Blog

Time’s Running Out to Prevent a Massive Cyberattack on Critical Infrastructure

U.S. infrastructure is in “a pre-9/11 moment” when it comes to cybersecurity and time is running short to shore up its cyber defenses, an industry advisory committee warned Tuesday.

If government and industry don’t dramatically boost their efforts to protect critical infrastructure, such as the financial system or electric grids, they risk missing a “narrow and fleeting window of opportunity before a watershed, 9/11-level cyberattack,” according to a report approved by the Homeland Security Department’s National Infrastructure Advisory Council.

Continue reading “Time’s Running Out to Prevent a Massive Cyberattack on Critical Infrastructure”

Research positions in Japan at the RIKEN Center

Succinct information processing unit in the RIKEN Center for Advanced Intelligent Project, Japan, is opening two new research positions.
The aim of this unit is to develop new methods in the area of data compression, data structures, algorithms, data mining, machine learning and their applications  in Bioinformatics and Chemoinformatics.

Application deadline for the postdoc and the internship positions is not set. (Early application is preferable). Please ask for more information on the positions by yasuo.tabei@riken.jp.

For detailed job descriptions, visit
http://www.riken.jp/en/research/labs/aip/
http://www.riken.jp/en/careers/researchers/20161128_2/

CI Computer Science students build a digital forensic tool

On August 7, 2017, the CI Computer Science students presented a prototype of a digital forensic tool, which we named SEAKER (Storage Evaluator and Knowledge Extraction Reader), as part of their Masters COMP 524 Cybersecurity course. This project was a collaboration between the Ventura County District Attorney (VCDA) Digital Forensics Lab and CI Computer Science, under the umbrella of the SoCal High Technology Task Force (HTTF).

The students presented a live demo with devices supplied by the Ventura County DA.  The SEAKER prototype was able to compile search results in less than a minute depending on the size of the device. According to VCDA officials at the presentation this is a remarkable increase in efficiency and will be a useful tool in the field: while imaging of a hd can take up to 4 hours, SEAKER performs a triage search in minutes.

Digital Forensics (DF) deals with the recovery and investigation of clues from digital devices (computers, handhelds, iPads, routers, modems, DVRs, etc.). The goal of this effort is to support or refute a hypothesis in court. DF is a complex and technical field: it can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources, or authenticate documents.

A DF investigation commonly consists of 3 stages: acquisition or imaging of exhibits, analysis and reporting. The SEAKER tool helps with the acquisition of data from digital devices in a way that prevents tampering.

The SEAKER project was a fantastic learning experience for our students, as its design and prototyping combined many different skills: The C programming language, BASH shell scripting, the Linux Operating Systems and command line, the Raspberry Pi hardware, Gliffy diagrams, Dropbox Paper (which we used as a Wiki); Slack collaborative discussion / brainstorming tool, the GitHub software repository which was used as a collaborative tool in the design of the software that animated the Raspberry Pi, WordPress blogging, AWS S3 which served as a repository of the final product, Grep (regular expressions and pattern matching), working with different file systems, and of course strict performance (speed, read only). All of this had to be combined by a group of 18 students, with different backgrounds and skill sets to produce something that could be used by DF examiners.

One of the CI pillars is Community Engagement and Service Learning. This approach identifies needs in the community, and builds a curriculum around research and development to address those needs. The SEAKER project is a great example of such a symbiotic relation between CI and the community. Also, it is an example of the strength of a pedagogical approach that combines both theory and practice. Without theory a field becomes a collection of ad hoc procedures. But without practice theory becomes an abstract exercise in intellectual virtuosity. We plan to build on the approach that combines the Service Learning and Theory & Practice paradigms as we go forward with our Computer Science program in Security Systems Engineering and our Masters level offering in Cybersecurity.

Some photos from the event:

Original event announcement.

21 technologies transforming software development

A long time ago, developers wrote assembly code that ran fast and light. On good days, they had enough money in their budget to hire someone to toggle all those switches on the front of the machine to input their code. On bad days, they flipped the switches themselves. Life was simple: The software loaded data from memory, did some arithmetic, and sent it back. That was all.

Today, developers must work with teams spread across multiple continents where people speak different languages with different character sets and – this is the bad part – use different versions of the compiler. Some of the code is new, and some may be from decade-old libraries that may or may not come with source code. Building team spirit and slogging through the mess is only the beginning of what it means to be a programmer today.

Source: 21 technologies transforming software development | InfoWorld

The death of Ruby? Developers should learn these languages instead

Once the darling of the developer community, Ruby’s popularity has plummeted in the past few years, leading some tech leaders to wonder if the language may eventually die out completely.

The evidence is in the jobs: Java, JavaScript, .Net, HTML, and Python topped the list of languages found most often in tech job postings in the past year, according to Indeed, while Ruby came in far down the list, at No. 9.

In IEEE Spectrum’s ranking of the top programming languages, Ruby comes in at No. 12—down from No. 8 in 2014.

The lack of job prospects led coding bootcamp Coding Dojo to drop Ruby courses from all of its six campuses across the US by the end of the year, while adding a full-stack course in Java.

“We looked at local markets to see the most relevant technologies, and we found that Java was at the top of the charts, and Ruby on Rails seemed to rank much lower in demand in terms of startup positions, and general demand and interest,” said Speros Misirlakis, head of curriculum at Coding Dojo.

Source: The death of Ruby? Developers should learn these languages instead – TechRepublic

SQI partners with McMaster to co-develop ’instant immunoassay’ testing technology

TORONTO, July 24, 2017 /PRNewswire/ – SQI Diagnostics (TSX-V: SQD; OTCQX: SQIDF), today announced a technology development partnership and licensing agreement with the McMaster University Department of Engineering to develop chip technology for use in multi-array disease testing.

SQI is a Toronto-based life sciences and diagnostics company that develops and commercializes proprietary technologies and products for advanced multiplexed diagnostics. SQI’s existing proprietary technology enables global pharmaceutical and diagnostic testing companies to perform highly complex multiplex tests much faster, more accurately and at a lower cost.

Source: SQI partners with McMaster to co-develop ’instant immunoassay’ testing technology

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

A rash of misconfigured Amazon Web Services storage servers leaking data to the internet have plagued companies recently. Earlier this week, data belonging to anywhere between six million and 14 million Verizon customers were left on an unprotected server belonging to a partner of the telecommunications firm. Last week, wrestling giant World Wide Entertainment accidentally exposed personal data of three million fans. In both cases, it was reported that data was stored on AWS S3 storage buckets.

Source: Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data | Threatpost | The first stop for security news