Profile

Cover photo
William Cox
Works at Amdocs
Attended Fordham University
107 followers|57,966 views
AboutPostsPhotosVideos

Stream

William Cox

Shared publicly  - 
 
It was only a matter of time.
 
In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting a chip’s functionality). In the open spaces of an already placed and routed design, we construct a circuit that uses capacitors to siphon charge from nearby wires as they transition between digital values. When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a desired value. We weaponize this attack into a remotely-controllable privilege escalation by attaching the capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit for our processor.

Okay. That's it. I give up. Security is impossible. 
31 comments on original post
1
Add a comment...

William Cox

Shared publicly  - 
1
Add a comment...

William Cox

Shared publicly  - 
 
Though the perks would be nice too.
1
Add a comment...

William Cox

Shared publicly  - 
 
Exploring the Really Important Questions of Life
Is there data in your beef? Can barbecue be optimized? Can data tell us if one brisket will be better than another? Can we Splunk an open flame?
1
Add a comment...

William Cox

Shared publicly  - 
 
"The bottom line is that kids here are always going to throw dinner parties," said Mark Halsey, associate dean of Bard College. "No matter how hard we crack down, students will still find a way to get fresh produce from the local farmer's market and make a big garden salad or puree some root vegetables. Some of them may even whip out Apples to Apples after dinner and play that while sipping on some limoncello. All we can do is try to make sure it doesn't get out of hand."
ANNANDALE-ON-HUDSON, NY—The Princeton Review announced this week that Bard College has topped its annual ranking of the nation's biggest dinner party schools.
1
Add a comment...

William Cox

Shared publicly  - 
 
 
No one actually means anything when they use the word "terrorism." 

The left uses it to describe drone strikes and white supremacists and militia members. The right uses it to describe Muslims and leftists. Both pile any sort of ideological violence they don't approve of into a single overloaded category. 

But we can only partially explain ideologies  by referring to the violence committed in their name, and we can only partially explain violence by referring to the ideologies that justify it. Given any other sufficiently justifying narrative, the same person would likely have simply killed the people that justification recommends.

This has policy consequences. 

When we have attempted to raise any sort of response to "terrorism," defined as "exceptional political violence, whatever the form" the results have been uniformly catastrophic. We have assumed that all individuals fantasizing about terrorism, whether supported or unsupported by others, are equally dangerous. But they're not: the vast majority of "plots" are simply jihadi fantasizing. Our response to individual fantasy-jihadis has been to take disaffected people fitting vaguely the same profile, to organize terrorist "plots" for them to participate in, and then to arrest them for participating.

This is an awful thing to be doing, it's caused by muddy thinking about terrorism and its causes, and the reason the thinking is muddy isn't caused by whom we're targeting: it's because we've turned a complex system of personal and ideological motives into a single, headline-worthy declaration, and then pretended that the headline was the whole story.
29 comments on original post
1
Brian Fitzgerald's profile photo
 
Demonizing your neighbors has always proven to be a delightful way to live harmoniously and prosperously, has it not?   
Add a comment...
Have him in circles
107 people
Pat Mcloed's profile photo
James Hawkins's profile photo
Christopher Gillen's profile photo
Wing Choi's profile photo
Jane Smith's profile photo
Qualeek Boney's profile photo
Peter Wendling's profile photo
David Do's profile photo
PASTIS PAS TAHLAB's profile photo

William Cox

Shared publicly  - 
 
We have become the Enemy.
 
There are a lot of things you don't realize are unusual until you step outside of them for a while.

The article below is by +Brad Templeton, and his experience of being questioned by the FBI for taking a photo of the Sun. (His camera was apparently pointed in a direction which could have also caught a Federal building, although the building wasn't marked as such) If you live in the US, you're probably nodding your head and thinking that "yes, that's about what you should expect" – whether your second thought is "and that's horrifying" or "the government has to protect its buildings."

A few years ago, I was in Tel Aviv, and was carrying my camera, having spent some time photographing the city. My cousin (a professor of political science) and I were talking as we went to a meeting she had with some government official she was interviewing at a Ministry of Defense building. When I realized that we were right next to the building, I said "Oh, shit!" and hurriedly put my camera away. She was completely confused; why was I doing this?

It was only when she didn't understand at all that I realized how the behavior that I'm completely used to – that having a camera out in the vicinity of a government building (a military one, at that!) would be taken as such an open provocation that I would be almost certainly detained and the camera seized, if I was lucky – is neither historically normal in the US, nor is it common in the rest of the world. Even in Israel, a country that has good reason to have an extremely alert security posture, it had never occurred to anyone that possession of a camera in the vicinity of a government building should draw an immediate armed response.

The rest of that trip was a similar exercise in noticing small differences. Re-entering the United States was another one; surrounded by signs warning you not to attempt to use a phone or photograph anything, you are moved through passport control, screens playing videos about the various crimes you are warned not to commit. At the end you show papers, and are fingerprinted, photographed, and interrogated. (This is what they did for citizens; I can't imagine what the non-citizens line was like) All the officials present, from the people inspecting papers to the people moving people about through the line, were overtly hostile; after the INS/DHS merger, USCIS clearly viewed its primary mission as preventing people from entering the country.

Not all of it has to do with "national security;" consider how children are allowed to play. In the US, they need to be monitored 24/7; playing in the front yard, much less going to the park on their own, is a sign of possibly criminal neglect. As a child in the US, I would go all over the neighborhood when playing; in Israel, my friends and I would roam over a good mile's radius, and my mother would routinely send seven-year-old me to the grocery store to pick things up.

When in the US for any length of time, this entire situation seems perfectly normal, and people wonder what I'm complaining about. And that's the thing: it had been feeling perfectly normal to me as well, until being out of the country for a few weeks reminded me that not only do other places not do this, but until recently, the US didn't, either.

Brad Templeton now has a police record, and any future investigations that touch on him will turn up that he was questioned for suspicious photography (and maybe more) of a government building. The fact that he has only this, and wasn't arrested or imprisoned, is largely because he looks like a respectable, white, professor.

I would ask when we started considering this "normal," but we all know the answer to that: after 9/11, when "security" became the watchword which would trump any question of legality or constitutionality. What worries me is that, fifteen years later, we are entering a world where there are adults with no memory of any other world. How do you move a world towards freedoms that nobody remembers, or argue against safety measures that "everybody knows" are required, since they've always been there?
A week ago, a rather strange event took place. No, I'm not talking about just the Transit of Mercury in front of the sun on May 9, but an odd result of it. That morning I was staying at the Westin Waterfront in Boston. I like astrophotography, and have shot several transits.
114 comments on original post
1
Add a comment...

William Cox

Shared publicly  - 
1
1
Add a comment...

William Cox

Shared publicly  - 
 
So, y'know how folks complain about the lines at the DMV and things taking forever to get done there? And trying to call but not getting anything but a busy signal until two minutes before closing?

Well, NYS seems have to replicated that experience with https://my.dmv.ny.gov/. I went to change my address today during business hours, but only got 503 Service Unavailable until after close of business. But if I had wanted to renew my registration without first changing my address, that feature was available, though on a different website with the appearance of both usability and performance.
1
Brian Fitzgerald's profile photo
 
I guess you should have ordered some vanity plates while waiting to change your address.  ;)  
Add a comment...

William Cox

Shared publicly  - 
 
How many brick-and-mortar stores listen to what queueing theory has to say about their checkout lines?
1
Brian Fitzgerald's profile photoWilliam Cox's profile photo
2 comments
 
That's an important consideration when designing the queue, but one shouldn't use hope to look for profit per customer. Which raises the question: Is probability a statistically more reliable tool than the hope placebo?
Add a comment...

William Cox

Shared publicly  - 
 
That's OK. It's well within the margin of error.
 
This is nuts.  Training a model based on only 7 known true positives?  And then (allegedly?) using it to decide where to aim drone strikes?  

The article goes into a little more detail about random forests being prone to overfitting, but you can't expect much out of any model with so little ground truth.  

Yikes.

http://arstechnica.co.uk/security/2016/02/the-nsas-skynet-program-may-be-killing-thousands-of-innocent-people/
"Ridiculously optimistic" machine learning algorithm is "completely bullshit," says expert.
View original post
1
Brian Fitzgerald's profile photo
 
Many things are analysed or designed using the Navier-Stokes equations, yet there are still some important yet unanswered questions about their existence and smoothness.  https://en.wikipedia.org/wiki/Navier%E2%80%93Stokes_existence_and_smoothness
Add a comment...
People
Have him in circles
107 people
Pat Mcloed's profile photo
James Hawkins's profile photo
Christopher Gillen's profile photo
Wing Choi's profile photo
Jane Smith's profile photo
Qualeek Boney's profile photo
Peter Wendling's profile photo
David Do's profile photo
PASTIS PAS TAHLAB's profile photo
Education
  • Fordham University
  • Hampden-Sydney College
  • St. John's College
Work
Occupation
Entropy Reversal Technician
Skills
Why, sometimes I've solved six impossible problems before breakfast!
Employment
  • Amdocs
    Senior Development Expert, 2012 - present
  • AT&T
    Senior Technical Team Lead, 2001 - 2012
  • Prodigy
    System Manager
  • Thaumaturgix
    System Manager
  • I.M.A.G.E. INC.
    Network Manager
  • The Associated Press
    System Manager
Basic Information
Gender
Male
Other names
Will