"security" entries

Four short links: 4 December 2015

Four short links: 4 December 2015

Bacterial Research, Open Source Swift, Deep Forger, and Prudent Crypto Engineering

  1. New Antibiotics Research Direction — most people don’t know that we can’t cultivate and isolate most of the microbes we know about.
  2. Swift now Open Source — Apache v2-licensed. An Apple exec is talking about it and its roadmap.
  3. Deep Forger User Guideclever Twitter bot converting your photos into paintings in the style of famous artists, using deep learning tech.
  4. Prudent Engineering Practice for Cryptographic Protocols (PDF) — paper from the ’90s that is still useful today. Those principles are good for API design too. (via Adrian Colyer)
Comment

Ari Gesher and Kipp Bradford on security and the Internet of Things

The O’Reilly Hardware Podcast: Evolving expectations for privacy.

Subscribe to the O’Reilly Hardware Podcast for insight and analysis about the Internet of Things and the worlds of hardware, software, and manufacturing.

350px-CCTV_Alexandre_Dulaunoy

In this episode of our newly renamed Hardware Podcast, I talk with Ari Gesher, engineering ambassador at Palantir Technologies, and Kipp Bradford, research scientist at the MIT Media Lab.

Gesher is the co-author of The Architecture of Privacy: On Engineering Technologies that Can Deliver Trustworthy Safeguards. Bradford is co-author of Distributed Network Data: From Hardware to Data to Visualization, and he’s spoken twice at Solid.

Discussion points:

  • The difference between security and privacy
  • Ari’s notion of what it means to be “polite” in a world where everything is recorded
  • The need and rationale for standards and protocols for IoT devices

Read more…

Comment
Four short links: 3 December 2015

Four short links: 3 December 2015

Touchable Holograms, Cloud Vision API, State of Computer Security, and Product Prioritization

  1. Japanese Scientists Create Touchable Holograms (Reuters) — Using femtosecond laser technology, the researchers developed ‘Fairy Lights, a system that can fire high-frequency laser pulses that last one millionth of one billionth of a second. The pulses respond to human touch, so that – when interrupted – the hologram’s pixels can be manipulated in mid-air.
  2. Google Cloud Vision APIclassifies images into thousands of categories (e.g., “boat,” “lion,” “Eiffel Tower”), detects faces with associated emotions, and recognizes printed words in many languages.
  3. Not Even Close: The State of Computer Security (Vimeo) — hilarious James Mickens talk with the best description ever.
  4. 20 Product Prioritization Techniques: A Map and Guided Tour — excellent collection of techniques for ordering possible product work.
Comment
Four short links: 2 December 2015

Four short links: 2 December 2015

Regulating Addictive Attention, Microservice Middleware, Better 3D Scanning, and Anti-Disassembly Tricks

  1. If the Internet is Addictive, Why Don’t We Regulate It? — an excellent look at behaviourism, gambling machine flow, design-for-addiction, attention, regulation. As Schüll puts it: ‘It just seems very duplicitous to design with the goal of capturing attention, and then to put the whole burden onto the individual.’
  2. Zipnish — using varnish as middleware for your microservices, with Zipnish to create Zipkin-style analysis of your API performance.
  3. Using Polarisation to Improve 3D Scanning (PDF) — The proposed technique can resolve finer detail than some laser scannners
  4. Anti-Disassembly Tricks Used in Malware — also “things I remember from trying to break copy protection in 1980s games.”
Comment
Four short links: 27 November 2015

Four short links: 27 November 2015

Android Insecurity, Clear Photos, Speech to Emotion, and Microexpressions from Video

  1. 87% of Android Devices Insecure — researchers find they’re vulnerable to malicious apps because manufacturers have not provided regular security updates. (via Bruce Schneier)
  2. A Computational Approach for Obstruction-Free Photography (Google Research) — take multiple photos from different angles through occlusions like a window with raindrops or reflections, and their software will assemble an unoccluded image. (via Greg Linden)
  3. Algorithms for Affective SensingResults show that the system achieves a six-emotion decision-level correct classification rate of 80% for an acted dataset with clean speech. This PhD thesis is research into algorithm for determining emotion from speech samples, which does so more accurately than humans in a controlled test. (via New Scientist)
  4. Software Learns to Recognise Microexpressions (MIT Technology Review) — Li and co’s machine matched human ability to spot and recognize microexpressions and significantly outperformed humans at the recognition task alone.
Comment
Four short links: 25 November 2015

Four short links: 25 November 2015

Faking Magstripes, Embedded Database, Another Embedded Database, Multicamera Array

  1. magspoofa portable device that can spoof/emulate any magnetic stripe or credit card “wirelessly,” even on standard magstripe readers.
  2. LittleD — open source relational database for embedded devices and sensors nodes.
  3. iondb — open source key-value datastore for resource constrained systems.
  4. Stanford Multicamera Array — 128 cameras, reconfigurable. If the cameras are packed close together, then the system effectively functions as a single-center-of-projection synthetic camera, which we can configure to provide unprecedented performance along one or more imaging dimensions, such as resolution, signal-to-noise ratio, dynamic range, depth of field, frame rate, or spectral sensitivity. If the cameras are placed farther apart, then the system functions as a multiple-center-of-projection camera, and the data it captures is called a light field. Of particular interest to us are novel methods for estimating 3D scene geometry from the dense imagery captured by the array, and novel ways to construct multi-perspective panoramas from light fields, whether captured by this array or not. Finally, if the cameras are placed at an intermediate spacing, then the system functions as a single camera with a large synthetic aperture, which allows us to see through partially occluding environments like foliage or crowds.
Comment
Four short links: 24 November 2015

Four short links: 24 November 2015

Tabular Data, Distrusting Authority, Data is the Future, and Remote Working Challenges

  1. uitable — cute library for tabular data in console golang programs.
  2. Did Carnegie Mellon Attack Tor for the FBI? (Bruce Schneier) — The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI. Does anyone still trust CERT to behave in the Internet’s best interests? Analogous to the CIA organizing a fake vaccination drive to get close to Osama. “Intelligence” agencies.
  3. Google Open-Sourcing TensorFlow Shows AI’s Future is Data not Code (Wired) — something we’ve been saying for a long time.
  4. Challenges of Working Remote (Moishe Lettvin) — the things that make working remote hard aren’t, primarily, logistical; they’re emotional.
Comment
Four short links: 16 November 2015

Four short links: 16 November 2015

Hospital Hacking, Security Data Science, Javascript Face-Substitution, and Multi-Agent Systems Textbook

  1. Hospital Hacking (Bloomberg) — interesting for both lax regulation (“The FDA seems to literally be waiting for someone to be killed before they can say, ‘OK, yeah, this is something we need to worry about,’ ” Rios says.) and the extent of the problem (Last fall, analysts with TrapX Security, a firm based in San Mateo, Calif., began installing software in more than 60 hospitals to trace medical device hacks. […] After six months, TrapX concluded that all of the hospitals contained medical devices that had been infected by malware.). It may take a Vice President’s defibrillator being hacked for things to change. Or would anybody notice?
  2. Cybersecurity and Data Science — pointers to papers in different aspects of using machine learning and statistics to identify misuse and anomalies.
  3. Real-time Face Substitution in Javascript — this is awesome. Moore’s Law is amazing.
  4. Multi-Agent Systems — undergraduate textbook covering distributed systems, game theory, auctions, and more. Electronic version as well as printed book.
Comment
Four short links: 10 November 2015

Four short links: 10 November 2015

TensorFlow Released, TensorFlow Described, Neural Networks Optimized, Cybersecurity as RealPolitik

  1. TensorFlow — Google released, as open source, their distributed machine learning system. The DataFlow programming framework is sweet, and the documentation is gorgeous. AMAZINGLY high-quality, sets the bar for any project. This may be 2015’s most important software release.
  2. TensorFlow White Paper (PDF) — Compared to DistBelief [G’s first scalable distributed inference and training system], TensorFlow’s programming model is more flexible, its performance is significantly better, and it supports training and using a broader range of models on a wider variety of heterogeneous hardware platforms.
  3. Neural Networks With Few Multiplications — paper with a method to eliminate most of the time-consuming floating point multiplications needed to update the intermediate virtual neurons as they learn. Speed has been one of the bugbears of deep neural networks.
  4. Cybersecurity as RealPolitik — Dan Geer’s excellent talk from 2014 BlackHat. When younger people ask my advice on what they should do or study to make a career in cyber security, I can only advise specialization. Those of us who were in the game early enough and who have managed to retain an over-arching generalist knowledge can’t be replaced very easily because while absorbing most new information most of the time may have been possible when we began practice, no person starting from scratch can do that now. Serial specialization is now all that can be done in any practical way. Just looking at the Black Hat program will confirm that being really good at any one of the many topics presented here all but requires shutting out the demands of being good at any others.
Comment
Four short links: 6 November 2015

Four short links: 6 November 2015

Media Money, Linux Security, TPP and Source, and Robot Chefs

  1. Grantland and the Surprising Future of Publishing (Ben Thompson) — writing is good for reach, podcasts and video good for advertising $. The combination is powerful.
  2. Security and the Linux Kernel (WaPo) — the question is not “can the WaPo write intelligently about the Linux kernel and security?” (answer, by the way, is “yes”) but rather “why is the WaPo writing about Linux kernel and security?” Ladies and gentlemen, start your conspiracy engines.
  3. TPP Might Prevent Governments from Auditing Source Code (Wired) — Article 14.17 of proposal, published at last today after years of secret negotiations, says: “No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.” The proposal includes an exception for critical infrastructure, but it’s not clear whether software involved in life or death situations, such as cars, airplanes, or medical devices would be included. One of many “what the heck does this mean for us?” analyses coming out. I’m waiting a few days until the analyses shake out before I get anything in a tangle.
  4. Innit Future Kitchen — robots that cook. Is nothing sacred for these steely-hearted bastards?!
Comment: 1