Information Security & Occasional Forays Into Adjacent Realms
Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference for publishing their well-crafted application security videos on the organization’s’ YouTube channel.
via Alexis C. Madrigal - writing for The Atlantic - comes this prescient piece, targeting technical debt within the United States's physical infrastructure. Quite likely, the single , most dangerous and looming threat to our way of life. Read and watch your FearMeterⓇ redline... Oh, and given the interconnected nature of all this, the same holds true for Canada's, and Estados Unidos Mexicanos' infrastructures...
"A kind of toxic debt is embedded in much of the infrastructure that America built during the 20th century. For decades, corporate executives, as well as city, county, state, and federal officials, not to mention voters, have decided against doing the routine maintenance and deeper upgrades to ensure that electrical systems, roads, bridges, dams, and other infrastructure can function properly under a range of conditions." - via Alexis C. Madrigal - writing for The Atlantic
A superlative bit of combinatorial scholarship coming out of St. Louis University, where Sean Hartling, Vasit Sagan, Paheding Sidike, Maitiniyazi Maimaitijiang and Joshua Carron have lashed-up geospatial sciences, machine learning, UAVs, and no-small level of intellectual virtuosity to study trees, the natural felling thereof, and power outages. Todays' Must Read for you ICS Boffins and Foresty geeks (while not ignoring the AI, ML, UAv and Network Information Security types as well).
"At SLU, geospatial science meets machine learning. In a study recently published in Sensors, Saint Louis University researchers paired satellite imaging data with machine learning techniques to map local tree species and health. The data generated by the project will help inform best practices for managing healthy green spaces as well as trimming programs to avoid power outages following storms." - via Carrie Bebermeyer, Senior Media Relations Specialist at St. Louis University
From The Video Description: "Unmonitored and unpatched BMC (remote administration hardware feature for servers) are an almost certain source of chaos. They have the potential to completely undermined the security of complex network infrastructures and data centers. Our on-going effort to analyze HPE iLO systems (4 and 5) resulted in the discovery of many vulnerabilities, the last one having the capacity to fully compromise the iLO chip from the host system itself. This talk will show how a combination of these vulnerabilities can turn an iLO BMC into a revolving door between an administration network and the production network." - via Alexandre Gazet's, Fabien (0xf4b) Perigaud's & Joffrey (@_Sn0rkY) Czarny - 'Turning Your BMC Into A Revolving Door'
Photo Credit: Vincent-Ferron
Dependent - of course - on your point-of-view - i.e, whether you are on the IPFS Hypermedia File System construct, or not. Intrigued? I was, hence the designation of Lawrence Abrams' superlative reportage as Today's Must Read!
via User Friendly by Illiad!
via Rebecca Hill, writing for El Reg, comes a tale of the need for education (not too mention common sense) in the system adminsitration ranks... Read it - my friends, and weep for the present-that-apparently-never-ends.