Introduction
This lecture was given by Dr. David Mirza Ahmad one of chief mentors of Subgraph, which is a open-source security start-up based out in Montreal. The talk was based on Kerchoff’s principle which states “the security of any cryptographic system does not rest in its secrecy; it must be able to fall into the enemy’s hand without inconvenience” [1]. The kerchoff’s principle underlines the fact that free software should be having reasonably good security. This fact is well understood by the world of cryptography because cryptography is a black-box where you never know what is happening inside it.
There are lot of security research communities across the globe, many are informal and low-budget though. The security researchers are a curious mix of people attending the same conferences such as teenage hacker’s, students, the intelligence agency people etc.It’s very interesting to note the several things common among security researchers such as:
• They are driven by the natural tendency to challenge the authority of the ciphers.
• They are always passionate about breaking things.
• Possess a good understanding of Kerchoff’s principle
• Share the information across all but do not trust each other. All tools which are not open-source are treated suspiciously.
Bugtraq
This was a community originally created by Scott Chasin and hosted by crimelab.com which changed the world of software industry. It is basically an electronic mailing list fully dedicated to issues about computer security. It had hot topics being discussed in the global forum that says about vulnerabilities, exploitation methods and vendor security-related announcements. [2]
• During its peak time span between the years 2001-2005, it had app...
... middle of paper ...
... from the specification
• It is also written in pure JAVA and can be used as a standalone library or client
• Supports Android and hidden services.
• Its seamless integration into JAVA or JVM applications makes it popular.
Conclusion
It was an eye-opener towards open source security mainly because the speaker himself was the developer and one of the chief programmers of the security tool called Vega. New ciphers are never to be trusted in the cryptography world. Kerchoff’s principle is a very prominent one which opposes the concept of security through obscurity. We are able to understand that open source enhances security, at the same time it’s a question of trade-offs where we have prioritise our choices.
References
[1] Slides of “Kerchoff’s Legacy: Free Software and Security”
[2] http://en.wikipedia.org/wiki/Bugtraq
[3] http://www.subgraph.com/
One of the major historical failures that comprised security is the UNIX operating system (with GNU Emacs installed) at Lawrence Berkeley Laboratories and other military laboratories. UNIX operating systems were widely being used by a vast number of computer professionals and research scientists back in those days. Though the operating system cannot be categorized as completely insecure, I believe that the default settings (which eventually helped the intruders to take advantage of this) are one of the main failures that lead to other events mentioned in the book.
A question all parents, and some elder siblings, ask at some point is, “when should I let Jr. stand on his own?” and while it was only a case of bureaucracy not being equipped to quickly respond to a situation, this lack of response forced a man out of his comfort zone, gave him something to care about, and eventually made for an interesting book. It could even be hypothesized that Cliff’s decision to marry was aided by the paradigm shift he experienced during the course of his hacker chase (Stoll 356). The delay of intervention on the part of the government agencies forced Cliff Stoll to leave the sidelines of his life, take responsibility, and become "pro-active–almost rabid–about computer security” (370).
What may have started as a seemingly boring and meaningless computer check up and accounting problem, turned into an investigation and search for a military spy for the KGB. It seems that the more that the technical revolution grows and gets relied on more, the level of security becomes necessary to grow past it. It seems to be an ongoing battle to protect and monitor information from possible threats and hackers.
In July 2015, many of the world’s high ranking cryptographers published that the loss and destruction induced by adopting a key escrow system 20 years ago would be even more serious, that would be very hard to identify security weaknesses that could be misused by
Standardize procedures and project management. E.g. use the same language or coding and decoding of software.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Politicians can learn a lot from the Information Security Research arena, if they took the time to close the loop with regards to confirmation bias, and understood data, without judgement. One of the biggest problems with information disclosure in the security realm, is the matter of trust. When information is disclosed in the information security world, researchers that I have spoken to, first look at the source of the information, followed by the content of information being disclosed: “Who is making this statement, and what is its purpose.”
Holeton, Richard. Composing Cyberspace Identity, Community, and Knowledge in the Electronic Age. The McGraw Hill Companies, Inc. 1998. Reid and Count Zero. Cult of the Dead Cow. March 2003. 30 September 2003. <http://www.pbs.org/wgbh/pages/frontline/shows/hackers/interviews/reidcount. html>
In the following paper I will be discussing the use of open source software as part of a larger project. Example uses of this include incorporating existing publicly available source code within another piece of software. Because the term open source has such broad implications, I will attempt to explain it within the context of this paper. Open source code comes with many different licenses such as GPL, BSD, and MIT. I will describe the most popular licensing options and how they differ. Many companies believe open source software projects have an immense lack of accountability; this is simply untrue. Lastly, open source software has recently received an abundance of attention in the media because of possible copyright violations. I will discuss some of the probable scenarios regarding copyright violations with open source and how to protect ones self. Throughout this paper, I hope to shed some light on the use of open source and how beneficial it truly can be to a company.
My knowledge has grown over the past six years, outwith the areas of learning offered by school courses, and I see this course as an opportunity to gain new skills and broaden my knowledge further. My main interests are varied, including communications and the internet, system analysis and design, software development, processors and low level machine studies. I have recently developed an interest in data encryption, hence my active participation in the RSA RC64 Secret-Key challenge, the latest international de-encryption contest from the RSA laboratories of America.
References to Beddoes’ hacks (Bisson) evoke resentment among readers; they see that black hat hackers gain more by participating in illicit activities than honest citizens do in a year of work, causing them to feel as if it is unfair to themselves because they are stealing from honest citizens like most readers would be. Also, in emphasizing the damages done by black hat hackers and the mysterious backgrounds they often seem to come from, fuel is added to the fire of an already negative connotation. As the other two articles mention, the common perception of hackers is that they are rebellious teenagers out to destroy the world regardless of the channel used. The background described in this article supports those theories when Beddoes speaks of his past as a teenager who started out with an innocent interest in hacking and then transitions into a rebellious malicious hacker after being rejected by the companies that he was trying to assist. Beddoes’ ethos also supports the goal of the article because he is a credible, well-established hacker in recent years. After almost pulling off a multimillion dollar heist, he is a respected yet accessible authority on the topic. Statistics to quantify the amount of data Beddoes stole in his hacking career provide the base to an argument supported by logos. Referring to those numbers also evokes strong emotions in accordance with the amount of people losing money and being victimized by hackers. Readers are inclined to feel sympathy towards the victims of the hackers, evoking an even greater amount of resentment towards the hackers. The content of Bisson’s article effectively supports a negative reaction to
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
My strong curiosity towards the field of Cybersecurity dates back to my pre-university days when I started reading sci-fi novels. Digital Fortress, a techno-thriller novel written by Dan Brown, explored the theme of government surveillance, security and civil liberties. This theme is brought out in the book by portraying cryptographic techniques, security policies and implications of these policies. This gravitated me towards the field of security. With little programming experience, I was eager to begin my nascent adventure in the field of Cybersecurity. Although I’ve gained exposure in the field of security during the course of my Bachelor’s degree, I believe pursuing a master’s degree in Cybersecurity will allow me to explore the field of security in greater depth and utilize it effectively to address more real-world challenges.
The main goal was to help different state agencies become more self-sufficient in safeguarding their data from being stolen by hackers. Tong also set up The California Cybersecurity Integration Center which monitors networks and protect from
For thousands of years cryptography and encryption have been used to secure communication. Military communication has been the leader of the use of cryptography and the advancements. From the start of the internet there has been a greater need for the use of cryptography. The computer had been invented in the late 1960s but there was not a widespread market for the use of computers really until the late 1980s, where the World Wide Web was invented in 1989. This new method of communication has called for a large need for information security. The internet allows people to communicate sensitive information, and if received into the wrong hands can cause many problems for that person.