Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Positioning System Spoof Lash-up Can Reroute Robotic Automobiles Into Opposing Traffic

July 22, 2018 by Marc Handelman in Information Security, Hardware Security, Automation, Automobile Security

Bad mojo written up at Ars Technica and The Wall Street Journal, in the GPS realm. It's high time for the manufacturers to step up remediation efforts targeting these pernicious position system flaws. Until the appropos remediations and mitigations are firmly ensconced within the hardware and software under scruitny, no human should trust autonomous-navigating conveyances, unless - of course - you are actively testing those systems.

"“Our study demonstrated the initial feasibility of manipulating the road navigation system through targeted GPS spoofing,” the researchers, from Virginia Tech, China’s University of Electronic Sciences and Technology, and Microsoft Research, wrote in an 18-page paper (emphasis added). “The threat becomes more realistic as car makers are adding autopilot features so that human drivers can be less involved (or completely disengaged).”" - via Ars Technica Security Editor Extraordinaire Dan Goodin

July 22, 2018 /Marc Handelman
Information Security, Hardware Security, Automation, Automobile Security

via Luke Kingma & Lou Patrick-Mackay at Futurism Cartoons

Luke Kingma & Lou Patrick-Mackay's, 'Self-Driving Crowd Sourced Tech Support' →

May 26, 2018 by Marc Handelman in Robotics, Physical Security, Information Security, Automation, Automobile Security
May 26, 2018 /Marc Handelman
Robotics, Physical Security, Information Security, Automation, Automobile Security

via the Wit and Wisdom of  J.D."Illiad" Frazer at UserFriendly.org!

J.D.'Illiad' Frazer's 'Engineering Said...' →

May 11, 2018 by Marc Handelman in Sarcasm, Satire, Humor, Automation
May 11, 2018 /Marc Handelman
Sarcasm, Satire, Humor, Automation

DevSecOps AWS Kill Chain, The Demo →

January 18, 2018 by Marc Handelman in Automation, AWS, Kill Chain, Attack Kill Chain, DevSecOps
January 18, 2018 /Marc Handelman
Automation, AWS, Kill Chain, Attack Kill Chain, DevSecOps

Amazon AWS: Implementing Security As Code

December 04, 2017 by Marc Handelman in Code, Education, Information Security, Automation
December 04, 2017 /Marc Handelman
Code, Education, Information Security, Automation

USENIX Enigma 2017 — Ian Haken's 'Secrets at Scale: Automated Bootstrapping of Secrets & Identity in the Cloud' →

August 28, 2017 by Marc Handelman in Education, Conferences, Information Security, USENIX, Automation, Security Automation, Security Architecture
August 28, 2017 /Marc Handelman
Education, Conferences, Information Security, USENIX, Automation, Security Automation, Security Architecture

Macie the Discoverer →

August 21, 2017 by Marc Handelman in All is Information, Automation, DBMS Security, Database Security, Data Security, Data That Is Big, Data Loss Prevention, Data Driven Security, Information Security, Security Inventions, Security Architecture, Security Automation, Data Discovery

News that Macie The Discoverer has arrived in your S3 bucket... Data Security Automation - potentially - at it's finest? You be the judge.

August 21, 2017 /Marc Handelman
All is Information, Automation, DBMS Security, Database Security, Data Security, Data That Is Big, Data Loss Prevention, Data Driven Security, Information Security, Security Inventions, Security Architecture, Security Automation, Data Discovery

Throwback Thursday, The Clockwork Rover →

August 10, 2017 by Marc Handelman in Automation, Steampunk, Gears and What-Not, NASA

...and now Ladies and Gentlemen, Girls and Boys, Behold, the phenomenal Clockwork Rover. Due to the extremes of both temperature and pressure on the Venusian surface, NASA must revert to automaton-like machinations from bygone era's, in this case, clockwork-like machinery to increase the longevity of the 'bots it sends to the hottest planet in the solar system. Enjoy.

August 10, 2017 /Marc Handelman
Automation, Steampunk, Gears and What-Not, NASA

BSides Cleveland 2017, Brian Mead 's 'Better Manual Web Application Testing Through Automation' →

July 24, 2017 by Marc Handelman in BSides, Conferences, Information Security, Automation
July 24, 2017 /Marc Handelman
BSides, Conferences, Information Security, Automation

DARPA Visits Planet Meta →

January 16, 2017 by Marc Handelman in All is Information, Automation, Brilliant, US Armed Forces, United States of America, Science, Innovation, Information Sciences

Superb post at DARPA, detailing the Agency's plans to go Meta... Today's Must Read.

January 16, 2017 /Marc Handelman
All is Information, Automation, Brilliant, US Armed Forces, United States of America, Science, Innovation, Information Sciences

iPhone, Halved →

August 27, 2016 by Marc Handelman in Automation, Computation, Compute Infrastructure, Computer Science

Ed Catmull, Ph.D. proudly displaying the Pixar animation render farm in 1995. It is rather important to note the farm - as depicted - can now be calculated to be the equivalent to 1/2 of a iPhone 6's computational capability.

Credit to the Friday, August 26, 2016 High Scalability blog post for jogging my memory of a time when this photo was published 26 years ago. Astonishing isn't it.

August 27, 2016 /Marc Handelman
Automation, Computation, Compute Infrastructure, Computer Science

Bostrom, What Happens When Computers Become Smarter Than Us →

November 05, 2015 by Marc Handelman in All is Information, Automation, Complexity, Computer Science, Disruptive Technologies, Singularity
November 05, 2015 /Marc Handelman
All is Information, Automation, Complexity, Computer Science, Disruptive Technologies, Singularity

Le Bots Émerger →

June 24, 2015 by Marc Handelman in All is Information, Automation, Common Sense, Communications, Social Engineering, Must Read

La Fin de Twitter est Proche, otherwise known as The End of Twitter, Inc. (NasdaqGS: TWTR) is Near... via The Harvard Business Review, and written by Alexandera Samuel, comes this tell-all on the rise of 'bots infecting Twitter, and not necessarily the 'bots you may think. Entitled "How Bots Took Over Twitter". Congratulations, you have discovered Today's Must Read.

June 24, 2015 /Marc Handelman
All is Information, Automation, Common Sense, Communications, Social Engineering, Must Read

All Your Automatonic Security Are Not Belong To Us →

June 22, 2015 by Marc Handelman in All is Information, Complexity, Automation, DevSecOps, DevOps

Well crafted thought piece appearing over at Darkmatters, a Norse blog, written by the inimitable Pete Herzog, regaling us with the truth of robotic security. Today's MustRead.

"The problem is that automating security creates a paradox. You see, in security, automation works best as a tool and not a wielder of tools. You see, your security automation is in charge of making periodic and systematic changes to controls and then verifying those changes." via Darkmatters, a Norse Security blog, by Pete Herzog

June 22, 2015 /Marc Handelman
All is Information, Complexity, Automation, DevSecOps, DevOps

DevSecOps Edition, 10+ Hours of Information Security + DevOps Video →

June 04, 2015 by Marc Handelman in All is Information, Application Security, Automation, Code, DevOps, Information Security, Education, DevSecOps

The kind folks at DevOps have made their video collection of HD quality Security DevOps content from RSAC 2015 available (with the only catch of a registration form). Highly recommended.

'DevOps Connect was co-produced by DevOps.com and Sonatype, through the Nexus Community Project. The day started with a keynote delivered by Gene Kim and Joshua Corman, setting the stage for 13 more presentations.' - via Devops' Alan Shimel

June 04, 2015 /Marc Handelman
All is Information, Application Security, Automation, Code, DevOps, Information Security, Education, DevSecOps

Wetware Outnumbered →

May 21, 2015 by Marc Handelman in All is Information, Automation, Information Security, Robots, Software Entities, Wetware, Software

via Maria Korolov, writing at CSO, tells the tale of software robotic entities, who now, apparently outnumber wetware entities on the interwebs.

May 21, 2015 /Marc Handelman
All is Information, Automation, Information Security, Robots, Software Entities, Wetware, Software
Netflix (1).png

NetFlix Unleashed FIDO →

May 06, 2015 by Marc Handelman in All is Information, Incident Handling, Incident Response, Information Security, Automation, SecDevOps

via Netflix's Jason Chan, comes word of a OSS automation effort targeting security related events, and actions thereo. Monikered FIDO or more accurately 'Fully Integrated Defense Operation' the system ostensibly serves as an orchestration layer for automated response activities, in the case of security event triggers. Comprised of a well thought-out architecture of infrastructure components, an encapsulated orchestration, correlation and scoring engine coupled to a threat intelligence system... But, I'll leave the full explanation in the obviously capable hands of Netflix's Security Team; examine. if you will, FIDO at GitHub. And, because it's Open Source Software, the security community at large can reap the benefits of this superalitve effort. Outstanding.

May 06, 2015 /Marc Handelman
All is Information, Incident Handling, Incident Response, Information Security, Automation, SecDevOps