Daily Tech Digest - May 10, 2017

Using OpenStack: Leveraging Managed Service Providers

There are many ways that users can consume OpenStack to help benefit their IT business, whether it’s built on premises or off. However, one option that has come from this maturity, is the option for a “managed” cloud, being delivered by a managed service provider (or MSP). This option allows customers to maintain a private cloud, either on premises or off, but leave the burden of deployment, configuration, and day-to-day management to a hired, experienced team of experts. And while this does cost you a monthly/annual subscription to retain their services, it relieves you from the complexities of having to do this yourself. Many businesses may find that their internal IT teams may be understaffed, unskilled, or simply better off utilizing their resources elsewhere.


Google Fuchsia: A very, very early first look

Google has been a bit mum on actual Fuchsia details, but we do know its purpose. It's designed for "modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." That's a bit of a mouthful, but it essentially means it's intended to be THE future OS for current Google-powered devices like smartphones and laptops. If you're not crazy about Armadillo it's time to start hoping Google is still experimenting. If not you're going to have to get used to this new, card-based, minimal operating system. Luckily, you may not have to wait long to find out what Google intends: Google I/O 2017 is happening in a week's time and Fuchsia could take center stage. There's no mention of Fuchsia or Armadillo in the I/O schedule, though there are several events centering around Magenta and Flutter.


Using Blockchain to Secure IoT

A decentralized approach to IoT networking would solve many of the questions above. Adopting a standardized peer-to-peer communication model to process the hundreds of billions of transactions between devices will significantly reduce the costs associated with installing and maintaining large centralized data centers and will distribute computation and storage needs across the billions of devices that form IoT networks. This will prevent failure in any single node in a network from bringing the entire network to a halting collapse. However, establishing peer-to-peer communications will present its own set of challenges, chief among them the issue of security. And as we all know, IoT security is much more than just about protecting sensitive data. The proposed solution will have to maintain privacy and security in huge IoT networks and offer some form of validation and consensus for transactions to prevent spoofing and theft.


PokitDok teams with Intel on healthcare blockchain solution

If you’re wondering why Intel is involved in such a project, Mike Reed, who heads up blockchain technology for the chip maker, says Intel uses these projects as a springboard for its chip business. “Intel has a long history of contributing to open source, and working with Linux and the hyperledger project allows us to work across multiple market segments,” he explained. In addition to the open source software, as you might expect, Intel has also contributed to the broader blockchain ecosystem with a technology they call SGX. “One key piece is Intel SGX, a method [we’ve built into our chips] to improve the scalability, privacy and security of blockchains,” Reed said. He added that PokitDok has taken advantage of this capability.


An untold cost of ransomware: It will change how you operate

Even if the backup looks promising, there is no easy button. The people creating ransomware know that backups can stand between them and their payday. There are a lot of cases where Microsoft Volume Shadow Copies have been destroyed by ransomware. If you leave your backups online so you can have quick recovery, you may find that ransomware can actually delete or corrupt your backups. This is not uncommon; ead the user groups from various backup companies and you’ll see the sad tales of woes. If you are not concerned enough, there are other potential dangers to your backups. They need to be airlocked from systems your users have access to. Before you bring your backups online, make sure the affected computers are off of the network. You need to be absolutely certain that those systems can’t access the backup.


Excel 2016 cheat sheet

If you're working in a workbook you've saved in OneDrive or SharePoint, you'll see a new button on the Ribbon, just to the right of the Share button. It's the Activity button, and it's particularly handy for shared workbooks. Click it and you'll see the history of what's been done to the spreadsheet, notably who has saved it and when. To see a previous version, click the "Open version" link underneath when someone has saved it, and the older version will appear. And there's a very useful difference in what Microsoft calls the backstage area that appears when you click File on the Ribbon: If you click Open, Save or Save As from the menu on the left, you can see the cloud-based services you've connected to your Office account, such as SharePoint and OneDrive. Each location now displays its associated email address underneath it.


With Security Awareness Money Talks

Undercutting the incentives for employees to do the right thing for security purposes is the fact that the vast majority of email attachments from a boss will in fact be a legitimate email attachment from the boss. Even with rampant phishing attacks happening today, most attachments are legitimate, in the same way that most people ringing your home doorbell are not homicidal maniacs. Statistical reality aside, employees’ perception is that the odds are dramatically against them opening a contaminated attachment and having damage result and having that damage traced back to the employee’s actions. In short, employees are rushed and they think it’s a decent gamble to open attachments that at least look legit.


Why Cyber Attacks Will Continue until Prevention Becomes a Priority

Cybersecurity is often described as an arms race between security professionals and skilled attackers, as both parties rush to gain the upper hand. While even cutting-edge defenses are inevitably thwarted by determined attackers, cybersecurity professionals are able to quickly react and nullify attacks. But many businesses don't keep tabs on the front lines of cybersecurity development, leaving them several generations behind with regard to best practices and current threats. For example, while multifactor authentication has been recommended for more than a decade, many organizations are only now adopting the technology across their applications and platforms. Making matters worse, many organizations fail to follow best practices for maintaining and protecting their current environments, creating countless avenues of attack for even inexperienced attackers.


Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies

Fifteen of the vulnerabilities fixed in Microsoft's patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company's anti-malware products. System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system. ... Also known as Snake or Uroburos, the Turla group has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks to date.


IBM bolsters enterprise app security with behavioral biometrics

"SecuredTouch technology provides a strong, risk-based, user-centric security check that keeps customers engaged, automatically delivering complete security and privacy while remaining completely transparent to the user, eliminating hassle, registration, and education," according to a press release. "The integration allows IBM customers to implement behavioral biometrics directly into their apps without any additional steps." Potential use cases include second factor authentication in financial applications, or adding another layer of enterprise security for corporate apps. The goal is to enhance the user's digital experience and reduce the friction caused by using passwords and tokens. It can also enable more transactions via mobile and reduce false positives, the press release stated.



Quote for the day:


"Nothing gives so much direction to a person's life as a sound set of principles." -- Ralph Waldo Emerson