Archives
Category Archive
for: ‘Uncategorized’

Metadata retention to cost AU$3.98 a year per customer

Australian attorney-general George Brandis says Budget will reveal gov contribution to data retention costs

The PricewaterhouseCoopers report provided to Australia’s attorney general on the likely cost of metadata retention has suggested a median figure of AU$3.98 per subscriber, per year.…

Read More

Security Experts React to Twitch Data Breach

Twitch is sounding the alarm over a potential data breach. Hackers may have compromised the streaming video service and gained access to consumers’ personal data, including names and e-mail addresses.

Read More

Can Interrogators Teach Digital Security Pros?

Recently Bloomberg published an article titled The Dark Science of Interrogation. I was fascinated by this article because I graduated from the SERE program at the US Air Force Academy in the summer of 1991, after my freshman year there. SERE teaches how to resist the interrogation methods used against prisoners of war. When I attended the school, the content was based on techniques used by Korea and Vietnam against American POWs in the 1950s-1970s.

As I read the article, I realized the subject matter reminded me of another aspect of my professional life.

In intelligence, as in the most mundane office setting, some of the most valuable information still comes from face-to-face conversations across a table. In police work, a successful interrogation can be the difference between a closed case and a cold one. Yet officers today are taught techniques that have never been tested in a scientific setting. For the most part, interrogators rely on nothing more than intuition, experience, and a grab bag of passed-down methods.

“Most police officers can tell you how many feet per second a bullet travels. They know about ballistics and cavity expansion with a hollow-point round,” says Mark Fallon, a former Naval Criminal Investigative Service special agent who led the investigation into the USS Cole attack and was assistant director of the federal government’s main law enforcement training facility. “What as a community we have not yet embraced as effectively is the behavioral sciences…”

Christian Meissner, a psychologist at Iowa State University, coordinates much of HIG’s research. “The goal,” he says, “is to go from theory and science, what we know about human communication and memory, what we know about social influence and developing cooperation and rapport, and to translate that into methods that can be scientifically validated.” Then it’s up to Kleinman, Fallon, and other interested investigators to test the findings in the real world and see what works, what doesn’t, and what might actually backfire.

Does this sound familiar? Security people know how many flags to check in a TCP header, or how many bytes to offset when writing shell code, but we don’t seem to “know” (in a “scientific” sense) how to “secure” data, networks, and so on.

One point of bright light is the Security Metrics community. The mailing list is always interesting for those trying to bring counting and “science” to the digital security profession. Another great project is the Index of Cyber Security run by Dan Geer and Mukul Pareek.

I’m not saying there is a “science” of digital security. Others will disagree. I also don’t have any specific recommendations based on what I read in the interrogation article. However, I did resonate with the article’s message that “street wisdom” needs to be checked to see if it actually works. Scientific methods can help.

I am taking small steps in that direction with my PhD in the war studies department at King’s College London.

Tweet

Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Read More

Apple is picking off iOS antivirus apps one by one: Who’ll be spared?

Some slain in the software store, some survive – but why?

Confusion reigns over whether or not Apple is really pulling all iOS antivirus apps from its online software store. One leading developer says yes, another says no, and Apple is keeping schtum.…

Read More

Retrotechtacular: Basic Telephony in the Field

Here is a great introduction to a practical application of electromagnetic theory—the field telephone. It’s a training film from 1961 that covers the sound-powered, local battery, and common battery systems along with the six basic components they use: generators, ringers, transmitters, receivers, induction coils, and capacitors.

Clear illustrations and smart narration are the hallmarks of these Army training films, and this one begins with a great explanation of generator theory. The phone’s ringer uses electromagnetic attraction and repulsion to do the mechanical work of striking the bells. Similarly, the sound waves generated by a caller’s speech move an armature to …read more

Read More

House intel leaders unveil cybersecurity bill

Leaders of the House intelligence committee unveiled a bipartisan bill Tuesday that would make it easier for private companies to share cyber threat information with the government to thwart attacks by hackers. House intel leaders unveil cybersecurity …

Read More

Fake like an Egyptian: Google is hopping mad over dodgy SSL certs

How the world of certificate authorities is broken, part 94

Google has revealed security biz MCS Holdings handed out unauthorized SSL certificates for some Google-owned websites.…

Read More

MRRF: Flexible 3D Printing

The concession stand at the Midwest Rep Rap Festival did not disappoint when it came to the expected fare: hot dogs, walking tacos, and bananas for scale. But the yummiest things there could not be bought—the Nutella prints coming off the Ultimaker² at the structur3D booth.

Hey, what? Yes, an Ultimaker² that can print in Nutella, icing sugar, silicone, latex, wood filler, conductive ink, polyurethane, peanut butter, and a growing list to which you should contribute. This is possible because of their Discov3ry Universal Paste Extruder add-on, which is compatible with most filament printers, especially those that use a RAMPs …read more

Read More

Vectra Protects Enterprise Blind Spots

Vectra Networks Delivers Industry’s First Solution to Fully Protect Distributed Enterprise Blind Spots from Persistent Cyber Attacks — Remote Sites and Internal Network Segments Previously Lacking Security Coverage Now Have Comprehensive Threat Analys…

Read More

Time for the Prize: Environment-Related Ideas

You should already know about the 2015 Hackaday Prize, but have you submitted your entry yet? All it takes to get started is talking about one idea you have to address a problem faced by a large number of people. To help get the ball rolling we’re giving away some prizes to three entries that discuss possible solutions to Environment-Related problems.

For your chance at this week’s goodies all you need to do is document your idea on Hackaday.io and tag it “2015HackadayPrize”.

This Week’s Prizes:

On Monday, March 30th we’ll take a look at all the entries tagged 2015HackadayPrize …read more

Read More
Page 9 of 3,995« First...«7891011»203040...Last »

Gaming