Daily Tech Digest - May 05, 2017

Backdoors: When Good Intentions Go Bad

If technology can hide communications, can't technology be used in a legal and safe way to reveal critical information when people's lives are at stake? Unfortunately, the answer is that these requests for access to encrypted information creates "backdoors" that can make all citizens vulnerable to attack. A backdoor in security is a way for an entity (like the government) to access encrypted information. Protecting data using encryption involves creating an encryption key, which is the equivalent of the key to the lock on the front door of one's house. The idea of a backdoor is to provide another key so that law enforcement can enter the house if necessary. Just as the backdoor to the house will open for anyone – friend or foe – with the correct key, an encryption backdoor can make users' information accessible for both good and bad purposes.


How YouTube plans to dominate your living room

YouTube is making a bigger push and investment in the living room because it believes it can improve on-demand services, make TV more personalized and include social components that are typically missing from other providers. “The idea there is we combine the best of cable and broadcast television with YouTube,” Mohan said. “We think there’s great content out there, but we wanted to build a television experience that was truly built for this century.” YouTube's foray into the living room is also boosted by what Mohan and many others are calling “the golden age” of video content. Massive investments are being made to produce videos across multiple platforms and the choices available to viewers has grown profoundly from the three major networks that dominated television as recently as three decades ago.


Third parties leave your network open to attacks

Markus Jakobsson, chief scientist at Agari, said the one big disadvantage to working with third-party vendors is the loss of control over security. "Not only does each vendor create a new entry point into an organization’s network for cyber criminals to exploit, but it also means every employee for that vendor is now a potential target to breach your brand. ... But in today’s digital world, this isn’t a reality." Mike McKee, CEO of ObserveIT, said the lack of visibility into what users at third-party providers are doing – accidentally or intentionally – is a huge security risk. “Every organization must ensure it has identified the outside parties with access to systems and data and have secure procedures in place, strict policies for these users to follow, and effective technology in place to monitor and detect if the third parties are putting their organization at risk," he said.


Why emotional intelligence is key for project success

"Unlike IQ, EQ can evolve and can scale depending on stressors, or even positive emotional states. So it's important someone understands their emotional intelligence so they can counteract whatever might sabotage not only their progress but their teams", said Caroline Stokes, founder of Forward, a team of senior search headhunters and certified executive coaches for global innovation leaders. At Forward, emotional intelligence quotient assessments, like EQ-i 2.0, are used with talent placements and leadership and career development coaches. "We get to work on their EQ within a few weeks of starting their new role to provide awareness and strategies to drive their goals forward," said Stokes. When it comes to the process of merging two companies during an acquisition, EQ can play a vital role.


Lib Dems decry surveillance plans exposed in leaked documents

The regulations state that companies could be forced to ‘modify’ their products in order to comply with government demands, the Open Rights Group points out, adding that the powers would also limit the ability of companies to develop stronger security and encryption. Although TCNs may be challenged on technical grounds and must be approved by Judicial Commissioners, the Open Rights Group said the criteria for making a sound judgement of risk to all parties are not set out in the Act or the draft regulations, and there is there a clear route of appeal. Liberal Democrat president Sal Brinton described the proposed regulations as “a full-frontal assault” on civil liberties and people’s privacy. “This lays bare the extreme mass surveillance this Conservative government is planning after the election.


Manage colocation costs to avoid billing surprises

The colocation market continues to grow, as organizations look to meet their growing needs for compute outside of their own on-premises data centers. An expansive marketplace of providers offers a plethora of colocation services, but a strong service-level agreement between providers and users -- and understanding colocation costs -- requires more than just a handshake. IT admins who oversee the transfer of systems and workloads from inside an organization to a colocation facility have a lot of moving parts to deal with. Security, service-language agreement (SLA) jargon and, of course, budget concerns can all be a major headache. Before making the move to colocation, consult with the business side to make sure it's a good financial decision. After the move, be sure to carefully monitor, manage and optimize colocation costs.


Google Docs Phishing Scam a Game Changer

The attack tricked victims into clicking a link that gave attackers access to their Google Drive through OAuth authentication connections commonly used by third-party applications. The attackers did so by sending victims lure messages claiming to contain links to a shared Google Doc. Instead of a legit document, the link actually initiates a process to give a phony app masquerading as "Google Docs" access to the user's Google account. If the user is already logged into Google, the connection routes that app into an OAuth permissions page asking the user to "Allow" access to the user's legitimate Google Drive. "You aren't giving your Google credentials directly to the attacker. Rather, OAuth gives the attacker permissions to act on behalf of your account. You're on the real Google permissions page. OAuth is a legitimate way to give third-party applications access to your account.


Don't fear the robots, embrace the potential

“Automation is creating a polar shift in how work gets done,” says ISG partner Craig Nelson. “While in the past humans have been supported by technology, we are now seeing a shift to technology being supported by humans to manage and operate business processes. This shift is eliminating much of the mundane cut-paste-and-compare work that humans manage in the cracks between enterprise systems.” The initial response to automation improvements is typically positive, says Nelson, as the technology takes over some of the dirty work employees are eager to offload. But then the anxiety can set in. The elimination of tasks can lead to the elimination of low-level roles, says Nelson. After all, the initial business case for automation was based on eliminating work and full-time employees.


Microsoft’s novel approach to securing IoT

Project Sopris has a sensibly secure IoT stack. It starts with a hardware root of trust, similar to the one developed by the Trusted Computing Group for its Trusted Platform Module. A separate, secured computing environment, this layer creates and manages the keys needed to cryptographically secure connections between devices and servers. It also stores and manages device firmware and software. Building software for Project Sopris devices is much like building code anywhere: What’s important is how the code is stored and managed. Compartmentalizing code so that a failure in one section doesn’t compromise the rest of your software helps prevent exploits from escalating, while building security tools in every layer can reduce the risk of attacks spreading throughout the device stack.


Surface Laptop: Everything you need to know

Microsoft is aiming the Surface Laptop at style-conscious, MacBook-Air-loving college students, though many non-student users are clearly intrigued by it. The Surface Laptop’s clamshell design adds another form factor to Microsoft’s premium line of Surface products, all of which boast beautiful displays and unique features. The Surface Book is the most expensive of the family: a premium 2-in-1 laptop with a striking Dynamic Fulcrum Hinge. The keyboard base is stuffed with extra battery and, in some configurations, a discrete GPU. The Surface Pro 4 is a 2-in-1 that leans more toward a tablet, with a kickstand and the option of a lightweight keyboard. Given the Surface Laptop’s pricing, the Surface Pro 4 is now the lowest-cost product in the family.



Quote for the day:


"You move totally away from reality when you believe that there is a legitimate reason to suffer." --
Byron Katie