Static Program Analysis
These notes present principles and applications of static analysis of programs.
We cover basic type analysis, lattice theory, control flow graphs, dataflow analysis,
fixed-point algorithms, narrowing and widening, path sensitivity, interprocedural
analysis and context sensitivity, control-flow analysis, and several flavors
of pointer analysis. A tiny imperative programming language with pointers and
first-class functions is subjected to numerous different static analyses illustrating
the techniques that are presented.
static_analysis  computer_security 
20 days ago
Step 2.5: Choose a Model  |  ML Universal Guides  |  Google Developers
1. Calculate the number of samples/number of words per sample ratio.
2. If this ratio is less than 1500, tokenize the text as n-grams and use a
simple multi-layer perceptron (MLP) model to classify them (left branch in the
flowchart below):
a. Split the samples into word n-grams; convert the n-grams into vectors.
b. Score the importance of the vectors and then select the top 20K using the scores.
c. Build an MLP model.
3. If the ratio is greater than 1500, tokenize the text as sequences and use a
sepCNN model to classify them (right branch in the flowchart below):
a. Split the samples into words; select the top 20K words based on their frequency.
b. Convert the samples into word sequence vectors.
c. If the original number of samples/number of words per sample ratio is less
than 15K, using a fine-tuned pre-trained embedding with the sepCNN
model will likely provide the best results.
4. Measure the model performance with different hyperparameter values to find
the best model configuration for the dataset.
machine_learning  text_classification 
25 days ago
Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security by Robert Chesney, Danielle Keats Citron :: SSRN
Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security

Harmful lies are nothing new. But the ability to distort reality has taken an exponential leap forward with “deep fake” technology. This capability makes it possible to create audio and video of real people saying and doing things they never said or did. Machine learning techniques are escalating the technology’s sophistication, making deep fakes ever more realistic and increasingly resistant to detection. Deep-fake technology has characteristics that enable rapid and widespread diffusion, putting it into the hands of both sophisticated and unsophisticated actors. While deep-fake technology will bring with it certain benefits, it also will introduce many harms. The marketplace of ideas already suffers from truth decay as our networked information environment interacts in toxic ways with our cognitive biases. Deep fakes will exacerbate this problem significantly. Individuals and businesses will face novel forms of exploitation, intimidation, and personal sabotage. The risks to our democracy and to national security are profound as well. Our aim is to provide the first in-depth assessment of the causes and consequences of this disruptive technological change, and to explore the existing and potential tools for responding to it. We survey a broad array of responses, including: the role of technological solutions; criminal penalties, civil liability, and regulatory action; military and covert-action responses; economic sanctions; and market developments. We cover the waterfront from immunities to immutable authentication trails, offering recommendations to improve law and policy and anticipating the pitfalls embedded in various solutions.
25 days ago
Event Info
Lunch and Learn:A Software Development Primer for Lawyers: When, Why and How to Build your own Digital Products
September 20, 2018

D.C. Bar
901 4th ST NW
Washington, DC 20001-2776 

The market is exploding with great options for off-the-shelf legal technology -- so when is it time to think about building your own technology? And where do you even begin? This talk will provide lawyers with an overview of how to make the build versus buy decision, the software development process, how to hire a team to help, and common pitfalls to look out for.
Individual Registration
Find it on Map
25 days ago
An Introduction to the California Consumer Privacy Act (CCPA) by Eric Goldman :: SSRN
After a mere week of deliberations, the California legislature passed the Consumer Privacy Act (CPA), a sweeping, lengthy (10,000 words!), insanely complicated, and poorly drafted privacy regulation that will govern the world’s fifth largest economy. This short primer, excerpted from my Internet Law casebook, provides a relatively short overview of the law and a few of its many problems.
ccpa  privacy_law  california 
8 weeks ago
The ethical and legal ramifications of using 'pseudo-AI'
Human access to data when customers think only software will access it
ai  liability 
8 weeks ago
Starting Up Security
Starting Up Security was not written in order. In 2018 these essays were organized and structured as you see it now.

These were written for security teams of varying size and maturity that are looking for direction or opinions on how to get started, or grow.

The eponymous article is a prescriptive starting point that works in the spirit of a maturity model. This section contains links to other high level guidance as well.

The Risk Management section writes about more intentional, quantitative approaches to a security program. Working from scratch, you’ll organize risks into scenarios, build consensus, and roadmap your work. These are highly opinionated.

Anecdotes about team structure and the role of a security team and individual are laced throughout my essays. However, the more specific writings will go into Organization.

The most writing I have is around Incident Response. Often these are based on my personal experiences during or following an incident.

I make it a priority to write about incidents that are public that have valuable lessons. These can be found in Post-mortem review.
resources  training  InfoSec  for_newbies 
12 weeks ago
Kap - Capture your screen
Capture your screen
An open-source screen recorder built with web technology.
mac  screencap_to_gif  gif  screencap 
12 weeks ago
STARTTLS Everywhere
Secure your email server with STARTTLS Everywhere! Your email service can be insecure in numerous different ways. The service below performs a quick check of your email server's security configuration, including whether STARTTLS is supported, and whether it may qualify for the STARTTLS Policy List.
eff  tls  Email 
12 weeks ago
Comments of FTC’s Bureau of Consumer Protection on IOT Safety/Security to CPSC
FTC Staff Written Comments on The Internet of Things and Consumer Product Hazards
cpsc  ftc  iot  InfoSec  product_liability 
june 2018
*OS Internals: - Welcome!
Volume I - User Mode - Available, v1.0.5
Volume III - Security & Insecurity is available, v1.5.2
ios  book  mac  osx  InfoSec 
june 2018
Security Tools for AWS · GitHub
Security Tools for AWS
I often get asked which tools are good to use for securing your AWS infrastructure so I figured I'd write a short listof some useful Security Tools for the AWS Cloud Infrastructure.

This list is not intended be something completely exhaustive, more so provide a good launching pad for someone as they dig into AWS and want to make it secure from the start.
aws  infosec  cloud_computing  security_best_practices 
june 2018
« earlier      
4th_amendment 5th_amendment action ad_networks ad_tracking adserved_malware advertising alexa algorithm amazon amendment android android_updates apartment api apple apps articles attribution aws backdoor bitcoin blackhat blog book bookmarks_bar books border botnet botnet_takedown breach bug bug_bounty bugs business cake calea cell_phone_unlocking cellphone cellphones certificate_pinning cfaa chilling china chocolate christmas chrome cleaning cloud cloud_computing communications_security compelled_decryption computer_crime computer_security contract coordination copyright croissant crypto cs ctf culture cyber cybercrime cybersecurity d_and_o_lawsuit data data_breach data_protection data_security dc defcon design dessert development dfir disclosure diy downloads ebook ebooks economics education eff email encryption entertainment etsy exercise exploit facebook faceid fb fbi feature feedly first_amendment fisa fitness food for forensics franchise free front_page ft ftc funny fuzzing gdpr general gf github google gsoc hack hacking health history holiday household how_to https ifttt infosec inspiration instagram insurance internet ios iot iphone javascript juniper kids kindle later law learning legal legal_tech letterpress liability load_testing_tips location mac maker malvertising malware management microsoft mitm mobile music national_security_letters network networking news nist nj_restaurants nsa nsls nyc older open_source oscon2012 osx paris password patching pci performance photography popular post privacy privacy_harm privacy_law product_liability programming project_zero public_speaking publishing python quilt ransomware raspberry_pi read recently recipes reference regulation responsible_disclosure reverse_engineering risk robots saved science search seattle security security_research security_testing selenium selenium_knowledge sewing slides smartphones software software_&_tools software_product_liability software_testing_and_quality space ssl stagefright standards surveillance target tech technology testimony testing third_party tips tls tools top tort touch_id tracking training trainings transparency_reports travel tsa tumblr tutorial tutorials tweet twitter uncategorized underwriters_lab unix unlock unlocking usb usb_hacking vendor vicarious_liability video vulnerabilities vulnerability vulnerability_disclosure warrant warrant_canary wassenaar web web_security webappsec windows wireshark wiretap wordpress wyndham xss zero_day

Copy this bookmark: