August 25, 2016

Reprogram Your Culture

There is power in story as they inform, persuade and educate. Using the power of story, you can tap into foundational beliefs that shape culture. ... Although that’s unlikely, the reinforcing power of the story is that it communicates the value of customer service. It’s far more impactful to share that story than to say, “a Nordstrom core value is customer service.” ... There are four types of stories that shape culture. Identity stories are about who we are and where we came from. They capture what’s unique and special in the DNA. Success and Failure stories are about what is rewarded versus punished. Finally, future stories are about where the organization is going. ISFF (Identity, Success, Failure and Future) are the core stories that you can tell or will be defined by your culture. Change the story to change the culture.

European law enforcement seeking smart ways to fight cyber crime

Manufacturers need to wake up to the risks they face in the connected world and realise that most cyber security vulnerabilities are not solvable using bolt-on systems, but instead relying on sound engineering, software development practices and cyber security best practices. “The most effective cyber security work occurs during the planning, design and early implementation phases of the products, with the difficulty and cost of remediation increasing in correlation with product age and complexity,” said Thuen. Failing to address security at the early development stages could be very costly in the long-run, he said, leading to loss of consumer confidence or even product recalls, which some vehicle manufacturers would find difficult to recover from.

Are You Agile Enough for Polyglot Programming?

An interesting case study in Polyglot Programming is the Obama re-election campaign. The entire project was conceived of, designed, deployed, and dismantled in 583 days. It was spread across 3 data centers and 2000 nodes; it consumed 180 TB of data and supported 10,000 requests per second. Luc Perkins (@lucperkins) says in his blog that the Obama campaign was unbelievably agile. It was 100% cloud based and polyglot. Poly-language, poly-framework, and poly-db. Harper Reed, the CTO for the Obama re-election campaign, knew from the beginning he was resource constrained, so he bet big on the cloud. Without millions of dollars for servers, Harper chose Amazon Web services to host everything.

Trying to make sense of Google's messaging mess

Google's overall approach to development is a problem that impacts strategy and branding throughout the company, according to Dawson. "Teams within Google seem to be empowered to go and create stuff without coordinating with other teams — that can lead to great innovations, but more often than not it appears to lead to this kind of fragmented, disjointed approach to a space," he says. ... Google's seemingly unfocused approach to messaging is also related to the company's failure to create or acquire a wildly popular app. None of its messaging apps have ever reached the scale of WhatsApp, Facebook Messenger, WeChat, Line or others. "The best case scenario for Google is that they hit it big with one of their messaging and communication platforms, and then can start from a base of success before consolidating," says Patrick Moorhead

Apps for Work vs. Office 365 debate as much about culture as tech

Companies are increasingly looking to outsource their email and other productivity software like calendaring and word processing. They're enticed by lower costs, better disaster recovery and scalability offered by vendors, but the market is still nascent. A 2016 study by market research outfit Gartner shows 13% of publicly traded companies are using cloud offerings from either Microsoft or Google. Office 365 claims nearly 9% of the email market; Apps for Work grabs just under 5%. The remaining 87% has email in-house, in data centers or private clouds, or use hosted email services. The two vendors' software packages have the same basic lineup: web-based email, word processing, calendar, messaging, spreadsheets and slideshow generator.

Phishing for Insurance Coverage

Frequently, insurers assert that there is no coverage because the loss did not proximately result from the fraudulent hack, but rather from the intervening actions of duped individuals. Last year, in Apache Corp. v. Great American Insurance Co., a federal court in Texas ruled on an insurer’s challenge that the requirement in the Computer Fraud clause of a Crime policy that the loss result “directly” from the use of a computer was not met. An Apache employee received a call, and then an email attaching a letter, from a person claiming to be an employee of one of Apache’s vendors, requesting a change of the account information to which payment was to be sent for the vendor’s services. The change was made, and $2.4 million was directed to the fraudulent account.

Advocates Want FCC to Address Car Hacking Threat

The PSA noted that a vehicle’s susceptibilities may lie in its wireless communications functions, for example in a mobile device connected to the car through Bluetooth, a USB or Wi-Fi. Third-party devices connected to the car can also cause vulnerabilities, the agencies said. “In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle,” the announcement said. In July 2015, two hackers showed WIRED how they could remotely access a Jeep Cherokee’s systems to manipulate the air conditioning and radio settings, as well as cut the transmission entirely while the reporter was on the highway. Later that month, Fiat-Chrysler formally recalled 1.4 million of their cars that could have been affected by the vulnerability.

How Bloomberg is advancing C++ at scale

Large projects differ in complexity and difficulty in multiple dimensions, which kick in at different magnitudes. For example, as software size crosses the threshold where frequently recompiling the entire system becomes infeasible, you need to be taking insulation techniques seriously.There are three global techniques available in C++, two of which are architectural and one of which is not. The procedural interface, the first of the two architectural techniques, is very specific to C APIs; the second is the pure abstract interface, or protocol, which we use routinely throughout BDE and in system integration in general. The non-architectural technique uses a concrete class, also called PIMPL, or “pointer to implementation”. But, all three are totally insulating, meaning that with them you can insulate the entire implementation.

CISCO Starts Patching Firewall Devices Against NSA-Linked Exploit

ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction. ... Even though the ExtraBacon exploit was designed to work for versions 8.4(4) and earlier of the ASA software, other researchers demonstrated that it can be modified to also work on newer versions. Cisco confirmed in an advisory that all versions of SNMP in Cisco ASA software contain the flaw. On Wednesday, the company updated its advisory to announce the availability of patched versions for different Cisco ASA branches, namely 9.1.7(9), 9.5(3), and 9.6.1(11).

How CISOs can adopt a proper risk management approach

A better approach would be to have a flight detector approach on individual endpoints. When you're on the plane you hope you never need it but in case you have a crash it is a critical feature. Likewise, if you see any unusual network activity you can activate this endpoint and do a real-time analysis. Enterprises should analyse the network traffic in real- time and look for anomalies. This process will give them an early warning. It's called breach detection system and it is very effective on the network layer. But trying to record change at every end point in real-time is cost prohibitive and not very meaningful. Installing an intelligent smart endpoint sensor and a flight recorder at end points will be more beneficial for the enterprises.

Quote for the day:

"If a window of opportunity appears, don't pull down the shade." -- @tom_peters