Subscribe to Security

The Lead

The researchers tested CodePhage on seven common open-source programs in which DIODE had found bugs, importing repairs from between two and four donors for each. In all instances, CodePhage was able to patch up the vulnerable code, and it generally took b

Automatic Bug Repair without Source Code Access

June 29, 2015 2:13 pm | by Larry Hardesty, MIT | News | Comments

At the ACM Programming Language Design and Implementation conference, MIT researchers presented a new system that repairs dangerous software bugs by automatically importing functionality from other, more secure applications. Remarkably, the system, dubbed CodePhage, doesn’t require access to the source code of the applications whose functionality it’s borrowing. Instead, it analyzes the applications’ execution...

NIST Revises Computer Security Publication on Random Number Generation

June 26, 2015 3:14 pm | by NIST | News | Comments

In response to public concerns about cryptographic security, the National Institute of Standards...

NIST 2015 - 6th Annual Conference & Expo

June 23, 2015 11:30 am | by NIST | Events

The 6th Annual Conference...

Fed Personnel Agency Admits History of Security Problems

June 16, 2015 11:52 am | by Ken Dilanian, AP Intelligence Writer | News | Comments

An OPM official says the agency entrusted with millions of personnel records has a history of...

View Sample

FREE Email Newsletter

The Homeland Security Department headquarters in northwest Washington. China-based hackers are suspected once again of breaking into U.S. government computer networks, and the entire federal workforce could be at risk this time. The Department of Homeland

Officials: Second Hack Exposed Military and Intel Data

June 12, 2015 5:11 pm | by Ken Dilanian and Ted Bridis, Associated Press | News | Comments

Hackers linked to China appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, several U.S. officials said June 12, 2015, describing a second cyberbreach of federal records that could dramatically compound the potential damage.  

Brain biometrics are appealing, because they are cancellable and cannot be stolen by malicious means the way a finger or retina can. ©agsandrew

Brainwave Security could replace Passwords

June 10, 2015 12:23 pm | by Binghamton University | News | Comments

You might not need to remember those complicated e-mail and bank account passwords for much longer. The way your brain responds to certain words could be used to replace passwords. Researchers observed the brain signals of 45 volunteers as they read a list of 75 acronyms, such as FBI and DVD, and found that participants’ brains reacted differently to each acronym, enough that a computer system was able to identify each volunteer.

Geoffrey Noer is Senior Director of Product Marketing at Panasas.

RAID: Alive or Dead?

June 8, 2015 8:12 am | by Geoffrey Noer, Panasas | Blogs | Comments

Is RAID dead or alive? Are erasure codes replacing RAID for data protection? We present these questions, because some storage vendors promote RAID, while others promote erasure codes. Looking at how vendors are marketing data protection in their products, it almost appears that there is a battle between RAID and erasure code technology and that everyone will agree on a winner at some point.

More than 100,000 taxpayers have had their personal tax information stolen from an IRS Web site as part of an elaborate scheme to claim fraudulent tax refunds.  The information was stolen from an online system called "Get Transcript," where taxpayers can

Extremely Sophisticated Criminals access Tremendous Amount of IRS Data

May 27, 2015 9:41 am | by Stephen Ohlemacher, Associated Press | News | Comments

More than 100,000 taxpayers have had their personal tax information stolen from an IRS Web site as part of an elaborate scheme to claim fraudulent tax refunds. The information was stolen from a system called "Get Transcript," where taxpayers can get tax returns and other tax filings from previous years. In order to access the information, the thieves cleared a security screen...

Pat McGarry is Vice President of Engineering with Ryft Systems

Deriving Real Time Value from Big Data

May 22, 2015 9:51 am | by Pat McGarry, Ryft Systems | Blogs | Comments

Everyone has heard the old adage that time is money. In today’s society, business moves at the speed of making a phone call, looking something up online via your cell phone, or posting a tweet. So, when time is money (and can be a lot of money), why are businesses okay with waiting weeks or even months to get valuable information from their data?

Hack Crash was identified as a computer-based event, initiated by sophisticated algorithms designed to identify and evaluate Internet content that could influence markets. Those algorithms launched what amounted, in human terms, to a panicked trading spre

With One False Tweet, Computer-based Hack Crash Led to Real Panic

May 21, 2015 9:30 am | by Bert Gambini, University at Buffalo | News | Comments

A false tweet from a hacked account owned by the Associated Press in 2013 sent financial markets into a tailspin. The Dow Jones Industrial Average dropped 143.5 points and the Standard & Poor’s 500 Index lost more than $136 billion of its value in the seconds that immediately followed the post. Once the nature of the tweet was discovered, markets corrected themselves, but the Hack Crash event demonstrates the need...

drafted some smart algorithms to prevent information leaks. The techniques have initially been developed for hardware, but can also be used in software. They are based on multi-party computation.

Smart Algorithms Secure Chip Cards against Hackers

May 21, 2015 8:47 am | by University of Twente | News | Comments

Scientists have succeeded in securing chip cards against leaking confidential information. Through the use of smart algorithms, it is now possible to better secure bank cards, public transport chip cards and electronic keys of buildings and cars against hackers. Begül Bilgin developed clever ways to make chip cards more secure against the leaking of confidential information, drafting smart algorithms based on multi-party computation.

Researchers show how to build a digital blind signature scheme under the assumption that they have an offline repository and are using quantum information.

Blind Signatures Using Offline Repositories Provide New Level of Security

May 15, 2015 3:35 pm | by World Scientific | News | Comments

In the new era of quantum computers, many daily life applications, such as home banking, are doomed to failure, and new forms of ensuring the confidentiality of our data are being study to overcome this threat. Researchers have taken a step in this direction and propose a quantum blind signature scheme, which ensures that signatures cannot be copied and that the sender must compromise to a single message.

In future telerobotic procedures, the last communication link may be a wireless uplink (dotted lines) to a drone or satellite that is more easily hacked than pre-established network connections (solid lines.) Courtesy of University of Washington

Researchers hack Teleoperated Surgical Robot to Reveal Security Flaws

May 8, 2015 10:48 am | by Jennifer Langston, University of Washington | News | Comments

To make cars as safe as possible, we crash them into walls to pinpoint weaknesses and better protect people who use them. That’s the idea behind a series of experiments conducted by an engineering team who hacked a next-gen teleoperated surgical robot — one used only for research purposes — to test how easily a malicious attack could hijack remotely-controlled operations in the future and to make those systems more secure.

An FPGA board along with a custom sensor box built by the GTRI team for research purposes. Courtesy of Georgia Tech/Rob Felt

Advancing Security and Trust in Reconfigurable Devices

May 4, 2015 2:24 pm | by Rick Robinson, Georgia Institute of Technology | News | Comments

A research team at the Georgia Tech Research Institute is studying a range of security challenges involving programmable logic devices — in particular, field programmable gate arrays. FPGAs combine hardware performance and software flexibility so well that they're increasingly used in aerospace, defense, consumer devices, HPC, vehicles, medical devices and other applications. But they come with potential vulnerabilities.

MIT spinout Verayo has created technology that tracks random variations in silicon chips to assign them unique "fingerprints." Integrated into radio frequency identification tags (shown here), the chips can be scanned by a mobile device or reader to deter

Fingerprinting Silicon Chips to Fight Counterfeiting

May 1, 2015 9:31 am | by Rob Matheson, MIT | News | Comments

It’s often said that no two human fingerprints are exactly alike. For that reason, police often use them as evidence to link suspects to crime scenes. The same goes for silicon chips: Manufacturing processes cause microscopic variations in chips that are unpredictable, permanent and effectively impossible to clone.

The option of doing predictive analytics via the cloud gives security teams the flexibility to bring in skills, innovation and information on demand across all of their security environments.

Bringing Cyber Threat Predictive Analytics to The Cloud

April 27, 2015 9:51 am | by IBM | News | Comments

IBM is bringing its Security Intelligence technology, IBM QRadar, to the cloud, giving companies the ability to quickly prioritize real threats and free up critical resources to fight cyberattacks. The new services are available through a cloud-based software as a service (SaaS) model, with optional IBM Security Managed Services to provide deeper expertise and flexibility for security professionals.

Defense Secretary Ash Carter said one way the Defense Department is responding is to be more transparent about cybersecurity, and that includes a new cybersecurity strategy that is far more open about the Pentagon's cyber missions. Courtesy of Greg West

New Pentagon Strategy Warns of Cyberwar Capabilities

April 24, 2015 9:45 am | by Lolita C. Baldor, Associated Press | News | Comments

A new Pentagon cybersecurity strategy lays out for the first time publicly that the U.S. military plans to use cyberwarfare as an option in conflicts with enemies. The 33-page strategy says the Defense Department "should be able to use cyber operations to disrupt an adversary's command and control networks, military-related critical infrastructure and weapons capabilities."


Cloud Security Reaches Silicon: Defending against Memory-access Attacks

April 23, 2015 1:53 pm | by Larry Hardesty, MIT | News | Comments

In the last 10 years, computer security researchers have shown that malicious hackers don’t need to see your data in order to steal your data. From the pattern in which your computer accesses its memory banks, adversaries can infer a shocking amount about what’s stored there.

The winners of the CyberCenturion National Finals Competition, King Edward VI Grammar School, Chelmsford, with their coach pictured in front of Collossus at The National Museum of Computing, Bletchley Park. Their awards were presented April 17 by Andrew T

UK CyberCenturion Competition Launches in Search for Young Cyber Security Talent

April 22, 2015 2:43 pm | by Northrop Grumman | News | Comments

Northrop Grumman has renewed its commitment to run the CyberCenturion competition for a second year, continuing its efforts to seek out the UK's best young cyber talent. CyberCenturion is the UK's first team-based cyber security contest specifically designed to attract 12- to 18-year-olds. The competition aims to engage young people with an interest in cyber as a way to address the STEM skills gap and encourage careers in cyber security.

Suresh Venkatasubramanian, left, and Matt Might, both associate professors of computer science at the University of Utah, have received a $3 million government grant to produce software that can sniff out the next generation of computer vulnerabilities. T

Algorithmic Attacks: Fighting Next-gen Cyber Threats

April 17, 2015 3:45 pm | by University of Utah | News | Comments

The next generation of cyberattacks will be more sophisticated, more difficult to detect and more capable of wreaking untold damage on the nation’s computer systems. So, the DoD has given a $3 million grant to a team of computer scientists to develop software that can hunt down a new kind of vulnerability nearly impossible to find with today’s technology. The team is tasked with creating an analyzer that can thwart algorithmic attacks.

Ransomware infiltrates a computer after a user clicks on a link or attachment in an e-mail. It can also attack when a user visits a Web site, including well-known ones with good security systems.

A Q&A about the Malicious Software Known as Ransomware

April 9, 2015 4:23 pm | by Joyce M. Rosenberg, AP Business Writer | News | Comments

Ransomware is a growing threat to computer users, who can suddenly find they're unable to open or use their files when their machines are infected. The malicious software can attack any user — an individual, small business, Fortune 500 company or a government agency.

President Barack Obama speaks in the Oval Office of the White House in Washington. President Barack Obama on Wednesday authorized a new U.S. government approach to deterring cyberattacks: financial sanctions against malicious overseas hackers and companie

Obama Signs Order Creating New Cyber Sanctions Program

April 9, 2015 9:59 am | by Ken Dilanian, AP Intelligence Writer | News | Comments

President Barack Obama authorized a new U.S. government approach to deterring cyberattacks on April 8, 2015: financial sanctions against malicious overseas hackers and companies that knowingly benefit from the fruits of cyberespionage. The latter category could include state-owned corporations in Russia, China and elsewhere, setting the stage for major diplomatic friction if the sanctions are employed in that way.

A high resolution image of the data transition region on a CD-ROM taken with an Olympus OLS 4000 LEXT 3-D digital laser confocal microscope. The sharp points are data on a compact disk. Courtesy of Greg Gogolin, Ph.D., Information Security & Intelligence,

Restoring Lost Data: 3-D Digital Laser Microscopy Creates Visual Roadmap

April 6, 2015 4:12 pm | by Marlene Cimons, National Science Foundation | News | Comments

It can be disheartening to learn that something precious, such as a one-of-a-kind family photo, has disappeared from a scratched or broken CD or DVD. It also can become serious, dangerous and potentially costly if it happens to a disc containing criminal forensic evidence, corporate records or scientific data. But there may be a way in the future to bring the material back.

Genomics processing is now moving mainstream to clinical applications, as new approaches to diagnosing and treatment involving genomics are gaining interest.

Efficient, Time Sensitive Execution of Next-gen Sequencing Pipelines Critical for Translational Medicine

April 6, 2015 3:26 pm | by Suzanne Tracy, Editor-in-Chief, Scientific Computing and HPC Source | Blogs | Comments

Demand for genomics processing is rapidly spreading from research labs to the clinical arena. Genomics is now a "must have" tool for researchers in areas of oncology and rare diseases. It is also becoming a requirement in the clinical space for precision medicine, translational medicine and similar "bench to bedside" initiatives.

MOVIA Big Data Analytics Platform

MOVIA Big Data Analytics Platform

March 30, 2015 1:38 pm | by Modus Operandi, Inc. | Modus Operandi, Inc. | Product Releases | Comments

MOVIA Big Data Analytics Platform is designed to help organizations watch for important patterns in their data and generate instant alerts to users or other systems. The software enables improved prediction of trends through advanced data modeling that captures situational context, so decisions are not ‘made in a vacuum.’

Hamlin, left, and Webb with a book about breaking the Nazi Enigma code, which was also the subject of the recent film, The Imitation Game. Courtesy of Rebecca Phillips, WSU

Mathematicians adapt Knapsack Code to take on Quantum-level Cyber Attacks

March 27, 2015 11:24 am | by Rebecca Phillips, Washington State University | News | Comments

Mathematicians have designed an encryption code capable of fending off the phenomenal hacking power of a quantum computer. Using high-level number theory and cryptography, the researchers reworked an infamous old cipher called the knapsack code to create an online security system better prepared for future demands.

Integer overflows occur when a computer tries to store too large a number in the memory space reserved for it. The leading digits are discarded — much as they are when a car odometer turns over. Courtesy of Jose-Luis Olivares/MIT

Better Debugger: Algorithm Automatically Finds Integer-overflow Bugs

March 26, 2015 9:52 am | by Larry Hardesty, MIT | News | Comments

Integer overflows are one of the most common bugs in computer programs — not only causing programs to crash but, even worse, potentially offering points of attack for malicious hackers. A new algorithm for identifying integer-overflow bugs was tested on five common open-source programs, in which previous analyses had found three bugs. The new algorithm found all three known bugs — and 11 new ones.

The aim of Public Encryption is to bring end-to-end encryption to the masses. © Fraunhofer SIT

Cryptography for Everyone: Bringing End-to-end Encryption to the Masses

March 17, 2015 2:42 pm | by Fraunhofer-Gesellschaft | News | Comments

In the wake of the revelations that intelligence agencies have been engaged in mass surveillance activities, both industry and society at large are looking for practicable encryption solutions that protect businesses and individuals. Previous technologies have failed in practice because they were too expensive or not user friendly enough. An open initiative called “Volksverschlüsselung” aims to bring end-to-end encryption to the masses.

People celebrate Pi Day around the world with pie-eating, pie-throwing and even pi-recitation contests, where participants recite digits of this irrational number from memory. Courtesy of Medea Material

Once-in-a-Century: Celebrating 10 Digits of Pi on 3.14.15 at 9:26:53

March 12, 2015 9:42 am | by Suzanne Tracy, Editor-in-Chief, Scientific Computing and HPC Source | Blogs | Comments

An e-pi-c day is coming! On 3.14.15 at 9:26:53; the date/time will correspond to the first 10 digits of the mathematical constant pi (3.141592653). This happens only once per century — a truly once-in-a-lifetime event for most people.

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.