November 15, 2014

5 Hadoop Security Projects
While other projects attempt to improve Hadoop’s security from the inside, Apache Knox Gateway tries to do it from the outside. Apache Knox Gateway creates a security perimeter between Hadoop and the rest of the world by providing a REST API gateway for interacting with Hadoop clusters. All communication with Hadoop is done via Knox Gateway, which controls and moderates it. Knox includes the following features: LDAP and Active Directory integration, support for identity federation based on HTTP headers, and service-level authorization and auditing.

Amazon Phishing Attacks Pick Up for Holiday Shopping Season
"If you get an email with a Word attachment, don't open it, just go to the site, log into your account, and all the transaction history is right there readily available." he said. "It's always a good idea to go right to the horse's mouth." So far this month, AppRiver has quarantined more than 600,000 email messages with the subject line "Your Amazon Order Has Dispatched (#3digits-7digits-7digits)" and a return address of "" The attached Word document has a macro that installs a Trojan dropper that creates a process named "SUVCKSGZTGK.exe" and the dropper then installs a keylogger that harvests banking information, email logins, and social media accounts.

ETH Researchers Develop a Thought-Controlled Genetic Interface
Using the interface they designed, the ETH team showed a human volunteer wearing an EEG cap could use his thoughts to trigger production of a particular protein, called SEAP, in human kidney cells growing in a petri dish. He could also turn on supplies of the cells that had been implanted under the skin of lab mice. The research is interesting because it shows how futuristic brain implants might function, Folcher and company write in this week’s Nature Communications. Such devices, the ETH authors speculate, might sense a person’s feelings of pain (or perhaps oncoming epileptic seizure) and then automatically trigger brain cells to pump out a helpful biotech drug.

Facebook nudges users to take control with privacy makeover
"Over the past year, we've introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information," wrote Erin Egan, Facebook's chief privacy officer. "Protecting people's information and providing meaningful privacy controls are at the core of everything we do, and we believe today's announcement is an important step." Facebook has had its share of privacy controversies. It has repeatedly been criticized for its privacy policies and even for the difficulty in using privacy controls.

Why bug bounty hunters love the thrill of the chase
“Having a look at the security community, we can tell that there are a lot of top-notch bug hunters who fulfill nearly all of the above points. On the other hand, there are ‘unskilled’ or new bug hunters who try to make some quick bucks by using one-click-tools and sometimes go as far as threatening the business owners. We refuse to call these people ‘bug hunters’,” they said. They enjoy bug bounty hunting because it gives them the freedom to break things whenever they want. “By submitting useful reports the chances are good that more and more companies will get the idea about responsible disclosure,” they said in calling bug bounty hunting the ultimate in crowdsourcing.

Security Skills Gap Continues to Stymie Enterprise Cyber-Defenses
"Good resources are scarce and you have to find new ways to provide needed security services," Chip Tsantes, chief technology officer of the cyber-security practice at Ernst & Young, told eWEEK. “You have to be more creative to find the skills that you need.” The lack of information-security professionals has been a common theme over the past five years. More recently, government hiring and the increase in the number of devices added to networks requiring security support has led to a continue shortfall in skilled security people, which Cisco estimates at 1 million workers worldwide.

10 Big Data Career Killers
Data scientists are in high demand. The Big Data market will grow anywhere from 20 percent to 40 percent annually through 2017, depending on the market forecast you trust most. But even an industry boom doesn't guarantee job security. Here are 10 missteps that can stop your Big Data career in its tracks. Note: Special thanks to Jack Welch, executive chairman of Jack Welch Management Institute at Strayer University. Taking poetic and editorial license, we adjusted his "10 Career-Killing Pitfalls" list to focus on the Big Data market.

Next-Generation Robot Needs Your Help
“It is very good idea,” says Bilge Mutlu, an assistant professor at the University of Wisconsin, Madison, who researches the interaction between humans and robots. “It’s a lot more flexible and adaptable to day-to-day environments.” Human-robot collaboration is already increasing in industrial settings (see “Increasingly, Robots of All Sizes are Human Workmates”). Finding ways for machines to collaborate in other settings could hasten the development of a new generation of service robot. “I am 100 percent sure that if people embraced robots with limitations we would have them in our homes as we speak,” Veloso says.

Chief data officer: My mixed and nuanced musings on the need for one
When people say that "data is the new oil," they're usually making a general statement on how deeply modern organizations depend on data to drive transactions, analytics and processes in general. It's not a statement about public sector institutions but about organizations of any sort. It's in that context that many organizations decide to appoint something called a chief data officer (CDO) to oversee this precious resource. If you want a deep dive into what the CDO role entails, I strongly urge you to download this excellent whitepaper from the IBM Center for Applied Insights.

Fifty Quick Ideas to Improve Your User Stories
Teams often struggle selling stories as small chunks of work that need to fit into a sprint. Business stakeholders simply don't care about that (fully justified), because this is purely technical. We end up coming back to organising things that are easy to develop, not that are valuable to a stakeholder. Small stories are good not because they fit into a sprint, but because an organisation can quickly get feedback from them. A story is supposed to deliver something valuable to a stakeholder, and if so, we should be able to decide if the work is really done or not from a business perspective, learn from that delivery and get ideas for future work.

Quote for the day:

"Ninety-nine percent of all failures come from people who have a habit of making excuses." -- George Washington Carver