The dark web has been sensationalized in the news, movies, and on television dramas. The dark web, and the less commonly discussed deep web, make up a part of the internet that is not accessible via search engines, like Google or Bing. This part of the internet dates to the 1990s when lists of sites … Read more
What Happened On June 27, 2017 the NotPetya malware hit the Ukraine, targeting Kyivenergo, an electric power supplier to Kiev. NotPetya went on to hit a shipping company, Maersk, a pharmaceutical company, Merck, and a delivery and distribution company, TNT Express, a subsidiary of FedEx. Employees in the TNT Express offices faced displays of a … Read more
The Shift Left principle1 is well known in software and systems development, particularly in relation to testing. It’s the idea of performing test activities earlier in the system development life cycle – developing test cases and procedures and performing incremental testing as code is being written. Ideally, test activities start even earlier than this, designing … Read more
Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more
Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to meet functional requirements (wait…security is still a non-functional requirement?). It is both a … Read more
This is the second part of a two-part article exploring the history of pre-computer cryptography. Part 1 focused on the period from the birth of cryptography some 4,000 years ago to the development of early transposition and substitution ciphers. Part 2 looks at the emergence of cryptanalysis under the Abbasid Caliphate and goes through the … Read more
The trust put into any network is reliant on three main components: reliable hardware, strong software, and capable, aware people. Network trust, whether implicit or direct, is important for holding the fabric of any infrastructure together, especially during periods of distress or danger. The significant need for network trust especially applies to the cyber-realm, … Read more
To build the cyber-educated workforce capable of supporting the needs of government, industry and academia, communities across the country are adapting to the evolving economic and technological landscape. Louisiana, for example, has seen its economic base transform from one that was historically focused on oil and gas, agriculture and gaming, to a diversified 21st century … Read more
Since 2014 the mission of Google’s Project Zero has been to make the Internet a more secure place through the discovery and responsible publishing of vulnerabilities. While Google works with vendors to ensure a patch is available before details of a vulnerability are released, nothing is actually made more secure until that patch is applied … Read more
The real hidden insider threat within every organization. “They was (sic) firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable (sic) of doing when they keep getting mistreated. I took one for the team. Sorry if I made my peers … Read more
