"security" entries

Four short links: 15 October 2015

Four short links: 15 October 2015

The Chinese Dream, Siri Hacked, Indirect Measures, and Boring Technology

  1. Little Rice: Smartphones, Xiaomi, and the Chinese Dream (Amazon) — Clay Shirky’s new 128-page book/report about how Xiaomi exemplifies the balancing act that China has to perfect to navigate between cheap copies and innovation, between the demands of local and global markets, and between freedom and control. I’d buy Clay’s shopping list, the same way I’d gladly listen to Neil Gaiman telling the time. (via BoingBoing)
  2. Feed Siri Instructions From 16 Feet Away (Wired) — summary of a paywalled IEEE research paper Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone. […] It generates its electromagnetic waves with a laptop running the open source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna.
  3. User-Centered Design (Courtney Johnston) — the wall label should always give you cause to look back at the art work again. I love behaviour-based indirect measures of success like this.
  4. Choose Boring Technology (Dan McKinley) — going into the new hire required reading pile. See also the annotated slide deck.

Comment
Four short links: 14 October 2015

Four short links: 14 October 2015

Diversity Planning, Women in Robotics, AWS Resources, and Web Authentication

  1. Signals from Velocity New York “If your company is creating a diversity plan and you’ve actually gone and counted people,” Liles said, “you’ve already lost.” If you’re motivated to count, then know you’ve already lost. You want to know by how much.
  2. 25 Women in Robotics You Need to Know AboutThe DARPA Robotics Challenge (DRC) Finals 2015 were similarly lacking; of the 444 robot builders representing 24 robot entrants, only 23 builders were women (though some of the most successful teams at the DRC had female team members). Given how multidisciplinary the field is, and how many different skills are required, we need to celebrate women who are achieving greatness in robotics until we are seeing more parity. Great list.
  3. Awesome AWSA curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources.
  4. The Web Authentication Arms RaceCryptography can only be used to transfer existing trust or secrecy across time or space; if the attacker impersonates the defender before the user establishes anything, it becomes impossible for the user to tell which party is legitimate. This sentence, made in solid gold Yes.
Comment
Four short links: 7 October 2015

Four short links: 7 October 2015

Time for Change, Face Recognition, Correct Monitoring, and Surveillance Infrastructure

  1. The Uncertain Future of Emotion AnalyticsA year before the launch of the first mass-produced personal computer, British academic David Collingridge wrote in his book “The Social Control of Technology” that “when change is easy, the need for it cannot be foreseen; when the need for change is apparent, change has become expensive, difficult, and time consuming.”
  2. Automatic Face Recognition (Bruce Schneier) — Without meaningful regulation, we’re moving into a world where governments and corporations will be able to identify people both in real time and backwards in time, remotely and in secret, without consent or recourse.
  3. Really Monitoring Your SystemsIf you are not measuring and showing the maximum value, then you are hiding something. The number one indicator you should never get rid of is the maximum value. That’s not noise — it’s the signal; the rest is noise.
  4. Haunted by Data (Maciej Ceglowski) — You can’t just set up an elaborate surveillance infrastructure and then decide to ignore it. These data pipelines take on an institutional life of their own, and it doesn’t help that people speak of the “data-driven organization” with the same religious fervor as a “Christ-centered life.”
Comment
Four short links: 30 September 2015

Four short links: 30 September 2015

Homebrew Bioweapons, Drone Strikes, Git Security, and Integrity Boost

  1. Homebrew Bioweapons Not Imminent Threat — you need a safe facility, lab instruments, base strain, design and execution skills, and testing. None of these are easy until the Amazon-Google cloud wars finally cause them to move into “bioweapons as a service.”
  2. Apple Removes App That Tracks Drone Strikes“there are certain concepts that we decide not to move forward with, and this is one,” says Apple. (via BoingBoing)
  3. gitroba command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous information.
  4. How Much is a Leader’s Integrity Worth?Kiel found that high-integrity CEOs had a multi-year return of 9.4%, while low-integrity CEOs had a yield of just 1.9%. What’s more, employee engagement was 26% higher in organizations led by high-integrity CEOs. (via Neelan Choksi)
Comment
Four short links: 28 September 2015

Four short links: 28 September 2015

Coordinated Disclosure Kit, Coding Contests, Growth Strategies, and Ad Buck Passing

  1. Coordinated Disclosure Toolkita generic copy of the resources used by Portcullis Computer Security to manage our Advisory Process.
  2. Competitive Coding (Bloomberg) — ignore the lazy author’s patronising tone; the bit that caught my eye was: He first began freaking people out in second grade, at age 8, when he took second place in a major Belarusian coding competition. To put this achievement in perspective, the score was high enough for Korotkevich to be granted automatic enrollment in a top technical university without needing to pass any other entrance exams. That is how you value STEM education: let people test out of it if they don’t need it!
  3. Here’s What a Growth Strategy Looks Like (First Round) — User acquisition doesn’t really make sense unless you already have healthy retention [of diversity-in-tech pipeline conversations].
  4. How We Pass The Buck (Anil Dash) — The thing is, technology is not neutral, algorithms are built with values, and the default choices in our software determine huge swaths of our culture. We delegate ethical decisions as consumers and citizens to people who make software, but almost no computer science program teaches ethics, and almost no major technology company has a chief ethicist.
Comment

No, the IoT does not need strong privacy and security to flourish

The Internet of Things will happily march along with lousy privacy and security, and we will be the poorer for it.

Get notified when our free report “Privacy and Security in the Internet of Things,” by Gilad Rosner, becomes available.

padlock-322494_1280“Without addressing privacy and trust, the Internet of Things will not reach its full potential.”

This refrain can be heard at IoT conferences, in opinion pieces in the press and in normative academic literature. If we don’t  “get it right,” then consumers won’t embrace the IoT and all of the wonderful commercial and societal benefits it portends.

This is false.

It’s a nice idea, imagining that concern for privacy and security will curtail or slow technological growth. But don’t believe it: the Internet of Things will develop whether or not privacy and security are addressed. Economic imperative and technology evolution will impel the IoT and its tremendous potential for increased monitoring forward, but citizen concern plays a minor role in operationalizing privacy. Certainly, popular discourse on the subject is important, but developers, designers, policy-makers and manufacturers are the key actors in embedding privacy architectures within new connected devices. Read more…

Comments: 5
Four short links: 25 September 2015

Four short links: 25 September 2015

Predicting Policing, Assaulting Advertising, Compliance Ratings, and $9 Computer

  1. Police Program Aims to Pinpoint Those Most Likely to Commit Crimes (NYT) — John S. Hollywood, a senior operations researcher at the RAND Corporation, said that in the limited number of studies undertaken to measure the efficacy of predictive policing, the improvement in forecasting crimes had been only 5% or 10% better than regular policing methods.
  2. Apple’s Assault on Advertising and Google (Calacanis) — Google wants to be proud of their legacy, and tricking people into clicking ads and selling our profiles to advertisers is an awesome business – but a horrible legacy for Larry and Sergey. Read beside the Bloomberg piece on click fraud and the future isn’t too rosy for advertising. If the ad bubble bursts, how much of the Web will it take with it?
  3. China Is Building The Mother Of All Reputation Systems To Monitor Citizen BehaviorThe document talks about the “construction of credibility” — the ability to give and take away credits — across more than 30 areas of life, from energy saving to advertising.
  4. $9 Computer Hardware (Makezine) — open hardware project, with open source software. The board’s spec is a 1GHz R8 ARM processor with 512MB of RAM, 4GB of NAND storage, and Wi-Fi and Bluetooth built in.
Comment
Four short links: 24 September 2015

Four short links: 24 September 2015

Machine Music Learning, Cyber War, Backing Out Ads, and COBOL OF THE 2020s

  1. The Hit Charade (MIT TR) — Spotify’s deep-learning system still has to be trained using millions of example songs, and it would be perplexed by a bold new style of music. What’s more, such algorithms cannot arrange songs in a creative way. Nor can they distinguish between a truly original piece and yet another me-too imitation of a popular sound. Johnson acknowledges this limitation, and he says human expertise will remain a key part of Spotify’s algorithms for the foreseeable future.
  2. The Future of War is the Distant Past (John Birmingham) — the Naval Academy is hedging against the future by creating cybersecurity midshipmen, and by requiring every midshipman to learn how to do celestial navigation.
  3. What Happens Next Will Amaze You (Maciej Ceglowski) — the next in Maciej’s amazing series of keynotes, where he’s building a convincing case for fixing the Web.
  4. Go Will Dominate the Next Decade (Ian Eyberg) — COBOL OF THE 2020s. There, I saved you the trouble.
Comment
Four short links: 17 September 2015

Four short links: 17 September 2015

Google's Code, China's Pledge, MD5's Cracks, and Toyota's Robotics Hire

  1. Google’s 2 Billion Lines of Code (Wired) — 85TB, 45,000 changes/day in Google’s DVCS “Piper.” They’re looking at Mercurial.
  2. China Extracting Pledge of Compliance from US Firms (NY Times) — The letter also asks the American companies to ensure their products are “secure and controllable,” a catchphrase that industry groups said could be used to force companies to build so-called back doors — which allow third-party access to systems — provide encryption keys or even hand over source code.
  3. MD5 To Be Considered Harmful Some Day (Adrian Colyer) — walkthrough of Dan Kaminsky’s paper on the growing number of cracks in MD5.
  4. Toyota’s Robot Car Plans (IEEE Spectrum) — Toyota hired the former head of DARPA’s Robotics Challenge. Pratt explained that a U.S. $50 million R&D collaboration with MIT and Stanford is just the beginning of a large and ambitious program whose goal is developing intelligent vehicles that can make roads safer and robot helpers that can improve people’s lives at home.
Comment
Four short links: 9 September 2015

Four short links: 9 September 2015

Bricklaying Robots, Photographic Insecurity, Quantum-Resistant Crypto, and Garbage Subtraction

  1. Bricklaying Robot Lays 3x Speed of Humans (MIT TR) — The robot can correct for the differences between theoretical building specifications and what’s actually on site, says Scott Peters, co-founder of Construction Robotics, a company based in Victor, New York, that designed SAM as its debut product. (via Audrey Watters)
  2. When a Photo Ends Your Security (Bruce Schneier) — the TSA’s master key was shown in a Washington Post photo spread, so now it can be recreated from the photo.
  3. Online Security Braces for Quantum Revolution (Nature) — PQCRYPTO, a European consortium of quantum-cryptography researchers in academia and industry, released a preliminary report on 7 September recommending cryptographic techniques that are resistant to quantum computers […] It favoured the McEliece system, which has resisted attacks since 1978, for public-key cryptography.
  4. The New Wave is Garbage Subtracted (Adam Trachtenberg) — Adam found some amazingly prescient writing from Esther Dyson. The new wave is not value-added; it’s garbage-subtracted. The job of the future is PR guy, not journalist. I’m too busy reading, so why should I pay for more things to read? Anything anyone didn’t pay to send to me…I’m not going to read.
Comment: 1