Friday, February 22, 2019

ZDNet: How one hacked laptop led to an entire network being compromised

ZDNet: How one hacked laptop led to an entire network being compromised.
https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/

The Verge: Why the Ethereum Classic hack is a bad omen for the blockchain

The Verge: Why the Ethereum Classic hack is a bad omen for the blockchain.
https://www.theverge.com/2019/1/9/18174407/ethereum-classic-hack-51-percent-attack-double-spend-crypto

Forbes: After Ethereum Classic Suffers 51% Hack, Experts Consider - Will Bitcoin Be Next?

Forbes: After Ethereum Classic Suffers 51% Hack, Experts Consider - Will Bitcoin Be Next?.
https://www.forbes.com/sites/ginaclarke/2019/01/09/after-ethereum-classic-suffers-51-hack-experts-consider-will-bitcoin-be-next/

PCMag: Evil USB Cable Can Remotely Accept Commands From Hacker

PCMag: Evil USB Cable Can Remotely Accept Commands From Hacker.
https://www.pcmag.com/news/366478/evil-usb-cable-can-remotely-accept-commands-from-hacker

WIRED: The Xiaomi M365 Scooter Can Be Hacked to Speed Up or Stop

WIRED: The Xiaomi M365 Scooter Can Be Hacked to Speed Up or Stop.
https://www.wired.com/story/xiaomi-scooter-hack

MIT Technology Review: Once hailed as unhackable, blockchains are now getting hacked

MIT Technology Review: Once hailed as unhackable, blockchains are now getting hacked.
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/

Thursday, February 7, 2019

My Publications

Fault Resistance and Recovery within System 250. ICCC USA 10.1972 Fault Tolerant Multiprocessor Design for Real Time Control. Computer Design 12.1973 Multiprocessor Controlled Switching Systems. CNET/CNRS France 7.1975 A System for the Implementation of Privacy and Security. ICCC 9.1976 Capability Based Systems. Symposium on Operating Systems 11.1977 Lead paper on System 12 Integration and Field Experience. ISS Italy 5.1984 Field Experience of Computer Controlled Switching Systems. FTCS16 Austria 7.1986 A Perspective on Object Oriented Programming. ACM Washington D.C. 4.1988 Chairman WCF on "Broadband Evolution and Campus Drivers" Phoenix, AZ 2.1993 "The Carrier Network Perspective" 7th Broadband Networks, Washington D.C. 11.1993 "SALT and Web-IVR" DeVry University, Florida.NET May 2004 Architecture review of Composite UI Application Block (CAB) for rapid development of Smart Clients - South Florida Code Camp Feb 2007 Architecture Choices for Security - Functionality with Security - Florida .Net Aug 2007

Tuesday, February 5, 2019

Millions of Google, Roku, and Sonos Devices Are Vulnerable to a Web Attack

https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/

Software Security from Transparent Capabilities

Software security policies, monitor subjects accessing objects, applying access rules. Sadly the rules only apply to a small subset of interactions because the mechanism is identity limited. Calls made by programs within an application like a browser, and the individual machine instructions within programs, go unchecked. Compilers, code reviews and run-time analysis attempt to fill the void with best programming practices. It helps, but security is also threatened by anonymous scripts and downloads that introduce evil lines of code, that spy, steal or cause harm. Moreover, the time of checking and the context of execution differ, while errors from imported scripts are ignored. The internet is hostile and software is vulnerable, so using the web is unavoidably dangerous.
Best practices, operating system calls, and security monitors are unavailable, ignored or bypassed. Logic demands an assured policy check everything. This includes the program calls within a browser or when dealing with email. To realize, comprehensive software security requires digital integrity assured of trusted computers executing trusted instructions. Nothing else covers the full spectrum of threats. The PP250 computer used capability-based addressing to achieve a trusted, comprehensive solution. A stored algebra of capability keys regulates the actions of programs. Every instruction is validated and thus all programs to programs calls are checked. This encapsulation mechanism allows best practices, compilers, languages and code analysis to work. Software survives, succeeds and thrives, even in a browser. Given the concerns over cyber crime, this paper reviews a generic, transparent capability based security system to rekindle interest in this most effective, software security mechanism. View here