Daily Tech Digest - February 07, 2017

Tech stance against immigration ban aims to protect employees

Industry analysts say the companies could face similar criticism from Trump, but likely feel the need to defend themselves and their employees. "There could also be backlash if they did not participate, especially if a large number of other companies did," said Ezra Gottheil, an analyst with Technology Business Research. "I think this was a principled stand, but it is also a sound business move. All the populations these companies deal with are diverse - employees, prospective employees, customers, and partners. The U.S. being, and being seen as, hostile to refugees, immigrants, and people from other countries would impede their businesses." Judith Hurwitz, an analyst with Hurwitz & Associates, said many companies, particularly international businesses, may be feeling the strain of what the immigration ban could mean to them.


The Evolution of Phishing

Some of the most infamous cybercrimes over the last ten years — taking out retail chains, universities and even banks — started with a single user opening a spear phishing email. Where conventional phishing uses wide-scope attacks predicated on chance and opportunity, spear phishing is highly targeted. Technology research firm Vanson Bourne clocked the average financial impact of a successful spear phishing attack at $1.6 million. Using gathered knowledge and open-source intelligence (OSINT) feeds, threat actors craft personalised pretexts for small, select groups of employees. Because spear phishing emails are so distinctive, traditional reputation and spam filters often fail to detect the malicious content within. A spear phishing attack can also incorporate sender forgery, polymorphic URLs and drive-by downloads to circumvent common protections.


Internet Of Things Security Market To Hit Highest Growth By 2021

The global IoT security market is segmented on the basis of end-users as utilities, automobiles, and healthcare. Based on the software, IoT in utility market is segmented as security, analytics, smart grid management, operations control, Customer Information System (CIS), and predictive asset management. To ensure the efficient functioning of devices such as smartphones, tablets, and PDAs at the workplace, it is crucial to maintaining network infrastructure security. Moreover, traditional business models are being developed, as utilities are using emerging technologies for optimization of information flow, for improvement of asset performance, and to increase energy efficiency and ensure supply.


Why companies don't hack back

"The idea is that you make something in your network look so attractive that it becomes the focus for the attacker," Sirota said. Companies even create entirely fake servers to confuse an attacker. Active techniques, however, are where most people start to have objections, though they can be valuable, according to Herberger. Whether it's a DDoS attack, SQL injections or a brute force attack, those techniques can also be available to an attacked company. Active techniques center around companies taking action during the first disrupted session, not waiting for attackers to continue their attack. Organizations can identify an attackers application as a potential problem and "proactively make sure that application doesn't work," Herberger said.


How to protect your privacy with a VPN on Android

A VPN (Virtual Private Network) is basically a way to funnel all your web traffic through a remote server. This makes it look like you’re in a different location and obscures your real IP address. VPNs encrypt the traffic passing through them, making it harder for anyone else to listen in on your connection, even if you connect to an unsecured Wi-Fi network. Since your connection appears to be coming from a different area, you can access geo-restricted services like the BBC. Some of the more popular ones like Netflix and Hulu have gotten serious about blocking VPNs, though. It’s also important to note possible security issues with the VPN providers. They are getting access to all your traffic, after all. Some providers like Hola VPN have had security issues, so you should steer clear.


Critical DOD cybersecurity functions safe from hiring freeze

Officials who grant exemptions under the exempt functions section of the new DOD memo have to be ready to justify those choices on a position-by-position basis, according to the memo. Those officials are also going have to submit reports on a bi-weekly basis. According to the memo, “in addition to numeric metrics, reports will afford delegated officials the opportunity to provide narrative inputs assessing mission risk and readiness impacts of the hiring freeze.” It is unclear if the function exceptions to the freeze issued today would specifically exempt the National Security Agency, whose primary function is to provide intelligence. An NSA spokesperson told FedScoop via email the agency received notification of the order, and is “looking into the specifics of it and still working to determine any exemptions.”


What's keeping enterprises from using G Suite?

"The reality we've seen, we've seen better collaboration, better communication and frankly had better [employee] engagement," Ringman said. "We actually measure our engagement scores ... and have seen an increase in our engagement scores somewhat directly as well as indirectly due to our rollout of the Google G Suite." Businesses build entire workflows around Office products, and will often use macros to automate some of their work, said Patrick Moorhead, the founder and principal analyst at Moor Insights and Strategy. That entrenched use of specific features can also hinder adoption. “So, for instance, a company will go in and do macros and run their business on a spreadsheet. And that is a factor. I can’t just dial up G Suite and have those macros work,” Moorhead said. “G Suite was born in the cloud, Office 365 was born on the desktop..."


Data Realities Of 2017 And Beyond

Who determines what data will be shared with what devices under which circumstances? Will we need a database to keep track of all the devices we have relationships with, another of which devices have relationships with which other devices and yet another of data permissions we have granted and revoked? A question looming in the not-so-distant future is how much of machine-to-machine language humans will need to understand.  Two ways of considering the balance of power between individuals and the data colossi are data empowerment and transparency. Data empowerment is the degree to which you can decide who knows what about you and when — now and in the future. Transparency is how knowable an individual or organization is. In this early stage of our digital society, individuals are becoming more and more transparent, while some organizations are becoming more opaque.


A company’s biggest cybersecurity threat is often inside the building

A combination of factors is responsible for the new environment in which employees are an equally treacherous cybersecurity risk as hackers – the blurring of network boundaries brought about by cloud services, the Bring-Your-Own-Device (BYOD) trend that gives employees the flexibility to stay connected through their personal devices, and the rise of more sophisticated attack methods. And the offenders aren’t always disgruntled or deceitful employees bent on ransacking the company’s systems; in fact, they seldom are. In most cases, the damage occurs unintentionally or negligently, such as an employee accidentally installing malware by clicking on a link in a fraudulent email or workers sharing passwords to save time.


Size Estimation Approaches for use with Agile Methods

There is strong agreement among software practitioners that estimates to bound the resources needed to successfully complete development projects, agile included. While some controversy exists within the agile community over whether such estimates are needed for sprints or iterations, many agree that they are needed at the project level and higher ... It is important to recognize that such estimates are driven by the size of the job which can be represented by a variety of related metrics (function points, user stories/story points, etc.). The purpose of this article is to identify the most popular agile size metrics and their relative strengths and weaknesses from a user point-of-view. To perform this assessment, we conducted a fact-finding survey on the topic to which 112 practitioners responded.



Quote for the day:


"Hitting the goal is about fulfilling the mission, lifting your people is about fulfilling your legacy" -- @Rory_Wells