August 30, 2014

The long game: How hackers spent months pulling bank data from JPMorgan
Because of the multiple layers of the attack and the use of custom “zero-day” code in each of them, Bloomberg’s sources said that JPMorgan’s security team believed it was the target of “something more than ordinary cybercrime.” But such sophisticated attacks have already become the hallmark of Eastern European electronic crime rings, which frequently use custom code developed specifically to stay under the radar of target companies for long periods. The recent attacks on Neiman-Marcus,Target, and other retailers are examples of such long-game hacks that infiltrated corporate networks with malware designed specifically for their systems


CFOs’ Quest for the Golden Source of Data
“CFOs are frustrated with the situation right now,” says BearingPoint’s director Ingmar Röhrig, who led the survey of 65 finance officers at companies ranging from multinationals to midsize businesses. More often than not, it takes manual work to calculate how profitable a product is. Data is stored in multiple systems, so finding the answers you need at the press of a button is virtually impossible. Mergers and acquisitions add to the complexity. - See more at: http://www.news-sap.com/cfos-quest-golden-source-data/#sthash.IjWI8ina.dpuf


Tesla recruits hackers to boost vehicle security
Tesla's cars are among the most digitally connected vehicles in the industry with the battery, transmission, engine systems, climate control, door locks and entertainment systems remotely accessible via the Internet. So the company has a lot at stake in ensuring that the connectivity that allows its vehicles to be remotely managed doesn't also provide a gateway for malicious hackers. Security researchers have already shown how malicious attackers can break into a car's electronic control unit and take control of vital functions including navigation, braking and acceleration.


Management vs Leadership: the Divide
A sense of leadership is a quality that all managers strive for – an ability to effectively motivate and guide their employees to success. But where many employers fail to hit the mark is in understanding exactly what separates a manager from a leader. Admittedly, leadership is a somewhat abstract concept, and as much a state of mind as a skill or talent – but for employers to flourish within their roles, it’s essential to know how they can transition from management to leadership. So we know that managers aren’t, by nature, leaders – but how can they be?


Vulnerabilities on the decline, but risk assessment is often flawed, study says says
“It is difficult to point to any one factor that has contributed to the decline in the number of vulnerability disclosures in 2014,” the X-Force researchers said. “However, it is interesting to note that the total number of vendors disclosing vulnerabilities has decreased year over year (1,602 vendors in 2013, compared to 926 vendors in 2014).” Security experts have argued in the past that overall number of vulnerabilities is not as relevant for as their impact. However, despite attempts to standardize methods of assessing the severity of vulnerabilities, like the Common Vulnerability Scoring System (CVSS), there are many cases where the true risk posed by certain flaws is not represented accurately.


Understanding and Analyzing the Hidden Structures of a Unstructured Data Set
To do this you need to fetch out information from the free transactions text available on Barcllays transaction data. For instance, a transaction with free text “Payment made to Messy” should be tagged as transaction made to the retail store “Messy”. Once we have the tags of retail store and the frequency of transactions at these stores for Metrro high value customers, you can analyze the reason of this customer outflow by comparing services between Metrro and the other retail store.


Developers, Academia Team Up on Manual for Secure Software Design
Thirteen software companies and universities have banded together to create a group focused on educating developers about how to design secure software, releasing a report offering the 10 best practices to avoid common software flaws. Called the IEEE Computer Society Center for Secure Design, the group includes participants from Google, Twitter, RSA, McAfee, Harvard University and the University of Washington. The group, which has formed under the auspices of the Institute of Electrical and Electronics Engineers (IEEE), met in April at a workshop to compare examples of the design problems encountered by their development teams.


Why in-air gestures failed, and why they'll soon win
Leap Motion also released a demo video that I think you should see. It shows what's displayed in Oculus Rift, with two screens that (when you're wearing the Oculus Rift goggles) provide the illusion of 3D. It shows how Leap Motion's extreme accuracy in the real-time location of arms, hands and fingers translates into the ability to have total control in augmented reality and virtual reality programs. ... Extremely accurate motion control like what Leap Motion offers is not only a winning application for in-the-air-gestures, it's a perfectly necessary and inevitable one.


The Good, The Bad and The Ugly Of Enterprise BI
Our research often uncovers that — here's where the bad part comes in — enterprise BI environments are complex, inflexible, and slow to react and, therefore, are largely ineffective in the age of the customer. More specifically, our clients cite that the their enterprise BI applications do not have all of the data they need, do not have the right data models to support all of the latest use cases, take too long, and are too complex to use. These are just some of the reasons Forrester's latest survey indicated that approximately 63% of business decision-makers are using an equal amount or more of homegrown versus enterprise BI applications.


What We Do and Don't Know about Software Development Effort Estimation
An apparent lack of improvement in estimation accuracy doesn’t mean that we don’t know more about effort estimation than before. In this article, I try to summarize some of the knowledge I believe we’ve gained. Some of this knowledge has the potential of improving estimation accuracy, some is about what most likely will not lead to improvements, and some is about what we know we don’t know about effort estimation. The full set of empirical evidence I use to document the claims I make in this summary appear elsewhere



Quote for the day:

"I don't understand why people are frightened of new ideas. I'm frightened of the old ones." -- John Cage