The attribution of cyber attacks is an important problem. Attribution gives critical infrastructure asset owners and operators legal recourse in the event of attacks and deters potential attacks. This paper discusses attribution techniques along with the associated legal and technical challenges. It presents a proposal for a voluntary network of… (More)
As part of this special issue on control systems for the energy sector, guest editors Sean Peisert and Jonathan Margulies put together a roundtable discussion so readers can learn about the security challenges facing the industrial control system/SCADA world from those who are on the front lines. The discussion touches on some of the hard problems of… (More)
T here are at least two types of security vulnerabili-ties: flawed or insufficient software behavior specifications that allow compromise—for example, authentication that is lacking or that can be spoofed—and incorrect implementation of specifications— buffer overflows being a classic example and Heartbleed being a notable recent one. The sad truth is that… (More)
The MyQ Internet Gateway, its new system for monitoring and controlling the opener via the Internet. The emergence of the Internet of Things (IoT) has turned trusted, long-standing companies into unwitting network attack vectors. But the MyQ is different from- and more impactful than-other IoT devices: it controls access to the house. Thus… (More)
Introduction & Correlation analysis of low-frequency fluctuations is well established in fMRI as a method for determining functional connectivity, which in data collected independent of task, have been termed: resting-state networks  & Similar methods have been applied to optical imaging data . & Here we report the correlation analysis of… (More)
When is it better to use a self-signed rather than a public certificate authority to sign your certificates? If you aren't sure, you're not alone. The reasons many companies make the wrong choice and the factors to be considered when choosing a certificate solution are discussed.
E arly last year, my garage door opener's motor died. While researching potential replacement units, I focused on Chamberlain's products because they had a reputation for high quality. Once I settled on a model, I noticed another option: for a little more money, Chamberlain would include the MyQ Internet Gateway, its new system for monitoring and… (More)
In the first article of a series on building software as a service (SaaS) applications with security in mind, the author discusses best practices for user authentication, including cloud-based authentication services, key derivation functions, and two-factor authentication options.
Modern enterprises centrally monitor their systems by collecting logs using audit reduction tools that can search, sort, and alert. The author describes how developers can support such monitoring by writing logging mechanisms that account for the strengths and weaknesses of audit reduction tools.