A Week of Security

userpic=securityI’ve been at ACSAC all week, and it has been a great conference. The committee and the Universal Hilton have a lot of work to do to top this year’s conference at the Hyatt French Quarter. But I’m confident they/we will. So what is more appropriate than some security-related articles:

  • Remember Benford’s Law. Here’s an interesting summary of an article about how accountants are using Benford’s Law to fight fraud. Benford’s Law, for those that don’t recall it, refers to the frequency distribution of digits in many (but not all) real-life sources of data. In this distribution, 1 occurs as the leading digit about 30% of the time, while larger digits occur in that position less frequently: 9 as the first digit less than 5% of the time. Benford’s Law also concerns the expected distribution for digits beyond the first, which approach a uniform distribution. The accountants looked at a log of financial ATM transactions for an ATM with a limit of $50, and saw an abnormal number of first digits that were 4. This led them to find financial fraud. Think about this for analysis of audit trails…
  • Two-Factor Authentication. One point that has been continually made this conference relates to the value of two-factor authentication. We even heard from Avi Rubin on how to use two-factor in online poker. However, there is a major problem with two factor: what happens if you lose the second factor. Here’s an article that explains what to do. Now that you know what to do, you have no excuse. Enable two factor authentication.
  • Cyberphysical Attacks. One major theme of the conference has been cyberphysical security. You probably think it was Stuxnet. Wrong. A recent article points to a 2008 Turkish pipeline explosion, which was caused by a cyberattack that overloaded the pressure on the pipe. As Avi pointed out, as we get more and more devices in our houses and lives that are network connected, how susceptible will we be to cyberattacks.

Want to learn more about these problems? Come to the 2015 ACSAC, December 7-11 2015 at the Universal Hilton. Paper submissions, training submissions, workshop submissions, and similar stuff are all due around June 1, 2015. As Local Arrangements and Tutorial Chair, I look forward to seeing you for what will be my 25th ACSAC on the Conference Committee!