Daily Tech Digest - December 05, 2016

Should you go with Google's Go? 7 pros and cons

Go’s rise coincides with a rapid collapse of interest in C. Yes, C remains second on Tiobe’s list, but it has lost about 40 percent of programmer investment as computed by Tiobe’s complex metric. Built to be a stripped-down, efficient language for writing low-level code, Go shares many features with C, including much of the syntax. It’s hard not to conclude that a good part of Go’s newfound support is likely made up of former C programmers migrating to a new home. The Tiobe list isn’t about lines of code or job advertisements; instead, it tries to capture the pulse of the programming world by counting web searches and other behavioral metrics. It’s clear from Go’s large leap that people are starting to talk about Go for real-world projects, not merely fringe one-offs from startups.

Reality Check: Getting Serious About IoT Security

To determine the severity of the problem, I wanted to see how quickly an IoT device would be attacked once it was connected to the Internet. Would a user who bought an IoT webcam or printer have enough time to set up and securely configure the device before an attacker would compromise the device? ... The vast majority of the devices targeted by Mirai are running a stripped-down version of the Linux operating system, developed for multiple architectures (MIPS, ARM, x86, etc.). These machines generally run a tool called BusyBox — "The Swiss Army knife of embedded Linux," as developers refer to it. This single binary allows for the execution of more than 300 commands, cutting down on the space required of an operating system on an embedded device.

Respect and the Agile Workplace (a.k.a. 5 Failings of Your Humble Agile Architect)

It's quite common for me to be in a discussion when my mind races ahead to a solution for a problem that we're still spit-balling. And once I arrive at my solution, I'm anxious to get the conversation caught up to that point so we can just get on with it, dammit! But, of course, that doesn't work. Knowing this, I take a deep breath to calm myself, a technique I learned and have used since the sixth grade, and patiently help move the conversation forward at a more reasonable pace. And, of course, at this point I've made two mistakes. The first one, waiting patiently to get to my solution rather than helping the group get to some solution or a range of possible solutions, and the second one being the deep breath that's misinterpreted by others as a sigh of disinterest or impatience with them rather than my own frustration with myself.

What's Hot in Hiring: Data Security Consulting!

Information security can be broken down into two main areas. These areas are hardware, and software. A data security consultant may be expected to have a wider understanding of their industry, but in reality they will only specialize in some key areas. This means that employers need to be specific about who they’re looking for and the technologies that they use. It also means that jobseekers need to be upfront about their expertise, or they may risk finding themselves in a position that is beyond their current skillset, which could lead to career impacting underperformance. As a consultant, the role is to advise, develop, and implement change. This change is usually to address a problem that already exists. In the case of data security, this could mean that a security threat has already been identified, or it could be to mitigate possible threats with new technologies.

Why cybersecurity companies fail at selling to CISOs... and what to do about it

Why is Hayslip, who is also author of the book 'CISO Desk Reference Guide: A practical guide for CISOs', ranting on vendors? He likes them, he wants to help them do a better job at selling to CISOs, and he decided to offer them some hard-core advice. Cybersecurity software companies and solution providers ought to listen up on what this CISO has to say in his manifesto, even if some of it may be hard to swallow. Hayslip tells it like it is. He isn't singling out particular vendors or sales reps. He has no vendetta against them. To be clear, Hayslip is heavily engaged in the cyber vendor community and he's an Advisory Board Member at the San Diego Cyber Center of Excellence (CCOE), a non-profit founded by local cybersecurity companies dedicated to accelerating the region's cyber economy.

Intel is Winning Over Blockchain Critics By Reimagining Bitcoin's DNA

The main critique to emerge is that participants would need to use Intel hardware like SGX to execute code in a protected area that can't be inspected or tampered with. That's how you "know" — in theory — that the blocks filled with transactions will be dispensed at a certain interval, and that those transactions are correct. And you know that it can't be tampered because of cryptography involved. "PoET uses this special processor capability to regulate block frequency rather than computation," Sawtooth Lake project manager Dan Middleton said, explaining that by using the protected area of the chip, the code is executed as designed. "This is what enables the return to one-cpu-one-vote," he continued, echoing an idea invoked in Satoshi Nakamoto's bitcoin white paper.

Alexa and Google Home Record What You Say. But What Happens to That Data?

Google users can find everything they’ve asked for by visiting myactivity.google.com while they’re logged into their account. This query museum doesn’t just include voice requests. It also includes any Google searches, YouTube videos, and apps you’ve launched on Android, among other things. It’s all presented in a neat, searchable chronological stack. There are user benefits to these personal audio catalogs. For cases where spoken-word answers aren’t very useful—recipes and search results, for example—Amazon and Google provide links to written content in the Alexa and Home apps. Both companies say these audio databases help each system serve up personalized content and learn the intricacies of your Maine accent.

CNN’s Quest Discusses Cyber Breaches, an “Existential Threat”

No institution, however big or grand, is safe. The global payments system SWIFT has embarrassingly admitted $100 million was stolen from one of its members who had been careless with authentication details. Even the US government has admitted data on millions of employees has been compromised. What makes cyber security breaches most worrying for companies is the existential threat that comes with them. Rob a bank branch and you only get the money inside the vault. Compromise a bank’s trading or transfer systems and, as the SWIFT CEO admitted recently, you create a threat to the very existence of the institution itself. Cyber attackers frequently squat in compromised systems for months before launching their attacks. It creates a huge challenge for companies.

The digital opportunity for CIOs

Left to their own devices, functional leaders will likely tackle each of the three opportunities in independent ways. For example, the chief marketing officer might just concentrate on the customer, the chief financial officer might just concentrate on the use of analytics for management insight or financial reporting, and the chief operating officer might just look at digitising parts of the supply chain. But while digital might help that leader’s particular function, overall, it can add to poor investments and jeopardise broader adoption patterns more widely for the business. But all these areas share a strong technology underpinning. The CIO is therefore positioned to visualise the digital “big picture”, and help guide investments that build the right mix of technology skills, architectures and delivery models.

Ramsomware as a Service Fuels Explosive Growth

Orla Cox, director of security intelligence delivery at Symantec, said not only has the number of attacks increased, but the demanded ransom has as well. “The average ransom demand has more than doubled, and is now $679 (US dollars), up from $294 at the end of 2015,” she said. She added that 2016, "has also seen a new record in terms of ransom demands, with a threat known as 7ev3n-HONE$T (Trojan.Cryptolocker.AD),” which demands a ransom of 13 Bitcoin per computer, or $5,083 at the time of discovery in January. One reason for that explosive growth is probably because, even with headlines and continuous warnings about it, most individuals and organizations remain woefully vulnerable. Even if protection is available, they don’t always use it.

Quote for the day:

"Fear causes hesitation and hesitation will cause your worst fears to come true." -- Patrick Swayze