October 18, 2015

Why visibility and control are critical for container security

Having visibility into the code inside containers is a critical element of container security, even aside from the issue of the security of the containers themselves. New vulnerabilities are being constantly discovered that impact older versions of open source components. Hence, knowing the container is free of vulnerabilities at the time of initial build and deployment is necessary but far from sufficient. Securing the contents of containers is comparable to any other software stack security question. ... The security risk posed by a container depends on the sensitivity of the data accessed via the container as well the location of where the container is deployed, for example, behind a firewall or Internet-facing.

Wi-Fi Trick Gives Devices Super-Accurate Indoor Location Fixes

We can use off-the-shelf, already deployed Wi-Fi infrastructure but get accuracy comparable to state-of-the-art systems that require specialized equipment or modifications,” says Katti. In tests, a Wi-Fi device could locate itself with a median accuracy of 40 centimeters. SpotFi is a refinement of another existing Wi-Fi location method in which a device uses the signal strength from different Wi-Fi access points as an indication of how far away they are. It can then use data on their known locations to triangulate its own position. That approach can only locate devices to within a few meters because Wi-Fi signals bounce, obscuring the true distance to the access point.

EU to US: Stop storing our data on your servers (or else)

Based on the new unsafe harbor ruling, you're in violation of European law. That login and account information needs to be moved to a server located in Europe. Can you imagine the hassle this would be if it were enforceable, and we now needed to segment our user databases and all our other information so that we could dump data on a server located in each major country or region? This is the issue facing IT managers. Right now, as the Department of Commerce has shown, there's no determination about what y'all are supposed to do. But because the Safe Harbor provisions are now null and void, the door is open for international lawsuits targeting your organizations, just because you happen to run a database hosted in the land of the free and the home of the brave.

Oliver Cameron: From iOS Developer to Udacity VP

My lowest point in the journey of becoming an iOS Developer was the launch of another app, Friends for iPhone. Friends added a layer on top of your address book, and allowed you to see activity from your friends across all of your social networks in one app: Instagram, Twitter, Facebook, LinkedIn and more. A fun concept! Following on from the launch of Voices, I challenged myself to go bigger and better with Friends. This pressure meant that I felt like I couldn’t launch the app until it was perfect, and as such I invested 6 months of time and a ton of money. It turns out, perfection is nothing if your idea sucks. A few months after launch I had to ultimately call it: Friends was a failure.

Professor Dr Robot QC

Machines are challenging the professions’ two most important claims to being special: their ability to advance the frontiers of knowledge and their exclusive licence to apply their expertise to an unordained laity. ... Computer scientists in Tel Aviv University have invented an algorithm that, using facial-recognition software, is solving a puzzle that has kept Torah scholars busy for decades: piecing together 300,000 ancient Jewish manuscripts that were found, many torn and tattered, in the attic of an old Cairo synagogue. Various bits of software regularly outperform legal experts in predicting the outcome of court decisions from patent disputes to America’s Supreme Court.

Malvertising is a troubling trend

The Angler exploit kit has been around for a couple of years in various forms, and until now it didn’t stand out as a particularly unusual threat. But it turns out that the newest version has some new and improved techniques to avoid detection, such as encryption and the exploitation of zero-day vulnerabilities that haven’t yet been incorporated into the mainstream antivirus products. It also runs only in the memory of the infected computer, instead of installing itself on the hard drive, which is where desktop antivirus products tend to focus their attention. This is the startling part — that the bad guys have found a way to effectively stay invisible.

Is Security Possible With the Cloud?

No surprise here – the number one pushback that I get when speaking on this strategy is security. You’re really going to put all of your data, much of which is sensitive and confidential to clients, in the Cloud? Really? To be fair, security is, and always will be, a valid and primary concern for IT, and, of course, not just with respect to the Cloud. So let’s back up (so to speak) to another premise:absolute security is an abstract, theoretical concept. There is no such thing. If it’s possible to access a resource, then compromise to that resource is also possible. And since the Cloud increases the number of possible avenues to accessing a given resource, there’s a huge question here: is security even possible for Cloud-centric IT?

The Rise of Enterprise Analytics and The Analytics of Things

First, if an organization is truly experimenting with their data to make significant discoveries, to validate the results, to refine and improve the analytics models, to extract meaningful insights from data, and to implement innovative data-driven processes, then a data scientist is usually required. More specifically, a data science team is required, since no single person can have all of the required skills for successful enterprise-wide data science.  Second, there are some analytics functions that are scientifically or mathematically less intensive that can be carried out by analysts throughout an organization. Some of these functions include data exploration, data quality verification, data transformations, correlation analyses, model-testing, data visualization, reporting, and so on.

LeSS Framework: Principles, Practices and Core Concepts

When adopting LeSS, it will affect the structure of your organization. What often happens is that organisational problems that are traditionally solved in a complex way, are solved in an easier way in LeSS. Having small batches of working software Sprint by Sprint enables removal of organizational complexity that was created for coping with the lack of transparency in traditional development. This is best explained with some examples. Traditionally, organizations manage work using projects. A project, from an Agile/lean perspective is a way of managing a large batch of requirements towards a release. When focus on products and continuously delivering value to users, the project way of managing work becomes largely obsolete.

3 Tips on How to Create a Cyber Security Culture at Work

As we all know, computer criminals pose a serious threat to businesses today in that they can steal corporate intellectual property, as was the case with last year’s Sony hack; compromise employees’ personal and medical health information, the latter of which isincreasingly valuable on underground web markets; and overall depreciate an organization’s reputation. These external actors may also exploit bad security decisions on the part of internal employees, the effects of which may be amplified by poor or incomplete bring your own device (BYOD) guidelines or policies designed to protect Internet of Things (IoT) devices. In accordance with NCSAM, it is everyone’s responsibility to help protect his/her organization against a breach or targeted attack.

Quote for the day:

"It is the essence of genius to make use of the simplest ideas." -- Charles Peguy