August 10, 2016

Protecting privacy in genomic databases

The new system, which Berger and Simmons developed together with Cenk Sahinalp, a professor of computer science at Indiana University, implements a technique called “differential privacy,” which has been a major area of cryptographic research in recent years. Differential-privacy techniques add a little bit of noise, or random variation, to the results of database searches, to confound algorithms that would seek to extract private information from the results of several, tailored, sequential searches. The amount of noise required depends on the strength of the privacy guarantee — how low you want to set the likelihood of leaking private information — and the type and volume of data. The more people whose data a SNP database contains, the less noise the system needs to add; essentially, it’s easier to get lost in a crowd.

Researcher hides stealthy malware inside legitimate digitally signed files

If an executable file is signed, information about its signature is stored in its header, inside a field called the attribute certificate table (ACT) that's excluded when calculating the file's hash -- a unique string that serves as a cryptographic representation of its contents. This makes sense because the digital certificate information is not part of the original file at the time when it is signed. It's only added later to certify that the file is configured as intended by its creator and has a certain hash. However, this means that attackers can add data, including another complete file inside the ACT field, without changing the file hash and breaking the signature. Such an addition will modify the overall file size on disk, which includes its header fields, and this file size is checked by Microsoft's Authenticode technology when validating a file signature.

Huawei cyber president warns technology is a breeder of threats

"Of course it's more complicated now than 35 years ago, but the technology of 35 years ago is still a security challenge, and here we are looking forward five and 10 years towards things that have not really been invented. We don't really know they're going to be fully used around the world and yet people are asking 'how do you secure this world?'" His advice is to focus on securing this world -- not the PC of 35 years ago -- because shortly after each new technology is born a threat occurs. Suffolk does not expect this to change. Due to the public nature of many recent data breaches or security hacks, Suffolk believes that many customers now understand intrinsically what goes on with security, noting it has not stopped them from embracing technology.

16 Stunning Statistics that Forecast the Future of the Internet of Things

Everyone’s talking about the Internet of Things, even the “things,” which can now request and deliver customer support, tell if you’re being as productive as you could be at work, let your doctor know if you’re following orders (or not), reduce inefficiencies in energy consumption, improve business processes, predict issues and proactively improve or resolve them based on data received. The Internet of Things (IoT) is just getting started. These forecasts below show why organizations need to get started too (if they haven’t already) on leveraging and responding to the Internet of Things

Part 1: Machine Learning’s Promise for Cybersecurity

Williamson told an industry panel in May that machine learning and data science solutions are “very technique driven.” “Pretty well every provider of analytics solutions will say ‘look at the techniques I’ve got – I’ve got some core vector machines, I invented one of the core vector machine algorithms, it’s a great technique’,” he said. “It’s still a technique. How do you know for your problems that it’s useful? You don’t.” For some however, especially the data scientists in this field like Rehak, machine learning nevertheless holds great promise for making the Internet more secure. Some argue in fact, it’s not just possible that machine learning will improve security; it’s inevitable.

Storage Flexibility Benefits Multitenant Environment

Disruption, as we've heard, is around containers. We're launching a new container-as-a-service platform later this year based on ContainerX. That will allow us to do containers for both Windows or Starnix platforms, regardless of what the developers are looking for. We're targeting developers, DevOps guys, who are looking to do microservices to take their application, old or new, and architect it into the containers. That’s going to be a very disruptive new offering. We've been working on a platform for a while now because we have multiple locations and we can do the geographic dispersion for that. I think it’s going to take a little bit of the VMware market share over time. We're primarily a VMware shop, but I don’t think it’s going to be too much of an impact to us. It's another vertical we're going to be going after. Those are probably the two most important things we see as big disruptive factors for us.

The most critical gap in cybersecurity today: Talent

Despite the growing breadth/depth of security threats in the everyday organization, it is typical to find an unstructured security team that is not providing professional growth or continued education opportunities. Furthermore, the few professionals who are qualified are spread too thin and tend to burn out quickly. This has also had a profound impact on the security industry, which is now seeing 1 million unfilled cybersecurity jobs in 2016 alone, and that number is expected to increase to 6 million global job openings by 2019. While the task of closing this gap seems daunting, it is important for enterprises to shift their focus to their internal teams to cultivate the talent that already exists within their organizations, even if it’s minimal to start.

Where Do We Go with Robotics?

The word “robot” was coined by Karel Capek from the Czech word “robota” meaning “hard work” or “slavery”. On these aspects, robots play a part in relieving human workers from difficult or risky tasks, while being under their supervision. Volkswagen is testing them to relieve their workers from difficult tasks on assembly lines. Companies working with radioactive material use them to control and inspect their facilities. The army is willing to use them to make sure a military field is safe and cleaned from any explosive device. As for many technologies before, citizens are willing to call them progress only when they start benefitting from them. They may even have forgotten about one of the very first concerns that crystallized the word “robot” when it was coined: the diminution of employment in the industry.

Building engaging and secure mobile apps

Users must feel confident installing the app and using it wherever they might want to. However, most public Wi-Fi networks lack security. So it would be a wise choice to disable automatic connectivity to such networks to prevent loss of important data. Data leaks are the concern where users are expected to sync data to the cloud. The vendor’s protection mechanisms cannot be controlled even if the company’s security policies comply with best practices. To tackle this issue, it is recommended to ensure a different password for every app or service. However, most of the security shortcomings are to be tested beforehand, on the development and testing stages of the security lifecycle. And it is hardly possible that marketers will be involved when making decisions of this kind.

No, 900 million Android devices are not at risk from the 'Quadrooter' monster

Verify Apps scans your device for potentially problematic programs both as you download new apps and continually over time. It'll stop you from installing any app that could compromise your device's security and will also warn you if an existing app starts doing anything suspicious. Verify Apps is present on every Android device running version 2.3 or higher -- which, according to Google's latest platform measurements, accounts for a whopping 99.9% of active Android devices. And Google has confirmed the system is already watching out for any "Quadrooter"-related mischief -- none of which, it's worth noting, has actually been observed in the real world.

Quote for the day:

"Data is a precious thing and will last longer than the systems themselves." -- Tim Berners-Lee