Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software

Using multiple GPUs to accelerate string searching for digital forensic analysis

String searching within a large corpus of data is an important component of digital forensic (DF) analysis techniques such as file carving. The continuing increase in capacity of consumer storage devices requires corresponding im-provements to the performance of string searching techniques. As string search-ing is a trivially-parallelisable problem, GPGPU approaches are a natural fit – but previous studies have found that local storage presents an insurmountable performance bottleneck. We show that this need not be the case with modern hardware, and demonstrate substantial performance improvements from the use of single and multiple GPUs when searching for strings within a typical forensic disk image

Incorrect applicaton and interpretation of socio-economic factors in environmental impact assessments in South African Law

Environmental Impact Assessments ("EIA") have been regulated for the last 12 years in South Africa, initially through the Environment Conservation Act 1989, and since 2006 through the National Environmental Management Act 1998 ("NEMA"). The former applied the standard of "substantial detrimental effect" to the environment in determining whether an authorisation should be granted. NEMA requires the authority to take into account environmental management principles. These principles inter alia require that development must be socially, environmentally and economically sustainable. This is also known as sustainable development ("SD"). Administrative officials tasked with considering EIAs have been given legislative direction with respect to the environmental issues which need to be assessed. They have been given no direction on how to assess socioeconomic issues. Notwithstanding this there have been an increasing number of decisions based on socio-economic factors, notwithstanding that the environmental impacts have been determined to be acceptable. In Fuel Retailers Association of South Africa v Director-General: Environmental Management, Department of Agriculture, Conservation and Environment, Mpumalanga Province and Others the Constitutional court held that SD must be applied by environmental authorities when they consider applications for EIA authorisation. However a careful analysis of NEMA and the Constitution of the Republic of South Africa, 1996, highlight that our administrators and courts have adopted a one dimensional and ultimately inaccurate interpretation of the application of SD. This is prejudicing the fulfilment of the objective of EIA, namely the determination of the acceptability of a project's environmental impacts. Whilst SD does have a role to play in the EIA process it is more defined, and does not take the central role the Constitutional Court has indicated. The aim of is to determine whether there are adverse impacts associated with a project. If there are, then ordinarily authorisation should be refused. However the authorities are enjoined to go a step further. They must determine whether the identified adverse impacts can be satisfactorily mitigated, and whether any positive socio-economic factors would accrue Page (iii) should the project be authorised. If both are answered in the affirmative, then a positive decision is appropriate. This is the balance which NEMA calls for, and this is the correct application of SD in an EIA. The broader application of SD espoused by the Constitutional Court is achieved not through the environmental authorities in the EIA process alone, but through the constitutional principle of cooperative governance. All authorities with an interest in a particular project must apply the principle of SD within the scope of their administrative functions. The environmental authorities consider the environmental impacts, the planning authorities consider the socio-economic impacts, the agricultural authorities determine the project's impacts on agricultural land, etc. The outcome of their individual decisions can then collectively be assessed to determine whether a project is sustainable or not. There are various measures which can be employed to address the interpretational deficiency which has now manifested. These include improving cooperative governance principles and practices in decisionmaking; undertaking strategic environmental assessments; and a dedicated Sustainable Development Act.Dissertation (LLM)--University of Pretoria, 2011.Centre for Human Rightsunrestricte

Dogslife: A web-based longitudinal study of Labrador Retriever health in the UK

<p>Abstract</p> <p>Background</p> <p>Dogslife is the first large-scale internet-based longitudinal study of canine health. The study has been designed to examine how environmental and genetic factors influence the health and development of a birth cohort of UK-based pedigree Labrador Retrievers.</p> <p>Results</p> <p>In the first 12 months of the study 1,407 Kennel Club (KC) registered eligible dogs were recruited, at a mean age of 119 days of age (SD 69 days, range 3 days – 504 days). Recruitment rates varied depending upon the study team’s ability to contact owners. Where owners authorised the provision of contact details 8.4% of dogs were recruited compared to 1.3% where no direct contact was possible. The proportion of dogs recruited was higher for owners who transferred the registration of their puppy from the breeder to themselves with the KC, and for owners who were sent an e-mail or postcard requesting participation in the project. Compliance with monthly updates was highly variable. For the 280 dogs that were aged 400 days or more on the 30^th June 2011, we estimated between 39% and 45% of owners were still actively involved in the project. Initial evaluation suggests that the cohort is representative of the general population of the KC registered Labrador Retrievers eligible to enrol with the project. Clinical signs of illnesses were reported in 44.3% of Labrador Retrievers registered with Dogslife (median age of first illness 138 days), although only 44.1% of these resulted in a veterinary presentation (median age 316 days).</p> <p>Conclusions</p> <p>The web-based platform has enabled the recruitment of a representative population of KC registered Labrador Retrievers, providing the first large-scale longitudinal population-based study of dog health. The use of multiple different methods (e-mail, post and telephone) of contact with dog owners was essential to maximise recruitment and retention of the cohort.</p

West Nile Virus Encephalitis in a Barbary Macaque (Macaca sylvanus)

An aged Barbary ape (Macaca sylvanus) at the Toronto Zoo became infected with naturally acquired West Nile virus (WNV) encephalitis that caused neurologic signs, which, associated with other medical problems, led to euthanasia. The diagnosis was based on immunohistochemical assay of brain lesions, reverse transcriptase–polymerase chain reaction, and virus isolation

Systematic Review of the Relationships Between Objectively Measured Physical Activity and Health Indicators in School-Aged Children and Youth

Moderate-to-vigorous physical activity (MVPA) is essential for disease prevention and health promotion. Emerging evidence suggests other intensities of physical activity (PA), including light-intensity activity (LPA), may also be important, but there has been no rigorous evaluation of the evidence. The purpose of this systematic review was to examine the relationships between objectively measured PA (total and all intensities) and health indicators in school-aged children and youth. Online databases were searched for peer-reviewed studies that met the a priori inclusion criteria: population (apparently healthy, aged 5–17 years), intervention/exposure/comparator (volumes, durations, frequencies, intensities, and patterns of objectively measured PA), and outcome (body composition, cardiometabolic biomarkers, physical fitness, behavioural conduct/pro-social behaviour, cognition/academic achievement, quality of life/well-being, harms, bone health, motor skill development, psychological distress, self-esteem). Heterogeneity among studies precluded meta-analyses; narrative synthesis was conducted. A total of 162 studies were included (204 171 participants from 31 countries). Overall, total PA was favourably associated with physical, psychological/social, and cognitive health indicators. Relationships were more consistent and robust for higher (e.g., MVPA) versus lower (e.g., LPA) intensity PA. All patterns of activity (sporadic, bouts, continuous) provided benefit. LPA was favourably associated with cardiometabolic biomarkers; data were scarce for other outcomes. These findings continue to support the importance of at least 60 min/day of MVPA for disease prevention and health promotion in children and youth, but also highlight the potential benefits of LPA and total PA. All intensities of PA should be considered in future work aimed at better elucidating the health benefits of PA in children and youth

Refined localization of TSC1 by combined analysis of 9q34 and 16pl3 data in 14 tuberous sclerosis families

Tuberous sclerosis (TSC) is a heterogeneous trait. Since 1990, linkage studies have yielded putative TSC loci on chromosomes 9, 11, 12 and 16. Our current analysis, performed on 14 Dutch and British families, reveals only evidence for loci on chromosome 9q34 (TSC1) and chromosome 16p13 (TSC2). We have found no indication for a third locus for TSC, linked or unlinked to either of these chromosomal regions. The majority of our families shows linkage to chromosome 9. We have refined the candidate region for TSC1 to a region of approximately 5 c M between ABL and ABO