Translate

Visualizzazione dei post in ordine di pertinenza per la query # sec. Ordina per data Mostra tutti i post
Visualizzazione dei post in ordine di pertinenza per la query # sec. Ordina per data Mostra tutti i post

martedì 5 febbraio 2019

# sec: oops! 5G, a European dilemma (the 1st one of a series): the quiet spread of Huawei

<< China's Huawei has quietly become a leading supplier of the backbone equipment for mobile networks, particularly in developing markets thanks to cheaper prices. >>

<< Each year it invests between 10 and 15 percent of its sales revenue on research and development. It spent $13.8 billion on R&D  (Research and development) in 2017 and $15 billion last year. >>

<< It's a dilemma for European telecoms firms: Should they steal a march on competitors and rapidly roll out next-generation 5G mobile networks using equipment from top supplier Huawei? Or should they heed US-led warnings of security threats and sit tight, and possibly fall behind? >>

<< Huawei strenuously denies its equipment could be used for espionage. >>

<< Deutsche Telekom, in an internal document obtained by Bloomberg, warned that Europe could fall behind China and the United States by as much as two years if it forgoes using Huawei's 5G equipment. >>

Erwan Lucas. European telecoms' dilemma: Huawei or the highway? Feb 3, 2019.

https://phys.org/news/2019-02-european-telecoms-dilemma-huawei-highway.html  

Also

https://flashontrack.blogspot.com/search?q=%23+sec

lunedì 22 febbraio 2016

# e-web-sec: IoT comes to (hack to) the Masses; the begin

<< Internet of Things, aka “IoT” is all the rage. You know, all these new connected things like Nest thermostats, Hue lightsdigital door locks and other devices that have lights, sensors, motors or switches, along with a small computer and are connected to the Internet.>>

<< On Monday (Feb. 8), building IoT-based devices is going to get a lot easier and cheaper thanks to Particle.io >>

Robert Scoble. Internet of Things Comes to the Masses. February 12, 2016

http://www.kurzweilai.net/robert-scoble-internet-of-things-comes-to-the-masses

mercoledì 25 novembre 2015

# e-web-sec-privacy: 50 corporations only ...

<< 50 corporations track third-party data from 88 percent of 1 million top websites >>

http://www.kurzweilai.net/50-corporations-track-third-party-data-from-88-percent-of-1-million-top-websites

Tim Libert, a doctoral student at the Annenberg School for Communication at the University of Pennsylvania. Exposing the hidden web. Internat. Journal of Communication 9(2015); 3544-61 (open access).

http://ijoc.org/index.php/ijoc/article/download/3646/1503

mercoledì 6 gennaio 2016

# e-sec: please, what time is it (among other)?

<< By their very nature of being wearable, these devices [wristband and armband devices such as smartwatches and fitness trackers], however, provide a new pervasive attack surface threatening users privacy, among others >>

Tony Beltramelli, Sebastian Risi. Deep-Spying: Spying using Smartwatch and Deep Learning. (Submitted on 17 Dec 2015)

http://arxiv.org/abs/1512.05616

also:

David Glance,  New ways your smartwatch (and phone) may be spying on you. University Of Western Australia, The Conversation. January 6, 2016

http://m.phys.org/news/2016-01-ways-smartwatch-spying.html

lunedì 15 gennaio 2018

# sec: sometimes the repair is crippling ...

<< Microsoft has temporarily stopped fixing a serious security flaw on personal computers powered by certain chips from Advanced Micro Devices because the repair is crippling the affected machines >>

Microsoft stops fixing security flaw on PCs with AMD chips. Jan 9, 2018.

https://m.phys.org/news/2018-01-microsoft-flaw-pcs-amd-chips.html

Windows operating system security update block for some AMD based devices. Jan 10, 2018.

https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

venerdì 17 maggio 2019

# sec: adversarial audio attacks; small sound perturbations to hack a Machine Learning model and remedies

<< Adversarial audio attacks can be considered as a small perturbation unperceptive to human ears that is intentionally added to the audio signal and causes a machine learning model to make mistakes. >>

Mohammad Esmaeilpour, Patrick Cardinal, Alessandro Lameiras Koerich. A Robust Approach for Securing Audio Classification Against Adversarial Attacks. arXiv:1904.10990 [cs.LG] Apr 24, 2019.

https://arxiv.org/abs/1904.10990

Ingrid Fadelli. An approach for securing audio classification against adversarial attacks. May 7, 2019.

https://m.techxplore.com/news/2019-05-approach-audio-classification-adversarial.html

mercoledì 8 marzo 2017

# web-sec: recently, they lost control of the majority of they hacking tools ...

<< Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation >>

Vault 7: CIA Hacking Tools Revealed. 7 Mar. 2017.

https://wikileaks.org/ciav7p1/

also:

http://flashontrack.blogspot.it/search?q=hack

also:

<< dalle viscosita' silenti d' inane baldacchino  ... >>

2151 - a voting machine (to explain precisely). Jan. 15, 2008.

http://inkpi.blogspot.it/2008/01/2151-voting-machine-to-explain.html

sabato 10 dicembre 2016

# e-sec: byzantine fault in-tolerance

<< Byzantine failures are considered the most general and most difficult class of failures among the failure modes >>

<< The objective of Byzantine fault tolerance is to be able to defend against Byzantine failures, in which components of a system fail with symptoms that prevent some components of the system from reaching agreement among themselves, where such agreement is needed for the correct operation of the system >>

<< Byzantine failures imply no restrictions, which means that failed node can generate arbitrary data, pretending to be a correct one, which makes fault tolerance utterly difficult. >> Nov. 19, 2016.

https://en.m.wikipedia.org/wiki/Byzantine_fault_tolerance

sabato 20 febbraio 2016

# e-sec: when something smells funny ...

<< why do  the  best hackers  on  the  planet  not  work  for  the  (..)? Because  the  (..) will  not  hire  anyone  with  a  24-inch  purple  mohawk,  10gauge  ear  piercingsand  a  tattooed  face  who  demands  to ... >>

<< Cyberscience  is  not  just  something  you  can  learnIt  is  an  innate  talent. The  Juilliard  school  of  music  cannot  create  a  Mozart.  A  Mozart  or  a Bach,  much  like  our  modern  hacking  community, is  genetically  created. A  room full  of  Stanford  computer  science  graduates  cannot  compete with  a  true  hacker  without  even  a  high-school  education. >>

John McAfee. I'll  decrypt  the San  Bernardino  iPhone. Feb. 18, 2016.

http://www.techinsider.io/john-mcafee-ill-decrypt-the-san-bernardino-iphone-for-free-so-apple-doesnt-need-to-place-a-back-door-on-its-product-2016-2

<< (..) But I’m smart enough to know when something smells funny >> John McAfee. Ars Technica. Feb.19, 2016

https://mobile.twitter.com/arstechnica/status/700707638795968512

venerdì 10 marzo 2017

# e-web-sec: qucpu will make vital cryptography simple to crack

<< Quantum computers could bring about a quantum leap in processing power >>

<< But there's also a dark side: this extra power will make it simple to crack the encryption keeping everything from our emails to our online banking secure >>

<< A recent report from the Global Risk Institute predicted that there is a one in seven chance vital cryptography tools will be rendered useless by 2026, rising to a 50% chance by 2031 >>

<< As a report from the National Institute of Standards and Technology (NIST) released in April notes, this algorithm [to solve a problem called integer factorization] can be used to efficiently solve the mathematical problems at the heart of three of the most widely-used encryption approaches: Diffie-Hellman key exchange, RSA, and elliptic curve cryptography >>

Edd Gent. Quantum Computers Could CrushToday’s Top Encryption in 15 Years. Nov 24, 2016

https://singularityhub.com/2016/11/24/quantum-computers-could-crush-todays-top-encryption-in-15-years

Michele Mosca. A quantum of prevention for our cyber-security.

http://globalriskinstitute.org/publications/quantum-computing-cybersecurity/

lunedì 11 gennaio 2016

# e-sec: "soft" vulnerabilities (2015)

<< CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities >>

http://www.cvedetails.com/top-50-vendor-cvssscore-distribution.php

CVSS - Common Vulnerability Scoring System -  National Vulnerability Database (NVD)

https://nvd.nist.gov/cvss.cfm

giovedì 8 marzo 2018

# sec: oops! also blockchain system seems to show some security vulnerabilities

<< Smart contracts - stateful executable objects hosted on blockchains like Ethereum - carry billions of dollars worth of coins and cannot be updated once deployed >>

AA << present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime >>

Ivica Nikolic, Aashish Kolluri, et al. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. arXiv: 1802.06038 [cs.CR]. Feb 16, 2018.

https://arxiv.org/abs/1802.06038

Kristin Houser. Uh Oh: Blockchain May Not Be as Secure as We Thought. Mar 2, 2018.

https://futurism.com/blockchain-security-smart-contracts/ 

Mike Orcutt. Ethereum's smart contracts are full of holes. MIT Tech Rev. Mar 1, 2018.

https://www.technologyreview.com/s/610392/ethereums-smart-contracts-are-full-of-holes/

Also

# e-ai: an intriguing hypothesis: cheating that system will become near impossible. Jun 18, 2017

http://flashontrack.blogspot.it/2017/06/e-ai-intriguing-hypothesis-cheating.html

sabato 27 agosto 2016

# e-sec: a priori cracked; 'verifiable computing' vs chip manufacturing

<< Medical devices, public infrastructure and voting machines, as well as financial, military and government electronics could all be compromised long before their first use if backdoors were added to their chips during the manufacturing process.  The issue could affect CPUs, GPUs and motherboards, but also storage and memory components. These days we're seeing more companies employ cryptographic signing for their software to ensure that the code delivered to the users is identical what was written by the vendors (although not all companies are taking this to heart yet). A similar validation process is needed for hardware to ensure its integrity. >>

Lucian Armasu. University Researchers Invent Solution To Protect Chips Against Manufacturing Sabotage. August 26, 2016  4:00 PM

http://www.tomshardware.com/news/chip-protection-solution-manufacturing-sabotage,32569.html

Researchers design a chip that checks for  sabotage. Integrated Circuits Can Monitor Their Own Computations and Flag Defects. August 23, 2016

http://engineering.nyu.edu/press-releases/2016/08/23/cybersecurity-researchers-design-chip-checks-sabotage

venerdì 22 gennaio 2016

# e-sec: Sun Tzu style: unpredictable (chaotic) environment to defending cpu from cyber-attacks

<< We want our computers to perform the way we expect. But what if the key to defeating malware is introducing a bit of chaos? >>

<< Programs you know and trust could be approved to run in a standard environment where they'll function normally, while detected malware are sequestered in a third environment, called deceptive. Instead of squashing them immediately, Chameleon would let the malicious processes continue to work in a façade environment while collecting information that can be used to understand and defeat them >>

<< Predictable computer systems make life too easy for attackers >>

Alisson Clark, January 21, 2016

http://m.phys.org/news/2016-01-defending-cyber-attacks-sun-tzu-style.html

https://twitter.com/physorg_com/status/690237559511846913

l'approccio "Sun Tzu  style" benche' antico sembrerebbe funzionale anche nell'ambito della sicurezza informatica ... quando le grandi idee ciclicamente riemergono dirompenti ...

venerdì 4 dicembre 2015

# e-web-sec: almost nine percent

<<  Almost 9 percent of popular apps downloaded from Google Play interact with websites that could compromise users’ security and privacy >>

Sarah Nightingale On Dec  3, 2015

http://ucrtoday.ucr.edu/33508

domenica 10 luglio 2016

# e-sec: brainjacking in medical implants

<< Here  are  some  real  examples  of  what  can  be  achieved  if  you  have  access  to  somebody’s  DBS [Deep Brain Stimulation] electrodes.  You  can  induce  mania,  hypersexuality,  and  even  pathological  gambling.  You  can modify  emotions.  Patients  undergoing  DBS  therapy  have  sometimes  experienced  pathological crying  and  inappropriate  laughter,  "likely  due  to  off-target  stimulation,"  says  the  paper.  Strong sensations  of  fear  and  panic  have  also  been  observed. >>

Charlie  Sorrel.  Brainjacking,  Or  How  Hackers  Can  Remote Control  Your  Medical  Implants. 06.29.16 11:46  AM

http://www.fastcoexist.com/3061323/brainjacking-or-how-hackers-can-remote-control-your-medical-implants

Laurie Pycroft, Sandra G. Boccard, et al. Brainjacking: Implant Security Issues in Invasive Neuromodulation. DOI: http://dx.doi.org/10.1016/j.wneu.2016.05.010. Published Online: May 13, 2016

http://www.worldneurosurgery.org/article/S1878-8750(16)30272-8/abstract