On Wednesday, January 3, 2018, security researchers announced a series of security vulnerabilities that affect most of the world’s microprocessors (CPUs), going back about 20 years. Unsurprisingly, it’s caused a major firestorm in the media, and although I’m a little tongue-tied on this one – as some might have guessed – it’s well worth it to provide a high level overview and link repository. Summarily, the vulnerability means that due to the way modern microprocessors schedule and execute instructions, it …
Blog Posts
As 2017 draws to a close, I find myself reminiscing about major application security risks today. Unsurprisingly, I recall the OWASP Top 10, which has become a de facto standard for web application security. In the Information Security industry, it is well known that once a web application or service is hosted, it is likely to be automatically probed for security flaws – and perhaps compromised – within hours. This year, the OWASP Top Ten was revamped to cater to …
Neural networks are a set of algorithms, modeled loosely after the human brain, that are designed to recognize patterns. They interpret sensory data through a kind of machine perception, labeling or clustering raw input. The patterns they recognize are numerical, contained in vectors, into which all real-world data, be it images, sound, text or time series, must be translated. deeplearning4j.org… a great resource for concepts, architectures, and tools. Neural networks (also referred to as deep neural networks or deep learning) …
We have heard it so much, we probably tune it out. Yet, it's true. The connected future, birthed in a blossom of the Internet of Things (IoT) will bring about major changes in the ways humans interact with computers and the impact of computing on our daily lives. For now, the fullness of the possibilities of IoT, is yet a promise to be considered, nurtured, and shaped. …
Most software projects, especially those that are considered to be particularly valuable to attackers should go through the Threat Modeling and Security Architecture Review activities of the Secure Development Life cycle. Threat Modeling is a process by which potential threats can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view. Security architecture review involves the analysis of the architectural and design solutions that mitigate threats identifies in the Threat Model. Good architecture diagrams are vital to effective …
For a time the security industry and many technology users have wondered about the usefulness of complex passwords. To protect access to systems, passwords provide the most basic security. It’s often recommended that passwords are combined with other authentication mechanisms, but that’s a different blog post. Since simplistic passwords like names, birth dates, places etc. are easily guessed by automated software, a recommendation for years has been complex passwords. I’m sure you have come across instructions like this when creating passwords for …
Master Deep Learning and Artificial Intelligence with Former Head of Baidu AI Group and Google Brain
Andrew Ng, a pioneering machine learning and deep learning expert who previous led Baidu’s Artificial Intelligence group and the Google Brain deep learning project, recently released a practical Deep Learning course. It is geared toward newbies or professionals seeking to master the theory and application of Deep Learning. The course is taught using common industry tools such as the Tensorflow machine learning software library and the Python programming language. It is available on the popular online learning platform, Coursera. The stated goals are …
What does software architecture mean and how does it differ from application architecture or systems architecture? Who is a software architect? Those are common questions amongst software or systems developers, and I’ve been on the receiving end many times. At other times I’ve introduced myself as a software security architect, before being asked, “I hope you’re not one of those people who just draw blocks on slides?”. So just what is software architecture and what do software architects do? In his brilliantly …
At its simplest, cryptography (or crypto in nerd parlance) is the study and practice of secure transmission of secrets between two parties, given the presence of a third party. In the wide expanse of information technology systems and applications, crypto forms the foundation of trust for many interactions that require confidentiality. One example is an online banking web application that requires a secure means of transporting the user’s authentication credentials from their web browsers to the back end server that house the bank’s …
Earlier this month, May 2017, hospitals, corporations, and government offices in 74 countries around the world, were hit by ransomeware attacks. Ransomware is malicious software that locks a computer and it’s data with strong cryptographic algorithms, until the owners of the computer pay a ransome. Interestingly, the computer code used in crafting the malicious software that compromised those systems with ransomeware was derived from code developed by the United States’ National Security Agency (NSA). The NSA had identified security flaws in …
