News

Alyce receives 2023 SOC2 attestation

For Immediate Release 23 August 2023 Alyce achieves critical information security milestone Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation, today announced that it has helped its client, Alyce, Inc., complete the Service Organization Control (SOC) 2 Type […]

H2O.ai receives SOC2 Type 2 report

For Immediate Release 27 July 2023 H2O.ai receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped H2O.ai., successfully complete the Service Organization Control (SOC) 2 Type 2 […]

H2O.ai receives SOC2 attestation

For Immediate Release 28 March 2023 H2O.ai receives a SOC 2 Type 1 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped H2O.ai., successfully complete the Service Organization Control (SOC) 2 Type 1 […]

Sense receives SOC2 attestation

For Immediate Release 24 February 2023 Sense receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped Sense Labs, Inc. (Sense) successfully complete the Service Organization Control (SOC) […]

Putting Undetectable Backdoors in Machine Learning Models

This is really interesting research from a few months ago:

Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key,” the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees…

Silverbills receives SOC2 Type 2 attestation

For Immediate Release 23 February 2023 Silverbills receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped Silverbills successfully complete the Service Organization Control (SOC) 2 Type 2 […]

Cyberwar Lessons from the War in Ukraine

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.”

Its conclusion:

Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others. But this is not the end of the road—the ability to provide cyber defense assistance will be important in the future. As a result, it is timely to assess how to provide organized, effective cyber defense assistance to safeguard the post-war order from potential aggressors…

A Device to Turn Traffic Lights Green

Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green.

As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data (or transmit it, with the right firmware in approved regions) on the same wireless frequencies as keyfobs and other devices. Most traffic preemption devices intended for emergency traffic redirection don’t actually transmit signals over RF. Instead, they use optical technology to beam infrared light from vehicles to static receivers mounted on traffic light poles…