June 03, 2016

Security concerns rising for Internet of Things devices

The good news is that the larger IoT companies like Belkin are starting to respond to the problem. Young says he has seen progress in how often companies are responding to firmware problems or at least acknowledging that there is a growing problem. Indeed, when LIFX found out about the Wi-Fi credentials flaw, they patched it right away. Because there are so many small companies making IoT devices, the problem won’t go away anytime soon. Foeckl says IT departments need to start including IoT devices in their security monitoring efforts and certification and testing processes, and that they should work with their vendors to make sure these devices are patched, tracked, and protected.


Data Integration Continues to Bedevil Healthcare Industry

“This is a process moving forward that’s going to require a partnership with the private sector and all of our federal partners,” said DeSalvo, who added that the private sector in particular has stepped forward to mature FHIR as a standard. DeSalvo added that electronic health information comes not just from EHRs, but also from wearables, the Internet of Things and mobile healthcare technologies. “It’s coming from so many sources today, compared to where it was in 2008 when we started measuring,” she said. The challenge now “is how to bring that information together to make it usable and actionable for everybody who wants it.” At the same time, DeSalvo made the case that beyond technology, true data integration will require a change in the culture of data sharing in the healthcare industry.


Will IoT technology bring us the quantified employee?

The desire to quantify, measure, and monitor ourselves has spawned an entire industry, with companies developing wearable computing devices, fitness trackers, and mobile communication tools at a fevered pace. Consumers bought more than 45 million wearable devices and fitness trackers in 2015, and analysts expect demand to grow by more than 45 percent annually through 2019, becoming one of the fastest-growing technology markets. What are these wearable devices doing for us? They are giving us information on our exercise, sleep, movements, diet, and pulse, creating the quantified self, powered by an architecture of technology referred to as the Internet of Things (IoT). But when the quantified self arrives at the office, does he or she become the quantified employee? Many employers would hope so: With oceans of data from workers’ wearables,


How Israel is turning part of the Negev Desert into a cyber-city

The roots of Israel as a cyber power go back to the 1973 Yom Kippur War, said retired Brig. Gen. Yair Cohen, another former head of Unit 8200, which employs thousands of soldiers and serves a role similar to the National Security Agency. In less than three weeks, Israel lost more than 2,000 soldiers largely because of a dramatic failure of intelligence. As a result, the Israel Defense Forces (IDF) decided to reinforce their signals intelligence arm, Unit 8200. The unit sought the best code-makers and code-breakers, Cohen said. It also began to conduct its own research and development, with soldiers building radio interception, and now cyber tools. “We cannot wait for someone in the United States to give us technology,” said Cohen, who now runs his own cyber venture capital firm.


Polar A360 Review – Simple And Efficient

As you would expect from any decent tracker, the A360 monitors activity and provides in-depth feedback, thanks to the built-in accelerometer. The Polar A360 can also record sleeping patterns, show you smart notifications, and warn you when you’ve been sitting at your desk for too long. Also, the Polar A360 is water-resistant up to 30 meters, therefore, you do not have to take it off while swimming or taking a shower. As a downside, the Polar A360 is missing the GPS sensor. I have the feeling that this is something dedicated runners might not like. Other than that, the Polar A360 bracelet feels like a robust and capable fitness tracker. I must say that overall, I am quite impressed with this tracker. Well done Polar.


Can a city switch entirely to driverless cars?

The Department of Transportation and major U.S. cities are betting on technology to solve their transit woes. As part of its "Smart Cities Challenge," the DOT will give a winning city up to $40 million to help it experiment with innovative transit options. It would also be eligible for an additional $10 million from Paul Allen's Vulcan Inc. San Francisco, a finalist, imagines a fanciful city with an elaborate network of city-run self-driving cars and shuttles, where the on-demand businesses it's still struggling to regulate are a seamless part of life. The most technologically ambitious part of San Francisco's big vision, created by the city's new Office of Innovation, is getting people out of the driver's seat and into shared, autonomous cars. The idea is to reduce traffic and reclaim parking structures and some roadways for housing and parks.


TeamViewer Credential Breach, Bitcoiner Computers at Risk

While possible that TeamViewer’s breach is correlated to the recent Myspace hacking incident, the availability of 2-factor authentication data rules out Myspace credentials being the main culprit. If you currently use TeamViewer, then your first step is to check if your authentication credentials were leaked (Use HaveIBeenPwned to check.) If so, change passwords for every service and consider yourself very lucky if nothing else has been accessed — like your email or bank account. Next, you should login to TeamViewer’s application console. Now, on the upper-right side of the screen, click your username > edit profile > active logins, to see every device and location that has accessed your account. Nothing is worse than having your cryptocurrency stolen. Eliminate potential vectors of attack!


How To Embrace The Benefits Of Shadow IT

Many IT organizations have evolved over time, morphing to accommodate major transformation projects such as ERP implementations AND refreshes, re-platforming from legacy technologies to current day solutions, and extending or contracting based on mergers, acquisitions, and divestitures. As a result, the size, shape and composition of the traditional IT organization is often as confusing and complex as the myriad of technologies that are woven together into a tapestry of IT solutions that are constantly challenged to keep up with business needs. Contrast that dynamic with shadow IT, which is often set up by the business for the business, very well aligned with the affordability and competitive demands of the business, is easily understood as it aligns perfectly with the business functions OR products, embraces the latest and greatest technologies via SaaS, PaaS, IaaS, and other consumption-based models, and is agile by design—not as a costly retrofit.


Adopting Open Source Development Practices in Organizations

The first step toward an inner-source initiative is to select an appropriate seed product— an existing initial implementation of a software product or component. Similarly to projects in open source communities, starting an innersource project from scratch is difficult. Without an initial vision of a project, it’s hard to attract developers from across an organization to invest time and resources. Instead, it’s much more useful to have a seed product that can attract a developer community and grow to a successful inner-source project. This seed project must offer sufficient value to an organization. Starting an innersource project around a new operating system or database management system is unlikely to attract many contributors because building such commodity software is wasteful.


The Art of Intelligent Deception in Cyber Security

Decoys counter sophisticated types of attack by applying techniques that entice attackers, fool and feed them false data, and provide an organization a forensic trail of the attacker’s movements and the option to react before the data is stolen. Attackers that are able to get through the perimeter of a network are typically shrewd and familiar with the layout of a common corporate network. However, even the most experienced hackers are initially working with a handicap as they are still learning the inner workings of a specific network. This is a weakness that organizations must exploit quickly by creating a mirage to confuse and lure in the attacker. This deception strategy is similar to what has been used in combat for centuries. Strategically placed decoys in the form of fake equipment and communications confuse the opposition and lure them away from their target, providing the opposition the advantage.



Quote for the day:


"We cannot evoke the true spirit of sacrifice and valour, so long as we are not free." -- Mahatma Gandhi