July 23, 2014

Exploring Autonomous System Numbers
“The classic definition of an Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol (IGP) and common metrics to determine how to route packets within the AS, and using an inter-AS routing protocol to determine how to route packets to other ASs. Since this classic definition was developed, it has become common for a single AS to use several IGPs and sometimes several sets of metrics within an AS. The use of the term Autonomous System here stresses the fact that, even when multiple IGPs and metrics are used, the administration of an AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it.”

Weak encryption enables attacker to change a victim’s password without being logged
To understand this vulnerability, let’s first take a look at the protocols behind Active Directory’s Single Sign On (SSO) authentication – NTLM and Kerberos. SSO is what allows users to provide their password only once even though they access various services – whether in the corporate network or in the Cloud. As mentioned, the underlying SSO authentication protocols are NTLM and Kerberos. NTLM is the older Windows’ authentication protocol which, although still enabled by default due to backward compatibility reasons, suffers from security issues and so has been superseded by the Kerberos protocol.

3 Risk Management Functions for Secure Cloud Governance
While risk formats have changed in the industry, business continuity is said to be affected with the ushering in of cloud model. The pressure on cloud service providers is increasing in terms of identifying and tracking new risks emerging out of this trend, which sometimes has an adverse impact on the business. Sethu Seetaraman, VP& Chief Risk Officer, Mphasis, says that risk management basics do not change with cloud....“As far as BCP/DR is concerned, the organisation owns BCP/DR in case of Infrastructure as a Service and Platform as a Service. Service providers will own BCP/DR in case of Software as a Service. You must build or take these services from the cloud service provider based on the availability risk,” avers Seetharaman.

Insurers Think Inside the (Black) Box
For most P&C insurers, a lack of underwriting profitability has been a long-standing problem. According to Insurance Services Office Ltd., insurers have posted net gains on underwriting for just 21 of the 113 quarters since the company began collecting quarterly data. And external factors, including persistently low interest rates, the glacial economic recovery and increasingly intense competition, over which insurers have little control, are exacerbating the profitability challenge. As a result, underwriting, due to its historically manual nature and its potential to increase profitability and reduce complexity, has for many insurers become a target for innovation.

Could health apps save your life? That depends on the FDA
The vast majority of the health apps you’ll find in Apple’s or Google’s app stores are harmless, like step counters and heart beat monitors. They’re non-clinical, non-actionable, and informational or motivational in nature. But the next wave of biometric devices and apps might go further, measuring things like real-time blood pressure, blood glucose, and oxygen levels. You’ll begin to see these more advanced biometrics as we move from single-purpose fitness trackers like FitBit to more all-purpose devices like Apple’s upcoming “iWatch.” Some have wondered if the FDA, in its current form, is up to the task of regulating these increasingly sophisticated devices and apps.

BGP Best Path Selection Algorithm
Border Gateway Protocol (BGP) routers typically receive multiple paths to the same destination. The BGP best path algorithm decides which is the best path to install in the IP routing table and to use for traffic forwarding. ... Assume that all paths that a router receives for a particular prefix are arranged in a list. The list is similar to the output of the show ip bgp longer-prefixes command. In this case, some paths are not considered as candidates for the best path. Such paths typically do not have the valid flag in the output of the show ip bgp longer-prefixes command.

5 Ways To Truly Change Your Management Style
As is with each stroke of an artist’s brush, every management decision, every corporate downsizing and every improvement initiative reveals something about the culture executives are creating. Since information travels quickly, the impact from these actions is felt more rapidly than ever before. ... If you’re wondering what you can do to change things up – and improve – read on. We’ve identified the root causes of five typical management failures that erode throughput rates, operating expenses and employee engagement levels. Each of the problems is an opportunity to mend your organization’s health and increase cash flow. Fail to recognize these signs, however, and employee’s innovative capabilities, creativity and purpose will be stifled.

eBook: Android Programming Succinctly
In Android Programming Succinctly, Ryan Hodson provides a useful overview of the Android application lifecycle. Topics ranging from creating a UI to adding widgets and embedding fragments are covered, and he provides plenty of links to Android documentation along the way. Each chapter is conveniently summarized to ensure you get the most out of reading the book, and summaries include helpful suggestions for expanding your abilities in this growing app market.

Small cell device tech set to connect workplace Wi-Fi with 3G and LTE
Day predicts that Cisco's early success with MicroCells will be followed by an explosion in small cell sales over the next 12 months, as the company starts focusing on bringing the technology to indoor workplaces. Specifically, Cisco wants to connect 3G and LTE cellular networks to Wi-Fi access points that are already widely deployed in enterprise facilities. The networking giant proposes to primarily deploy small, low-cost devices called Universal Small Cells that can be clipped on to Cisco's Aironet 3600 and 3700 Wi-Fi access points (see photo).

Architecting for the Cloud: Best Practices
There are some clear benefits to building apps in the cloud: A scalable infrastructure, should your app suddenly go viral Almost zero upfront infrastructure investment Reduced time to market But in today’s “era of tera”, software architects need to cope with ever-growing datasets, unpredictable traffic patterns, and the demand for faster response times. This paper focuses in on concepts, principles and best practices in creating new cloud applications or migrating existing apps to the cloud. Discover how concepts such as elasticity have emerged due to the cloud’s dynamic nature.

Quote for the day:

"Executive ability is deciding quickly and getting somebody else to do the work." -- John G. Pollard

July 22, 2014

Backup your data now: New, more powerful ransomware using Tor spotted in the wild
Critoni “seems to be a strong, well thought piece of malware,” according to French security researcher "Kafeine," who has a good write-up and several screenshots. Kafeine reported that Critoni can be delivered by the Angler exploit kit, but attackers using different vectors have also been spotted in the wild. Basically that means this is not a one-size-fits-all attack; there is not just one way to end up getting infected. “Early detection is not possible,” according to the advertised list of “pros.”

RSA's security utopia requires China, US to be friends
RSA Executive Chairman Art Coviello urged the need for greater cooperation between nations and establish national and global policies that are appropriate for the current interdependent economy. He noted that while most governments and businesses recognize the world is more connected today than ever, they continue to behave as if they are not.  "We haven't really advanced that much in our thinking beyond where we were 100 years ago in the run-up to World War I. We pretend that geography, national identity, and incorporation are still the most meaningful dividing lines, ignoring the fact that the digital world has blurred those lines beyond recognition," Coviello said.

Whitepaper - Creating a Data Quality Strategy
In the 21st century, the majority of data managers and consumers understand the importance of accurate robust data. We know that our data warehouses, CRM systems, ERP systems, and business intelligence reports are compromised if the data we feed them is suspect. To realize the full benefits of their investments in enterprise computing systems, organizations must have a plan how to monitor, cleanse, and maintain their data in a quantified state.

7 considerations when moving on-premise software to cloud
To cloud or not to cloud is the question that many software vendors are currently facing. Should they continue to offer their software as on-premise or move to a cloud-based model? A move to cloud computing is a win-win scenario for cloud vendor and customers alike. As a cloud vendor, you get to benefit from the economies of scale, while your customer gets to benefit from additional capabilities that cloud brings at a lower cost of shared infrastructure. ... When you’ve made up your mind to migrate on-premise Software business to cloud based model, below are some key focus areas and challenges that you should consider:

Top 10 worst big data practices
The idea of the data lake is being sold by vendors to substitute for real use cases. (It’s also a way to escape the constraints of departmental funding.) The data-lake approach can be valid, but you should have actual use cases in mind. It isn’t hard to come up them in most midsize to large enterprises. Start by reviewing when someone last said, “No, we can’t, because the database can’t handle it.” Then move on to “duh.” For instance, “business development” isn’t supposed to be just a titular promotion for your top salesperson; it’s supposed to mean something.

The BYOD Revolution: A Dream of Efficiency or a Security Nightmare?
"Bring your own device" phenomenon is becoming more and more prevalent in IT today. Employees tend to use their own devices whether IT departments allow or know about it or not. So what do you need to know to keep up with this trend? In this webinar, hear a panel of experts discuss how BYOD is transforming the workplace and its benefits in improving efficiency and productivity of your business as well as discover the security concerns to look out for like data breaches, mobile malware and hacking.

A Tough Corporate Job Asks One Question: Can You Hack It?
Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones. They must be skilled in crisis management and communications, and expert in the most sophisticated technology, though they have come to learn the hard way that even the shiniest new security mousetraps are not foolproof.

Stealthy Web tracking tools pose increasing privacy risks to users
"The tracking mechanisms we study are advanced in that they are hard to control, hard to detect and resilient to blocking or removing," they wrote. Although the tracking methods have been known about for some time, the researchers showed how the methods are increasingly being used on top-tier, highly trafficked websites. One of the techniques, called canvas fingerprinting, involves using a Web browser's canvas API to draw an invisible image and extract a "fingerprint" of a person's computer.

Leadership Caffeine—In Praise of Mistakes Made for the Right Reasons
Remember, character always gets a positive vote. After a certain age, character is formed and nothing you can do will alter someone’s core character. You cannot change someone. Assess character carefully. Look for behavioral examples around values, and if the view is dissonant, it’s a non-starter. Passion and desire are powerful reasons to take a chance on someone, even if others around you suggest this person isn’t right for a role. I like betting on the underdog if I’ve done my homework on the individual. Taking chances on people who show that extra spark is part of the essence of leadership. Much like character, you cannot teach passion, you can only help it emerge.

Unusual Ways to Create a Mobile App
RoboVM is a new open-source project with the ambition to solve this problem without compromising on neither developer nor app-user experience. The goal of the RoboVM project is to bring Java and other JVM languages, such as Scala, Clojure and Kotlin, to iOS devices. Unlike other similar tools, RoboVM doesn’t impose any restrictions on the Java platform features accessible to the developer, such as reflection or file I/O, and lets the developer reuse the vast ecosystem of Java 3rd party libraries. It is also unique in allowing the developer to access the full native iOS APIs through a Java to Objective-C bridge.

Quote for the day:

"Our character is what we do when we think no one is looking." -- H. Jackson Brown Jr.

July 21, 2014

Translating network policy in SDN isn't a one-protocol show
It's better to define how a three-tiered web application is designed, enabling the middle-tier app server to talk to the web servers and the back-end database tier, but to prevent the web servers from talking directly to the database tier. In that scenario, an imperative model would have required specific definitions of ACLs, which would be defined specifically for the infrastructure in the deployment -- i.e. switch commands using IOS or NX-OS -- which only makes sense for the network administrators and is a notion that's distant from the concerns of the application owners and architects.

Forensic scientist identifies suspicious 'back doors' running on every iOS device
Zdziarski, better known as the hacker "NerveGas" in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is the author of five iOS-related O’Reilly books including "Hacking and Securing iOS Applications." In December 2013, an NSA program dubbed DROPOUTJEEP was reveled by security researcher Jacob Appelbaum that reportedly gave the agency almost complete access to the iPhone. The leaked document, dated 2008, noted that the malware required "implant via close access methods" but ominously noted that "a remote installation capability will be pursued for a future release."

Julia King: We're all data scientists now
"As front-line workers have their capabilities augmented by digital technologies, they are emboldened to make informed, real-time decisions and encouraged to become more engaged with the organization," notes a recent report by McKinsey Global Institute. But these workers must know how to deal with all of the data coming their way if it's to yield the flabbergasting productivity gains McKinsey predicts. In the manufacturing sector alone, the business consultancy maintains that big data and analytics can yield improvements in production, supply chain and R&D amounting to something between $125 billion and $270 billion.

Our Cloud Disaster Recovery Story
We took the "small jump, medium jump, high jump" approach. In this case, we deployed one low-risk server using the startup vendor's methodology. Then we moved to one mid-risk server. Then a mid-risk n-tier application. Armageddon didn't ensue. In terms of permission, our IT organization has earned credibility with other business units in our city. We offer a high level of uptime. If we screw up, we admit it and communicate about it. Although we must enforce policy, we aren't the No Police. And we recognize that we aren’t the owners of systems; we're the custodians.

Data integration as a business opportunity
A significant fraction of IT professional services industry revenue comes from data integration. But as a software business, data integration has been more problematic. Informatica, the largest independent data integration software vendor, does $1 billion in revenue. INFA’s enterprise value (market capitalization after adjusting for cash and debt) is $3 billion, which puts it way short of other category leaders such as VMware, and even sits behind Tableau.* When I talk with data integration startups, I ask questions such as “What fraction of Informatica’s revenue are you shooting for?” and, as a follow-up, “Why would that be grounds for excitement?”

13 ways to optimize your Android smartphone
Listen up, Android users: It's time for a smartphone tuneup. Don't get me wrong, most Android devices work fine out of the box. But with a few minutes of manipulation and a few helpful apps, you can optimize your phone to make it more powerful, useful, and efficient. Isn't that what technology's all about? Let's get to it, then. Here are 13 quick tweaks that'll improve your Android experience.

Chinese hackers break into US federal government employee database
Speaking at a news conference in Beijing Thursday, Kerry said of the breach, “At this point in time, it does not appear to have compromised any sensitive material.” But he also condemned China’s cyber spying in unusually harsh language, saying it “harmed our business and threatened our nation's competitiveness." Department of Homeland Security officials confirmed that they were aware of an attempt to hack into the Office of Personnel Management (OPM), which houses the personnel files of federal employees, including those applying for top-security clearance.

Why Bankers will Rely More on ‘Tablet Banking’
Tablets used today to help a customer get an experience – saves time by up to 10 folds. Those are going to grow up in popularity, and people will begin to trust them as a main form of communication. So in future, customers will interact with their banks seamlessly with tablets without a lag. Intel is strengthening its tablet market – focusing on industry verticals like banking, financial services and insurance, education etc. For that, Intel may soon, in partnership with various OEMs, offer these tablets across those industry verticals. Tablet banking allows for great user experience, especially with the rich interface tablets offer, which is nearly unlimited.

Government-grade malware in hacker hands
Gyges was discovered in March this year by Sentinel Labs Research Lab, as detailed within the company's latest intelligence report (.PDF). According to the report, the malware probably originated from Russia, and "is virtually invisible and capable of operating undetected for long periods of time." "It comes to us as no surprise that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands," Sentinel Labs states. "Gyges is an early example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime."

Why is SaaS testing harder than traditional testing?
SaaS testing tends to require executing a greater number of test types. Service-level agreement (SLA) adherence, failover/disaster recovery and deployment are examples of SaaS tests that are typically not part of traditional Web application testing. These may be tested in standard Web applications, but they generally are not deemed critical. In SaaS, SLA adherence is required in order to avoid business disruption. Failover and disaster recovery are essential in order to verify the SaaS is solid and responds appropriately if a release or server fails.

Quote for the day:

"Really great people make you feel that you, too, can become great" -- Mark Twain