Group items tagged

This standards publication (FIPS 140-2) is a key standard's document. Skim through it and see if you can find some ideas for emerging threats against the standard(s).

Any time you are allowed to introduce code into a program, you have a chance for error. By allowing cryptographic software and firmware to be updated, I think you will always have the chance for emerging threats to be introduced in the form of malware. Recently, the U.S. has stopped allowing the use of Chinese built hardware for certain DOD/ Federal agencies. if we allow the enemy to build the devices we use to form our security foundations, we have already lost the war.

I believe the frequency of review of this policy is untimely to the speed technology advances in. If they could move the review from 5 years to 2 years will suffice. At times, once the policy is published folks are already working on the revision to keep up with technology growth. "Since a standard of this nature must be flexible enough to adapt to advancements and innovations in science and technology, this standard will be reviewed every five years in order to consider new or revised requirements that may be needed to meet technological and economic changes."

I can't see this being used much for single factor authentication, but I could certainly see it being used on top of a username/password setup to bolster the security of that password. Another useful application for this would be to augment an anomaly based IDS running on the user's system. If keystroke patterns/dynamics exceed standard deviation, an alert could be sent to the help desk or security, who could then verify the identity of the user.

I could see some companies implementing keystroke and typing dynamics depending on their sector and security posture. However, depending on the sensitivity of the software, they could receive a lot of false positives. I've personally noticed my typing speed fluctuates drastically depending on the time of day. Nevertheless, I could see more companies deploying the software depending of their budget.

It seems that there are way to many variables for this technology to really take off. I agree with trevor that there is potential for a high volume of false positives. I also see potential for a high volume of false negatives. This technology seems as though it could end up being extremely frustrating for the end user.

Review the presentation.

Thanks for the posting especially since my project deals with Ambient Intelligence wherein biometrics can be an integral part of its implementation. One of the most common and frequent incidents in Service Management is authentication. Whether it is with entering secure facilities or logging into computer systems both in the office and remotely, people tend to forget their credentials. Consequently, this causes a loss in productivity as someone tries to regain their access to systems or for system administrators to provide them with temporary access. Ambient intelligence and biometrics may seem as a viable solution since the physical characteristics is intrinsic in each individual. This presentation presents me with the cybersecurity flaws and weaknesses that should be mitigated.

Biometrics is always something I have found to be fascinating. Because like this article stated no one knows who you are on the other end of that computer so being able to authenticate that in some sort of method is a great thing

While society is looking to use technology for it's benefits, there are many pitfalls, and adverse uses for this same technology. This article discusses how the use of CCTV systems for ensuring that players do not cheat was used against the same system, to do the very thing it was protecting against. We as technology professionals should be very congnizant of the security risks that the technology we recommend or put in place, may have alternate uses, which may be used against us, and thereby causing more damage than it helped to protect.

Phil, This is very interesting. You would have thought the casino would have better security than that on their system. It also suprises me that if you were in a game with that much money why did they not see the receiver the person had. A simple pat down could have reveiled it. It is scary what technology can do in the wrong hands. Lee

Winning is one thing, but stacking the deck is another. I would have thought that a casino would have a better way of securing their systems. Ben

"System consists of identically designed sensor modules which are self-sustaining, wireless, act as transmitters and receivers and are equipped with a special sensor technology for long-term monitoring of buildings or engineering facilities. The sensor unit uses strain gauges for stress analysis and contains interfaces for additional sensors. The system in particular applies to buildings and structures for transport and traffic and large-scale industrial facilities, where a subsequent wiring installation is difficult or impossible."

This document is part of your Week 2 DQ. It is 289 pages so I do not expect you to read the entire document. However, open the Voicethread to see the key areas for the DQ and you can search the document for those key words.

This document is used for your Week 1 discussion questions.

Recently uncovered government documents reveal that the U.S. Department of Homeland Security's (DHS) unmanned Predator B drone fleet has been custom designed to identify civilians carrying guns and track cell phone signals. "I am very concerned that this technology will be used against law-abiding American firearms owners," said founder and executive vice president of the Second Amendment Foundation, Alan Gottlieb.

The power these drones represent is incredible. I can easily see how the can (and will be) abused. As Jammes pointed out, the Primary purpose of DHS is securing our nations borders, yet I have read of DHS rading peoples homes because of an "improperly" imported car! Not to sound like I am about to put a tinfoil hat on, but I do see the distinct possibility of the banning of firearms in this country as happened in England in 1997. These tools will be in place well before that day.

The use of Drones in the field as a tool to fight the fight on the borders is one thing, using them as a tool to fight terrorism is still another, but using them as tool to spy on the people of the United States is another. I think this is one that the United States Supreme Court will be deciding soon.

Bias stress effects in organic thin-film transistors were investigated. A donor-acceptor type liquid-crystalline semiconducting copolymer, poly(didodecylquaterthiophene-alt-didodecylbithiazole), PQTBTz-C12, was used as the active channel material. This substance contains both electron-donating quaterthiophene and electron-accepting 5,5'-bithiazole units. The threshold voltage (VT) shifts induced by direct current (DC) bias stress were studied under different gate-source and drain-source voltages. By fitting ΔVT versus stress time in compliance with a stretched exponential relationship, characteristic charge trapping time constants (τ) and dispersion parameters (β) for the VT shifts were determined for each stress condition. The time constants decrease with increasing gate-drain voltages. It was also observed that the VT shift due to charge trapping can be recovered by releasing the device from bias stress for several hours. The recovery rate from DC OFF bias stress is slightly slower than the recovery from DC ON bias stress. Such a difference can be attributed to the different charge releasing time from the deep trap states for holes and electrons. The immediate compensation of opposite charges by applying an alternating current (AC) bias stress provides spontaneous charge detrapping at each cycle and thus results in relatively moderate total VT shifts compared to those under DC bias only

Cloud Data Storage: Annotated Bibliography In this research document, the authors provide us with a study of data storage in the cloud. It focuses on the management, operation and security of data stored for long periods of time in the cloud. This item is useful for the fact that it can present several demographics to business regarding cloud computing security, data storage functionality and also cites several business surveys that can assist in organizations to make the decision to migrate to cloud computing services and data storage.

Research from CalTech on self healing chips. They were able to destroy chips with laser and watch as the chip recovered to near it's original state. Could have future implication for indestructible equipment in the field (i.e. DoD).

Funsho, Adverse as in the machines rising up?

My sentiments exactly!

Call it the cyber-attack that never happened. A false alarm that sent the Economic Development Agency scrambling. When the dust settled, the EDA had spent half of its information technology budget - or nearly $3 million - destroying hundreds of thousands of dollars worth of perfectly functioning computer equipment. Talk about using up your resources...literally.

What stood out to me was that they did not follow the incident handling procedure. Those documents are put together for a reason. I also question why there was not a manager to oversee the incident response for something of this size. I blame management for this one.

I agree with a better safe than sorry approach most of the time, but I have to agree with Bob that procedures weren't followed and equipment was unnecessarily destroyed.

Look! Up in the sky! Is it a bird? Is it a plane? It's ... a drone, and it's watching you. That's what privacy advocates fear from a bill Congress passed this week to make it easier for the government to fly unmanned spy planes in U.S. airspace.

The commentary on that one is pretty heated... As for the article, I could take it or leave it. Working in Law Enforcement, I can definitely see the benefits in having drones in the air (they are sure useful here in Afghanistan...) I also see the argument stating they are a violation of 4th Amendment rights. Really, it is all about how it gets implemented. For instance, they could restrict the drones to prevent them from flying through residential airspace without a Magistrates Authorization, thereby protecting the rights of citizens when they are at home. Outside of home, 4th Amendment rights really don't exist when you are walking under clear skies... there's just no expectation of privacy there.

Here is a primer on Near Field Communications (NFC) which is a set of standards for smartphones that establishes radio communication between similar devices which are in close proximity. It is a subset for RFID (radio-frequency identification) and is being integrated into our daily lives as in most technology. The low-cost NFC tags practical uses are limited only by imagination, the challenge will be is to mitigate the cybersecurity risks it poses.

Here is another video presentation on NFC. http://www.youtube.com/watch?v=_RBbuGwC7Eg

I have to say this was a very interesting video to watch, and I see now how these things work and what we can do with them. I do like the fact that they have a shorter range than Bluetooth as well as less power consumption. I would still be worried about losing information when say on a crowded train or bus. People could brush up against your phone and you may not realize it. thanks for sharing. Lee

Georgia Tech's security summit report

Great article. Thing like this are very interesting to me. The section on Cloud Computing was by far my favorite. This type of technology is emerging and at the same time it has turned into a challenge for attackers to try to break. Security is going to be very vital for this service to work and more likely will be the subject of any topic related to cloud technology. Cloud service providers need to make a stronger statement and provide some type of assurance to the customer. Thanks!

I had actually read this article before, but it was good to read it again. While they are many elements that are concerning I find the "filter bubbles" troubling. A user has the right to know that their search results have been filtered. You think you're conducting an open search, only to read this and find out your results may be limited.

Biometrics - Fingerprinting. This source is an example in what companies, government entities as well as products are taking finger prints from people who are applying for credit card, crossing the boarder and how it has stream-lined their process.

Retina and iris scans, fingerprint and palm logins rely on possession of unique anatomical characteristics that you cannot forget as you might a password. But, Kenneth Revett of the British University in Egypt, in El-Sherouk City, reviews the state of the art in an alternative approach to user authentication in the inaugural issue of the International Journal of Cognitive Biometrics.

Very interesting article Justin. I like the idea of using biometrics as an authentication layer, vs. relying on a CA to issue digital certificates. In my opinion, biometrics should only use functions that can be read or measured when the person is alive.

Biometrics is great for a multi factored authentication. It is a very expensive approach to authenticating as well. I doubt there will be a market for it until the price for implementation drops drastically. I would not use it as a stand alone authentication approach.

Theodore Berger, a biomedical engineer and neuroscientist at the University of Southern California in Los Angeles, envisions a day in the not too distant future when a patient with severe memory loss can get help from an electronic implant. In people whose brains have suffered damage from Alzheimer's, stroke, or injury, disrupted neuronal networks often prevent long-term memories from forming.

WO!!!! Shut the front door this article is like a science fiction read but the technology if approved for humans can have a dramatic impact on folk who have family members with dementia/Alzheimer as this can possibly make life less stressful for caregivers. It would be nice to see parents and grandparents not have to suffer this dreaded disease if science and technology can provide solution. But I would like to have one myself as I can get all the help I can for TOTAL RECAL!!!

Wow, this is crazy. I don't know if I should be terrified or excited. This reminds of the old movie Jonny Mneumonic in the 90s. All these new sciences are great. The only problem that I have is bad people getting a hold of such technologies to exploiting weaker humans. I'm thinking along the line of putting false memories into people's brain and turning them into someone that they are not.

This study and report was generated by a collaborative group of experts under the European Network and Information Security Agency (ENISA) umbrella. Five areas have been assessed as presenting the biggest need for research within a window of three to five years: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. This article interested me because as cyber security professionals, it's important to adopt a global mentality when researching technology and security solutions.

Good source for all kinds of information. One topic which interested me from this site was privacy in online tracking. I feel this is especially important with social media and societies growing dependence on mobile technologies. Google and Facebook tap into many sources to include your location, cookies, likes, etc...They amount of information they mine is scary sometimes.

SEO Poisoning manipulates search engine results to make sites that are malicious in nature place higher in the results list. According to the article in 2011 40% of all cyberattacks resulted from SEO poisoning.

I know that when I'm doing a Google or Bing search, I am looking for a specific item or topic and sometimes don't even think about reviewing the link that I'm clicking on. The high amount of malware that is in search engines is scary. The pointers that were in the article were very true and very easy for the every day user to do when they are doing a search. And anyone that does not have an anti-virus or anti-malware on their system is just asking for their system to be attacked.

I use AVG security on my laptop and it uses an add-on called link scanner. When I search, the results are rated as safe or not, with a check mark or an "X" accordingly. So you immediately know which sites to avoid. It's worth trying since this could essentially save you the time and headache of undoing malware or spyware you might contract otherwise. It's a nice "peace of mind" tool.