Information Security & Occasional Forays Into Adjacent Realms
Well documented paper on the capability to identify entities via credit card metadata [i.e., the identification is based on what was once thought to be anonymous big data...]. Time to move back to currency transactions. Tout Simplement Incroyable.
In a new series (typically, behind Science Magazines' pay-wall, but free access to February 5th, 2015), comes this particularly disturbing revelation of Facebook Inc.'s (NasdaqGS: FB) DeepFace system which is now, apparently, as accurate as human's at facial recognition.
>
So important, Mr. Kazemi's video is meets today's Must Watch criteria.
Reports of newly discovered targeted attack code harshed our collective holiday mellow late last week, with the notification via the ICS CERT of flaws in the Network Time Protocol (in this case, prior to NTP version 4.2.8). The NTP 4.28 tarball is here, for folks that need to update their NTP deployments.
"NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice for vulnerability and mitigation details, and the Network Time Foundation Blog for more information. (January 2014) " - via NTP.org
Once again, Kim Zetters' superlative prose details the astounding story of Stuxnet; this time, in a new book titled 'Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon' [published by Crown Publishing Group a division of Random House]. Apparently, like many other 'infections' the vector [in this case] is the order-of-the-day... This month's MustRead.
via Dr. Holger Sierks, a Max-Planck-Gesellschaft Scientist and Principal Investigator, leading the team working on the OSIRIS (Optical, Spectroscopic, and Infrared Remote Imaging System) on-board the Philae, describing the effort taken by human researchers when analyzing images of the comet...
The ramifications to many endeavors, ranging from automated driving, to automated information and physical security functionality (identity management, authentication, access control, biometrics, image recognition, et cetera) are startling, when confronted with new visages, we have yet to develop algorithmic capabilities to manipulate the data, and bend it to our will. EOM
News, via Renee Yao [with guest writer Mark Voelker, technical lead at Cisco] writing at Cisco Blogs, of the newly released OpenStack 2014.2 (aka Juno). Fundamentally, OpenStack open-source software targets the creation of cloud compute infrastructure, both private and public. Absolutely Outstanding.
British Tabulating Machine Company - The Turing Bombe Rotors 1940 - 1945
Readers who have examined this weblog during the thirteen years plus of it's publication, know of my Interest in Matters Turing and Bletchley; Alan Turning & Bletchley Park, that is... With those Foci in mind, here is a fascinating serial scrutinizing the history of Bletchley Park, the nearly seventy-year-old locale of the United Kingdom of Great Britain and Northern Ireland's Government Code and Cypher School (GC&CS) (now known as GCHQ). Today's MustRead.
News, via Paul Rubens writing at eSecurity Planet, of the apparent resurfacing of the TrueCrypt project, this time, with more eyes on the prize, so to speak. Look for a resurrected TrueCrypt 7.1a code-base with a new re-branded name: CipherShed. Hat Tip to Firewall Consultants.
Art credit: Bio Engineering
via the inimitable Kim Zetter, Senior Staff Writer at Wired, comes this staggeringly well crafted piece on the United States National Security Agency / Central Security Service's work to create a tool known as MonsterMind. The natural progeny of encompassing surveillance, is the capability to detect and mitigate malware in the wild.
Bletchley Park has released the August 2014 edition of the Trusts' podcast series, this time, entitled 'Inspiring Women' in cryptanalysis; in which, the Trust focuses on the work women accomplished at Bletchley Park during World War II.
Fascinating write-up, via El Reg's John Leyden, of what some may say smack's a bit o' the Ned Ludd... In which, Mr. Leyden tells a tale fractionally too close to home; yours and my home, that is. A tale of portent, and societal dis-ease whence the Internet of Things [IoT] truly does arrive, and we become beholden to our inter-connected fridges, light bulbs and what-not. SkyNet? Hardly. An apt description would be MundaneNet™.
Unfortunate news, for TrueCrypt users, and project contributors... Apparently, the developers of the full disk encryption (FDE) open source product are in the process of shuttering the projects SourceForge site, along with directions targeting the product's users to migrate TrueCrypt partitions to BitLocker.
via Monitorama PDX 2014 an exposition of sorts, presented by the eponymous James Mickens of Microsoft Corporation (NasdaqGS: MSFT) Research. Hat Tip -Trey at Firewall Consultants.
