Infosecurity.US

This is a joint work with Clark Barrett (NYU/Stanford University), Morgan Deters (NYU), Tianyi Liang (The University of Iowa), Andrew Reynolds (The University of Iowa/EPFL), Cesare Tinelli (The University of Iowa) and Nestan Tsiskaridze, University of California, Santa Barbara.

News that Macie The Discoverer has arrived in your S3 bucket... Data Security Automation - potentially - at it's finest? You be the judge.

Do you unequivocally trust iRobot with your personal data, including internal mapping of your home? Read this post to learn more.

Eh, wot? New Kids on the Blockchain? No - simply put, it's the proliferation of Blockhain technology (in this case distributed database schema) into industrial processes. via the UK's The Engineer, and writer Andrew Wade, comes the news of said blockhain spread. Today's MustRead!

via the University of Washington's Information School instructors Carl Bergstrom, Pd.D. and Jevin West, Ph.D., comes this superlative lecture series identifying bullshit within the scope of today's oft-used phrase 'Big Data'...

via the eponymous Richard Chirgwin, whilst writing at El Reg, comes this unfortunate tale of security flaws within Splunk Enterprise (now, happily patched). First discovered by John Page (aka hyp3rlinx), and published via an advisory at Full Discosure. Here's hyp3rlinxs' source.

For the Record: We have always been pleased with Splunk products, and, most importantly, they are fast and focused when fixing issues.

The takeway? Make an effort to be extraordinarily cognizant of the threats posed by log and machine generated data aggregation in the enterprise. That is all.

via Motherboard writer Michael Byrne, comes this well-wrought piece on the apparent proliferation of 'bots on Twitter, ie., the implications of algorithm-driven entities on the Twitterverse. The fascinating component to this study by Onur Varol, Emilio Ferrara, Clayton A. Davis, Filippo Menczer and Alessandro Flammini, was the utilization of a machine-learning apparatus (and the feature-sets therein) to tease out the truth. Additional documentation (in the form of the paper) is available on arXIv. Today's MustRead.

"Part of what makes the new research interesting is the sheer number of features used in the classification model..." - Motherboard's Michael Byrne

...and now - just when you thought it was safe to turn out the lights on your datacenter, and let all that Data That Is Big percolate up through your Enterprise, comes news of more vectored ransomware attacks targeting Hadoop and CouchDB instances. Today's Must Read, indeed.

Hat Tip

TED 2017 - Cathy O'Neils' 'The Era of Blind Faith in Big Data Must End' →

USENIX Enigma 2017 — Nestan Tsiskaridze's 'Leveraging the Power of Automated Reasoning in Security Analysis of Web Applications and Beyond' →

Macie the Discoverer →

The Disingenuous →

NKOTBlockchain →

University of Washington's Bergstrom & West, 'Calling Bullshit, In the Age Of Big Data' - Lecture Series →

SANS CTI 2017, Dave Herrald's and Ryan Kovar's 'The Threat Intel Victory Garden: Threat Intelligence Using Open Source Tools' →

Splunked, The Leak →

Machine-Based Investigation: Fully →

Shmoocon 2017, Matt Blaze - The Metadata is the Message →

33c3, Lisa Charlotte Rost's 'A Data Point Walks Into a Bar' →

33c3, Wolfie Christl's 'Corporate Surveillance, Digital Tracking, Big Data & Privacy' →

DBMS Attacks Target CouchDB and Hadoop Deployments →

33c3, Axel Naumann's 'CERN: How Physicists Analyze Massive Data: LHC + Brain + ROOT = Higgs' →

33c3, James Bridle's 'A New Dark Age' →