"security" entries

Four short links: 25 February 2016

Four short links: 25 February 2016

Security Advice, Common Deep Learning Interface, React Text Editing, and Sexy Docs

  1. Free Security Advice (grugq) — chap wearies of handing out security advice, so gathers it and shares for all.
  2. TensorFuseCommon interface for Theano, CGT, and TensorFlow.
  3. Draft.jsa framework for building rich text editors in React, powered by an immutable model and abstracting over cross-browser differences.
  4. Dexya free-form literate documentation tool for writing any kind of technical document incorporating code. Dexy helps you write correct documents, and to easily maintain them over time as your code changes.
Comment
Four short links: 22 February 2016

Four short links: 22 February 2016

Immersive Flood, Human Jobs, Anonymous Security, and Chrome Speed

  1. Facebook Creates Social VR Team (FT) — Facebook said that users had uploaded 20,000 videos in VR-friendly 360-degree format. At same time as HTC Vive VR Headset price is announced, LG 360 VR is announced, the new Samsung handsets come with a Gear VR headset, and Samsung’s Gear 360 camera is announced. There’s a heap of immersive hardware coming.
  2. AAAI-16 Panel on Future of Work (Tech Republic) — “It’s hard to argue that there will be new jobs for humans,” said Vardi. “It’s a vacuous promise.”
  3. Security Without Identification (PDF) — a David Chaum paper from 1985. Digital pseudonyms, handheld signing devices, Current systems emphasize the one-sided security of organizations attempting to protect themselves from individuals; the new approach allows all parties to protect their own interests. The new approach relies on individuals keeping secret keys from organizations and organizations devising other secret keys that are kept from individuals. During transactions, parties use these keys to provide each other with specially coded confirmation of the transaction details, which can be used as evidence.
  4. Killing Slow Chrome Tabs (Medium) — There is one not-so-well known tool in Chrome, that allows you to analyse how much resources the individual tabs consume. It is called Task Manager and you can find it in Menu > More Tools > Task Manager.
Comment
Four short links: 19 February 2016

Four short links: 19 February 2016

Exoskeletons Insured, Companies Rethought, IoT OS Launched, and BotNets Open Sourced

  1. Exoskeletons Must be Covered by Health Insurance (VICE) — A medical review board ruled that a health insurance provider in the United States is obligated to provide coverage and reimbursement for a $69,500 ReWalk robotic exoskeleton, in what could be a major turning point for people with spinal cord injuries. (via Robohub)
  2. New Models for the Company of the 21st Century (Simone Brunozzi) — large companies often get displaced by new entrants, failing to innovate and/or adapt to new technologies. Y-Combinator can be seen as a new type of company, where innovation is brought in as an entrepreneurial experiment, largely for seed-stage ideas; Google’s Alphabet, on the other hand, tries to stimulate innovation and risk by dividing a large company into smaller pieces and reassigning ownership and responsibilities to different CEOs.
  3. Zephyr — Linux Foundation’s IoT open source OS project. tbh, I don’t see people complaining about operating systems. Integrating all these devices (and having the sensors actually usefully capturing what you want) seems the bigger problem. We already have fragmentation (is it a Samsung home or a Nest home?), and as more Big Swinging Click companies enter the world of smarter things, this will only get worse before it gets better.
  4. A Hands-On Approach on Botnets for a Learning Purpose — these researchers are working on open source botnet software for researchers to bang on. (So you don’t need to attract the interest of actual botnet operators while you learn what you’re doing.)
Comment: 1
Four short links: 4 February 2016

Four short links: 4 February 2016

Shmoocon Video, Smart Watchstrap, Generalizing Learning, and Dataflow vs Spark

  1. Shmoocon 2016 Videos (Internet Archive) — videos of the talks from an astonishingly good security conference.
  2. TipTalk — Samsung watchstrap that is the smart device … put your finger in your ear to hear the call. You had me at put my finger in my ear. (via WaPo)
  3. Ecorithms — Leslie Valiant at Harvard broadened the concept of an algorithm into an “ecorithm,” which is a learning algorithm that “runs” on any system capable of interacting with its physical environment. Algorithms apply to computational systems, but ecorithms can apply to biological organisms or entire species. The concept draws a computational equivalence between the way that individuals learn and the way that entire ecosystems evolve. In both cases, ecorithms describe adaptive behavior in a mechanistic way.
  4. Dataflow/Beam vs Spark (Google Cloud) — To highlight the distinguishing features of the Dataflow model, we’ll be comparing code side-by-side with Spark code snippets. Spark has had a huge and positive impact on the industry thanks to doing a number of things much better than other systems had done before. But Dataflow holds distinct advantages in programming model flexibility, power, and expressiveness, particularly in the out-of-order processing and real-time session management arenas.
Comment
Four short links: 3 February 2016

Four short links: 3 February 2016

Security Forecast, Machine Learning for Defence, Retro PC Fonts, and Cognitive Psych Research

  1. Software Security Ideas Ahead of Their Time — astonishing email exchange from 1995 presaged a hell of a lot of security work.
  2. Doxxing Sherlock — Cory Doctorow’s ruminations on surveillance, Sherlock, and what he found in the Snowden papers. What he found included an outline of intelligence use of machine learning.
  3. Old-School PC Fonts — definitive collection of ripped-from-the-BIOS fonts from the various types of PCs. Your eyes will ache with nostalgia. (Or, if you’re a young gun, wondering how anybody wrote code with fonts like that) (my terminal font is VT220 because it makes me happy and productive)
  4. Cognitive Load: Brain GemsWe distill the latest behavioural economics & consumer psychology research down into helpful little brain gems.
Comment
Four short links: 29 January 2016

Four short links: 29 January 2016

LTE Security, Startup Tools, Security Tips, and Data Fiction

  1. LTE Weaknesses (PDF) — ShmooCon talk about how weak LTE is: a lot of unencrypted exchanges between handset and basestation, cheap and easy to fake up a basestation.
  2. AnalyzoFind and Compare the Best Tools for your Startup it claims. We’re in an age of software surplus: more projects, startups, apps, and tools than we can keep in our heads. There’s a place for curated lists, which is why every week brings a new one.
  3. How to Keep the NSA Out — NSA’s head of Tailored Access Operations (aka attacking other countries) gives some generic security advice, and some interesting glimpses. “Don’t assume a crack is too small to be noticed, or too small to be exploited,” he said. If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter. Those are the ones the NSA, and other nation-state attackers will seize on, he explained. “We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.”
  4. The End of Big Data — future fiction by James Bridle.
Comment
Four short links: 21 January 2016

Four short links: 21 January 2016

Hidden Networks, Dissolving Sensors, Spies Spy, and Redirected Walking

  1. Big Bang Data: Networks of London (YouTube) — guide to the easy-to-miss networks (fibre, CCTV, etc.) around Somerset House, where an amazing exhibition is about to launch. The network guide is the work of the deeply talented Ingrid Burrington.
  2. Sensors Slip into the Brain and then Dissolve When Done (IEEE Spectrum) — pressure and temperature monitors, intended to be implanted in the brain, that completely dissolve within a few weeks. The news, published as a research letter in the journal Nature, described a demonstration of the devices in rats, using soluble wires to transmit the signals, as well as the demonstration of a wireless version, though the data transmission circuit, at this point, is not completely resorbable. The research was published as a letter to Nature.
  3. GCHQ Proposes Surveillable Voice Call Encryption (The Register) — unsurprising, but should reiterate AGAIN that state security services would like us to live in the panopticon. Therefore, don’t let the buggers anywhere near the reins of our communication systems.
  4. These Tricks Make Virtual Reality Feel RealScientists are exploiting the natural inaccuracies in people’s own proprioception, via a technique called “redirected walking,” to create the perception of space where none exists. With redirected walking, […] users can sense they are exploring the twisting byways of a virtual city when in reality they are simply walking in circles inside a lab. Original Redirect Walking paper.

Comment
Four short links: January 15, 2016

Four short links: January 15, 2016

Bitcoin Resolution, Malware Analysis, Website Screw-Ups, and Dronecode.

  1. The Resolution of the Bitcoin ExperimentIf you had never heard about Bitcoin before, would you care about a payments network that: Couldn’t move your existing money; Had wildly unpredictable fees that were high and rising fast; Allowed buyers to take back payments they’d made after walking out of shops, by simply pressing a button (if you aren’t aware of this “feature” that’s because Bitcoin was only just changed to allow it); Is suffering large backlogs and flaky payments; … which is controlled by China; … and in which the companies and people building it were in open civil war?
  2. Malware Analysis Repository the materials as developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015.
  3. How Websites Screw Up Experiences (Troy Hunt) — they’re mostly signs of a to-the-death business model.
  4. Dronecode Moves Forward — Linux Foundation’s Dronecode project has 51 members, is used commercially, and has technical working groups looking at camera and gimbal controls; airspace management; and hardware/software interfaces.
Comment
Four short links: 7 January 2016

Four short links: 7 January 2016

Holocaust Testimony Preservation, SLOTH, Body Modding, and Blockchain Monoculture

  1. Interact: A Mixed Reality Virtual Survivor for Holocaust Testimonies — description of how Nottingham researchers are building a virtual experience to recreate conversation with Holocaust survivors. This has great possibility for preservation of testimony.
  2. SLOTHweak hash functions continue to be used in various cryptographic constructions within mainstream protocols such as TLS, IKE, and SSH, because practitioners argue that their use in these protocols relies only on second preimage resistance, and hence is unaffected by collisions. We systematically investigate and debunk this argument.
  3. DFW Home of Body ModdingDallas is at the center of two movements that are each trying to bring implants to the mainstream. Tattoo artists and technophiles head one, and well-heeled university neurologists and medical device engineers form the vanguard of the other.
  4. On the Dangers of a Blockchain MonocultureWould you use a database with these features? Uses approximately the same amount of electricity as could power an average American household for a day per transaction; Supports 3 transactions / second across a global network with millions of CPUs/purpose-built ASICs; Takes over 10 minutes to “commit” a transaction; […]
Comment
Four short links: 31 December 2015

Four short links: 31 December 2015

Reverse Engineering Playground, Feeding Graph Databases, Lessig, and Fantasies of Immortality

  1. crackmes.de — practice playground for reverse engineering and breaking protections.
  2. Feeding Graph Databases — exploring using logging systems to feed graph databases.
  3. Lessig Interview (WSJ) — the slogan says regulation should be more technology neutral. I am not sure I ever heard a more idiotic statement in my life. There is no neutrality here, just different modes. … I don’t what think the law should say here is what services can do and not do, because the technology is so (fast-changing) the law could never catch up. But that what (we want) to avoid are certain kinds of business models, a prison of bits, where services leverage control over access to content and profit from that control over content.
  4. Bubble-Driven PseudoscienceIn terms of life extension, here are the real opportunities: closing the gap between black and white patients, lowering the infant mortality rate, and making sure the very poorest among us have access to adequate care. You can make sure that many people live longer, right now! But none of this is quite as sexy as living forever, even though it’s got a greater payoff for the nation as a whole. So instead of investing in these areas, you’ve got a bunch of old white men who are afraid to die trying to figure out cryonics.
Comment