Just now, I finished watching an episode of Nova scienceNOW (yes, that’s how it’s capitalized). Covered in that episode is the work of Dr. Hany Farid and his work to develop software to detect photoshopped images.

One technique that he demonstrated with software is to detect parts of images that are identical. This is to detect whether the clone tool has been used on parts of the image.

Another technique demonstrated is to detect where light is coming from. If two people from two different images are cobbled together into one fake image, it is highly possible that the light sources in the original two images are in different places. This means that the two people are illuminated from different directions, and this is shown on the person. If one person is being illuminated from the left side, and another is being illuminated from the right side, you know that the image was originally two images that had different light sources.

Another way to see the light source, assuming that the image you are testing has at least two people with clearly visible eyes, is to analyze the shape and location of the light being reflected off; that is, the specular highlight. As the eye can act like a mirror, you can see a little bit about the light source, such as the shape of the light source. You can also see how the light source is hitting the person. If one person has a reflection of a square light source (like from a camera flash), and another person has a reflection of a circular light source hitting the person at a completely different angle, there is a good chance that the photo isn’t completely real.

Want to learn more about Hany Farid? You can check out (I grabbed all these links from here):

• Hany Farid’s home page
• Digital Forensics: An Interview with Dr. Hany Farid
• Adobe Tackles Photo Forgeries
• A Conversation With Hany Farid: Proving That Seeing Shouldn’t Always Be Believing
• Digital Doctoring: How to Tell the Real From the Fake (PDF Warning)

So, what’s your prediction on the future of the Internet, photography, and digital photo manipulation?

Introduction

You can install security updates to software, apply patches, and use every firewall known to man, but you’re always going to have a big security hole if you don’t use secure passwords. Using unsecure passwords on purpose is like walking around with your fly unzipped (hence the title). It’s not very smart. Below are five ways to generate secure passwords that are also memorable.

All of the types of making secure passwords vary in the security that they offer. It depends on how memorable you want your passwords to be and how much security you want your passwords to offer.

Different types of secure passwords

1) The hash

This type of password looks like it came from an MD5 hash or something. It is difficult to remember, but is very secure.

Example: “2a7f4a3ad97f77″

2) The 1337

Another type of password is normal words converted into 1337 speak.

Example: the world “anachronism” can be converted into “4|\|4(|-|R0|\|15/\/\”. If that password is too tough to type, you could convert the word into “4n4chr0n15m”, which is still pretty tough to crack.

UPDATE: Nowadays, dictionary attacks now try 1337 speak too, so this isn’t the most secure of passwords. Red Hat has some stuff on password security, and I suggest you read it.

3) Word + Symbols

Take a normal word, and just append various symbols to it.

Example: the word “anachronism” into “anachronism?%$”

I wouldn’t recommend this type of password, but if it works best for you, go ahead.

4) The pass-phrase

Stringing five or more words together is a good way to create a memorable password that is tough to crack.

Example: Turn the phrase, “An Anachronism and a Barbarity,” into “AnAnachronismAndABarbarity”

The phrase is a title from a newspaper. You can see it reposted by the Washington Post.

5) Micro pass-phrase

A phrase is taken, and only certain letters from the phrase are used in the password.

Example: Take the phrase

I do not know which to prefer. The beauty of inflections or the beauty of innuendoes.

and turn it into “idnkwtp.tboiotboi.”

BTW: The phrase is from Thirteen Ways of Looking at a Blackbird

—–

If you really need some industrial strength passwords to protect something very secure, I suggest that you test it with this password strength checker. It’s the toughest checker that I’ve ever seen. Many passwords on this page have been deemed insecure by that checker, but these passwords are designed to be memorable for the average person.

Introduction

Everybody is talking about it. You know what they’re saying. “Voice activated technology is the future.” Well, I think it isn’t. I see many, many flaws in voice activated technology. Remember the Windows Vista voice-activated security hole? Now, why do I think that voice-activated technology is doomed?

It will fail because…

1) You can’t use it for anything secure.

As the illustration above shows, you cannot use voice-activated technology to authenticate yourself in the traditional sense. You would have to use some other sort of method. Having to grab a keyboard to authenticate yourself, and then going back to voice commands seems a bit odd. You could try fingerprint scanners. Oh wait! They’re insecure too! It’s quite easy to fool a fingerprint scanner as they are designed towards false positives instead of false negatives. CodingHorror has a good post about the insecurity of fingerprint scanners.

There’s also the issue of people hearing what commands you’re saying after you’ve authenticated yourself. Don’t forget that the computer cannot speak secure data back to you.

2) It will be difficult to filter out noise.

Having a bunch of people talking loudly while a person is trying to use a voice-activated interface is like all those people pressing random keys on the keyboard while you’re trying to type. But, in the not-so-recent future, it will be possible for computers to filter out noise. If a human can do it, what is to stop a computer from doing the same?

Until we get to the point where computers can filter out noise like humans, it will be impractical to have voice-activated technology in noisy situations.

3) It would be difficult to navigate through a voice-activated user interface.

You’ve just installed a cool new voice-activated app that your friends were talking about. You get to the point in the installation where you have to agree to the software’s terms of service. Oh boy, reading off that end user license agreement could take a while.

Now, the above example is a little silly. You can’t expect voice-activated applications to behave in the exact same way as traditional desktop applications. However, it shows something that’s difficult with voice-activation. It would be difficult for it to read out large amounts of text for you without you getting bored. The great thing about reading is that you don’t have to read all the words. You can skim over the sentences to get a general feel of what the text is talking about. How are you going to imitate that with voice-activated technology? Have the computer skip over a few words when reading? I don’t think so. When you don’t understand a paragraph after skimming through it, you can read it for the details to understand it better.

You can’t dig through complicated configuration dialogs in a voice-activated user interface either. It’s already easy to get lost in a traditional program’s settings, so imagine how difficult it would be to find one little option to change in a voice-activated dialog.

The only thing that voice-activated tech is good for

Voice-activated technology seems best applied in areas where security is not required and the user interface is simple. In the short term, it will have to only operate in quiet areas.

Still think that voice-activated tech is the new cool thing? Tell me why in the comments.