August 05, 2016

4 Major Vulnerabilities Discovered In HTTP/2 Protocol

These include two that are similar to well known and widely exploited vulnerabilities in HTTP/1.x. "All the vulnerabilities we discovered were reported to the vendors and patched versions are already available," Itsik Mantin, director of security research for Imperva, told InformationWeek. "In order to stay safe, web administrators need to make sure to use a version of their server that has this vulnerability fixed." Mantin explained in order to win this patching race, application providers can either make sure to continuously get patches for the servers and all the third-party libraries they are using and install them in time, or use a web application firewall with virtual patching capabilities to provide ongoing protection to their applications.


Bitcoin and blockchain pose little risk to payments giants - Credit Suisse

Broadly, the authors conclude that Bitcoin faces an uphill struggle to become a major force, highlighting 13 barriers to mainstream adoption. In contrast, shared ledgers are seen as a more potent force, with three key properties - disintermediation of trust, immutable record and smart contracts - endowing the technology with real advantages to legacy systems.  On payments, the report acknowledges that a permissioned public ledger could remove the need for a central clearing house in the form of Visa and MasterCard. However, the bank's analysts still see limited risk to these card schemes, arguing that the decision by the likes of Apple to tap into their rails, making the networks the guardians of the tokenization process, puts them in a strong position.


It's Time to Disrupt Enterprise Business Intelligence Systems

The big question is whether in the organizations of the near future, even if the intelligence is valid, is able to execute the change interventions they believe are required. As organizations strive to achieve the flexibility and agility of the new waves of disruptive businesses entering the market, the above structure looks positively archaic. While "end user" reporting from BI systems has been a catch cry from BI vendors for at least the last 30 years, in reality the proportion of staff that actually access such systems could be embarrassingly small, given their current complexity. Some commentators are advocating addressing the issue through more user-friendly "search" mechanisms or self-service BI.


How will blockchain technology transform financial services?

At its core, blockchain is a network of computers, all of which must approve a transaction has taken place before it is recorded, in a “chain” of computer code. As with bitcoin — the first application of the technology, applied to money — cryptography is used to keep transactions secure and costs are shared among those in the network. The details of the transfer are recorded on a public ledger that anyone on the network can see. In the present system a central ledger is likely to act as the custodian of that information. But on a blockchain the information is transparently held in a shared database, without a single body acting as middleman. Advocates argue that trust is increased among the parties, as there is no possibility for abuse by someone in a dominant position.


IoT security suffers from a lack of awareness

"We've reached an era in computing now where we are able to project a pervasive digital presence into the edges of business and into the edges of life -- on the human body, in the human body, in the house, in the car,” Perkins says. Gartner estimates spending security technologies to protect the Internet of Things will top $840.5 million by 2020. What does the future of IoT security look like? Schneier, who has closely watched the cybersecurity market evolve over the last three decades, says the federal government must provide regulatory oversight into cybersecurity by establishing a new federal agency – ideally a Department of Technology Policy – to regulate the industry, similar to how the FCC was created to regulate airwaves and the FAA guides airlines.


Google and Facebook unleash the Open Rack Standard

The latest version of the Open Rack also includes specifications for a rack-level 48V Li-Ion UPS system. “Our contributions to the Open Rack Standard are based on our experiences advancing the 48V architecture both with our internal teams as well as industry partners, incorporating the design expertise we’ve gained over the years,” states a blog post from Google’ technical program manager Debosmita Das and technical lead manager Mike Lau. “In addition to the mechanical and electrical specifications, the proposed new Open Rack Standard V2.0 builds on the previous 12V design. It takes a holistic approach including details for the design of 48V power shelves, high-efficiency rectifiers, rack management controllers and rack-level battery backup units.”


How IT innovators turn digital disruption into a business productivity force multiplier

On the analytics and how that’s helped by the mobile working, we had a very similar result in Action for Children in the same year we brought out tablets. We started to do outcome measures with the children we were with. To reach a child, we do a baseline measure when we first meet the family, and then maybe three months later, whatever the period of the intervention, we do a further measure. Doing that directly on a tablet with the family present has really enhanced the outcome measures. We now have measures on 50,000 children and we can aggregate that, see what the trends are, see what the patterns are geographically by types of service and types of intervention.


In DARPA challenge, smart machines compete to fend off cyberattacks

With the competition, DARPA wants to encourage research into autonomous systems that can be used in cybersecurity. With the growing Internet of Things, more devices are being connected to each other without human involvement. Devices with IoT technology, such as a coffee maker, a car or a personal-assistant robot could be hacked, leaving users open to a security threat. “The whole world is moving toward computers. We know this,” David Brumley, a member of the For All Secure team, said in a DARPA video interview. “Everything is becoming automated. Pace makers. Refrigerators. Everything is connected to the Internet one way or another these days.” That means cybersecurity needs to move beyond laptops and tablets, but it’s an overwhelming job for human hackers to tackle on their own.


McLaren CIO on Digital Transformation, Hybrid Environments, Shadow IT And More

We’ve actually been collecting data from the cars for about 27 years. The internet of things and connected cars is something we’ve been doing for a long time! And with that, we’ve collected now over one trillion data points, which is an unbelievable amount of data. The challenge with that is finding the insights in it. If you can’t extract the information you want from it, it’s irrelevant. This is an area we are working very closely with SAP and looking at some of their clever in-memory technology and hopefully we’ll have some more news about that later in the year. ... IoT is a term that’s used a lot these days, but if you decompose it, it’s essentially some form of sensing, some sort of data communication, some sort of data collection, and then some form of analytics and application on top.


Do developers really care about security?

"So many of them are increasingly getting more focused on security," Fisher says, pointing to questions they ask early about authentication and how to store data securely, when in years past this was left to secops. Developers are looking at how their peers are building similar applications and taking note of the baseline expectations. Security isn't about vulnerabilities alone, Fisher points out. Availability is a form of security, too, she says. That includes both user traffic as well as malicious intent. With data breaches exposing user data, there are now more questions around data storage, especially in securing data so thieves can't easily access or steal it, and considering, from the get-go, how to store data so that it remains protected in case of theft.



Quote for the day:


"Shake off insecurities, step into the truth of who you are & the value of what you offer. Lead with posture" -- Art Jonak