August 01, 2016

Ransomware’s Success Causing Evolution of Variants

“Given SamSam’s success, it’s only a matter of time before adversaries introduce faster and more effective propagation methods to maximize its impact and increase the probability of receiving payment,” states the report. “Attackers’ use of JBoss back doors earlier this year to launch ransomware campaigns against organizations in the healthcare industry is a strong reminder that adversaries, when given time to operate, will find new ways to compromise networks and users—including exploiting old vulnerabilities that should have been patched long ago.” The rise of ransomware makes patching long-standing vulnerabilities an urgent imperative, Cisco security researchers say. 

The DAO, Smart Contracts and the Bulletproof Blockchain

Think of a blockchain system as a trust network; Bitcoin just happens to be a successful use of such technology. There are many other examples of trust networks in the world where the blockchain could replace an old-style trust network. For example, eBay is a trust network for buying and selling things. It acts as an intermediary between buyer and seller, assisting the two parties to come to an agreement. Recently, a blockchain alternative called was launched. It provides a direct buyer-to-seller capability with no need for a website or middleman fees. It is made possible by the blockchain. It was with this kind of idea in mind that the DAO was launched, with great fanfare and $$$$s of investment. 

CaptureManager SDK

I had got an idea to write a new solution for working with web-cams on basement of Microsoft Media Foundation while faced with one unusual task. So, the task was not resolved, but I had wrote some code and had decided to continue development of the solution. At beginning the solution included only few classes and allowed to execute only few functions, but after adding of some demands for this solution I had decided to write a simple SDK which allows to make capture configuration for the new tasks easy and to inject a new developed code into it by implementation of the Microsoft Media Foundation's and CaptureManager's interfaces.  As a result, I have got this SDK for capturing, recording and steaming of live-video and audio from web-cams only by Microsoft Media Foundation.

Iterative Prototyping in the Mobile App Development Process

The mobile app development process differs from website development in that lifecycles are much more frequent, and developers have to bear in mind different devices, screen sizes and operating systems, both in the design stages and when user testing. Traditional website development styles, aimed at creating one version of a website, don’t tend to work as well when it comes to mobile app development, which calls for a more agile approach. All of which has, unsurprisingly, led to the adoption of iterative, rapid development processes. Prototypes have a role to play in this agile approach, enabling developers to build, test, iterate, re-test and re-build rapidly and at lower cost. A prototype of your mobile UI design is an essential part of a mobile app’s design process.

Do No Harm: An Oath For Health IT Developers

"Software engineers and physicians need to work together to ensure the health and safety of patients first and the ingenuity of efficient health technology second," said Dr. Andrew Boyd, assistant professor in the department of Biomedical and Health Information Sciences at the University of Illinois at Chicago.  "Algorithms are literally impacting millions of lives, and there needs to be a better way to empower developers to say this might be legal but this isn't doing right by the patient," said Boyd. A strong advocate for developers being held to the same professional standards of ethics as health care providers, Boyd said that security in health IT is a huge concern.

How the Internet of Things Helps Water Management

To begin with, there is the need for level sensors and equipment which are deployed across the reservoirs and overhead tanks. It is to be noted that level sensors are specially- designed sensors which can establish the level of water present in a tank/reservoir. This established water level can then be communicated to the central servers which are deployed for the purpose of effective water conservation as well as management. This information is passed on to the central servers on a regular basis, which further helps in determining the amount of water usage on a daily basis and also indicates the level of water that is present in the reservoirs or tanks.

CIO interview: Gary Steen, chief technology officer, TalkTalk

A big user of outsourcing, TalkTalk’s main suppliers are Tech Mahindra, TCS, Capgemini and Infosys, but the idea is to boost internal capability, especially in areas such as data, security, architecture and design. “Insourcing is about looking at our skills and those at our technology outsourcing partners, and also looking at how we avoid duplication. We are talking about optimisation of what we’ve got and how we can deliver more for the same,” Steen says. “Our outsourcing partners are intrinsically linked to the success of our technology delivery and this will continue. However, we need to ensure that we build up our own intellectual property.”

The Making of a Data Scientist

When it comes to enterprise-level initiatives, data science teams tackle the challenge of identifying and developing ways to produce measureable outputs of value from data of variable quality originating from disparate sources. Decision makers want to see summary numbers presented in an informative and consumable way. In the desire to see whole numbers, users do not always understand the importance of also looking at the statistical certainty around data measurements. It is my team’s job to take statistical validity into account while evaluating metrics for both data quality and for performance benchmarking. The data science team will scour through data in order to create and measure benchmarks for tracking improvement efforts and for identifying trends or opportunities for growth.

Salted Hash: Phishing study reveals frightening password habits

"More often than not, though, people choose simple passwords and number combinations to save time and to prevent getting locked out of an account or using data. What this suggests, however, is that this thinking is much more widespread and dangerous for the average user," she said. Is this a problem the security industry has created over time? Have we conditioned people to use poor passwords? The short answer is yes, according to Per Thorsheim, a security expert who founded PasswordsCon in 2010. "The common knowledge of passwords is based on rather old assumptions, folklore, myths, etc.," he said. Most of the advice people use to create passwords is outdated or irrelevant, and technically or logically wrong.

Anonymous Blockchain Micropayments Advance With 'Bolt' Proposal

Micropayment channel networks, such as the in-progress Lightning Network or Thunder Network, solve the first two problems by moving transactions to a new layer. Instead of recording every transaction on the blockchain, users open up channels, perhaps someday by clicking in an app, settling transactions on the blockchain only when necessary. Proponents argue this solves the scalability issue and allows for many more transactions while still not requiring trust in any third party. Finally, there’s the issue of privacy, which has been partially addressed by Zerocoin and the much-anticipated Zcash, the release of which was delayed last week. This anonymous cryptocurrency, the researchers say, could guard channel openings and closures from revealing information about the customer and merchant.

Quote for the day:

"Testing leads to failure, and failure leads to understanding." -- Burt Rutan