I have been meaning to review the books I have read my spare time, but I never seem to work up the will to sit down and do it. This post is going to serve as a running, ranked list of “TLDR” summaries instead.
Continue reading
Artificial Intelligence
I have been thinking a lot about artificial intelligence lately. The subject has interested me for some years now, but I have not yet committed to any substantial research. I have read a few chapters in a book I bought a couple years ago (978-0136042594), watched about a dozen MIT lectures on YouTube, and read some odd number of online articles, but introductory knowledge is all I really have. That said, in all my unknowing, I still know that artificial intelligence will eventually beat us at everything.
Continue reading
Arch Firewall
In an attempt to step my Linux game up, I’ve been setting up an Arch server. It’s been a great learning experience. The wiki (https://wiki.archlinux.org) has been an invaluable resource. Arch is beautifully simple, and that simplicity allows the 15 year old hardware it is installed on (single-core Pentium 4 with 1GB RAM) to run just as fast as my 3 year old laptop (quad-core AMD with 4GB RAM). I love it.
Continue reading
Information Security Management Blog Retrospective
This marks the last security related blog post written for a course grade. The purpose is to summarize my prior posts and analyze the topics I chose, the sources I used, and my thoughts on the usefulness of security blogging. It will wrap up with a small section regarding the lessons I have learned since I wrote my first security post.Continue reading
Cyber Security and Geopolitics
This post is going to address the relevance of cyber security in the realm of geopolitics and internationally organized crime. Topics discussed will include espionage and theft. The point of this paper is to inform the reader of the extent in which cyber attacks are used. It is not just “script kiddies” with hack tools – it is governments and organized criminal units, as well. The writing will begin with an overview, demonstrate an example of cyber crime, delve into the dynamics of it, move on to examine recent charges of espionage, and finish with a summary of the key points.Continue reading
N-Factor Authentication
This post is going to talk about N-Factor Authentication. It is commonly represented in the form of Two-Factor Authentication, but more factors can be required, resulting in more security. The main purpose is to stress the importance of out-of-band transmission when using N-Factor Authentication. It does not matter how many factors are used to authenticate the identity of a person if every factor is transmitted over the same channel; if a hacker can compromise the channel, the number of factors matters not.Continue reading
Legality and Morality of Reverse Engineering
This post is going to discuss the legality and morality of reverse engineering. It will introduce a definition to start, list some common use-cases, and weave in and out of the morality of it all. A discussion and comparison of the similarities and differences between patents and copyrights will be given, followed by a brief overview of digital rights management (DRM) and the Digital Copyright Millennia Act (DCMA) to finish things up.Continue reading
Assets, Vulnerabilities, Threats, Exploits, Risk, and Management
The post two weeks ago on contingency planning mentioned risks and threats, but did not go into detail regarding the differences. To elaborate on the subject of risks and threats, other terms need to be introduced and defined, as well. This post will describe and delineate between assets, vulnerabilities, threats, exploits, and risk. By understanding the terms collectively, the risk management process will seem more natural and be easier to understand. Finally, a brief discussion will summarize the relationships and describe the fundamental process of risk management.Continue reading
PII and UIDs
This should go without saying, but personally identifiable information (PII) should not, under any circumstances, be used as unique identifiers (UIDs). There are gross misuses of PII in every industry from retail, to banking, to education, and more. This post is going to outline several reasons why PII data should never, to any extent, be used as a UID.Continue reading
Contingency Planning Explained: Risk, Incident Response, Disaster Recovery, and Business Continuity Plans
Risk planning, incident response planning, disaster recovery planning, and business continuity planning will be discussed here. An extra emphasis will be placed on the distinctions among the plans. A brief overview will be given followed by an outline used to facilitate the visualization of all the separate pieces and keep the focus on dissimilarity.Continue reading