April 04, 2016

5 Security Bad Habits (And Easy Ways to Breal Them)

Procrastination. Fidgeting. Biting your nails. These are all bad habits, but none so bad that they could bring a company to its knees. When it comes to security, however, some bad habits could be devastating, leaving your company vulnerable to hacks, data loss or theft or some similar type of security breach. The good news is that there are some simple steps IT can take to educate users on security best practices and make them part of the solution instead of the problem. Jonathan Crowe, senior content manager at endpoint security solutions company Barkly offers five simple ways to improve your security posture and help employees become a bit more security-savvy.


How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow

Many resource-strapped startups gauge their commitment level to security by assessing the financial expense to the company. Instead, Graham recommends defining security spend by a company’s possible exposure risk. “For all companies, there’s a limit to how much money can be lost. So if you’re spending more than that amount, you’re absolutely screwing up,” says Graham. “There’s also a limit to how much money you’re likely to lose based on what it is you do with customer data and what you do to monetize it. You’re also messing up if you spend more than that amount.” Graham admits that these assertions are counter to many marketing messages. Most startups are exposing customers to more risk than they’re selling. “There’s a lot of social capital used in marketing these days. Statements such as: ‘You can absolutely trust us to take care of your data.’


The inevitability of data visualization criticism

On a recent episode of What's the Point, Giorgia Lupi expressed this perfectly when she said, "Beauty is a very important entry point for readers to get interested about the visualization and be willing to explore more. Beauty cannot replace functionality but beauty and functionality together achieve more. Beauty is an asset." This doesn't mean you should never produce a line chart, but would the WSJarticle have been so successful had they done it Randy's way? Randy acknowledges this in his article. We both agree you need to craft accurate charts and focus on the story. A rich dataset can tell many stories. In this case, even when you have chosen the story you want to choose ("vaccinations end disease"), it can be told in many different ways (line chart or highlight table).


How an AI program helps doctors identify cancer and other medical abnormalities

Behold.ai's system works by looking at images and giving doctors suggestions, based on learning from similar medical scans. "Computers have become increasingly adept at figuring out objects and images," said Raut. "There's the Amazon Fire phone, which can scan a picture and if it's a product on Amazon, it will find it for you." And Facebook, he said, can see a photo and tell who that person is. "There's a lot of advances in facial recognition that we wanted to adapt to medicine," he said, "because it's about determining where the nodules, aneurysms, and things like that are." Through partnerships with hospitals, Behold.ai is using data sets from real patients to ensure that the reinforcement learning system has quality data


Outshone by Smaller Screens, PCs Aim to Be Seen as Cool Again

Yet as people increasingly gravitate to smartphones and tablets for their computing needs, shifting into what has been called the “post-PC era,” the investment into design and new innovations by PC makers may come to naught. Last year, 289 million PCs were sold worldwide, an 8 percent drop from 2014, according to Gartner, a research firm. The sales decline was just the latest in several years when the PC market faced an onslaught of smartphones and tablets as cooler alternatives. The falloff is expected to level off this year, with PC sales even expected to begin growing slowly in 2017. But that still leaves the question of whether PCs can seem cool again. Even people who depend on the PC industry now lack passion for these onetime miracle products.


Microsoft Embraces Linux - Way Too Late

The Linux-on-Windows announcement is more interesting, but requires some clarification. This is not Linux running in a VM -- there's no Linux kernel present, nor a hypervisor emulating hardware. This isn’t Cygwin, which is a Unix environment compiled specifically to run on the Windows platform. It’s not a container, either. The Ubuntu environment running on Windows 10 contains binaries identical to the binaries running on an Ubuntu platform -- an ELF executable. What Microsoft has done is build a system call translation layer. When a Linux binary makes a syscall, Microsoft’s Windows Subsystem for Linux translates it into a Windows syscall and delivers what the binary expects. It’s akin to WINE, which does something similar for Windows binaries running on Linux. Also like WINE, it’s not magic -- many binaries won’t "just work." This is only the beginning of a long process for Microsoft.


C#/Web API Code Generation Patterns for the RAML User

C# 2.0 was designed with code generation in mind. Seeing how common it was to use code generators even in Visual Studio itself, it was given the ability to create partial classes. A partial class contains some, but not necessarily all, of the code that makes up the whole class. This allows you to separate the class over multiple files, some of which are code-generated while others are hand-written. This separation prevents the code generator from wiping out code the developer has manually written. Unfortunately, this wasn’t enough. Partial classes allow you to add new methods, but not change the behavior of existing ones. For that we had to wait until 2008 and the introduction of partial methods in C# 3. Superficially, a partial method looks like an abstract method, but this is the wrong analogy.


MedStar hack shows risks that come with electronic health records

Health care executives and regulators say their increasing reliance on computer networks and electronic patient data have brought new challenges. Sharon Boston, a spokeswoman for LifeBridge Health, said the corporation takes information security seriously and works to adapt to new threats as they arise. LifeBridge operates Sinai, Northwest and Carroll hospitals in the Baltimore region. "The use of the electronic medical record across the health care industry is broader and deeper than it has ever been, and will continue to grow," Boston said. "With the evolving nature of these electronic threats, LifeBridge Health continually monitors the safety and potential vulnerability of our information systems and takes appropriate action."


Ever been in these social engineering situations?

Once I picked the lock to the unalarmed external emergency door, I realized that the client took the extra step of implementing biometric access control. There wasn't a single person going in or out while I observed. I needed a different way in to the server room. I noticed a security guard station with several monitors and a key box behind the desk. I saw a guard and a maintenance employee were taking a coffee break. "Sorry guys, I'll just be a moment. I need to get the serial numbers off of these devices. We are doing inventory." I gave him the face of, "you know, the grind," shrugged and began writing down anything I saw. "Not a problem," the guard responded after glancing at my fake badge I made using basic photo editing skills. “You can take them if you want. They don't work half of the time anyway," the guard chuckled.


Microsoft's machine learning vision includes security, too

"We want to build intelligence that augments human abilities and experiences. Ultimately it is not going to be about man versus machine. It is going to be about man with machines," Nadella said at Build. And what's better than having machines help users protect their data and communications? Nadella acknowledged social implications to security and privacy, promising Microsoft will take a “principled approach” as it adds intelligence to applications. Technology needs to be “more inclusive and respectful,” as well as balance security and privacy considerations, such as adopting encryption. Consider the Skype bot. The Build demo showed the bot picking up key terms related to travel during a Skype call and suggesting hotel reservations. The same bot will have to recognize sensitive information and make sure to protect it.



Quote for the day:


"For all companies, there's a limit to how much money can be lost. So if you're spending more than that amount, you're absolutely screwing up." -- Michael Graham