Army Research Laboratory: New Models Predict Number of Cyberintrusions →

September 26, 2017 by Marc Handelman in Statistical Modeling, US Army, Security Innovation, Security Development, Mathematics, Information Security

New - heretofore unreleased - statistical model can predict numbers of so-called cyber-intrusions in the Enterprise (whether that Enterprise be Military, Government or Business - apparently). By United States Army Research Laboratory research scientists Lawrence P. Knachel, Alexander Kott, Nandi O. Leslie and Richard E. Harang, the paper is slated for publication in a special release within the Journal of Defense Modeling and Simulation during claendar year 2018. A pre-release copy can be garnered via Sagepub Journals. Key quote (and pertinent to information security modelers:

"Several of the predictor variables that were recommended to the researchers by subject matter experts turned out to be lacking in influence or even misleading. For example, SMEs felt that the extent to which an organization is visible on the Internet, as measured for example by the number of records found related to that organization on the popular Google Scholar, would be a significant predictor of intrusion frequency. However, it turned out that such visibility alone is not a useful predictor of successful intrusions," Leslie said." - via ARL

Node Package Manager, Tribulátio, In Paradiso

August 23, 2017 by Marc Handelman in Attacks, Attack Analysis, Security Development, Security Failure, Security Flaws, Information Security, Infosec Competence

Well, looks like there is a bit of bother at npm, what with the security failures of recent import. Read Adam Shostack's well-crafted piece detailing what's broken, and what to do about it (it being fairly obvious once you read his thoughtful post). Enjoy.

"In June, security researcher ChALkeR explained how he "obtained direct publish access to 14% of npm packages (including popular ones). The estimated number of packages potentially reachable through dependency chains is 54%." Then, there was a typo-squatting attack that went undetected for two weeks. And just a few days ago, Ivan Akulov reported on malicious packages in npm." - via Adam Shostack, writing at IANS

Feet of Clay, Bitlocker Backdoor →

November 24, 2015 by Marc Handelman in All is Information, Security Flaws, Security Development, Security Architecture, Information Security, Feet of Clay

Lucian Constantin, writing at ComputerWorld UK, tells the tale of Bitlocker, the Feet of Clay edition...

Nmap + Google Summer of Code →

April 01, 2015 by Marc Handelman in Security Development, Education, Information Security

Nmap has announced the participation of the Nmap Project in the Google Inc. (NasdaqGS: GOOG) Summer of Code internship program for the eleventh year. The Nmap Project Ideas Page has answers to your most of your queries.

"Hi folks. I'm delighted to report that Nmap has been accepted by Google to participate in this year's Summer of Code internship program. This innovative and extraordinarily generous program provides $5,500 stipends to college and graduate students anywhere in the world who spend the summer improving Nmap from home! They gain valuable experience, get paid, strengthen their résumés, and write code for millions of users. We're one the few orgs which have participated every year since the program began, and we're quite excited for our eleventh year!" - via Fyodor at Nmap.