Uncategorised

Stages of Vulnerability Disclosure

This article attempts to give an overview of how IT vulnerabilities are categorized during their life-cycle.  Understanding the terms related to the various stages of IT security vulnerabilities can allow a better understanding of what a proper security policy framework should include.  First lets cover the stages: Unknown – vulnerabilities that exist but nobody knows about them.  The vulnerability is not designed in put into the software or hardware by a malicious actor.  These vulnerabilities are caused by poor implementation.  Software coding standards and software development guidelines attempt to prevent these types of vulnerabilities from happening, but complex constructs in software programming languages are difficult to implement properly can be a large source of vulnerabilities.   Unknown vulnerabilities may be discovered through static code analysis and “fuzzing” (automated testing) by malicious actors, bug hunters, or security threat hunters. Known – once the vulnerability has been discovered, it may fall into…

Read more

Sources of Red Team Education

What is red-teaming? A important term in IT security context, a red team (red cell) is a group of hackers with various skill-sets, who simulate attacks on the network infrastructure.  By contrast the blue team’s job is to defend the network.  Red teams follow a specific set of rules known as the rules of engagement which stipulate what types of attacks are allowed and points in the attack when they should stop and reporting should be done.  The attacks may employ technical, physical, social or process-based attack vectors.  This intends to cover all aspects of a organization’s security controls such as physical,  administrative, and technical.  The red team helps step 4 of the NIST Risk Management Framework to assess the security controls. Taking the steps of the cyber-kill-chain into account (reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions on objectives), the red team may simply seek to gain reconnaissance…

Read more

Building a crypto-currency POS with an API.

Bitcoin Featureed Image

I’ve recently been working on a project to create a crypto-currency wallet and API for POS transactions. I won’t tell you which crypto-currency I’m working on publicly, but if you want to hire me for helping you to create a POS system, blockchain parser, or API. Please let me know. First off, I had to choose between two packages: Node.js driven bitcoin-insight-api, and python scripted bitcoin-abe. Both are available on GitHub. https://github.com/bitcoin-abe/bitcoin-abe https://github.com/bitpay/insight-api Although it seems that node.js is increasing in popularity everyday, and python is looked down on by some for it’s high-level syntax, I eventually decided to use bitcoin-abe for the time being with hopes of eventually modifying the insight app. My reasoning is as follows: insight is dependant on bitcore.js. Right now there is not much documentation out there on modifying bitcore to work with alt-coins. There docmentation even advises that the package is still in development…

Read more

More about the CNT Disruption

The industry I have chosen to investigate, and claim will be a big disruption in the future – although it isn’t poised for market yet – is the carbon nanotube (CNT) processor. Carbon nano technology was highlighted as a disruptive technology in a May 2013 report from McKinsey Quarterly (Manyika, 2013). The reason I believe it will be disruptive is because carbon nano processors have the potential to be much more energy efficient and compact (per processing capacity) than silicon based transistors. The infamous Moore’s Law has accurately predicted the improvements of silicon based semiconductor technology since it was stated by Moore in 1965 (Moore, 1965). While 9nm silicon chips are manufactured today, the the inherent quantum limitations posed by silicon-based semiconductor technology threaten to cause the development pace to drop below Moore’s expected level of improvement by 2020 at the 7nm scale (Merritt, 2013). On the other hand, a…

Read more

Stanford Online: Course on Academic Writing

I’m currently enrolled in a Stanford Online course linked below; Writing in the Sciences.There is still time to enrol although the course has already started. The first module seemed pretty straight-forward, and I am working on the second module now. Apparently over 30,000 students have signed up for the course. It includes 10 weeks of study, unit modules which include videos, and quizzes. The first writing assignment is 300-500 review of a seminal essay from your field. All in all, the course is very easy to navigate, informative, and so far I believe I have learned something that can help me improve my writing. https://class.stanford.edu/courses/Medicine/SciWrite/Fall2013/info  

Read more

Look What Patent the Queen Owns!

Doing some research, I discovered a patent: <a href=http://www.google.com/patents/US5026417>5026417</a>. The assignee for this patent is none other than: Her Majesty the Queen in right of Canada, as represented by the Minister of Agriculture Published: Jun 25, 1991 The country associated is Canada: CAX Here is the abstract: A method and composition for increasing the amounts of phosphorus and/or micronutrients available for uptake by plants from the soil. The invention involves introducing an inoculum of the fungus Penicillium bilaji into (or onto) the soil. This has the effect of increasing the solubility of phosphates and micronutrient sources which may be either native to the soil or added to it, e.g. in the form of insoluble rock phosphate or manufactured phosphate fertilizer. The invention can be used to increase the health, growth rates and yields of plants, especially crop plants grown on nutrient-deficient soils, while eliminating or minimizing the need for expensive…

Read more

US Patent Litigation vs Patent Grants Since 2000

Comparing the total number of patent grants and total number of litigation instances (LI) since 2000 we can see almost a mirror image. However, since patent litigation is leading indicator of economic growth, it can provide more sensitive data about market and economic growth. These findings are significant to notice on this scope because it shows parity between patent litigation and corporate investment in to R&D. Patent applications and renewals are expensive. The comparison further validates patent litigation’s ability to indicate value.

Read more

Alethia University – ICIM 2013

This weekend I’m attending ICIM 2013 in Danshui, Taipei, Taiwan. Upon my arrival the hospitality was evident. The professor Tzong-Heng Chi showed me around, gave me a history lesson, and found me a old 1875 style veranda to park myself and drink lemonade. Too perfect. Alethia university has the feeling that all institutions of education should have. The historical architecture essentially balances your thoughts and rationality is nurtured. I will do my presentation later today. Thanks Chi! Perfect spot to relax before the conference.

Read more

    Click on the image below to see the full report:   Link to Annual Report of Software Patent Litigation for 2012: https://www.ripplesoftware.ca/wp-content/uploads/2013/03/annual-report-data-1.jpg Link to PwC 2012 M&A Outlook: http://www.pwc.com/en_US/us/transaction-services/publications/assets/pwc-technology-mergers-acquisitions-q4-2011-outlook.pdf Link to PwC 2012 Patent Litigation Report: http://www.pwc.com/en_US/us/forensic-services/publications/assets/2012-patent-litigation-study.pdf Link to PwC 2012 China M&A Outlook: http://www.pwcblogs.be/transactions/wp-content/uploads/2012/09/2012-China-MA-Review-and-Outlook.pdf

Read more

Technology cycle time is a measure of the pace of technological turnover by measuring the average age of patent citations. The following table shows the UPC subclasses with the fastest moving TCT for 2010. Only subclasses that have received at least 100 patent grants during 2010 are included. Results show communications IT, big data, vehicles navigation, computer conferencing constitute most of the classes.

Read more