Showing only posts tagged security engineering. Show all posts.

In Memoriam: Ross Anderson, 1956–2024

Source

Last week, I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version. EDITED TO ADD (4/11): Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story. [...]

Ross Anderson

Source

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on …

New Report on IoT Security

Source

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and …

Manipulating Machine-Learning Systems through the Order of the Training Data

Source

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order …

Hiding Vulnerabilities in Source Code

Source

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code …