, you'd have started with a block of material and removed the parts you don't need to arrive at the desired shape. That's "subtractive manufacturing" where you create a shape by removing material. If you think about it, you could also create that object by putting down the material a layer at a time, each layer with the needed shape. That, in essence, is 3D printing -- the method of creating a 3D object by laying down material a layer at a time. It's also called "additive manufacturing" because you add material rather than remove material. As you can see, this approach is less wasteful because you end up using exactly the amount of material you need.

3D printers are already available for people to buy and use. Here is an example -- the Makerbot Replicator -- that costs around two to three thousand dollars. The situation with 3D Printers is similar to when the PCs first became widely available in early to mid 1980s. If you are into it, you can now buy a 3D Printer and experiment with it, as many are already doing.
These printers use plastic filaments that are melted and laid down layer by layer to create a 3D object from a computer file that describes the object. The printer takes the 3D description and keeps putting down material layer by layer until the whole shape is created. You can create objects of any complexity with this approach. For example, using the old "subtractive" approach, it's quite difficult to create an object with some complex cavity inside of it, but something like that is simple to do with 3D printers.

Although most consumer 3D printers use plastic as the material, there are industrial 3D printers that can "print" objects using metals and other materials. General Electric, for example, is printing jet engine parts using 3D printers and whole cars have been printed using industrial 3D printers.



The example I used in the video showed an object created from paper and guess what, The Economist magazine had an article in its Aug 10th-016th, 2013 issue that talks about a 3D printer that creates 3D objects using paper!

That's 3D Printing in simple terms. Later I'll discuss why it's such a big deal.

Wednesday, August 14, 2013

Some defenses against Advanced Persistent Threats




Remember that Advanced Persistent Threats (APTs) take advantage of vulnerabilities in software such as the Web browser, Microsoft Office applications, or Adobe Acrobat to install malware (think of malware as bad software) -- usually a remote access tool (RAT) on your system that communicates with the attacker through command-and-control servers. As an individual, your best defense against these attacks is to make sure that you apply all available software updates. On Windows systems, you can set up automatic updates so that this happens routinely. If not, you should check manually by running Windows Update (or by looking for a "check for updates" option that's available in most software applications). The main point is that you need to make sure your system's software is up to date, so that at least the known vulnerabilities are patched up.

In addition to keeping up with software updates, you should also use some security software such as Microsoft Security Essential or any of the many commercial products. You need to deploy all currently available defenses even though it's impossible to fully defend against APTs because, in addition to known vulnerabilities, software often contains vulnerabilities that may have been discovered by the attackers, but not yet patched by the software vendor.

Additionally, you should use 2-factor authentication for sensitive transactions, including logging into social networking sites such as Google+, LinkedIn, and Facebook. For example, Google+ provides 2-factor authentication that works for logging into all services such as Gmail, Blogger, Google+, and others (see my previous video http://nbtmv.blogspot.com/2011/11/nbtmv-turn-on-2-step-verification-on.html for more information).

Organizations have more resources and can use more advanced defenses that are based on some key behavior of all APTs -- they install malware on the system, then periodically communicate to the command-control-server.

First, organizations should start with the existing defenses of firewall and usual patching and anti-virus regimen. Beyond that, there are security appliances (basically computers that inspect network traffic) available that can inspect email and web traffic to detect suspicious behavior and, potentially stop installation of malware. Third, organizations should collect event logs of various activities occurring in their systems and analyze those logs to detect any potential APT activities.

These are not perfect defenses, but they are a start. Unfortunately, it seems that APT attacks are bound to succeed, so organizations would just have to be prepared to deal with the aftermath.

As for individuals, I wish some low-cost security appliance were available to help us deal with the APT problem.

Note: There are some promising defenses based on running applications in a virtual environments where the activities of the malware could be contained before it causes damage, but this seems to be a cat-and-mouse game between the defenders and the attackers. Attackers are now designing malware that try to avoid being caught by looking for user activity such as mouse move or simply go to sleep for some time before initiating any contact with the remote command-and-control server.

Tuesday, August 13, 2013

What are Advanced Persistent Threats



Advanced Persistent Threat or APT is the latest buzzword for the newer cybersecurity attacks where some bad piece of code gets downloaded to your computer without your explicit knowledge and then it stays around to be used by a remote attacker to do whatever they want to do -- usually spread to other systems and to steal interesting information from your and your organization’s systems. Here’s how an APT typically work.



For a targeted attack, an attacker may gather information from public sources such as Facebook, Twitter, LinkedIn, etc and send you a targeted email, enticing you to open a document or perhaps click on a link. Once you do that, the malicious code embedded in the document or the web page will run (assuming your browser or the application such as Acrobat or Microsoft Word has the vulnerability that the malicious code can exploit). You won’t see anything unusual when this happens.

The malicious code would gather some basic information about your system and contact a command-and-control server to basically let the attacker know that it’s now in your system. The malicious code is usually a “remote access tool” or RAT through which the attacker can do various things on your system. Sometimes, the initial code may download the remote access tool and install it on your system in such a way that when you reboot your system, the RAT will run again. That’s how it’s “persistent.”

From this point on, the malicious remote access tool would periodically contact the command-and-control server and act on commands that it receives from the remote attacker. Some of these commands may be to scout your organization’s network and send out more emails to spread the remote access tool to other systems and also to get your data out to other servers from where the attacker can easily retrieve the information.

The existence of unknown vulnerabilities in software makes it hard to protect against such advanced persistent threat attacks, but they do have some common behavior that may help us detect and, perhaps, even stop an attack as it’s happening. More on that later.