SoylentNews is people
SoylentNews
A recent article on Ars Technica talks about a plan to open a "cyber" college at Bletchley Park with the hope of attracting those with an interest in cybersecurity.
Bletchley Park—the home of codebreakers whose pioneering work helped Britain and its allies win the Second World War—could be the site for a College of National Security, with plans for it to open in 2018.
The new sixth-form boarding school will, we're told, be run by a private non-profit consortium of tech firms, venture capitalists, and entrepreneurs, with rumoured input from GCHQ. It will enrol[sic] 500 teenagers (aged 16 to 19) who will be taught cybersecurity skills—which could, it's hoped, go some way to addressing the shortfall in UK talent.
[...] The initiative is being funded and run by a group called Qufaro, whose members include Cyber Security Challenge UK, The National Museum of Computing, the Institute of Information Security Professionals, Raytheon, and BT Security. It will be certified by City and Guilds, a major provider of vocational qualifications. Qufaro chair Alastair MacWilson described the state of the UK's current IT education as "complex, disconnected, and incomplete, putting us at risk of losing a whole generation of critical talent.
[...] MacWilson estimates that there's a shortage of about 700,000 cybersecurity professionals in Europe at present, and wants the new college to make headway in addressing the issue. It's been reported that Qufaro has applied to the department for education for state funding, but if it can't secure any, the college will be funded privately.
(Score: 2, Interesting) by anubi on Monday November 28 2016, @01:17AM
Geez... here I am a degreed engineer, and when I first saw the opportunities for malware resulting from mixing code and data, I did my damndest to stop it.
No one would listen. All it took to sway them was the money-makers cooing for them to use the "latest technology", even if it could not be trusted.
I feel by now we could have had a really robust computing technology going, but instead I am faced with stuff where I cannot visit websites without being either snooped or infected, nor can I as much as open an email attachment - even to just *look* at it.
I have been aware of how disruptive things can get ever since I got my first ANSI bomb on a BBS, and got nailed by fake shareware.
Its been obvious to me ever since that there has to be a clear line of demarcation between what is data, and what is executable.
All my concern did was get me into endless fights with the tie-guys, who gave all outward appearances to me that they actually were trying to bring on a system full of backdoors which they seemed to have the illusion that only they were to be privy to. Now, no-one knows what kinda tricks lurk in something as innocent looking as a little ad.
Is there any indication the people in power even know what cyber security even is???
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by tibman on Monday November 28 2016, @03:34PM
The line between data and executable is very fuzzy, imo. Even an image has to be parsed and rendered (and has been successfully exploited in the past). It's easy to point to something like JavaScript but what about html? Html is a series of instructions (executable) for how to display a page.
SN won't survive on lurkers alone. Write comments.
(Score: 1) by anubi on Tuesday November 29 2016, @03:27AM
Thanks... I was more down the line of how I could open up *anything* in my programmer's text editor - safely. No matter what was in it. The worst it could possibly do is display meaningless garble to me. At no time do I lose control of the machine, nor can any crafting of the text do anything. About the worst thing one could do is play games with spelling to rnislead me. ( note... I just garbled "rnislead" to illustrate ).
In the event of images, I would hold that image files must be a certain format to parse to a meaningful image. All it is is an image - and all you can do is display it, albeit it, too, can be used to mislead to some extent. Like incorporating screen captures to make you think you are somewhere else, much like one may copy currency and pawn it off as the real thing.
I drew the line at stuff like ANSI, where people were defining escape sequences to do nasty things, then embedding that in the document, so when read, the nasty would execute and mess things up. I was furious when I discovered how much arbitrary code could be executed via JavaScript. Even HTML has more power than I believe justified for a trustworthy system. Especially egregious in my estimation is the ability to overwrite the URL bar, or give webmasters the power to force users to click on links where it is not obvious ( unless one is using Wireshark or similar ) what something is going to do if even moused over.
I still feel most of the core OS in modern machines should be almost like BIOS. In ROM. Writable only when the machine has a physical jumper installed.
Doing a "del c:*.*" should simply cause the machine to revert to its out of the box state. One can then load trusted software first to fish through your backups to transfer your good stuff back should one encounter a run-in with a rogue, as once a rogue has control of one's machine, there isn't much telling what he did to it. In the real world, I feel I am going to run into rogues in cyberspace much like I run into rogues in the street; I do not believe there is much chance of entirely stopping either one. But I do believe there are much easier ways of backstepping out of the situation, making the rogue's efforts pay off much less.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by tibman on Tuesday November 29 2016, @04:06AM
I agree with you about OSs being too easily modified. A physical r/w toggle would be cool.
SN won't survive on lurkers alone. Write comments.
(Score: 1) by anubi on Tuesday November 29 2016, @04:35AM
Remember the old days when our BIOS was on 27128 EPROMS? I now routinely buy megabytes of EEPROM to keep my Arduino stuff on.. and even it has a physical write enable line on it so it won't be overwritten no matter what the software says.
I would love to see machines come with BIOS that incorporated DOS as well as drivers for standard DVDROM, USB, and TCP/IP stack... so out of the box the computer is usable even with no OS at all. The barebones "monitor" would then be used to pull down whatever more complex GUI OS one had in mind. Or, lacking any OS at all, run things like a dedicated machine controller, like a stoplight or whatever. Kinda like one could run GWBASIC with nothing more than Command.com and BIOS.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]