CyberSecurity

This was a piece written as part of my work at Synopsys SIG and was published in a few places, but I liked it and wanted to keep it… At least until the lawyers chase me down. Since the release of ChatGPT, the technology industry has been scrambling to establish and operationalise the practical implications of these human-level conversational interfaces. Now, almost every major organisation is connecting their internal or product documentation to a large language model (LLM) to enable rapid question-answering, and some are starting to wade into the use of generative AI systems to aid in the design and creation of new technical solutions, be it in marketing content, web application code or chip design. But the hype has had its sharp edges as well; the word ‘hallucination’ is never far from the lips of anyone discussing chatbots, and the assumptions that people have around human-like language being equivalent to ‘common sense’ have been seriously challenged. Potential users of LLM derived systems would be wise to take an optimistic but pragmatic approach. The release of the first major public Large Language Model (LLM) set off successive waves of amazement, intrigue and often, fear, on the part of a public unprepared for the surprisingly ‘human’ behaviour of this ‘chatbot’. It appeared to communicate with intentionality, with consideration, and with a distinctively ‘natural human’ voice. Over successive chat-enquiries, it was able to ‘remember’ its own answers to previous questions, enabling users to build up coherent and seemingly complex conversations, and to attempt to answer surprisingly ‘deep’ questions. Yet, these systems should be treated as one would treat a child savant; it might know all the right words in the right order but may not really have the experience or critical thinking to evaluate its own view of the world; the outputs of these systems have not ‘earned’ our institutional trust, and care must be taken in leveraging these systems without significant oversight. ...

This post was originally published as part of my role at WhiteHat Security Links have been added for context/comedy/my own entertainment, but no content has been modified Beneath the cynicism, hyperbole, market–making and FUD; the strategic importance of AI in Cybersecurity is only constrained by us ‘meatbags’. Being a data science practitioner in the cybersecurity space has been a double–edged sword for several years. On the one hand, with the proliferation of automated security testing, network IDS advances, the sheer growth in traffic and the threat surface of our increasingly complex, interconnected application development practices, these roiling oceans of flotsam and datum are everything our data hungry little hearts desire. Related innovations in data engineering in the past decade mean that questions that had previously only lived in the craven dreams of executive officers and deranged analysts are now the kind of tasks that we hand off to interns to make sure they have correctly set up their workstations. ...

This talk was originally prepared for NI Raspberry Jam’s Kids Track, associated with the full Northern Ireland Developers Conference, held in lockdown and pre-recorded in the McKee Room in Farset Labs In Issac Asimov’s stories, the technical, social and personal impacts of advanced robotics and artificial intelligence are explored. One creation in his books was the career of “Robopsychologist”, a combination of mathematician, programmer, and psychologist, that diagnosed and treated misbehaving AI. In this talk we’ll discuss how on earth you can prepare for careers in Robopsychology and other careers that don’t exist (yet). ...

Originally posted in Cybersecurity Insiders Back when I was pursuing my undergraduate degree in electronics and software engineering, I couldn’t imagine a path that would lead to me working with NATO on port protection and maritime defense, teaching smart submarines how to trust each other. But while I was working toward a Ph.D., that’s what happened. Instead of following the path into academia, a friend enticed me to work with him on biometrics. From there, I found an opportunity to apply my skills and knowledge to the cybersecurity industry – but that’s not something I could have predicted either. ...

Another year gone, thought it was time for some reflection. As @Sigma helpfully pointed out to me, 31 is officially the boundary of “30’s” not 30, so I’m gonna take this year as being my “friendly match” with my 30’s and hopefully take this year a bit more wisely. What follows is a vaguely structured stream of consciousness, more for my benefit than anyone else’s. If you want a wee window to see what’s behind the beard, read on. If you’re expecting anything revolutionary, disruptive or surprising, you’re gonna be disappointed… ...

Inspired by a pretty good write up by Cynofield as to his setup for getting a Raspberry Pi to “phone home”, I thought I’d set out how I do it. I have a machine that lives behind a ‘security’ infrastructure that makes my life a living hell. As a result, I set up automatic persistent reverse shells going back to other machines I use, so if I connect to those machines, I can get into the secure environment, without anything nasty being able to get in with me. ...

Came across a well known issue with QUB_SEC and Android, so I decided to fix it. Basically, Android was bailing on a particular part of the TTLS Authentication scheme that is used by millions of workplace and academic RADIUS / AD secured wireless networks, and QUB is one of them. This Comment on the issue indicated that the problem had been fixed in the newly released 4.1.2 builds, and that we’d probably be waiting a while for the OTA updates… So I guess I’ll have to do it myself! ...

2011 has been a great year for me; Graduated with a 1st MEng in Electronics & Software Engineering @QUB, Got Job offer to a major financial house, which I turned down, Got Job offer to a C|EH company in England, which I turned down, Got DELNI Funded PhD offer (x4) from CSIT/ECIT, which I turned down, Got selected to be one of the two UK projects within a Joint UK/FR Defence PhD Programme, which I accepted, ...

I was sitting in Sinnamon on the Stranmillis Road, enjoying a coffee, a sausage roll, and my Kindle, reading the latest 2600. One article immediatly stood out to me, ‘A World Spinning’. The main focus of the article was the world-changing domino effect, toppling regimes across the middle east, all caused by one, little textfile. The textfile in question was a US Embassy cable highlighting the indemic corruption in the (ex) Tunisian Government. As most know, this leak was from WikiLeaks; a rag-tag loosely knit chaotic alliance of hackers across the globe, all with the the same general aim to allow open and plain discourse and stopping governments across the globe from hiding secrets from their citizenry; big secrets and small… Of course, as with most things to do with hackers, the aim isn’t that simple; having spoken to some of those involved, it was abundantly clear that some elements within Wikileaks purely want to screw with governments that (they feel have) wronged them, but others are simply motivated by the cat-and-mouse challenge of acquiring, validating, securing and releasing information in a hostile environment. ...

On Saturday the 23rd October, the Hackers invade The Space! In association with QUESTS, Dragonslayers, and IETNI, HackerspaceBelfast will be running a series of events over 24 hours of software, network, and hardware hackery goodness, as well as screening hacker movies, DIY repair, and maybe, just maybe, how to build a laser. Running parallel to Dragonslayers’ 24 hour gaming event, which will incorporate console, PC, and tabletop games, attendees will be able to both play and make games to their hearts content. ...