DARPA Program Makes Progress With Aircraft Cyber Security Research

Aviation Today

“For example one of the classic security vulnerabilities is a buffer overrun error which allows one function or data to come in and overwrite memory where its not supposed to, and that can be exploited by a hacker. So Galois developed languages that allow us to produce software that doesn’t have these types of memory vulnerabilities. We have used this language to reverse engineer a lot of the functionality on our research platforms, Boeing did the same thing on the unmanned little bird that they flew,”

PERMALINK

Joe Kiniry and Dan Zimmerman: The state of election technology is… improving

TechCrunch

Most jurisdictions today are using election technology developed in the 1990s, and the typical voting system is running an operating system that is no longer vendor-supported, no longer has security updates (which couldn’t be applied anyway because of certification requirements) and relies on technology that wasn’t considered “cutting edge” even when it was purchased.

PERMALINK

Consortium Partnership Project To Attack DDoS

Campus Technology

The project is important, Ringle emphasized, because it will help “change the balance between the aggressors and the defenders.” “We are sitting ducks in a way. By banding together, by having these colleges and universities work with another and with Galois, it gives us a leg up. We can’t make the gap disappear entirely, but if we can close it so that we can react almost as fast as they can launch attacks, then that mitigates the damage that their attacks can do, and that makes us much more powerful in terms of defending our campuses and all the data that we manage.”

PERMALINK

Are cyber compliance requirements getting in the way of security?

C4ISR & Networks

When systems simply can’t meet existing security mandates, Archer advises developing new mandates from the ground up. “NIST offers a process for security assessment that flows from an understanding of adversarial capabilities, types and sensitivities of data or controls to be protected, and available budget,” Archer said. “Following this process, you can identify potential security risks specific to the system and then develop practices to secure the system against those risks becoming vulnerabilities.”

PERMALINK

DARPA looks to measure privacy protection

GCN

“Privacy, especially when it comes to data, can be difficult to pin down. Security measures are key, but when done wrong can add to the difficulty, making it hard for authorized users to effectively access the data they need. So the Defense Advanced Research Projects Agency has been funding research efforts to develop technologies that could help bridge troublesome privacy gaps.”

PERMALINK

Isaac Potoczny Jones: Encryption Debate – The Issue Isn’t Strong Crypto; It’s Easy Crypto

NextGov

strong encryption is not the real issue that faces law enforcement now. In reality, strong encryption has been available for decades. The real issue that government agencies are facing today is actually easy, default, and ubiquitous crypto. Ease of use and security are both in the interest of the public, and in line with the White House cybersecurity priorities.

PERMALINK

Mobile security Q&A with Isaac Potoczny-Jones: Securing the mobile minimum viable app

CSO

We know application security is one of the most important aspects of data security, but if software teams are moving more quickly than ever to push apps out, security and quality assurance needs to be along for the process. The flip side is minimum apps and features could mean less attack surface. To get some answers on the state of mobile app security and securing the MVP, we reached out to Isaac Potoczny-Jones research lead, computer security with a computer security research and development firm Galois.

PERMALINK

DDoS Defense: Better Traction in Tandem?

Security Intelligence

With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense.

PERMALINK