MIT Launches Three-pronged Effort To Thwart Cyber Attacks 43
alphadogg writes MIT is attacking cybersecurity from three angles: technical, regulatory and managerial through three programs and in partnership with major corporations. The initiatives include participants from across several MIT schools as well as from outside the university with a goal of making it harder for attackers to succeed in efforts to break into networks, disrupt them, and steal and destroy data. The technical challenge will be met by the school's Computer Science and Artificial Intelligence Laboratory (CSAIL) in cooperation with a group of industry partners – BAE Systems, BBVA, Boeing and Raytheon – that will meet periodically to be briefed about ongoing research."
The Real Problem (Score:1)
Engineers have a responsibility to themselves, their profession, and to everybody that comes after them. Our fathers and grandfathers realized this when they invented reliable electronics. If this generation were to make electronics it would be hit and miss, maybe it works or it doesn't, and who cares? Engineers have to make things rock solid and reliable in order to move the profession and the future of the profession forward.
I am so frickin disappointed in the current state of things. Things should b
The solution being totally obvious .. (Score:2)
The solution being to not download and run other peoples code on your 'computer', not connect your critical infrastructure to the Internet and to ask the NSA/QCHQ to stop devising methods to dilute security on the Internet.
Re: (Score:1)
Like I posted before, the root cause of this problem is that Engineers don't care anymore. They spew crap like they are terminally on the toilet. Real Engineers like the ones who put men on the moon would be able to devise secure systems. They would be able to protect privacy. They wouldn't create crap that crashes all the time. They would care more about their craft and their reputation than about big brother.
Re: (Score:2)
Mr. Apple meet Mr. Orange...what??? You two cannot compare each other? Imagine that.
Re: (Score:3)
Yes. Those listed are not serious except to waste money on funding.
Any real attempts to "thwart" attacks from the outside would START with identifying the external actors.
That's:
1.) Our government
2.) Their government
3.) Big business
4.) Organized crime
5.) Cyber gangs
6.) Kiddies
Re: (Score:1)
What a shame Engineers let things get so out of control that you can make a list like this and it is true!! Hang your head in shame Engineers, I suspect mostly "Software Engineers". You are NOT REAL Engineers. Engineers make things that are reliable, repeatable, and useful. My respect for "Software Engineers" just went down, and I didn't think that was possible.
At least Hardware Engineering is still a real profession. If I buy a chip I know it will be reliable. With Software Engineering, who knows?
Blame software engineers and their unholy worship of Java and their managers unbridled greed and incompetence to plan a software project. Clicky-clicky is all the managers want to hear and the "engineers" can't handle a real programming language that does not require seven levels of redirection. It would be an "Amen!" moment if those software engineers and architects died at the hands of their "design patterns" and "frameworks" and model-view-controllers.
Re: (Score:1)
LOL Although I can see a use for these things at some level you couldn't be more right. It's absolutely how ridiculous how many needless layers get into projects just because there were that many needless people working on them due to a total lack of proper planning in the first place. Of course that's because the people who know how to design the systems are never the people who manage their development. YMMV.
Re: (Score:1)
>>
At least Hardware Engineering is still a real profession. If I buy a chip I know it will be reliable. With Software Engineering, who knows?
Well, you know your chip is reliable, except when it's not. :)
There are plenty of counterexamples to chips always being reliable. E.g. the recent Rowhammer problem (repeated writing to memory locations changing the memory in other locations of the RAM chip, with demonstrated exploitable security risks). Or the Intel floating point arithmetic bug. Etc.
Re:The solution being totally obvious .. (Score:4, Informative)
I've been at this shit since Moby Dick was a minnow.
I remember when there was no local area network -- way before the Internet.
Malicious programs got circulated by 5 1/4" floppies via MSDOS.
That's when the problem started and that's how far back we have to go.
I can foresee some improvement if we move toward the dumb terminal/mainframe architecture by way of sand-boxed apps that can be pulled from a centralized location if they go rogue.
Bill Gates, Steve Jobs, and Steve Wozniak were part of the Digital Revolution where they wanted to decentralize data and put computers in the hands of the people.
Now it looks like we need a backlash.
Re: (Score:1)
"centralized locations are good" " they wanted to decentralize data and put computers in the hands of the people. Now it looks like we need a backlash."
Would you happen to be selling a Cloud "App" or Subscription-Based software service perchance? All I need to do is sign up now for a 10% discount** to a program I won't have to do anything to maintain, right?
I can see that you have a point, but right now, with the state of privacy what it is, air-gapped or firewalled local area networks and local storage are
Re: (Score:2)
I think MS Windows is obsolete. That was sorta my whole point. Windows has its roots in an unsecure paradigm.
Maybe we can move forward if all apps (business/consumer) are sand-boxed where malicious activity can be neutralized.
Re: (Score:1)
I suppose where I disagreed with you was with your statement,
"Bill Gates, Steve Jobs, and Steve Wozniak were part of the Digital Revolution where they wanted to decentralize data and put computers in the hands of the people."
Which is a contradictory statement.
Once the above companies stop supporting their software, it becomes insecure, and because it is closed-source, we are forced to upgrade. That's software centralization and control if there ever was such a thing.
Perhaps unwittingly, we both bought into
Re: (Score:2)
Bill Gates, Steve Jobs, and Steve Wozniak were part of the Digital Revolution where they wanted to decentralize data and put computers in the hands of the people.
Now it looks like we need a backlash.
No, the solution isn't centralization of our data systems. You can already see where that is leading with the high profile exposures today (Sony, Target, et al). It is a fallacy to assume corporations have all the answers, or will act in the general public's best interests. Short term profit is the only thing that has any meaning in that system.
At the same token we can't continue going along like we are - as that is already proven to fail.
The very thing that makes the internet useful for communicatio
Re: (Score:2)
tl;dr, but you mentioned Sony and Target.
I don't give a flying fuck about Sony and Target. Those guys can worry about themselves.
My immediate concern is things like ransomware.
I want my (business/consumer) programs and data to be safe.
Eventually, market evolution will take care of the weak Sony and Target entities if they can't adapt.
Re: (Score:1)
Real engineers *get paid to* make things that are reliable, tested, and safe, because the company could be sued into bankruptcy if things go wrong. Some software engineers *get paid to* make things that are reliable, tested, and safe, because the company could be sued into bankruptcy if things go wrong. Other software engineers *get paid to* get it done by tomorrow, because if something goes wrong no one but a few nerds gives a crap. But none of that could possibly be the fault of the managers.
The program is funded by $15 million... (Score:3)
The first task is impossible ... (Score:2)
... go back and build all of the systems from scratch and do it right this time.
Re: (Score:2)
And this, kids, is why you don't drink a 6-pack on the golf course and then post on Slashdot.
Re: (Score:1)
My electrical plugs are all three-prong. Maybe thy can assist with this new three-pronged initiative.
true intentions (Score:3)
let's be clear here, the people these corporations work are not looking to thwart cyber attacks, they are looking to thwart cyber attacks against themselves. the rest of us will still be considered their cannon fodder.
May the Swartz be with them (Score:1)
http://en.wikipedia.org/wiki/Aaron_Swartz
Re: (Score:2)
let's be clear here, the people these corporations work are not looking to thwart cyber attacks, they are looking to thwart cyber attacks against themselves. the rest of us will still be considered their cannon fodder.
Not MIT - they'll be in it for whatever patents come out if the work that they can make money on - presumably by deploying the resulting products / services as widely as possible - and for a fee.
Managerial (Score:1)
Managerial Effort To Thwart Cyber Attacks
Now I am Officially in Dilbert Land
I am so ashamed to have ever known a Software Engineer in my life.
Re: Managerial (Score:2)
they're behind (Score:1)
They're way behind other efforts. Anyone interested in this stuff look at crash-safe.org and Google Cambrige's CHERI processor project. CHERI already runs a port of FreeBSD. There's also numerous prototypes that put crypto in for confidentiality and integrity protection, some running Linux already. The recent Control Pointer Integrity work is pretty clever and was applied to FreeBSD userland.
Long story short, we already have a bunch of good solutions just waiting to be put into silicon and marketed. I'll b