CyberGeorgia, State of →
Excellent reporting via Robert N. Charette, writing at the IEEE's **Spectrum Magazine, detailing another instance of politicians gone wild. Certainly, todays' Must Read**!
Malicious Cryptomining →
Jérôme Segura writing at the Malwarebytes' blog, has an outstanding piece up on the site. In which, the details point to an interesting state of affairs with malicious cryptominer's use of cloud services and blacklisting. Inclusive of disposable cloud services (specifically) and the rising problematic effects that utility produces. Today's MustRead!
The Manga of the Cyber Army of the United States of America →
via the Institute of Electrical and Electronics Engineers Spectrum Magazine, and reporter Stephen Cass, comes a tale of the future, but firmly rooted in the present: The United States Army's new manga, published to educate both enlisted and officers alike in the dangers elicited by cyberwarfare. Entitled Dark Hammer - and written by Brian David Johnson Director of the Threatcasting Laboratory at Arizona State University - in partsnership with the Army Cyber Institute at West Point. The tome is ten pages of go-get-em-cyber-cyber-cyber.... Today's MustRead!
Crypto-Zealots →
If you read anything in the next couple of days regarding the IETF, and cryptography, take a moment and read Geoff Huston's superb retort to a controversial statement piece by Tony Rutkowski, both on CircleID. Tremendous responses are many on our beloved interweb, and this may be one of them... Enjoy today's MustRead!
The WHOIS Enfeeblement →
Brian Krebs, writing at his eponymous KrebsOnSecurity, reiterates the debacle of the new EU data privacy regulations, and the affect on legitmate utility in the information security space. Today's MustRead.
Ubuntu, The Collector →
Martin Brinkmann, writing at gHacks, illuminates the questionable data gathering efforts by Canonical, producers of Ubuntu Linux. Read Martin's concise examination of the issue, of which - most certainly - is Today's Must Read.
Learn and Avoid →
Well scrivened, crafted, reasoned, and timely blog post by Andrew Cook (writing at the Delta Risk - A Chertoff Company - blog). In which, impeccable advice is offered, on learning and avoiding pitfalls, targeting Incident Response - i.e., Successful Incident Response. This weeks' Must Read.
50 Qubits →
An astounding image (some might call it a percolator of the multiverse), and announcement via IBM (NYSE: IBM) of the company's newly minted 50 Qubit Processor. Today's Must Read.
"The first IBM Q systems available online to clients will have a 20 qubit processor, featuring improvements in superconducting qubit design, connectivity and packaging. Coherence times (the amount of time available to perform quantum computations) lead the field with an average value of 90 microseconds, and allow high-fidelity quantum operations. IBM has also successfully built and measured an operational prototype 50 qubit processor with similar performance metrics. This new processor expands upon the 20 qubit architecture and will be made available in the next generation IBM Q systems." - via
Serfdom of IoT →
Welcome to the new (old) world of Serfdom (essentially, a base rung of the societal ladder under Feudalism); in this case, an existence under the utility of IoT... Through the legal lens of Joshua A.T. Fairfield, Professor of Law, Washington and Lee University, comes this tremendous piece published at The Conversation. Today's Must Read, Indeed.
Pete Herzog's 'Security: Choose Your Own Adventure' →
Nets of Badness →
Quanta Magazine's Ariel Bleicher Interviews Rebecca Goldin: 'Why Math Is the Best Way to Make Sense of the World' →
Quanta Magazine contributing writer Ariel Bleicher interviews Professor Rebecca Goldin, Ph.D. on the notion that mathematics could very well be the best tool we have to cogitate successfully upon the subject of the 'world'. Here's a Hint: This cogitation - if you will - includes Information, Cyber, Network, Application and Physical Security. Today's MustRead!
JHutchins' SharknAT&To →
Folks, gird yourselves for the truly horrifying... Read the superlative security reportage by jhutchins at NoMotion, in which, the good Hutchins details the cruft-laden, and fundamentally idiotic practice of hard-coding accounts in low-end routerland. Behold SharknAT&To, and more, much more... Today's Must Read. H/T
"When evidence of the problems described in this report were first noticed, it almost seemed hard to believe. However, for those familiar with the technical history of Arris and their careless lingering of hardcoded accounts on their products, this report will sadly come as no surprise. For everyone else, prepare to be horrified." - via NoMotions' jhutchins
Cybersecurity Vulnerabilities to Artificial Intelligence →
The Council on Foreign Relations has published an superlative thought piece - written by Adam Segal - targeting security implications to artificial intelligence. Today's Must Read.
"Facebook CEO Mark Zuckerberg and Tesla CEO Elon Musk recently fought over whether artificial intelligence (AI) posed an existential threat to humanity. Musk made the case AI machines could eventually become self-aware and dispose of their human masters, like in the movie Ex Machina, whereas Zuckerberg argued humanity had nothing to fear." via a blog posting written by Adam Segal for the Council on Foreign Relations
Attribution: "Adam Segal is the Maurice R. Greenberg Senior Fellow for China Studies and Director of the Digital and Cyberspace Policy Program at the the Council on Foreign Relations. He is author of The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age (New York, NY: Public Affairs, 2016)." via the Council on Foreign Relations
Ira Winkler's 'How to Hack a Navy Vessel'
The USS John S. McCain (DDG56) underway long before the collision that killed, maimed and injured many of our nations finest Sailors.
Today's Must Read - Ira Winkler's 'How to Hack a Navel Vessel' - Ira's well-crafted, on-target and plausible thought piece discussing the potential for electronic systems intrusion utilizing a Denial of Service modus related to the four reported damage incidents and the tragic loss of life of our Navy personnel and fellow citizens while United States Navy Vessels were underway.
A Secret World, Detailed →
Today MustRead details the secretive environment many vulnerability researchers and operatives live and labor within. Enjoy.
Kicking the Certificate Habit →
Dr. Jaap-Henk Hoepman's security posts (via his blog), detailing his provocative yet fundamentally sound thoughts on the subject of terminating the utilization of certificates is today's absolute MustRead.
The basic idea - A few days ago I explained the idea including a mechanism to detect phishing attacks. This makes the protocol more complex, and creates confusion. So let’s try again, explaining the basic idea first. Whenever a browser sets up a new TLS connection with a domain, the web server serving that domain respond with its public key (instead of a certificate, as is currently the case) in the initial TLS handshake. (This is more precise than saying that the web server sends its public key in the header of every page it sends.)... Read more at Dr. Hoepman' blog
Myctyris Longicarpus, Ratiocinor Infra Aedificium →
Via Futility Closet comes an outstanding computational methodology utilizing blue soldier crabs as the componentized logic delivery mechanism for a bio-computational device (in this case - a logic gate). Certainly today's MustRead.
Goatse of Cloudbleed →
via the eponymous Phoneboy, comes his take on the latest security foible of a major backend provider (in this case Cloudflare), entitled 'Cloudflares with a Chance of Goatse', Mr. Welch-Abernathy explains it all, in imitiable form. Today's MustRead.
Wisdom, Ignorance of the Crowds
IARPA's doing it, the Neuromongers did it, why not You? Well crafted report on the methodology behind applying the power behind the ignorance and widom of the crowd... Known as the Crowdsourcing Evidence, Argumentation, Thinking and Evaluation (CREATE), IARPA's new program ostensibly may enhance intelligence anlayst's capability levels by leveraging the behavior of crowdsourced resources. Today's Must Read.