NIST
Latest
The US government wants to label secure IoT devices with a 'Cyber Trust Mark'
It could label qualifying items like smart fridges.
US calls upon volunteer experts to help address generative AI risks
The National Institute of Standards and Technology (NIST) is launching a public working group for AI technologies that can generate content, including text, images, videos, music and code.
An algorithm can use WiFi signal changes to help identify breathing issues
NIST scientists developed an algorithm called BreatheSmart, which can analyze changes in WiFi signals. It correctly identified simulated breathing conditions 99.54 percent of the time.
Quantum drums could lead to more powerful computer networks
Scientists have built quantum-entangled drums whose synced beats could help create more powerful computer networks.
Biden signs cybersecurity executive order in the wake of pipeline shutdown
A new executive order from the White House is supposed to help prevent future incidents like the Colonial Pipeline ransomware attack.
Federal study shows face recognition accuracy varies by gender and race
Researchers have studied the potential for bias in facial recognition algorithms before, but now it's the US government's turn to weigh in. The National Institute of Standards and Technology has published a study indicating "demographic differentials" in the majority of the facial recognition algorithms it tested. The report, which examined both one-to-one matching (such as verifying a passport photo) and one-to-many matching (looking for criminals in a crowd), saw noticeable surges in false positives based on gender, age and racial background -- but cautioned against this representing definitive proof of systemic bias.
Ever quietly trained facial recognition AI using its photo storage app
Ever, a free photo storage app, has been using the billions of photos and videos uploaded by its users to train a facial recognition tool it plans on selling to private companies and the U.S. government. Users who rely on the app's facial recognition to tag friends or group together photos are unknowingly helping its algorithm learn to identify faces, NBC reported today.
Congress passes data security bill for small businesses
The US government doesn't have the strongest cybersecurity policy right now, but there's at least some progress on that front beyond what's happening at security agencies. The US Senate has passed its version of the NIST Small Business Cybersecurity Act, clearing the way for the bill to become law if and when the President signs it. The bipartisan measure promises smaller companies a consistent, relevant and universal set of NIST-based guidance and resources for protecting their data against online threats.
The man who put us through password hell regrets everything
If you rue the inevitable day when IT makes you change your password, you're not alone. It is incredibly frustrating to constantly think of new passwords with a capital letter, a special character and numbers that isn't a variation on your old password. And it turns out that we're pretty bad at it, which is why the man responsible for the password hell we've been in this past decade has recanted his recommendations.
Obama's got a new cybersecurity plan, but what's the point?
There's been a lot of hot air blown across headlines this week about the big cybersecurity plan proposed by the White House's Commission on Enhancing National Cybersecurity (PDF). The plan for a commission to create long-term recommendations on beefing up America's cybersecurity was first hatched in April. It's a roadmap that should've been plotted many years ago, and is now being regifted to the next administration. Which may or may not use it for toilet paper.
Cybersecurity commission calls for increased investment and innovation
In April, President Obama officially formed the The Commission on Enhancing National Cybersecurity to examine the country's electronic vulnerabilities in the wake of high-profile hacks like that of the Office of Personnel Management in 2015. Today that commission finally wrapped up its duties and delivered a comprehensive report to the President (and the public) identifying areas of weakness and offering concrete steps to improve.
SMS two-factor authentication isn't being banned
Another week gone by, and the place is in cybersecurity shambles again. A years' old hacking issue, unencrypted wireless keyboards, being featured in an upcoming Defcon talk mystifyingly became a hot new Internet of Things threat. Obama gave us a colorful "threat level" cyber-thermometer that no one's really sure what to do with. Ransomware is hitting hospitals like there's a fire sale on money. And the DNC-Wikileaks email debacle exploded, splattering blame all over Russia.
US government agency calls for the end of SMS authentication
The US agency that sets guidelines and rules in cryptography and security matters is discouraging the use of text messaging in two-factor authentication. In the latest draft of its Digital Authentication Guideline, the National Institute of Standards and Technology (NIST) states that "[out of band authentication] using SMS is deprecated, and will no longer be allowed in future releases of this guidance." Out of band authentication means utilising a second device to verify your identity.
FBI is building a tattoo tracking AI to identify criminals
AI-powered image recognition is all the rage these days, but it could have a sinister side too. Since 2014, the National Institute of Standards and Technology started working with the FBI to develop better automated tattoo recognition tech, according to a study by the Electronic Frontier Foundation. The idea here is to basically develop profiles of people based on their body art. The EFF says that because tattoos are a form of speech, "any attempt to identify, profile, sort or link people based on their ink raises significant First Amendment questions."
Scientists shatter distance record for teleporting quantum data
Quantum teleportation, the act of reconstructing quantum data somewhere else, is impressive just by itself. However, scientists at the US' National Institute of Standards and Technology have managed to one-up that feat. They've broken the distance record for quantum teleportation by transferring the information from one photon to another across 63 miles of optical fiber. That may not sound like much, but it's an achievement just to beam that data in the first place -- 99 percent of photons would never make the complete trip. It was only possible thanks to newer detectors that could pick up the faint signal of the lone light particle.
NSA wants encryption that fends off quantum computing hacks
The National Security Agency isn't just yearning for quantum computers that can break tough encryption -- it wants encryption that can protect against quantum computers, too. Officials have begun planning a transition to "quantum resistant" encryption that can't be cracked as quickly as conventional algorithms. As the NSA explains, even a seemingly exotic technique like elliptic curve cryptography "is not the long term solution" people thought it was. Quantum computing is advancing quickly enough that the NSA and other organizations could find themselves extremely vulnerable if they're not completely ready when the technology becomes a practical reality.
Tougher encryption guidelines close a back door for NSA spies
The US' National Institute of Standards and Technology is more than a little worried that its encryption guideilnes have been creating back doors for spies, and it's changing its tune in order to plug those security holes. The agency is no longer recommending an NSA-backed number randomization technique that made it relatively easy to crack and monitor encrypted data. In theory, software developers who heed the new advice won't have to worry that they're laying down a welcome mat for government surveillance agents. NIST's revision won't do much to help privacy-conscious companies (they've already moved on to tougher safeguards), and it certainly isn't an iron-clad defense against hacks. However, it could still make a big difference if it prevents less-informed organizations from repeating some big mistakes. [Image credit: Sam Dal Monte, Flickr]
Platinum 'nano-raspberries' may hold the key to methanol fuel cells
Could our future cars be powered by methanol fuel cells, rather than gasoline engines or electric batteries? Perhaps. The National Institute of Science and Technology (NIST) is making the oil alternative more viable by developing a fast, simple way of producing platinum "nano-raspberries," which contain tiny clusters of nanoparticles. Each tiny piece of matter, measuring between 1 and 100 nanometers, acts as a catalyst inside fuel cells to help convert liquid methanol into electricity. The clusters are called nano-raspberries because of their fruit-like shape, and they're particularly effective due to their high surface area.
Governments want to get rid of passwords, too
It's not just giant tech companies that want to put an end to passwords. Both the US' National Institute of Standards and Technology and the UK's Office of the Cabinet have become the first government bodies to join the FIDO Alliance, giving them a direct say in building more secure (and more universal) sign-in systems. Given how often governments depend on fingerprinting, smart cards and other physical identification methods, the move makes a lot of sense -- they want to encourage security measures that make it tougher for hackers to swipe sensitive data. It'll be a while before you see the influence of these new partners, but you may well be using government-grade ID to access your PC or phone in the future. [Image credit: Shutterstock/Pedro Miguel Sousa]
US wants future first responders to be more high-tech
The folks that might one day save your ass still rely on '50s-era radio technology (with some exceptions), and the US Commerce Department wants that to change. Its National Institute of Standards and Technology (NIST) division has just created a roadmap for how first responders can exploit technology over the next 20 years. The prime target is indoor location tech, which would help emergency crews find bad guys and victims alike in complex structures. There's no standard for indoor GPS, however, so NIST would like to get some kind of industry consensus on it and incorporate 3D visualization, enhanced precision and other features.
