Collaborate Disseminate
NASA has awarded Carnegie Mellon University (CMU) and Astrobotic a US$5.6 million contract to build a new suitcase-sized robotic lunar rover that could land on the Moon as soon as 2021. One of 12 proposals selected as part of the agency’s Lun… Continue reading NASA taps Carnegie Mellon to build small, speedy MoonRanger lunar rover
Carnegie Mellon University (CMU) has announced that it plans to send the first American unmanned rover to the Moon in July 2021. Under the direction of Robotics Institute director William “Red” Whittaker, the miniature four-wheeled robot will… Continue reading Carnegie Mellon University to send first US robotic rover to the Moon in 2021
The enterprise software and services-focused accelerator Alchemist has raised $4 million in fresh financing from investors BASF and the Qatar Development Bank, just in time for its latest demo day unveiling 20 new companies. Qatar and BASF join previous investors, including the venture firms Mayfield, Khosla Ventures, Foundation Capital, DFJ and USVP, and corporate investors […] Continue reading Unveiling its latest cohort, Alchemist announces $4 million in funding for its enterprise accelerator
The Department of Homeland Security on Friday alerted the public to a vulnerability in multiple virtual private network applications that could give a hacker access to other apps running on a VPN connection. The flaw involves the insecure storage of cookies in memory or in log files, and affects enterprise VPN apps made by Cisco, F5 Networks, Palo Alto Networks, and Pulse Secure. Other vendors could be affected because the configuration issue is likely “generic” to other VPN apps, according to an advisory cited by DHS from Carnegie Mellon University’s CERT Coordination Center. “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” CERT CC said. “An attacker would then have access to the same applications that the user does through their VPN session.” While Palo Alto Networks had patched its VPN […]
The post DHS alerts industry to insecure enterprise VPN apps appeared first on CyberScoop.
Continue reading DHS alerts industry to insecure enterprise VPN apps
Joe McManus is an expert and industry advisor in the field of information security. He currently serves as the CISO of Automox, provider of cloud-based, cross-platform patching software. He is also a senior researcher at CERT, part of the Software Engi… Continue reading Joe McManus, Automox – Enterprise Security Weekly #98
A new wheel that Carnegie Mellon scientists developed for DARPA adapts to its environment. Continue reading The Military Reinvented the Wheel, They’re Triangles Now
Zero-day exploits earned hackers $105,000 in total on Thursday during the second day of the Pwn2Own contest in Vancouver, British Columbia. Packed into a small basement room, a rapt crowd watched as Richard Zhu successfully hacked Firefox and gained control of the target computer to win $50,000 and clinch the overall victory for the competition. That in addition to his wins Wednesday, when he earned $70,000 successfully targeting Microsoft Edge with an exploit that took him almost a week of work to develop. Zhu, a veteran of the world class Carnegie Mellon University capture the flag (CTF) team as well as previous Pwn2Own competitions, had a particularly memorable run against Microsoft Edge when he debugged his exploit on the fly and on the clock, succeeding on his third and final attempt. It followed a three-strike failure when Zhu opened the contest with an unsuccessful attempt to hack Safari, Apple’s default browser. “I put a lot of work into […]
The post Hackers beat Firefox and Safari to earn $105K at Pwn2Own appeared first on Cyberscoop.
Continue reading Hackers beat Firefox and Safari to earn $105K at Pwn2Own
Over the past year or so, there’s been an explosion of interest in vulnerability disclosure policy — the question of what to do about flaws in software found by security researchers that should be patched lest they get used by hackers to break into computer systems. Both the Defense Department and the General Services Administration have launched bug bounty programs to reward researchers who responsibly report security flaws they find, and the National Telecommunications and Information Administration’s multistakeholder process published a guide to coordinated vulnerability disclosure, or CVD. Even the Justice Department has gotten in on the act — putting out a set of legal guidelines for companies and other organizations interested in establishing a vulnerability reporting and fixing process. So you would think the publication of yet another set of guidance would be anti-climatic and might even be ignored. But you’d be wrong. The prestigious Software Engineering Institute at Carnegie Mellon University […]
The post This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly appeared first on Cyberscoop.
Veteran federal IT official Roberta G. “Bobbie” Stempfley will take over the Carnegie Mellon University Software Engineering Institute’s CERT Division, the oldest Computer Emergency Response Team in the world, SEI announced this week. “From my positions in government, I have come to know and respect the work done by the talented cybersecurity professionals at the SEI’s CERT Division,” said Stempfley in a release. “It is now my honor to lead this division, which, for nearly 30 years, has been at the forefront of our nation’s cyber defense. I look forward to working with this team.” Before coming to CERT, Stempfley was director of cyber strategy implementation at non-profit government technology contractor the MITRE Corp. She previously served as deputy assistant secretary and acting assistant secretary in the Office of Cyber Security and Communications for the Department of Homeland Security. Prior to that, Stempfley worked at the Pentagon as CIO of the Defense Information Systems Agency […]
The post Bobbie Stempfley will lead Carnegie Mellon CERT appeared first on Cyberscoop.
Continue reading Bobbie Stempfley will lead Carnegie Mellon CERT
Touch screens are great, but big touchscreens are expensive and irregular touchscreens are not easy to make at all. Electrik is a method developed by several researchers at Carnegie Mellon University that makes almost any solid object into a touch surface using tomography. The catch is that a conductive coating — in the form of conductive sheets, 3D plastic, or paint — is necessary. You can see a demonstration and many unique applications in the video below. They’ve even made a touch-sensitive brain out of Jell-O and a touchable snowman out of Play-Doh.
The concept is simple. Multiple electrodes surround …read more
Continue reading Everything’s a Touch Surface with Electrick