The Week in Internet News: Arkansas Reverses Ban on Municipal Broadband

Change in direction: A story at CityLab.com examines why the state of Arkansas has moved to rescind a 2011 ban on community-financed broadband networks. The state is the least connected in the U.S., according to one group, and residents have complained about “lousy” broadband options.

White and male: The Artificial Intelligence too white and too male, according to research from the AI Now Institute at New York University. About 80 percent of AI professors are men, and just 15 percent of the AI research staff at Facebook and 10 percent at Google are women, notes a story on the research at The Verge. Racial minorities also make up a small percentage of AI staff at large tech vendors.

Comey vs. encryption: Former U.S. FBI Director James Comey, who pushed for ways for law enforcement agencies to break into encrypted devices while he was in government, now says he would have taken a different approach to the encryption debate, the Washington Post reports. Comey says it was “dumb” to launch the encryption debate by criticizing U.S. tech companies. However, he still believes law enforcement agencies need access to encrypted communications.

Censorship vs. disinformation: The Ukraine government Continue reading

How and where to use serverless computing

Is your organization ready to go serverless? The trend toward serverless computing is clearly on the rise, but that doesn’t mean it works ideally for every scenario or organization.Serverless computing is a software architecture model in which a cloud service provider runs the server for a customer and dynamically manages the allocation of computing resources. The term “serverless” is a misnomer, in the sense that servers are still involved in the process. Learn more about serverless computingTo read this article in full, please click here

How and where to use serverless computing

Is your organization ready to go serverless? The trend toward serverless computing is clearly on the rise, but that doesn’t mean it works ideally for every scenario or organization.Serverless computing is a software architecture model in which a cloud service provider runs the server for a customer and dynamically manages the allocation of computing resources. The term “serverless” is a misnomer, in the sense that servers are still involved in the process. Learn more about serverless computingTo read this article in full, please click here

End of term

We’ve reached the end of term again on The Morning Paper, and I’ll be taking a two week break. The Morning Paper will resume on Tuesday 7th May (since Monday 6th is a public holiday in the UK).

My end of term tradition is to highlight a few of the papers from the term that I especially enjoyed, but this time around I want to let one work stand alone:

You might also enjoy “The Mess We’re In,” and Joe’s seven deadly sins of programming:

  1. Code even you cannot understand a week after you wrote it – no comments
  2. Code with no specifications
  3. Code that is shipped as soon as it runs and before it is beautiful
  4. Code with added features
  5. Code that is very very fast very very very obscure and incorrect
  6. Code that is not beautiful
  7. Code that you wrote without understanding the problem

We’re in an even bigger mess without you Joe. Thank you for everything. RIP.

Programming languages infosec professionals should learn

Code is an essential skill of the infosec professional, but there are so many languages to choose from. What language should you learn? As a heavy coder, I thought I'd answer that question, or at least give some perspective.

The tl;dr is JavaScript. Whatever other language you learn, you'll also need to learn JavaScript. It's the language of browsers, Word macros, JSON, NodeJS server side, scripting on the command-line, and Electron apps. You'll also need to a bit of bash and/or PowerShell scripting skills, or SQL for queries. Other languages are important as well, Python is very popular for example. Actively avoid C++ and PHP as they are obsolete.

Also tl;dr: whatever language you decide to learn, also learn how to use an IDE with visual debugging, rather than just a text editor. That problems means Visual Code from Microsoft.

Let's talk in general terms. Here are some types of languages.

  • Unavoidable. As mentioned above, familiarity with JavaScript, bash/Powershell, and SQL are unavoidable. If you are avoiding them, you are doing something wrong.
  • Small scripts. You need to learn at least one language for writing quick-and-dirty command-line scripts to automate tasks or process data. As a tool using animal, this Continue reading

Was it a Chinese spy or confused tourist?

Politico has an article from a former spy analyzing whether the "spy" they caught at Mar-a-lago (Trump's Florida vacation spot) was actually a "spy". I thought I'd add to it from a technical perspective about her malware, USB drives, phones, cash, and so on.

The part that has gotten the most press is that she had a USB drive with evil malware. We've belittled the Secret Service agents who infected themselves, and we've used this as the most important reason to suspect she was a spy.

But it's nonsense.

It could be something significant, but we can't know that based on the details that have been reported. What the Secret Service reported was that it "started installing software". That's a symptom of a USB device installing drivers, not malware. Common USB devices, such as WiFi adapters, Bluetooth adapters, microSD readers, and 2FA keys look identical to flash drives, and when inserted into a computer, cause Windows to install drivers.

Visual "installing files" is not a symptom of malware. When malware does its job right, there are no symptoms. It installs invisibly in the background. Thats the entire point of malware, that you don't know it's there. It's not to say Continue reading

Weekend Reads 041919

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. —Mohit Kumar

A team of security researchers on Wednesday issued a stern warning about a DNS Hijacking campaign being carried out by an advanced, state-sponsored actor believed to be targetting sensitive networks and systems. —CircleID

Security researchers say they have found a new victim of the hacking group behind the potentially destructive malware, which targets critical infrastructure, known as Triton or Trisis. —Lorenzo Franceschi-Bicchierai

By pushing client-side DNS queries into HTTPS the Internet itself has effectively lost control of the client end of DNS, and each and every application, including the vast array of malware, can use DOH and the DNS as a command and control channel in a way that is undetectable by the client or client’s network operator. —Geoff Huston

The expectations are often high, not only for the MDM solutions ability to massively reduce the administrative workload of keeping track, updating and managing the often hundreds or thousands of devices within a company but also regarding the improvements towards the level Continue reading

1 1,206 1,207 1,208 1,209 1,210 3,793