Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading. Powered by WPeMatico
Category: cybersecurity
Auto Added by WPeMatico
This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza’s explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS). iOS’s … Read More “iOS XML Bug” »
It’s the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design. Powered by WPeMatico
Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated … Read More “Vulnerability Finding Using Machine Learning” »
It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »
Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Powered by WPeMatico
Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to … Read More “Cybersecurity During COVID-19” »
Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on … Read More “Internet Voting in Puerto Rico” »
This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city’s mayor. Powered by WPeMatico
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, … Read More “CIA Dirty Laundry Aired” »