Jonathan Grall 6.857 – Pset 3 02/16/2016 (solutions to individual problems) Problem 3-1 – Project Ideas Online Dating – Just How Safe is Your Profile? If you’ve ever used Friendster, or the Facebook, or some of the more dating-specific web services, you’ll notice that they are less than perfect. However, some of these services have millions of members spending millions of dollars to use them. I would like to do some ‘stress testing’ of various large commercial online dating sites that I suspect have severe security holes in them. Particular attacks that I suspect will be possible are: session hijacking, SQL injection and maybe even profile defacing. The goal of this project would be to get an accurate picture of how good security is on a number of popular dating websites, and find out what the most common faults are. At the end of the semester, we would contact the sites concerned, to alert them to any vulnerabilities we find. Apple’s Airport Express Apple’s nifty little gadget Airport Express that shipped this summer allows you (among other things) to wirelessly stream your music from iTunes on your Mac or PC to any music or speaker system within range. The limitation here is one that seems rather artificial - you can only stream music to your sound system, and only from within iTunes. But what about if you want to play a video game or DVD movie and have the sound play through your impressive speaker system, without having to change the wires around? Currently this is impossible, partly because Apple has only written an Aiport Express plugin for iTunes, and also because the source for this plugin is not publicly available, making it hard for people to write their own. It appears that the media stream is actually encoded in real time, buffered and then sent wirelessly to the Airport Express where it is then decoded and played. Apple apparently has no plans to allow you to use the Airport Express as a general audio device for your computer. What is needed is to write a driver that could serve as the computer’s interface to a “Wave Out” device (in this case the Airport Express), and which would provide an audio output that you could switch to from any application. The only real difficulty is that you would need to reverse engineer Apple’s encoding/encryption scheme so that you can actually reproduce similar streams yourself without needing to know the keys or random seeds that iTunes uses. Very little is written on the web about this particular issue, and nobody seems to know the exact communication scheme used by Apple to send data to the Aiport Express (except Apple themselves of course). I can’t see how the company would object to us writing a plugin that makes their product even more useful, and that doesn’t violate any copyright laws, and I think it sounds like a fun challenge.