July 26, 2016

In Rejecting Bitcoin as Money, Florida Court Sets Likely Precedent

"Nothing in our frame of reference allows us to accurately define or describe bitcoin," she wrote. She goes on to write that the digital currency "may have some attributes in common with what we commonly refer to as money" before going on to highlight its distributed nature, price volatility and adoption by merchants as characteristics that differentiate it from other kinds of currency. "This court is not an expert in economics, however, it is very clear, even to someone with limited knowledge in the area, that bitcoin has a long way to go before it is the equivalent of money," she wrote. Pooler noted in her ruling that the state could move, via legislative action, to craft a specific legal definition for bitcoin – a move she indicated could prevent further cases like this from potentially impacting otherwise innocent people.

How To Keep IT Moving At The Speed Of Business

To meet business-leader expectations for speed, CIOs must move beyond these approaches and equip their teams to be adaptive. In adaptive IT organizations, the entire team collaborates, flexes, and applies judgment based on context. The result is faster clock speed -- the end-to-end pace at which IT understands business needs, decides how to support those needs, and responds by delivering capabilities that create value. Our IT Clock Speed Survey revealed that 17 of the top 20 opportunities to accelerate IT speed occur in the early stages of a project, before any development activities. The opportunities include activities such as approving project plans, negotiating with vendors, and estimating the project costs and effort. Taking advantage of the top 20 acceleration opportunities (by employing the tactics suggested in the article) can cut up to five weeks from a six-month project.

If Financial Systems Were Hacked - Joker In The Pack

Financial institutions have endless virtual doors that could be used to trespass, but one of the easiest to force is still the front door. By getting someone who works at an FMI or a partner company to click on a corrupt link through a “phishing” attack (an attempt to get hold of sensitive information by masquerading as someone trustworthy), or stealing their credentials when they use public Wi-Fi, hackers can impersonate them and install malware to watch over employees’ shoulders and see how the institution’s system functions. This happened in the Carbanak case: hackers installed a “RAT” (remote-access tool) to make videos of employees’ computers.

Russia is on the verge of a ‘major breakthrough’ in artificial intelligence

In the last half-century, since the notion of AI was officially coined, the term has created some buzz but has not fulfilled the hype, according to Samsonovich. “A major breakthrough was expected to happen from year to year, but it did not,” he told Digital Trends. “As a result, the idea was discredited. There are reasons to think that now we are really close to the breakthrough, as never before. And as an indirect evidence, the last few years showed rapid exponential progress in AI research, in terms of the number of publications as well as the money invested by governments and companies.” ... “Today’s obstacles are mainly limited to psychological barriers,” he said. “We already have the necessary hardware and most of the necessary theoretical foundations. Still, people tend to think within the limits of popular paradigms, or not to think at all

So you want to be a security researcher?

Security research isn’t only fun, it provides a way to potentially discover new things, or even help put misconceptions to rest, help improve the security of a software application or device, and raise security awareness. But, as Hay made clear during his talk, there’s more to consider and lot more work to be done than running a fuzzer against an app, and that there are important choices to be made before diving in. Hay laid out everything anyone who would be interested in trying their hand at security research would need to know before they get started. Hay would know, recently he and his partner saw the release of the high tech Hello Barbie Doll as a catalyst for research

Analyzing an Organization’s Vulnerability Footprint from an Adversary’s Perspective

By changing the perspective, increasing the volume of data and applying advanced analytics, an organization can have a clearer view of true risk, exposure and malicious activity. This vantage point provides potential weaknesses, vulnerabilities and threat vectors that may highlight risks involving anomalous activities. “Defending against sophisticated and evolving threats is an analytics problem squarely at the crossroads of big data and supercomputing,” said Barry Bolding, chief strategy officer at Cray. “This combination of Cray’s analytics platform and Deloitte Advisory’s threat risk management service is a formidable solution in the war on cyber-threats. Additionally, for the first time, customers can now utilize the power and capabilities of a Cray solution as-a-service.”

The virtues of redesigning procurement for strategic business agility

Whether financial services companies realize it or not, there’s a lot of agility built into that. There are some firms, some third parties, that a financial services firm will use to get those shareholder reports out. They send them the monthly reports, and the companies have very high volume, very excellent quality controls. Post offices are on-site. They don’t even truck it to the post office; the post office is sitting right there, and the mailings go out. When you need to do something, for example a special mailing on a particular fund or shareholder meetings that might only be held once every couple of years, you find yourself in a situation where those kinds of networks don’t serve you very well, and you have to kind of assemble and disassemble temporary networks.

Technology-adoption, Wardley-maps and Bimodal-IT

In most cases, the big-consultancies' business-model depends on having a few highly-experienced consultants visit the client, and then doing the rest with cookie-cutter work done by large numbers of relative newbies billed at 'consultant' rates. Yet the Settlers' role is different in every case: so in effect the expanded bridge would tie up all of the experienced consultants, and still be too context-specific to build cookie-cutter models that would actually work well enough for newbies to be let loose with them. The result is that Bimodal-IT (or bimodal-whatever-they're-selling-now) becomes 'a bridge too far', in which a much-needed bridge either doesn't even exist at all - because it's too difficult and/or expensive for either party - or at best ends up floating in the middle of nowhere, drifting uncomfortably somewhere between Unorder and Order

Ransomware 2.0 is around the corner and it's a massive threat to the enterprise

The next step in the evolution of malware will be ransomware 2.0, which Brvenik said "will start replicating on its own and demand higher ransoms. You'll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted. That's really a nightmare scenario." Ransomware campaigns started out primarily through email and malicious advertising, but now some attackers are using network and server-side vulnerabilities as well. Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company's network, Brvenik said. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.

Securing Data Provides Canadian Online Bank Rapid Path to New Credit Card Business

We in the banking business are in the business of trust. In everything that we do, trust has to be number one. We have to be ready for any kind of questions from our client base on how we handle the information. There's no doubt that transparency will help, and over time, with transparency, our clients learn that we're up-front in how we're using information. And it's not just transparency, but also putting the information in a way that's easily understandable up-front.  If you look at our registration process, one of the first thing that we tell people is "Here is our not-so-fine print." It's in big, bold fonts and that’s very important, because especially in a digital bank, a lion's share of the interactions are through non-face-to-face kind of interactions.

Quote for the day:

"Great achievers are driven, not so much by the pursuit of success, but by the fear of failure." -- Larry Ellison

July 25, 2016

More Than Half The World Is Still Offline

While more than four out of five people in developed countries use the internet, just over 40 percent of those in developing countries have access. In the ITU’s “least developed countries” -- places like Haiti, Yemen, Myanmar and Ethiopia -- just 15.2 percent of the people are online. ... Also, fewer women than men are on the internet, and that difference is getting worse. The worldwide difference between internet user penetration for males and females is 12.2 percent, up from 11.0 percent in 2013, the ITU says. It’s shrunk significantly in developed countries, from 5.8 percent to just 2.8 percent, but grown in poorer places. Cost makes it harder to get online in some countries. The ITU says entry-level internet access has become affordable in many developing countries since 2011 but remains unaffordable in most of the poorest countries.

Short-term programs, not four-year degrees, are the future of tech education

It takes more than just technical skills to succeed in a coding career. A big part of a career in the programming field is troubleshooting and responding to problems that arise day-to-day. In order to do this successfully, it is vital to be an inquisitive, intelligent learner who likes working through challenges. Additionally, while some may think of programming as solo work, it is quite often done in a team environment. Being able to communicate clearly and work together cannot be underestimated in these roles ... A three-month program like those offered at our schools offers a different type of learning environment. We are able to focus on the key coursework that will help students get in-demand jobs, and our student outcomes back this up.

Ransomware Predictions | Past, Present, Future

A criminal may not need to target an entire enterprise’s set of hosts for maximum return potential. Targeting a few critical assets and preventing restoration ahead of time may be all that is needed to extract a higher ransom amount from some organizations. Think of print servers sitting in a massive warehouse distribution operation. Many of these print servers are still running Windows XP – oftentimes because they are so critical to the operation that they literally cannot be replaced or upgraded. How much money would such an operation pay to get those servers back online? Answer: $1 less than the hundreds of thousands of dollars per day in operations they support. And if it’s a perishable food distribution operation, even more.

EY Report : Blockchain Technology to Reach Critical Mass in the next 3 to 5 Years

A considerable progress has already been made in the embedded health and digital rights management segments. There are already few platforms offering these services. The success of these platforms combined with further development of blockchain-based applications will pave the way for large-scale adoption. The real estate sector is also increasing exploring the use of digital currency technology for managing property records and also as a pooled investments platform where a large number of people can make small investments into projects. According to the EY report, the large scale implementation of blockchain technology will take at least 3 to 5 years. Those who are prepared to invest, experiment and adapt to the technology by that time are expected to benefit when the shift happens.

The world turned upside down: Conventional IT is rapidly becoming shadow IT

The answer is pretty thin gruel. One of IT's remaining tasks is to architect and manage the company’s networks. This is a strategic responsibility but one that’s largely taken for granted. Another task that still falls to IT is the management of the company’s data center. If the data center is used to host revenue-generating systems, this is also a strategic responsibility, but if it’s just housing internal systems then it’s not that big of a deal. A third responsibility that IT continues to handle at many companies is maintainence of internal email systems. This is a highly visible role, but one that is likely to wane in importance as most email systems migrate to the cloud.

7 Common Data Science Mistakes and How to Avoid Them

Some data scientists feel that, to have built a successful machine learning model, is having achieved the maximum level of success. Having built a right model is just half the battle won and it is necessary to ensure that the predictive power of the model is maintained. Many data scientists often forget or tend to ignore the fact that it is necessary to re-validating their models at set intervals. A common mistake that some data scientists often make – is thinking that the predictive model is just ideal since it fits the observational data. Predictive power of the built model can disappear instantaneously based on how often the modelled relationships keep changing. To avoid this, the best practice for any data scientist is to ensure that they score their data models with new data every hour, every day or every month based on how fast the relationships in the model change.

Mobile Payments: Risks Versus Opportunities

One noteworthy example of this phenomenon right now involves mobile payments. Specifically, we know that many technology professionals are extremely leery of mobile payments. ISACA’s 2015 Mobile Payment Security Study found only 23 percent of IT and security professionals believe mobile payments will keep information safe—which, let’s face it, is not exactly a vote of confidence.  It bears asking, though, how that compares to the alternative. Meaning, are there risks to mobile payment scenarios? Sure. Show me a technology without some risk and I’ll show you a technology that’s completely valueless. But even if there is risk, what is the opportunity cost? What do we miss out on by waiting for some future scenario that is even more locked down?

Adapting your board to the digital age

To serve as effective thought partners, boards must move beyond an arms-length relationship with digital issues (exhibit). Board members need better knowledge about the technology environment, its potential impact on different parts of the company and its value chain, and thus about how digital can undermine existing strategies and stimulate the need for new ones. They also need faster, more effective ways to engage the organization and operate as a governing body and, critically, new means of attracting digital talent. Indeed, some CEOs and board members we know argue that the far-reaching nature of today’s digital disruptions—which can necessitate long-term business-model changes with large, short-term costs—means boards must view themselves as the ultimate catalysts for digital transformation efforts.

Ransomware protection -- what you may be missing

As the saying goes, sometimes you can't see the forest for the trees. We are so used to seeing the top 10 prevention techniques, we sometimes miss the lesser discussed approaches. These are important, because the purveyors of ransomware read the same articles with the common approaches, and can use these as a road map to improve their techniques. One of my customers is a large healthcare institution, and one of my major focuses with them has been to take a deep look at approaches to ransomware prevention and recovery. In the process, I have found many things that organizations can do that are not often discussed in the trade press. Since we in the business world need all the help we can get at this point, these can be very important. Consider a few of these

The Technical Skills You Need to Have as a Software Developer

Many beginning programmers try to hedge their bets by learning several programming languages at once or before they try to take on their first job as a software developer. While I think that you should eventually learn more than one programming language, I would advise against doing it upfront because it will just lead to confusion, and it will divert your energies from many of the other technical skills you are going to need to learn. Instead, I’d advise you to go deep and focus on learning the ins and outs of a single programming language, so you can feel really confident in your ability to write code in that language. Remember how we talked about being as specific as possible when deciding what kind of software developer you were going to become?

Quote for the day:

"Leadership consists of nothing but taking responsibility for everything that goes wrong and giving your subordinates credit for everything that goes well." -- Dwight D. Eisenhower

July 24, 2016

Tech giants silent on new Russian surveillance law

"The companies for whom this is a real problem are the Russian telecom providers," she added, who face huge data retention mandates quite separate from the encryption requirements. "They have said [the law] will cost them trillions of roubles." One foreign company, Panama-based NordVPN, is "doubling down" on it's commitment to privacy and anonymity in Russia, according to Jodi Myers, the company's head of public relations and marketing. "Our aim is to make this simple, for the less technical user," she said. But she added the firm was taking steps to "double encrypt" traffic from its Russian users. "We do not have the key [to unlock their users' encrypted internet traffic] and we do not store any customer data on our servers — not in Russia, not anywhere."

The Insider Threat: Are You at Risk?

Shadow IT happens when someone in a line of business pulls out a credit card and signs up for an app without going through the IT department. If you don’t know an app exists, you can’t make sure the right people have access to it or that appropriate access controls are put in place to protect the information stored there. You also can’t guarantee that the disgruntled employee you just fired had access revoked. Shadow IT is hard to spot because you don’t know what you don’t know. However, if things are tense with the lines of business you support, chances are good they are resorting to shadow IT. When the IT department is forced to say no to line-of-business requests for easier access, well-meaning employees, who just want to get their work done, find their own solutions.

What is a Modern Business Intelligence Platform?

Modern Business Intelligence platforms offer end-to-end capabilities, enabling users to take advantage of self-service to answer questions. Gartner defined modern BI in their most recent Magic Quadrant report, saying: “The evolution and sophistication of the self-service data preparation and data discovery capabilities available in the market has shifted the focus of buyers in the BI and analytics platform market — toward easy-to-use tools that support a full range of analytic workflow capabilities and do not require significant involvement from IT to predefine data models upfront as a prerequisite to analysis.” Datameer’s CEO builds upon these ideas in this video for Big Data & Brews, explaining that forward-thinking enterprises are moving past IT-led BI and analytics solutions for offerings that can be managed autonomously by the end-user.

Best practices for managing the security of BYOD smartphones and tablets

Attempts to foist strict controls on how employees use devices can backfire, causing staff to use workarounds that expose the company to even more risk. When setting security policies for BYOD phones and tablets, consult those employees who will be subject to them. Gartner gives the example of forcing users to input a complex passcode every time they want to use the device. "Once users experience this, they quickly become annoyed with IT, due to the extreme inconvenience of making it difficult to text/email while on the move," the report states. A good compromise in this example would be a simple four-digit numeric passcode to unlock the device, with a more complex passcode for accessing corporate data, suggests Gartner.

Container Best Practices

Container technology is a popular packaging method for developers and system administrators to build, ship and run distributed applications. Production use of image-based container technology requires a disciplined approach to development. This document provides guidance and recommendations for creating and managing images to control application lifecycle. ... As you begin to contemplate the containerization of your application, there are number of factors that should be considered prior to authoring a Dockerfile. You will want to plan out everything from how to start the application, to network considerations, to making sure your image is architected in a way that can run in multiple environments like Atomic Host or OpenShift.

Auto Industry Publishes Its First Set Of Cybersecurity Best Practices

The Auto-ISAC provides a mechanism for its members to share vulnerability information, conduct analysis and develop solutions that are beneficial to both the industry and its customers. Approximately a third of the vehicles on the road today in the U.S. include some connectivity that has the potential to provide a pathway into vehicle control systems. So far none of the publicly demonstrated remote takeovers on systems like Chrysler’s UConnect or GM’s OnStar have been easy to implement and only one vehicle at a time can be attacked. By the mid-2020s, virtually all new vehicles will have data connections. As we add more driver assist and automation features, the potential for a bad actor to target the transportation system and either steal data, strand vehicles or send them crashing into each other will be vastly larger.

4 security best practices to learn from the FDIC's data breaches

Apparently, departing employees accidentally grabbed financial information from FDIC loan applicants while transferring their personal data to USB keys. Davidson quotes Representative Don Beyer, ranking Democrat on the House Science, Space and Technology oversight subcommittee, talking to Lawrence Gross, FDIC's chief information and chief privacy officer: "I have a hard time understanding how you can inadvertently download ten thousand customer records." Davidson continues, "Ten thousand was the low end. One case involved forty-nine thousand records. Gross's contention that the former employees 'were not computer proficient' only made matters worse."

How to Deal with COTS Products in a DevOps World

The primary objective of DevOps is to increase the speed of delivery at reliable quality. To achieve this, good configuration management is crucial as the level of control at higher speed of delivery becomes more and more important (while riding a bike you might take your hands off the handle bar once in a while, but a formula one driver is practically glued to the steering wheel). Yet commercial-off-the-shelf (COTS) products often don’t provide any obvious ways to manage them like you manage your custom software. This is a real challenge for large organisations who deal with a mixed technology landscape. In this article I will explore ways to apply modern DevOps practices when dealing with COTS products.

Facial biometric authentication on your connected devices

The purpose of this post is to clarify the understanding of facial recognition as well as trying to guide you to understand how to build these programming frameworks and host them that can be used to deliver the same feature across your devices. Now you can of course build the system on one of your hardware device or one of the mobile phone but what if you have to connected multiple devices and perform the same actions on all of those devices? In such cases, adding a simple program to each one of them an then maintaining them won't be a good idea. That is why, in this guide I will show you how to build a server too. The server would be able to handle the requests, process the data being sent and generate the responses.

Digital Disruption for Enterprise Architecture

Jeanne says one thing is becoming increasingly clear–enterprises will not be successful if they are not architected to execute their firm’s business strategies. At the very same time, she has found with the companies (existing successful enterprises) that she talks to believe their success is not guaranteed in the digital economy. ... Digital strategies were forcing companies around a rallying point but surprisingly there was not much distinction behind the rallying point more than, “I want to be the Amazon or Uber of my industry”. But Jeanne claims this is okay because competitive advantage is not going to be about strategy but instead about execution. And being the best at execution is going to eventually take you in a different direction than other market participants.

Quote for the day:

"There is no decision that we can make that doesn't come with some sort of balance or sacrifice." --@SimonSinek