Huffduffed (339)
-
Michael Chabon Moonglow
-
USENIX Enigma 2018 - Security Technology Adoption; Building Hardware Is Just the Start
Paul Waller, Technical Director for Platform Security Research at NCSC
As connected devices and systems grow ever more complex, security experts recognise the need to protect the most critical functions. Standards and products have been developed to provide ‘roots of trust’; isolated components to manage identities and other keys, verify updates and measure/report the status of a device. We also see a growing list of processor features allowing arbitrary code to run in a protected environment, both on our devices and also in the cloud. Despite all this innovation, very few applications actually support these features. Market support for hardware security is low. This talk will explore why that is, and what we might do about it.
Sign up to find out more about Enigma at https://enigma.usenix.org
===
Original video: https://www.youtube.com/watch?v=2kQ1SHtAIRA
Downloaded by http://huffduff-video.snarfed.org/ on Fri, 06 Jul 2018 15:29:06 GMT Available for 30 days after downloadTagged with science & technology
-
David Patterson: “How to Have a Bad Career” | Talks at Google
Renowned computer scientist David Patterson came to Mountain View to provide advice that, as he puts it, "I wish I had been given at the start of my career."
An entertaining and engaging presenter, Prof. Patterson takes us through a number of tongue-in-cheek examples of how to sink a career in academics and elsewhere. He also provides great tips on how how to steer clear of these mistakes and build a career that is both successful and satisfying.
David Patterson wrote the book Computer Architecture: A Quantitative Approach with John Hennessy and helped lead UC Berkeley research projects Reduced Instruction Set Computers (RISC), Redundant Arrays of Inexpensive Disks (RAID), and Network of Workstations (NOW). He was elected to the National Academy of Engineering, the National Academy of Sciences, the Silicon Valley Engineering Hall of Fame, both AAAS organizations, and President of ACM.
===
Original video: https://m.youtube.com/watch?v=Rn1w4MRHIhc
Downloaded by http://huffduff-video.snarfed.org/ on Fri, 06 Jul 2018 14:24:55 GMT Available for 30 days after downloadTagged with nonprofits & activism
-
Lecture 1 — Human Computer Interaction | Stanford University
. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "FAIR USE" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use. .
===
Original video: https://m.youtube.com/watch?v=WW1g3UT2zww
Downloaded by http://huffduff-video.snarfed.org/ on Thu, 05 Jul 2018 15:11:18 GMT Available for 30 days after downloadTagged with science & technology
-
USENIX Enigma 2018 - Bits & Bytes, Flesh & Blood, and Saving Real Lives via Clinical Simulations
Joshua Corman, Founder, I am The Cavalry
Healthcare Cybersecurity is in critical condition. We know there is Promise & Peril in Connected Medicine… While the benefits of connected medicine are undeniable, the increased and premature, hyper connectivity now exposes us to a bevy of accidents and adversaries. As a sixth of our economy, healthcare’s vital public safety role, critical infrastructure, and national security interests, healthcare is both too big to fail and at serious risk of failure. We will outline some of the uncomfortable truth (and uncomfortable recommendations) uncovered by the Congressional Task Force on Healthcare Cyber Security, detail the profound impacts of a spate of 2016/2017 attacks affecting patient care, and highlight the experiences and opportunities revealed by the Cyber Med Summit - a first ever clinical hacking simulation involving physical, hackers, city/state/federal government, and medical stakeholders. We were always prone, we were prey, but we had lacked predators. That relative obscurity is now over. We will eventually strike the right balance. Our belief is that we can be safer. sooner, if we work together.
Sign up to find out more about Enigma at https://enigma.usenix.org
===
Original video: https://www.youtube.com/watch?v=h4JbU8AghNQ
Downloaded by http://huffduff-video.snarfed.org/ on Wed, 06 Jun 2018 20:04:50 GMT Available for 30 days after downloadTagged with science & technology
-
USENIX Enigma 2018 - The Evolving Architecture of the Web and Its Impact on Security, …
The Evolving Architecture of the Web and Its Impact on Security, Privacy, and Latency
Nick Sullivan, Head of Cryptography, Cloudflare
The encrypted web is built on top of a few fundamental protocols: HTTP, TLS, and DNS. These protocols were written with some fundamental assumptions about the architecture of the internet in mind, like the idea that different IP addresses correspond to separate physical machines. However, some of these assumptions are changing, and changing quickly. The popularity of technologies like IP anycast, Layer 4 load balancing, and the consolidation of massive portions of the web behind a small set of reverse proxy services mean that the architecture of the web today is very different than what is taught in computer networking classes. In this talk, I will examine some of the impacts of these changes and how internet standards such as HTTP/2 are being adapted to take advantage of the new architecture. I will also debate the tradeoffs between the complexity added by these changes and the privacy and latency benefits they provide to users of the web.
Sign up to find out more about Enigma at https://enigma.usenix.org
===
Original video: https://www.youtube.com/watch?v=xZN0H3jzwys
Downloaded by http://huffduff-video.snarfed.org/ on Wed, 06 Jun 2018 20:03:51 GMT Available for 30 days after downloadTagged with science & technology
-
USENIX Enigma 2018 - Hats off to DevSecOps
Shannon Lietz, DevSecOps Leader, Intuit
Hats off to those who have cracked the code towards Software Safer Sooner. Figuring out how to convert from DevOps to DevSecOps is non-trivial but extremely valuable. And the journey from mindless security controls to ones that fend off the bad guys is no small feat. Using transformation as a goal, hear more about how teams across the globe are migrating to security at scale out of sheer necessity and how you can learn from their mistakes. Come learn simple hat tricks that can make your journey easier.
Sign up to find out more about Enigma at https://enigma.usenix.org
===
Original video: https://www.youtube.com/watch?v=9q0wqyLtaeo
Downloaded by http://huffduff-video.snarfed.org/ on Wed, 06 Jun 2018 20:02:29 GMT Available for 30 days after downloadTagged with science & technology
-
USENIX Enigma 2018 - The Future of Cyber-Autonomy
David Brumley, CEO, ForAllSecure
We need to move to a fully autonomous world for software security. Current software security attack and defense is done by humans, at human time lines. Cyber-autonomy research and development is creating tech that makes fully autonomous cyber possible. Cyber-autonomy promises to scale better and make defense possible within machine-scale time.
In this talk, I will describe the Cyber Grand Challenge and the system Mayhem. Mayhem is a fully autonomous cyber system that can find new vulnerabilities, generate exploits, and self-heal off-the-shelf software. Mayhem is the result of 10 years of academic research and 3 years of commercial development. Mayhem competed and won a $2 million dollar prize in the US Cyber Grand Challenge competition co-hosted at DEFCON 2016. I will describe how Mayhem works, the Cyber Grand Challenge competition, and how Mayhem fared against the world’s best hacking teams. I will also describe how I think Mayhem, and other autonomous systems like it, will change the security landscape in the next decade.
Sign up to find out more about Enigma at https://enigma.usenix.org
===
Original video: https://www.youtube.com/watch?v=1JqsNyyMfNw
Downloaded by http://huffduff-video.snarfed.org/ on Wed, 06 Jun 2018 20:01:26 GMT Available for 30 days after downloadTagged with science & technology
-
USENIX Enigma 2018 - Anatomy of Account Takeover
Grzegorz Milka, Software Engineer, Google
With billions of usernames and passwords readily accessible via the black market, account takeover poses a significant threat to services that rely solely on passwords for authentication. In this talk, we provide a deep dive into the ecosystem supporting account takeovers, the danger it poses to users, and the importance of automatic, defense-in-depth risk detection systems as a fundamental defense in identity solutions. We start by exploring the relative likelihood that users fall victim to data breaches, phishing, or malware using a dataset of over 3.3 billion stolen credentials; and how hijackers subsequently use these credentials for spam, financial theft, and stepping-stone attacks. We then turn to examine how identity providers can use risk analysis, in conjunction with ‘login challenges’, to bridge the security gap between two-factor authentication and password-only users with minimal additional friction. We show the practical weaknesses of certain login challenges (SMS and email) and evidence of attackers now collecting risk profile data and challenge responses to weaken user security. Finally, we discuss ongoing challenges such as how public opinion (as measured by our user studies) may be at odds with actions identity providers should take to …
===
Original video: https://www.youtube.com/watch?v=W2a4fRalshI
Downloaded by http://huffduff-video.snarfed.org/ on Wed, 06 Jun 2018 20:00:41 GMT Available for 30 days after downloadTagged with science & technology
-
USENIX Enigma 2018 - Gig Work and the Digital Security Divide
Kendra Albert, Clinical Fellow, Harvard Law School
This is a joint work with Elizabeth Anne Watkins.
Computer security often takes place in an institutional context: large organizations in fields like finance, healthcare, law, and journalism set best practices and provide critical training for non-experts. Many tools used to protect users assume that security is administered by benevolent overlords who can set appropriate permissions, answer questions, and in general save workers from themselves. However, as the future of work shifts towards contingent labor models and precarious employment, institutions may no longer play such a primary role. What then?
In a gig-based economy, independent workers are cut off from organizational sources of security training. Security costs are externalized to the individual worker, who is no longer conceptualized as part of the organization. This in itself may have an outsized impact on marginalized communities due to their overrepresentation in gig work, denoting a coming class-based disparity of security awareness.
But even more impactful, gig workers have been relegated to outsider status, often categorized as another source of risk. What were once trust-based relationships may become new sources of vulnerability to be managed. The logical outcome of ide…
===
Original video: https://www.youtube.com/watch?v=RMDT69ZdEfQ
Downloaded by http://huffduff-video.snarfed.org/ on Wed, 06 Jun 2018 19:59:59 GMT Available for 30 days after downloadTagged with science & technology
Page 1 of 34Older