September 02, 2014

11 Steps Attackers Took to Crack Target
Leveraging all the publicly available reports on the breach, Aorato Lead Researcher Tal Be'ery and his team catalogued all the tools the attackers used to compromise Target in an effort to create a step-by-step breakdown of how the attackers infiltrated the retailer, propagated within its network and ultimately seized credit card data from a Point of Sale (PoS) system not directly connected to the Internet. Many of the details of how the breach occurred remain obscured, but Be'ery says it is essential to understand how the attack happened because the perpetrators are still active.

The state of IT jobs in Australia
"Certainly, all of our operations engineers are DevOps engineers; they're all very proficient now with scripting and coding, with automation — whether it's for integration deployment or monitoring — so, certainly I think that skill-set is vital," Kennedy told ZDNet. "Around the world, of the people who had those traditional infrastructure skills, it's the ones that have adapted, that have gone and learned some new tools, that are doing well," he said. The company initially shifted to a VMware environment to deliver on its DevOps approach, but has since settled into the Amazon Web Services (AWS) cloud infrastructure. That move to the cloud required further integration of a multi-skilled toolkit for Kennedy's team.

Bugs Are Bad, But So Are Flaws: IEEE Sponsors Center for Secure Design
There's a difference between a bug and a flaw, and an impressive group of software security mavens thinks it's time to pay more attention to the latter. To shift some of the industry's focus away from finding implementation bugs and toward identifying common design flaws -- "the Achilles' heel" of security engineering -- the IEEE Computer Society has formed the Center for Secure Design (CSD). The CSD grew out of a foundational workshop, held in April, which brought together software security experts from industry, academia and government to talk about the problem of secure software design.

Derailing Your Supply Chain BI Project
Indeed, the foundation of every Supply Chain information system is the desire to let objective, relevant information drive action — in other words, to empower and enlighten workers about data and to make decisions after they’ve looked carefully at “just the facts.” Unfortunately, all of this happy talk about focusing on facts presumes that we’re dealing with Homo Economicus (aka “Rational Man”) as if Rational Man were plentiful and in charge. Today I’m going to grapple with a far more common being — Irrational Man — we’ll call him Homo Irrationalis. Where Homo Economicus seeks out facts and is willing to be persuaded by them, Homo Irrationalis pays lip service to facts, but in reality the facts don’t matter, his mind is already made up.

Making Analytics a Corporate Strategic Role
"There absolutely are disconnects between CXOs and big data, because CXOs are daily getting hit with all of the market buzz about big data and analytics, without really gaining a crisp understanding of what big data is about and what it can mean to their organizations," John Lucker, principal and global advanced analytics and modeling leader for Deloitte, told me in a recent interview. There's a risk that organizations never get to the "crunchy questions" that can be asked of big data because of persisting habits of looking at hindsight, "rearview mirror" data.

How Big Data Can Transform Consumer Finance
Some of the inferences Merrill makes from Big Data sound as though they violate the “correlation is not causation” maxim. For example, Big Data tells ZestFinance that creditors are more likely to collect on delinquent student loans if the borrower has comparatively more addresses after graduation – unless they move super-frequently. Similarly, borrowers who move far away from college are somewhat less likely to repay delinquent loans. Merrill says this additional data helps collections outfits decide which loans are most likely to be repaid. The belief is that with a population chosen using these techniques, it’s more likely that lender and borrower can work out repayment plans.

CEOs on point – Securing the Internet of Things on your watch’
The Internet of Things will lead to hundreds, thousands, maybe even hundreds of thousands of physical devices in your enterprise being connected to the Internet. And every single one of those devices will be a potential point of vulnerability. It doesn’t take much imagination to see the compromising impact of powering down or interfering with millions of devices through a single Internet of Things vulnerability, potentially resulting in physical damage to environments, injuries or death. But securing the Internet of Things represents new challenges in terms of the type, scale and complexity of the technologies and services that are required.

Hillary Clinton talks NSA and privacy, data security, tech jobs in San Francisco
"I think it's fair to say the Government, the NSA, didn't so far as we know cross legal lines, but they came right up and sat on them," said Clinton. "It could perhaps mean their data was being collected in metadata configurations, and that was somehow threatening. We have to be constantly asking ourselves what legal authorities we gave to the NSA and others and make sure people know what the tradeoffs are." Clinton lamented that "probably the most frustrating part of this whole debate" is trying to convey that the United States is not the only country trying to manage and balance these conflicts.

India ranks fourth among most malware-affected nations: F-Secure
Commenting on the India findings, F-Secure security advisor (ASIA) Goh Su Gim said, "India is seeing a rise in premium content SMS type malware." Besides, mobile ransomeware is going to be the next wave of attack for handsets and it is being increasingly seen that these ransomeware is also targeting enterprises. Earlier they were confined to individual users, he added. Ramsomware, a kind of malicious software, is designed to block access to a computer until a certain sum of money is paid. Generally, it targets individuals. F-Secure India country head Amit Nath said there is a rise in botnet cases in India.

The Fall of Intuition-Based Decisions and Rise of Little Data
While most managers agree on the importance of using data, many believe that the big data hype often associated with companies like Google and Amazon doesn’t apply to them. Or perhaps they are intimidated with the internal resources and hefty investment required to tap into that data. Others may be skeptical that the use of predictive models can actually lead to better business performance. As a result, managers too often fall back on subjective, intuition-based methods to make business decisions, missing the benefits reaped by those who have tapped into the data available to them.

Quote for the day:

"The contest for ages has been to rescue liberty from the grasp of executive power." -- Daniel Webster