Fresh Defense

After some investigation and casting about, I started to write a small C library for measuring entropy.

The libdisorder Web page has more.

The Working Group at CISSE that Sergey, Greg, and I ran on “The Hacker Curriculum” was fairly successful. We generated a lot of interest and arrived at a few important initiatives going forward:

1. The need to elucidate the principles of hacker curriculum. These principles are rarely written down, codified, or transformed into a formal program of study.
2. The need for a curated repository of intrusion defense, analysis, and recovery scenarios based on live-action data rather than canned network traces or traffic dumps.
3. The need to share success stories about how Hacker Curriculum Principles can be integrated into the standard CS curriculum or other creative mentoring, training, or outreach efforts like the Dartmouth CSI or the SISMAT program.

You can follow our progress (or join in the conversation) at the Hacker Curriculum Web site at:

hackercurriculum.org

which is also linked at the right side of the blog.

Sergey Bratus and I will be running a Working Group at CISSE 2009 in Seattle June 1, 2, and 3. The topic of the Working Group will be “Hacker Curriculum.” The topic grew out of our efforts to run the SISMAT seminar at Dartmouth College in 2008 and 2009, as well as Sergey’s various articles on the differences between a formal CS education and the self-education and community involvement undertaken by the hacker community.

Welcome to the blog at freshdefense.net!

We set up this site to have a way to share the information security tools we’ve been building over the past few years. A large subset of us do research on a variety of information security topics, from PKI to intrusion detection to operating systems security. Making the products of this bleeding-edge research available (particularly those created without funding support) for use to the wider public is sometimes challenging. This site is meant to serve as such an outlet for us. We also intend to post articles, opinions, and other missives on information security and privacy topics as time permits.