Software Engineering
29 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by Kevin Olson
Scoop.it!

How security flaws work: SQL injection

How security flaws work: SQL injection | Software Engineering | Scoop.it
This easily avoidable mistake continues to put our finances at risk.
Kevin Olson's insight:
A nice overview of SQL injection attacks.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

New Take on an Ancient Method Improves Way to Find Prime Numbers

New Take on an Ancient Method Improves Way to Find Prime Numbers | Software Engineering | Scoop.it
The modified version of the sieve of Eratosthenes could accelerate computer calculations
Kevin Olson's insight:
A new way of looking at prime numbers. Since modern cryptography relies upon primes (and their factorization), the approach could have interesting implications.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Software Engineering | Scoop.it
“Free speech in the age of the Internet is not really free,” journalist warns.
Kevin Olson's insight:
The discussion about the "Internet of Things" and its place in the DDoS is very interesting. Poor programming, poor updating, and a push to have IoT sales over security helped support the largest DDoS on record (to date). The amount of junk data at over 600Gbps is astounding.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

People ignore software security warnings up to 90 percent of the time

People ignore software security warnings up to 90 percent of the time | Software Engineering | Scoop.it
Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times.
Kevin Olson's insight:
The article suggested most users ignore security warnings (such as the Windows UAC). It is just "noise" to most people. The article hypothesized that displaying the warnings at better times (such as not interrupting the user?) would result in users paying closer attention.

The problem is more likely that any given dialog provides insufficient information to determine if there really is a problem. And it is unclear how a developer is supposed to delay presenting a warning message.

There was also a study from years ago about pop-ups with acceptance criteria (I believe it was in a Word Processor). When the overwhelming majority of the time one selects "OK" (or yes), one quits reading the text of the dialog, often to the determent when an actual issue needs to be addressed.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

7 bad programming ideas that work

7 bad programming ideas that work | Software Engineering | Scoop.it
Cheaper, easier, faster, safer -- sometimes bad habits are better than good enough
Kevin Olson's insight:
Sometimes programming does not follow a completely optimal path. This article looks at a few things that not necessarily considered "the best" but still work anyway. 

Though the specifics differ, we have these types of issues when we bring in interns for the summer. For the most part, students are graded by making "optimal" choices, and they usually work from green fields. In a world where the code base has evolved, there are numerous suboptimal implementations to be found. Yet at the end of the day, users do not care about how the code is implemented, only if it helps them achieve some goal.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Why Developers Never Use State Machines

Why Developers Never Use State Machines | Software Engineering | Scoop.it
I decided to engage in a bit of introspection and figure out why we tend to manage our "state" and "status" fields in an ad-hoc fashion rather than doing what
Kevin Olson's insight:
An interesting article that asks why State Machines are not frequently used in software development. An individual asked a question here (http://stackoverflow.com/questions/36296234/using-switches-inside-switches-java) about a flow chart, and coded a large number of switch (could have been if/else conditions) statements. Instead, generating a state machine would be easier, and eventually more maintainable. Yet software development tends to push state machine considerations to later, and almost never emphasizes maintainability as a consideration. Nonetheless, why are state machines (petri nets, etc.) so delayed in software training, and why aren't they used more?
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Microsoft backtracks, resumes development of a modern Skype app

Microsoft backtracks, resumes development of a modern Skype app | Software Engineering | Scoop.it
Company discovers that desktop users don't really care for the separated apps.
Kevin Olson's insight:
Ignoring a bit of snarkiness in the article, the crucial question is developing techniques to understand how users actually interact with an application. UX design is insufficient, as one can effectively implement a UX without addressing the actual way in which users want to accomplish there goals. Furthermore, assuming that all users are the same or that the same user is the same in any situation, is a poor assumption. To truly understand user behavior, applications must collect information that reveals exactly how users interact with the applications.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Microsoft Took Its New A.I. Chatbot Offline After It Started Spewing Racist Tweets

Microsoft Took Its New A.I. Chatbot Offline After It Started Spewing Racist Tweets | Software Engineering | Scoop.it
This post originally appeared on Business Insider. On Wednesday, Will Oremus wrote about why Microsoft’s A.I. chatbot starting hitting on people. Micr
Kevin Olson's insight:
As noted elsewhere, the problem with certain AI algorithms is that they may become subtlety discriminatory due to the training data. Of course, without any content knowledge, it appears they can also become directly offensive. I am not certain that just adding word filters would solve the problem, as at some level the AI would have learned and would operate upon these underlying algorithms, it simply suppress the output.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

After an easy breach, hackers leave “TIPS WHEN RUNNING A SECURITY COMPANY”

After an easy breach, hackers leave “TIPS WHEN RUNNING A SECURITY COMPANY” | Software Engineering | Scoop.it
DDoS protection firm Staminus apparently stored customers' credit card data in the clear.
Kevin Olson's insight:
Some useful tips about securing a company graciously left by a hacker. Yet another example, however, of lazy programming with the credit card info being stored in plain text. Tell me again what good those auditors from PCI do?
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Employers Are Using Big Data to Track Employee Pregnancies

Employers Are Using Big Data to Track Employee Pregnancies | Software Engineering | Scoop.it
It’s legal, but is it ethical?
Kevin Olson's insight:

Target knew when an individual was pregnant by using big data. Now private companies are using data mining to ascertain if female members of the workforce are pregnant. If one ever wonders why we have so many regulations, it is because too many people figure if they can do it, they will without asking if they should.

more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Crypto flaw was so glaring it may be intentional eavesdropping backdoor

Crypto flaw was so glaring it may be intentional eavesdropping backdoor | Software Engineering | Scoop.it
Network tool contained hard-coded prime number that wasn't prime after all.
Kevin Olson's insight:

Security is hard, and encryption requires a lot of investigation to ensure it is being done correctly. Hard coding a 1024 non-Prime number, however, is not on the scale of most other recently discovered issues. Instead, it is blatant poor programming. One should usually ascribe to stupidity rather than maliciousness, but this one is an interesting case where it may be hard to make the call between those two.

more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Pedram Keyani's answer to As a software engineer, what's the best skill set to have for the next 5-10 years? - Quora

Kevin Olson's insight:

In essence, software engineering is about problem solving. There was also a report that programming jobs in the U.S. will decline over the next few years, but software development/software engineering will increasing. Programming is a skill that can be outsourced. User programming is seen when people create spreadsheets -- replete with all the errors they contain. Software development solves problems using a computer, and it takes a talent that mixes a wide variety of skill-sets.

more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Worried about cyberattacks on US power grid? Stop taking selfies at work

Worried about cyberattacks on US power grid? Stop taking selfies at work | Software Engineering | Scoop.it
Experts warn that malicious hackers gain valuable insight when companies and employees reveal too much information on the Web – especially when they work at sensitive facilities.
Kevin Olson's insight:

Posting "selfies" from work can divulge inadvertent, but important, information. This article looked at information divulged in selfies that related to SCADA systems. One needs to carefully consider the BYOD policy in force at a given organization.

more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Google AI invents its own cryptographic algorithm; no one knows how it works

Google AI invents its own cryptographic algorithm; no one knows how it works | Software Engineering | Scoop.it
Neural networks seem good at devising crypto methods; less good at codebreaking.
Kevin Olson's insight:
In a standard Alice, Bob, Eve setup, Alice and Bob derived an algorithm to encrypt their communications. It is an interesting look at how we are starting to design tools that can design tools, and the results are not easily understandable.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

As we speak, teen social site is leaking millions of plaintext passwords

As we speak, teen social site is leaking millions of plaintext passwords | Software Engineering | Scoop.it
i-Dressup operators fail to fix bug that exposes up to 5.5 million credentials.
Kevin Olson's insight:
Another day, another exploit of passwords. But in this case, I think the company is almost criminally negligent. In this era, who doesn't hash passwords? Seriously, storing passwords in plain text? SQL injection is usually pretty easy to foil just by using the correct statements when dealing with the database. Seems like this site was put together by complete amateurs. Oh, the login screen doesn't use HTTPS, so passwords could be intercepted anyway. Yep -- total amateur hour.

Upshot: if your kids (or you) have an account here, close it immediately, and then watch our for phishing attacks. Make sure passwords on any other site are unique from this one.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

One of the world’s oldest biblical texts read for the first time

One of the world’s oldest biblical texts read for the first time | Software Engineering | Scoop.it
The En-Gedi scroll was a lump of crumbling coal for over 1,700 years, but a new technique "unwrapped" it.
Kevin Olson's insight:
Though the bulk of the article is about the text itself, it is an interesting application of computing algorithms to recover text. The article notes at the end how the techniques may be applied to other fields.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Group claims to hack NSA-tied hackers, posts exploits as proof

Group claims to hack NSA-tied hackers, posts exploits as proof | Software Engineering | Scoop.it
Extraordinary claim gets attention of security experts everywhere.
Kevin Olson's insight:
An auction of potential NSA hacking scripts. However, it appears that "poorly written python" is sufficient to hack around the world. Good to know that software engineering practices need not be applied to steal data.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

10 million-core supercomputer hits 93 petaflop/s, tripling speed record

10 million-core supercomputer hits 93 petaflop/s, tripling speed record | Software Engineering | Scoop.it
There's a new world's fastest supercomputer for the first time in three years.
Kevin Olson's insight:
Supercomputing is a race to allow for greater research insights. China is far outpacing the U.S. at this point in time in its supercomputing infrastructure.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Thanks For Ruining Another Game Forever, Computers

Thanks For Ruining Another Game Forever, Computers | Software Engineering | Scoop.it
Kevin Olson's insight:
An interesting take on the evolution from brute-force approaches to chess to the AI (or machine learning) used in the recent Go game. The article suggested that the increase in GPU capability is at the base of the change. One problem with the move away from faster CPUs to multi-core CPUs is that the processing speed of a given core -- that is, how well it can handle a singe tasks -- has not changed much recently. Multi-core CPUs are really only helpful if the problem can be tackled in parallel. In addition, the articled noted the rise in GPU speed has specific ramifications for password security.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Certified Ethical Hacker website caught spreading crypto ransomware

Certified Ethical Hacker website caught spreading crypto ransomware | Software Engineering | Scoop.it
Major security certification group ignored private warnings for more than 3 days.
Kevin Olson's insight:
The whole remove ad-blocker approach needs to stop. Unless sites become wholly responsible for the ads that are displayed, it is wholly irresponsible not to block every ad possible.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Two Years Later, Java Security Still Broken Due to Faulty Oracle Patch

Two Years Later, Java Security Still Broken Due to Faulty Oracle Patch | Software Engineering | Scoop.it
Oracle failed to properly address CVE-2013-5838
Kevin Olson's insight:
Java is threatening to become like Flash in terms of the number of updates it pushes. OK, that is a bit of hyperbole, but nonetheless it is extremely disconcerting to see patches not actually fixing the underlying problem. It appears the Software Engineers did not properly classify, diagnose, or test the problem or the patch.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

How a Hacker's Typo Foiled a Billion-Dollar Bank Heist

How a Hacker's Typo Foiled a Billion-Dollar Bank Heist | Software Engineering | Scoop.it
A spelling mistake in an online bank transfer prevented a nearly $1 billion heist involving the Bangladesh central bank and the NY Federal Reserve.
Kevin Olson's insight:
It is probably not good that the last line of defense for a bank is a spell checker. Nonetheless, that simple check did thwart a $20 million transfer. Still an interesting example of layered security, though not in the way many people would expect.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

How to Bring Better Ethics to Data Science

How to Bring Better Ethics to Data Science | Software Engineering | Scoop.it
In the waning months of the Bloomberg administration, I worked for a time in a New York City Hall data group within the Health and Human Services divis ...
Kevin Olson's insight:

In the article, there are some interesting points about how big data operates, especially with regards to what data are used for training neural nets. Issues with including race, for example, can easily result in "racist" neural networks.

more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

A Computer Has Beaten a Human Champion at Go. What Next?

A Computer Has Beaten a Human Champion at Go. What Next? | Software Engineering | Scoop.it
Google announced that AlphaGo, a program built by its DeepMind artificial intelligence lab, had defeated the European Go champion in a five-game match.
Kevin Olson's insight:

The approach uses a dual neural network to prune the search space. An interesting article, and the video is worth the watch, even if it is a bit slow in telling the software side of things.

more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

These are the worst passwords of 2015

These are the worst passwords of 2015 | Software Engineering | Scoop.it
Our passwords are bad and we should feel bad.
Kevin Olson's insight:

Another listing of poor password choices. The article does give a couple of suggestions, as well as noting that some companies are attempting to address the issue of too many passwords. It is interesting that in 2016 we still use passwords -- a fairly insecure means of authentication.

more...
No comment yet.