May 17, 2016

Critical Flaw in Symantec Antivirus Engine Puts Computers at Risk of Easy Hacknig

The worst part about it is that the Symantec AVE unpacks such files inside the kernel, the highest privileged region of the OS. This means that successful exploitation can lead to a full system compromise. "On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process," Ormandy said in an advisory. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get." Symantec has rated the vulnerability with a 9.1 severity score out of 10 in the Common Vulnerability Scoring System.


An Update On The Megatrend of Cloud Computing

There are seven key MegaTrends driving the future of enterprise IT. You can remember them all with the helpful mnemonic acronym CAMBRIC, which stands for Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, CyberSecurity. In this post we dive deeper into the first of these trends, Cloud Computing. We succinctly describe Cloud Computing as the scalable delivery of computational resources. Models of cloud compute include public clouds, private clouds and blends in between. Architectures are in place now that leverage tiers of clouds that can exist in multiple sizes and locations, including homes, businesses and datacenters.


Stealthy malware Skimer helps hackers easily steal cash from ATMs

"One important detail to note about this case is the hardcoded information in the Track2 -- the malware waits for this to be inserted into the ATM in order to activate," the Kaspersky researchers said. "Banks may be able to proactively look for these card numbers inside their processing systems, and detect potentially infected ATMs, money mules, or block attempts to activate the malware." Skimer is just one of several malware programs designed to infect ATMs that were discovered in recent years, suggesting that this method of attack is becoming increasingly popular among cybercriminals. The way in which malware programs have been installed on ATMs in the past has varied. In some cases it was installed by insiders. In others it was installed by booting from a CD drive after opening the ATM's front case using special keys.


How big data is going to help feed nine billion people by 2050

The power of farming data is insurmountable, and it is also dangerous. If someone knows the data of an operation, they also know when and where the crops are, how much yield, how much it costs, and the farm's profits. The overwhelming fear is that it falls into the wrong hands, be it a neighbor, a seed retailer, a fertilizer company, or a big ag corporation. And then that data is used against the farmer by being sold to a competitor or undercutting a neighbor for a better deal on land prices. Farmers and big ag companies are racing to find the holy grail of precision agriculture. Precision technology is a farming management concept that measures and responds to field variability for crops, often using satellites and GPS tracking systems. It has become more and more prevalent in recent history because of the advanced technology systems available on farms.


If These Predictions Are Right, We Will Lose Millions Of Jobs To Computers

The application of machine learning to the ever-increasing amounts of data being produced throughout the world will change everything when it comes to our jobs. Yes, these new technologies will make jobs easier for many people — but they also may make many of those jobs obsolete. Algorithms can now answer our emails, interpret medical images, find us the legal case to win, analyze our data, and more. Machine learning relies on algorithms that “learn” from past examples, thereby relieving the programmer from having to write lines of code to deal with every eventuality. This ability to learn, coupled with advances in robotics, cloud computing and mobile technology, means that computers can now help humans perform complex tasks faster and better than ever before.


The Importance Of A Personal Business Continuity Plan

People’s knee-jerk response is often to assume their data is automatically backed up to the cloud. While this is a good fallback, it is often presumptuous. If a cloud backup of your computer or your phone is your fallback strategy, you should look and see what is actually being backed up and whether it is current. When I recently examined my personal business continuity plan and looked at my iPhone iCloud backup, I discovered only 10 of my 129 applications were backed up to the cloud. If the cloud were my Plan A, I’d be in trouble. The reality is that you never, ever want to lose your data. It is your most valuable asset, and you need to do everything possible to protect it. The Disaster Recovery Journal explains that a personal business continuity plan is all about having a methodology in place to recover your data and help you return to full productivity as soon as possible.


Orchestration and Automation: The Enterprise’s Best Kept Secret

The IT organization simply defines a set of policies using templates. Those templates are then used to automatically provision all the infrastructure resources required by any given application workload. The end result is a much more agile IT organization capable of dynamically responding to any and all new application requirements. Once that automation capability is in place the IT organization gains the ability to holistically orchestrate sets of infrastructure services that function as a cloud; right down to being able to define what infrastructure resources can be made available to a specific application. In the truest sense of a cloud IT organizations can even allow developers to self-service their own IT infrastructure requirements within a set of well-defined guidelines defined by the IT organization.


Martin Van Ryswyk on DataStax Enterprise Graph Database

Datastax Enterprise (DSE) Graph is part of a multi-model platform that supports key-value, tabular, and Document models in addition to graph. Rather than use multiple vendors for handling polyglot implementations that demand different data models, the users can use one vendor and get different data models in the same product. DSE Graph includes additional capabilities like security, built-in analytics, enterprise search, visual management monitoring and development tooling. Also, DataStax Studio now comes with a new web-based solution to visualize graphs and write & execute graph queries. InfoQ spoke with Martin Van Ryswyk, EVP of Engineering, DataStax, about the graph data model support in Datastax.


Publisher's cloud strategy improves uptime and agility with PaaS

By embracing the Cloud Foundry PaaS, Springer Nature initiated "a big change in the working relationship between operations and development," Otte said. For example, changes to Springer's primary business channel, SpringerLink, once meant downtime. With PaaS, however, Springer Nature was able to dramatically improve uptime by empowering development teams to self-serve. According to Otte, "By embracing PaaS, we let dev teams own their applications in production without worrying about the operational hassles." This also resulted in "simplified operations and reduced costs across the board." This fits 451 Research's survey data that concluded IT increasingly worries about improving agility, rather than simply shaving pennies off hardware and software costs:


ONC Task Force: No ‘Show-Stopping’ Barriers to API Requirements

“We recognize implementation of such a framework may require Congressional action; however, using its role as advisor for all things health IT, ONC should seek to harmonize conflicting, redundant and confusing laws that govern access to health information,” the task force said. As part of that oversight framework, ONC should coordinate with the relevant agencies a single location for all API actors to access in order to become educated and to ask questions about the oversight and enforcement mechanisms specific to patient-directed health apps, as well as their specific rights, obligations and duties. For instance, the task force said, patients should have one place to access in order to log complaints regarding an app’s behavior, and app developers should have one place to access in order to log complaints that could launch investigations regarding a provider or an EHR API developer’s behavior regarding information blocking.


Survey: No Cure In Sight for Healthcare Data Breaches

“The fact that healthcare is bearing the brunt of cyberattacks is no surprise, given the unique black market value of the complete sets personal information sitting in electronic medical records, including patient names, family history, Social Security Numbers, and billing information,” commented Dylan Sachs, director of identity theft and anti-phishing for security vendor BrandProtect. “What is remarkable, however, is the level of sophistication these cyber criminals have achieved. We’ve recently witnessed a wave of elaborate attacks designed specifically to penetrate healthcare organizations. It seems clear that security measures must evolve to include aggressive, proactive monitoring for suspicious activities outside traditional security perimeters.” The College of Healthcare Information Management Executives similarly has raised a red flag about the epidemic of data breaches.



Quote for the day:


"Technological innovation is indeed important to economic growth and the enhancement of human possibilities." -- Leon Kass