Up Times
Regarding the common physics-class experiment of designing ways to keep dropped eggs from breaking, it was formerly thought: drop an egg vertically to keep it intact. But MIT professor Tal Cohen’s research showed, in fact, a horizontal orientation protects better.
In breaking news – It turns out not to be the hardness of the shell that keeps the dropped egg together, but more the way it’s geometry distributes the impact.
It reminded me of protecting an organization. Like that falling egg, cyber-attack survival depends on how well the defenses distribute the impact. Put another way, can you just buy the hardest individual tools and get protection?
One of the common examples is investing in a powerful firewall and then giving it relaxed permissions. Set up this way, the firewall will report in its logs that it is blocking unwanted traffic. Comforting. The firewall will not think to alert about what doesn’t challenge the rules it’s been set up with. The firewall is working well. But that doesn’t mean intruders aren’t just walking in the doors that have inadvertently been left open – the firewall’s setup is not working.
Bryley exists to serve its clients needs. That means from our point-of-view defense is not a one-size-fits-all, off-the-shelf tool or solution. It’s about understanding the uniqueness of an organization.
Bryley assesses how attacks would most likely hit a specific environment. Bryley then designs a security configuration in which tools work together to shield those critical impact points.
We’ve found – like the geometry of an eggshell – the best security investment is a system that allows threats to be dispersed and their impact minimized.
Session hijacking works like movie-ticket theft: once a session is stolen, attackers gain admission to your organization’s network.
Huntress ITDR in action
How Bryley stopped a session-hijacking attack
Not all cybersecurity tools are equal – and there are a lot, so Bryley evaluates potential partners to offer an effective mix of security and value. This evaluation process helps us identify partners who provide reliable performance and whose products integrate well with our existing solutions.
We’re excited about the analysis and alerts that our partner Huntress’ Identity Threat Detection and Response (ITDR) has provided us. With several Bryley clients’ systems the ITDR has shown itself to be an invaluable tool … [5 min. read] Continue Reading >
An Atlantic Puffin is hard to find – much like an organization that has not been hit with a cyberattack.
Data security techniques that are needed for business continuity
An accountancy thought their daily backups were protecting their data. They thought encryption was protecting their data.
But weeks ago their office manager clicked a malicious link in an email. And nobody ever knew about it. Operations just continued as normal.
Until they didn’t … [6 min. read] Continue Reading >
Beware the buffaloing
Our AI sins
As observed by MIT robotics professor Rodney Brooks
When an AI system performs a task, human observers immediately estimate its general competence in areas that seem related. Usually that estimate is wildly overinflated, goes roboticist Rodney Brooks’ first law of AI.
People tend not to pay too much attention to the details of the now-ubiquitous AI agents – except if we’re trying to get past a NEW! AI attendant: then it’s frustratingly easy to see chatbots are thick as goose grease. We see or hear language gushing out and extrapolate from this that there is some understanding in there.
Secondly, Brooks offers, overhype [comes from our] “indistinguishable from magic” sin. Arthur C. Clarke said that “any sufficiently advanced technology is indistinguishable from magic”. He meant that if technology is very much advanced from what you are used to, you no longer have a mental model of [what] that technology can and cannot do and so can’t know its limitations. Again, this is what happens with generative AI, as it can perform amazingly well, and so people do not understand its limitations, partly because they keep forgetting how it works, enthralled instead by the spectacular results in generating great language … [8 min. read] rodneybrooks.com
Who needs a key?
Taking security sillily
Math comedian Matt Parker spoke at the Harvard Bookstore via Zoom about, among other topics, a collection of not so secure approaches to security – like the lock shown.
Come across things that give the appearance of security while accomplishing little else? [1 hr. watch] youtube.com
Now you see it …
Follow the money
And, according to Bryley partner Barracuda, you can normally trace even bitcoin pretty well.
As Jonathan Lusthaus’ research shows, Russia often shields ransomware criminals from prosecution, still the criminals need to stay smart about how they collect their payments (for example, sometimes operations are disrupted as a gesture in negotiations with foreign governments).
Barracuda’s Andrew Sanders shows (with fake names) how they get away with it: each user empties their cryptocurrency wallet into [a cryptocurrency] tumbler. The tumbler swaps Alice’s money with Bob’s money and then swaps Bob’s money with Charlie’s money. When Alice gets her money back – minus a small fee that goes to the tumbler – the currency she receives doesn’t contain any of the money that she started out with. In real life, this process is scaled across thousands of users and repeated hundreds of times. This makes it very difficult to determine the origin of stolen funds … [10 min. read] barracuda.com
Getting PhD’s to tune up the old AI for specific tasks.
AI state
Georgetown math professor Cal Newport gives a great hype-free look at what’s going on with AI at this point. The biggest development, is not that we’re getting close to intelligence, but that the models are being hyper-trained in specific areas.
Say, for example, you want to make a model that is particularly good at math. You pay a bunch of math PhDs $100 an hour to come up with a lot of math problems with step-by-step solutions. You then take an existing model, like GPT-4, and feed it these problems one-by-one, using reinforcement learning techniques to tell it exactly where it’s getting certain steps in its answers right or wrong. Over time, this tuned model will get better at solving this specific type of problem.
This technique is why OpenAI is now releasing multiple, confusingly-named models, each seemingly optimized for different specialties. These are the result of distinct tunings. They would have preferred, of course, to simply produce a GPT-5 model that could do well on all of these tasks, but that hasn’t worked out as they hoped.
I once said that the real Turing Test for our current age is an AI system that can successfully empty my email inbox, a goal that requires the mastery of any number of complicated tasks. Unfortunately for all of us, this is not a test we’re poised to see passed any time soon … [12 min. read] calnewport.com
Cozying up to Alphabet
Google Gemini for kids under 13
Adults are only barely getting a handle on it – and so easily forget that it is just a next-word predictor. And now Google is rolling out its chatbot to young kids.
Researcher Lisa Given: My research team has recently examined a range of AI chatbots, such as ChatGPT, Replika, and Tessa. We found these systems mirror people’s interactions based on the many unwritten rules that govern social behaviour – or, what are known as “feeling rules”. These rules are what lead us to say “thank you” when someone holds the door open for us, or “I’m sorry!” when you bump into someone on the street.
By mimicking these and other social niceties, these systems are designed to gain our trust.
These human-like interactions will be confusing, and potentially risky, for young children. They may believe content can be trusted, even when the chatbot is responding with fake information. And, they may believe they are engaging with a real person, rather than a machine. I’d like to know what you think. [5 min. read] theconversation.com
Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Get Up Times, useful tech news by New Englanders in Your In-Box
- Subscribe to Up Times, the monthly New England-centric technology newsletter.
- Up Times covers:
-
- Trends in New England tech
- Security tips you can implement now
- Updates on regional and national laws and compliancies
- IT-related developments
- Networking and cybersecurity challenges New England business managers are facing
- In continuous publication since 2000, Up Times arrives monthly in your email box.
Sign up for Up Times to have tech news and tips delivered monthly via email
Central MA Office
200 Union Street Clinton, MA 01510
Existing Customers
Sales Inquiries
© Copyright 2025 Bryley Systems Inc. All Rights Reserved. Website in partnership with Tech Pro Marketing. | Privacy Policy | Accessibility Statement