August 14, 2016

There's Now A Cryptocurrency Created by Participating in DDoS Attacks

“Proof-of-DDos might not be a good ultimate end goal, but there are aspects of the idea that may prompt thinking along these or similar lines … We hope that Proof-of-DDoS is eye-catching enough to get people thinking more about these ideas.” The DDoSCoin system also allows its participants to choose specific sites to target through consensus. However, since the proof-of-DDoS concept relies on verifying encrypted TLS connections to a victim website, the participants will only be able to target sites that support those secure connections. Currently, about 56% of Alexa's top million websites support TLS. But that number is expected to increase as the encryption standard becomes more widespread, the researchers say.


Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called "golden key"—which allows users to unlock any device that's supposedly protected by Secure Boot, such as phones and tablets. The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled. And while this means that enterprising users will be able to install any operating system—Linux, for instance—on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.


Deep Instinct’s Artificial Brain Spots Zero-Day Security Threats

Nervana isn’t specializing in security. But like Nervana, Deep Instinct is using GPUs to produce what it describes as an artificial brain. That brain was trained by being exposed to hundreds of millions of files: applications, PDFs, just computer files of any type. About half were benign, and half were malignant. The process took about 24 hours, Schirmann says. Some human intervention was necessary during this first step, just as it is with a human brain that’s early in development. Humans told Deep Instinct’s AI which files were good or bad — but what distinguishes deep learning from machine learning is that the brain wasn’t instructed which features to watch. Based on what it knew about the “good” and “bad” piles, it began drawing its own conclusions about what a malicious file looks like.


Blockchain-Based Peer-To-Peer Solar Energy Trading To Be Trialed In Perth

The technology works, like bitcoin, to identify the ownership of energy as it is generated and then to manage multiple trading agreements between consumers who buy excess solar direct from the original owner/producer, without the addition of market costs and commercial margins. “It’s a software program that tracks the movement of electricity from point to point,” Green explained in an interview with One Step Off The Grid on Friday. “It handles the financial transactions off the back of it as well. “Presently, if you’ve got surplus solar electricity you sell it back for a low feed-in tariff and buy it back (from the grid) for a high rate. Using (Power Ledger), you can sell it to your neighbour at somewhere between the two” – less than the uniform tariff but more than you would get from selling it to their retailer, Green said.


How can Augmented Reality Leverage the FinTech Future?

Augmented Reality, widely being called as AR is a combination of different technologies incorporated to enhance the comprehension of an experience. ... The fundamental principle of AR is to enhance the user experience by presenting him overlaid system generated features to the real world surroundings. AR technology is extensively pragmatic towards mobile users. Number of users dependent on location-based services will be ever growing owing to the advancements in GPS and other dependent technologies. Hence FinTech future which puts its faith in mobile driven technology will get an amplification by encouraging their users to adapt to AR. Augmented Reality will bring Fintech users close to each other. There are many ways in which it can remodel the user experience.


The Field Guide To Data Science

Data Science is an auspicious and profound way of applying our curiosity and technical tradecraft to solve humanity’s toughest challenges. The growing power, importance, and responsibility of applying Data Science methodologies to these challenges is unimaginable. Our own biases and assumptions can have profound outcomes on business, national security, and our daily lives. A new class of practitioners and leaders are needed to navigate this new future. Data Scientists are our guides on this journey as they are creating radical new ways of thinking about data and the world around us.


Undocumented SNMP String Exposes Rockwell PLCs To Remote Attacks

“This vulnerability is due to the presence of an undocumented SNMP community string that could be leveraged by an attacker to gain full control of affected devices and grants the ability to manipulate configuration settings, replace the firmware running on the device with attacker-controlled code, or otherwise disrupt device operations,” Cisco Talos wrote in an advisory. “Depending on the role of the affected PLC within an industrial control process, this could result in significant damages.” According to an advisory published today by the Industrial Control System Cyber Emergency Response Team (ICS-CERT), these PLCs are used in industries such as chemical, manufacturing, food, water, wastewater and others across Europe, the United States and Asia.


WaTerFall requirements in Agile Product Development

In reality, and rather frequently, the best ideas and solutions come much later in the process when development phase is well underway. It is also not uncommon that customers change their minds about initially stated requirements after development begins. In cases like these, to justify BRD scope creep, a tedious and overly bureaucratic process, of change control is implemented – something that requires additional time and effort. By design, BRDs are meant to resist changes; anything that requires an update after BRD is finalized and signed off, carries a negative connotation. Lastly, having BRDs produced without initial participation of technology creates a lot of ‘wishful thinking’ and unrealistic expectations from customers that sometimes look for complex and expensive solutions.


Agile Scaling Frameworks: An Executive Summary

SAFe is anchored and framed by a so-called "big picture" of what a compliant implementation will look like. This generates two problems. Firstly, it encourages the perception that agile change can be templated and overlaid onto existing practices without deep and pervasive change...in other words, the foundations may be weak. Secondly, and ironically, organizations with no Unified Process legacy will find the prescriptions of the template hard to approximate...too much change in other words. Nevertheless SAFe can be an appealing option for organizations which are already vested in the Unified Process or similar methods.


Why Change Management Needs Review By IT Security

Information security should be embedded into the change management process to ensure that all changes have been assessed for risks. This includes assessing the potential for introducing new vulnerabilities into the environment and the potential business impacts that could occur if a change produces undesired results. Changes will always involve some amount of risk, but risk can be minimized if changes are adequately reviewed, assessed and coordinated through a formal change management process. One of the biggest challenges is gaining buy-in from users so that they follow the change management process and not circumvent it. Change management helps avoid problems by increasing upfront communication and identifying issues before they happen.



Quote for the day:


“There is a difference between listening and waiting for your turn to speak.” -- Simon Sinek