August 18, 2014

MPTCP offers performance and resiliency but security is nonexistent
"With MultiPath TCP, a perfectly normal client could say, 'I want to open 10 different TCP connections that are all part of one logical TCP connection.' It would simply fragment the traffic across all of those in such a way that there isn't enough information on any of those TCP channels for an intrusion detection system to recognize what the application layer is, or more precisely that it is malicious," he said. "If the intrusion detection is not aware that MPTCP exists and doesn't know how to collect all those TCP streams and reassemble what's going on, then it's blind to the application layer traffic."

Heartbleed software flaw exposes weaknesses in hardware design
Data is vulnerable to hackers when in transit or in computer memory, said Ruby Lee, professor of engineering at Princeton University's Department of Electrical Engineering, at a presentation to the Hot Chips conference. The weakness is in the memory and cache, or secondary memory where data temporarily resides before being sent for processing or storage. "This is correctly functioning hardware -- with no bugs -- but it is leaking out information," said Lee, who was chief architect and one of the lead processor developers at Hewlett-Packard before joining Princeton.

Collaborative Software Development Platforms for Crowdsourcing
Crowdsourced software development, by its very nature, is collabor-ative. The stakeholders in a crowdsourced software project form a virtual team with the support of collaboration tools and social media technologies. Various kinds of communication, collaboration, and coordination (3C) happen among the requesters, providers, and platform vendors for example, requesters and providers communicate about a task’s requirements and evaluation criteria, requesters coordinate the progress and technical decisions of different tasks, and providers collaborate with each other via shared artifacts and workspace.

For Big-Data Scientists, ‘Janitor Work’ Is Key Hurdle to Insights
“Data wrangling is a huge — and surprisingly so — part of the job,” said Monica Rogati, vice president for data science at Jawbone, whose sensor-filled wristband and software track activity, sleep and food consumption, and suggest dietary and health tips based on the numbers. “It’s something that is not appreciated by data civilians. At times, it feels like everything we do.” Several start-ups are trying to break through these big data bottlenecks by developing software to automate the gathering, cleaning and organizing of disparate data, which is plentiful but messy.

The Data Analysts Toolkit: Why are Excel and R useful together, and how do we connect them?
One area of interest is Predictive Modelling. This is the process of using a statistical or model to predict the value of a target variable. What does this actually mean? Predictive modelling is where we work to the predict values in new data, rather than trying to explain an existing data set. To do this, we work with variables. By their nature, these vary; if they didn’t, they would be called a constant. One pioneer was Francis Galton, who was a bit of an Indiana Jones in his day. Although he wrote in the 19th century, his work is considered good and clear enough to read today. Therefore, this research has a long lineage, although it seems to be a new thing. We will start with the simplest: linear regression.

Consumer-facing industries lead in digital strategies: Forrester
"This is mainly because many want to ignore the changes that are taking place, but then there are others who say they know what it is, but they really don't know what it is. We refer to that as a 'bolt on' digital strategy where some executives will believe they are pushing a digital strategy but it's just really lip service, and they're not driving it through the business," he said. The report recommends in order to move from being a 'digital dinosaur', where a digital strategy is virtually non-existent, to a 'digital master', CIOs need to help shape a digital business vision in collaboration with other businesses leaders within the company.

Technology Can Make Lawful Surveillance Both Open and Effective
In brief, any surveillance process that collects or handles bulk data or metadata about users not specifically targeted by a warrant must be subject to public review and should use strong encryption to safeguard the privacy of innocent users. Only after law-enforcement agencies identify people whose actions justify closer investigation and demonstrate probable cause via an authorized electronic warrant can they gain access to unencrypted surveillance data or employ secret analysis processes. The details of an investigation need not be public, but the data collection process would be—what information was collected, from whom, and how it was encrypted, stored, searched, and decrypted.

Managing Mobile Risk in the Cloud
Iterative and agile software development methodologies and tools are the buzzwords of the moment because they capture how software developers are ideally working in this environment. Perfection will not be achieved before code is released, but at the same time certain minimum standards of data security and privacy, as well as release objectives, need to be met. This can be done, but certain preconceptions about the cloud need to be overcome in order to do so. The most important misconception about the cloud is that it necessarily exposes apps and data to the outside world. However, this is not so.

Grocery stores in multiple states hit by data breach
According to Supervalu, its internal IT team detected the intrusion and quickly moved to remediate it. "An investigation supported by third-party data forensics experts is on-going to understand the nature and scope of the incident," the company said. "Supervalu believes the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores. " The company is offering consumers affected by the breach a year's worth of free identity protection services. In a separate statement, AB Acquisition, which owns and operates Albertson's, ACME, Jewel-Osco, Shaw's and Star Markets said it is working closely with Supervalu to find out what exactly happened and what data might have been stolen.

“Professionalize” Information Security?
The only question is whether companies wish to invest in ensuring that they are hiring the professionals they need for information security. The technology world is rife with examples of private consortia establishing standards and other metrics for all sorts of critical networking and other tasks, often without the prodding or confiscated money of politicians. Licensure is simply an easy way to shove the costs of background work on taxpayers—effectively, socialization of security. To be sure, proponents of “professionalization” will state that the entire public has something to gain and on and on, offering the usual hackneyed justifications for yet another program to be administered by a government that can’t afford half of what it’s already doing.

Quote for the day:

"We're living in a time when disruptive use of technology can take a business from nothing to number one." -- Robert Stroud