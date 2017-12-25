Security: Insecurity, DARPA, Oversight, Uber’s Bug Bounty

Lack of IT staff leaving companies exposed to hacker attacks [iophk: "very few companies even have an IT staff, usually just Microsoft resellers"] According to a recent survey of recruitment agencies, 81% expect a rise in demand for digital security staff, but only 16% saw that the demand would be met.

DARPA Triggers Development of The ‘Unhackable’ Computer Morpheus With $3.6 Million DARPA (Defense Advanced Research Project Agency), who gave us the early version of the internet is now trying to fix a major problem – computers vulnerable to cyber attacks.

Securing the internet of things will be no easy task As I testified before House Oversight’s IT subcommittee in early October, many recent, major breaches could have been eliminated or dramatically reduced if some fundamental principles of cyber hygiene had been followed, including constant patching, least privileged, encryption, micro-segmentation and multi-factor authentication.

How I Got Paid $0 From the Uber Security Bug Bounty So now it’s a completely verified critical security vulnerability, with working POC that will harvest usernames and passwords from an Uber mobile endpoint, and SSL-protected with Uber’s signed certificate. The Uber development team gets involved, and additionally verifies that yes, they can execute arbitrary JavaScript code from any *.cloudfront.net host, so these are three distinct critical severity security issues: reflected XSS, HTML content injection, and a CSP that allows execution of arbitrary JavaScript from any *.cloudfront.net host. [...] Followed by locking and then closing without payment all of my submitted security reports, so that they can’t be viewed or publicly disclosed.

Mozilla: Firefox Extensions for New Year’s Resolutions and Rust Programming

Firefox Extensions for New Year’s Resolutions It’s that time of year again where we endeavor to improve ourselves, to wash away poor habits of the past and improve our lot in life. Yet most of us fall short of our yearly resolution goals. Why? Maybe we just haven’t found the right Firefox extensions to assist our annual renewals…

This Week in Rust 214 Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

Zeeshan Ali: My journey to Rust As most folks who know me already know, I've been in love with Rust language for a few years now and in the last year I've been actively coding in Rust. I wanted to document my journey to how I came to love this programming language, in hope that it will help people to see the value Rust brings to the world of software but if not, it would be nice to have my reason documented for my own sake.

Customizing a Linux System for an Autonomous Arctic Monitoring Station

Developing an embedded system for remote field duty is hard enough, but what if you had to contend with -40ºC temperatures, high winds, ice-encased cables, and attacks from Arctic wildlife? These are just some of the harsh realities faced by the developers of a Linux-driven sensor buoy deployed on the sea ice off the north coast of Alaska. At the recent Embedded Linux Conference Europe (ELCE), Satish Chetty talked about his volunteer work setting up a sea ice monitoring station funded by Ice911. The principal goal is to study changes in ice formation and melting due to global warming. Chetty’s day job is VP of software engineering at Hera Systems, a Silicon Valley startup that develops Earth imaging satellites and edge analytics solutions. The mostly autonomous monitoring buoy has been evolving since 2009. Planted in or near sea ice from November to July every year, the station measures weather, water temperature, water depth (sonar), ice depth and melt, sunlight, and albedo (the reflection of sunlight). Cameras are used for visual analysis. A custom, multi sensor, 1-Wire temperature string is attached to the buoy and embedded into the ice, “with sensors at every depth so you get a profile of water and ice thickness,” said Chetty. “Where we were testing, most of the melt happens from the bottom up because the meltwater flows into the water, heating it up.”