Tag: cybersecurity

Hash Function Definition: Mapping a long string to a shorter string. Key Properties: Collision-resistance: Difficulty in finding two inputs that map to the same output. Pre-image resistance: Difficulty in finding any pre-image for a given output. Uses: Protecting the integrity of systems and passwords. Used for the actual storage of passwords   Private Key Encryption […]

  SQL Injection =  no sanitizing Cross-site scripting = inject javascript via uri https://example.com/test.php?color=green&background=</style><script>alert(String.fromCharCode(88,83,83))</script> Path Traversal = Allowing for path or directory traversal on your server is an amazingly bad idea. You would be allowing people to list the folders on your server and to navigate from folder to folder. This allows attackers to go […]

  Computer System Components   Hardware Provides basic computer resources (CPU, memory, I/O devics) Maybe addons Possible firmware Operating System Controls hardware and various apps Application Programs Users What is an Operating System Program that acts as an intermediary between user and computer hardware Efficiency – better utilization of resources Convenience – ease of use […]

Basic, Fundamental Problem   Client → Server How do you prove that you are who you claim to be? Users and servers prove themselves in different ways Different attack models Different assumptions about what they can feasibly do   Authentication Determination of identity, usually based on a combination of Something the person has (smart card, […]

Malware Malicious code that is stored on and runs on a victim’s system   How does it get to run? Attacks a user – or network-facing vulnerable service (often using techniques we’ve just learned!) Backdoor: Added by a malicious developer Social engineering: Trick the user into running/clicking/installing Trojan horse: Offer a good service, add in the […]

Covert Channels Covert means of transferring data Channel that transfers information in a way that violates a security policy An insider process leaks information to an outsider process not normally allowed to access that information Often divided into two (three) main categories: Storage Communication done in some memory space Timing Delay or some action in […]

Access Control Provides the essential services of authorization, identification and authentication, access approval, and accountability authorization specifies what a subject can do identification and authentication ensure that only legitimate subjects can log on to a system access approval grants access during operations, by association of users with the resources that they are allowed to access, […]

Privacy Fundamental human right In most constitutions First law in 1361 against peeping toms and eavesdroppers In 1948’s Universal Declaration of Human Rights Most notable in the way it is constrained and infringed rather than how it is enforced   What is Privacy? The ability to keep information about oneself confidential Information about me as […]

Before talking about Ethics and Law, we should look at the human cognition and understand some of our errors and biases. Our ethics and law try to address some of these errors. Human Biases The human factor in security incidents Analysis of security incidents reveals, more often than not, human factor as a major cause […]

Below are some notes when looking at cyber risk, security, economics and insurance. First a definition. What is Security? Security A system is secure if it is protected against all forms of threat This is hard to predict And cannot afford to protect against all of them Security = economic issue, not just engineering Solutions […]

Notes from a recent whitepaper outlining cyber security strategies in 2022. Modern application development requires responsibilities across all of IT. Gartner estimates that by 2025 at least 75% of IT organizations will have faced at least one ransomware attack. Terminology / Concepts Shift Left Moving security review processes and tooling to earlier parts of the […]