The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source

THE NATIONAL SECURITY Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended.”

If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”

Source: The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source | WIRED

The Case for Dropping Out of College

This is an interesting article. CI is inexpensive ($15K/year, with a lot of students receiving scholarships). But beside that, this article makes me think about how to give our students “more value” for their time invested in our Computer Science department at CI.

The Case for Dropping Out of College
written by Samuel Knoche

During the summer, my father asked me whether the money he’d spent to finance my first few years at Fordham University in New York City, one of the more expensive private colleges in the United States, had been well spent. I said yes, which was a lie.

I majored in computer science, a field with good career prospects, and involved myself in several extracurricular clubs. Since I managed to test out of some introductory classes, I might even have been able to graduate a year early—thereby producing a substantial cost savings for my family. But the more I learned about the relationship between formal education and actual learning, the more I wondered why I’d come to Fordham in the first place.

* * *

According to the not-for-profit College Board, the average cost of a school year at a private American university was almost $35,000 in 2017—a figure I will use for purposes of rough cost-benefit analysis. (While public universities are less expensive thanks to government subsidies, the total economic cost per student-year, including the cost borne by taxpayers, typically is similar.) The average student takes about 32 credits worth of classes per year (with a bachelor’s degree typically requiring at least 120 credits in total). So a 3-credit class costs just above $3,000, and a 4-credit class costs a little more than $4,000.

Read more here – Source: The Case for Dropping Out of College – Quillette

US weapons systems can be easily hacked

The Government Accountability Office (GAO) found “mission-critical” cyber-vulnerabilities in nearly all weapons systems tested between 2012 and 2017.That includes the newest F-35 jet as well as missile systems.

Pentagon officials had no immediate response to the 50-page report from the Senate Armed Services Committee.

The committee’s members expressed concerns about how protected weapon systems were against cyber-attacks.

Source: US weapons systems can be ‘easily hacked’ – BBC News

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies – Bloomberg

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
— Read on www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Understanding Cybersecurity & Privacy Best Practices

Understanding “industry best practices” involves a simple process of distilling expectations for both cybersecurity and privacy requirements. This process is all part of identifying reasonable expectations that are “right-sized” for an organization, since every organization has unique requirements. It can be best to visualize “best practices” as a buffet of cybersecurity and privacy controls, where you select what is applicable to your organization, based on statutory, regulatory and contractual obligations.

Source: (18) Understanding Cybersecurity & Privacy Best Practices | LinkedIn

Decade of research shows little improvement in password guidance 

Leading internet brands including Amazon and Wikipedia are failing to support users with advice on how to securely protect their data, a study shows.More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top ten English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.Some still allow people to use the word ‘password’, while others will allow single-character passwords and basic words including a person’s surname or a repeat of their user identity.

Source: Decade of research shows little improvement in password guidance – University of Plymouth

14 most popular programming languages according to Stack Overflow study

Stack Overflow, a question-and-answer site for global programmers, has released its 2018 report on the most popular programming languages based on responses from over 100,000 developers. The top language cited is Javascript, which allows developers to build interactive elements on websites, making it one of the most common languages on the Web. HTML, while technically a markup language rather than a programming language, placed second in the ranking, as it forms the basis of all Websites. Third on the list was Cascading Style Sheets, or CSS, used to design Websites and browser-based apps. Structured Query Language (SQL), which allows users to handle large amounts of data by accessing and managing databases, placed fourth in the ranking, followed by Java, the most common tool for building Android apps. Following Java in the ranking were, in descending order, Bash/Shell, Python, C#, PHP, C++, C, Typescript, Ruby, and Swift.

Source: 14 most popular programming languages according to Stack Overflow study – Business Insider

Moscow State University Team Wins World Finals of ACM International Collegiate Programming Contest


NEW YORK, April 19, 2018 – The 2018 World Finals of the Association for Computing Machinery (ACM) International Collegiate Programming Contest (ICPC) culminated today at Peking University in Beijing, China. Three students from Moscow State University earned the title of 2018 World Champions. Teams from the Moscow Institute of Physics and Technology, Peking University and The University of Tokyo placed in second, third and fourth places and were recognized with gold medals in the prestigious competition.

ACM ICPC is the premier global programming competition conducted by and for the world’s universities. The global competition is conceived, operated and shepherded by ACM, sponsored by IBM, and headquartered at Baylor University. For more than four decades, the competition has raised the aspirations and performance of generations of the world’s problem solvers in computing sciences and engineering.

In the competition, teams of three students tackle eight or more complex, real-world problems. The students are given a problem statement, and must create a solution within a looming five-hour time limit. The team that solves the most problems in the fewest attempts in the least cumulative time is declared the winner. This year’s World Finals saw 140 teams competing. Now in its 42nd year, ICPC has gathered more than 320,000 students from around the world to compete since its inception.

As computing increasingly becomes part of the daily routines of a growing percentage of the global population, the solution to many of tomorrow’s challenges will be written with computing code. The ICPC serves as a unique forum for tomorrow’s computing professionals to showcase their skills, learn new proficiencies and to work together to solve many real-world problems. This international event fosters the innovative spirit that continues to transform our world.

The 140 teams that participated in this year’s World Finals emerged from local and regional ICPC competitions that took place in the fall of 2017. Initially, selection took place from a field of more than 300,000 students in computing disciplines worldwide. A record number of students advanced to the regional level. 49,935 contestants from 3,089 universities in 111 countries on six continents competed at more than 585 sites, all with the goal of earning one of the coveted invitations to Beijing.In addition to the World Champion designation, gold, silver, and bronze medals were awarded. The top teams this year included:

  1. Moscow State University
  2. Moscow Institute of Physics and Technology
  3. Peking University
  4. The University of Tokyo
  5. Seoul National University
  6. University of New South Wales
  7. Tsinghua University
  8. Shanghai Jiao Tong University
  9. St. Petersburg ITMO University
  10. University of Central Florida
  11. Massachusetts Institute of Technology
  12. Vilnius University
  13. Ural Federal University

About the ACM-ICPC

Headquartered at Baylor University, the ACM-ICPC is a global competition among the world’s university students, nurturing new generations of talent in the science and art of information technology. For more information about the ACM-ICPC, including downloadable high resolution photographs and videos, visit ICPC headquarters and ICPCNews. Additional information can be found via the “Battle of the Brains” podcast series. Follow the contest on Twitter @ICPCNews and #ICPC2016.

Source: Moscow State University Team Wins World Finals of ACM International Collegiate Programming Contest

So You Want to Be a…Software Developer

“An Exciting Time to Be a Software Developer”

​Designing and programming computer software is an invaluable skillset, one that is increasingly in demand in the United States, and one that the California State University is preparing students for through its extensive computer science programs.

Much sought after by companies in a variety of industries, U.S. software developers earned a median annual salary of $102,280 in 2016. The expects it to be one of the fastest-growing fields between now and 2026.

, chair of the at explains that the growing demand for developers is driven by the trend of traditionally non-technical industries turning to software solutions to become more efficient, effective and competitive.

“Computing is becoming more important in nearly every discipline. Data is the new microscope,” Dr. Lupo says.

The occupation is projected to increase 24 percent through 2026, adding more than 300,000 jobs — a growth that’s three times higher than the average for all occupations.

So who makes a good software developer? Really, anyone with a passion for the impact the field has and will have, Lupo says.

In addition to good math and science skills, prospective software development students should “enjoy working with others to creatively solve problems that can have global and societal impacts.”

“A software developer is more than a programmer; [she] is a new type of engineer who builds software as a product,” explains Michael Soltys, Ph.D., professor and chair of computer science at California State University Channel Islands.

“Computer science is now part of every aspect of the human endeavor, and so a computer science degree offers many careers,” Dr. Soltys says, adding that he sees students going on to a range of careers, from cybersecurity to applications and game developing.

Soltys and other CSU Channel Islands faculty prepare career-ready students with a variety of innovative hands-on projects, often with real-world applications.

For example, computer science students recently built a prototype of a digital forensics tool — in collaboration with the Ventura County DA’s digital forensics lab — that helps investigators more quickly acquire data from digital devices. Another project focused on an internet-enabled sprinkler timer design that helped conserve water.

This hands-on experience helps make Soltys’ students ideal candidates for the IT industry, he says, adding that many begin their careers even before graduation.

Applied learning is also an essential part of Cal Poly San Luis Obispo’s computer science and software engineering programs, says Lupo. “With nearly every course we offer a laboratory component where students must apply what they are learning in projects that they might find in industry.”

The growth in the software development field, as well as the need for more professionals, will only continue as technology continues to advance, Lupo explains.

“More data is available than ever before, and computational resources are more ubiquitous than they have ever been,” Lupo says. “This means that new models, processes and tools can be created to study all sorts of problems that we have only begun to consider.

“It’s a very exciting time to be a software developer.”

Learn more about computer science degree programs offered at the CSU.

Read about the most in-demand careers in the U.S.

Source: So You Want to Be a…Software Developer

1932: Polish Cipher Bureau Success!

1 December 1932: Polish Cipher Bureau first solved ENIGMA message. (Read an article in our Cryptologic Bytes Archives about Poland’s Overlooked Enigma Codebreakers.”)

Polish mathematicians from the University of Poznan (from left): Marian Rejewski, Jerzy Rozycki, and Henryk Zygalski broke the Enigma code, the most important encryption machine used by Nazi Germany. The success of the Polish cryptologists from the Cryptology Bureau enabled the British to read encrypted German correspondences during World War II, contributing to the wartime success of the allies.

In 1928, when the German military began using the cipher machine, Enigma, the Polish Cipher Bureau began its efforts to break it. They hired the three mathematicians in 1932 to do just that! The team worked for months to determine the wiring of the rotors. Using a mathematical equation and key lists acquired from a German traitor, they determined the three rotors’ internal wiring. They discovered three ways of deciphering Enigma readings. The Polish team then exploited some of the Germans’ standardized methods and successfully read many of the encrypted messages. They read the first one on December 1, 1932. They were in business…at least for a time…Seven years later, just before war broke out, the Poles handed over their knowledge of the Enigma codes, as well as Polish-built replicas of the machines, to British and French Intelligence officers near Warsaw.

The government official said that in recognition of the trio’s efforts, the upper house of Poland’s parliament has passed a resolution in their honor to ‘restore justice’. The resolution reads: ‘In both popular literature and official information, the public was told that the breaking of the Enigma codes was due to the work of the British Intelligence services to the complete omission of the work of Polish scientists.’

Source: National Cryptologic Foundation


Poland’s Overlooked Enigma Codebreakers

Posted on 07/08/2014

Poland’s Overlooked Enigma Codebreakers

By Gordon Corera
BBC News, Warsaw
4 July 2014
Read the article and see more photos online HERE.

The first breakthrough in the battle to crack Nazi Germany’s Enigma code was made not in Bletchley Park but in Warsaw. The debt owed by British wartime codebreakers to their Polish colleagues was acknowledged this week at a quiet gathering of spy chiefs. Continue reading “1932: Polish Cipher Bureau Success!”