Daily Tech Digest - June 22, 2017

The future is not the cloud or the fog: it is actually the SEA!

A SEA device is a complete rethink of how your smartphone works. The phone in your pocket today is basically a fully integrated device consisting of many blocks of hardware and software all dedicated for you and your own purposes alone. With the exception of application software (e.g. gaming, music, personal assistants) that run in some part in the cloud, most everything you do on your device relies in some way or another on a local execution. A SEA device will not necessarily work like this. In the device virtualization paradigm, the same principles that allow virtualization across data centers or the abstractions of EPC elements in the cloud are applied to enable the dynamic decomposition of functions in a device into executable tasks.

10 tough security interview questions, and how to answer them

Suggest establishing an internal mentoring and training program, says Paul Boulanger, vice president and chief security consultant at consulting firm SoCal Privacy Consultants. That way the company can offer the staff personal growth through education and certifications, and a career path within the company itself so there’s an expectation from both sides to lay down roots and make a career, he says. “We want to avoid burnout with particular positions, so part of the training [would involve] job rotation,” Boulanger says. “Individuals will both be able to learn new technologies and stay fresh. We see this in the DevOps/agile movement now where developers are expected to be ‘full stack.’ We should encourage this on the security side too. It makes for better employees.”

Intelligence Panel Learns How to Hack Air-Gapped Voting Systems

How can air-gapped systems be hacked? Halderman explained that prior to an election, voting machines must be programmed with the design of the ballot, the races and candidates. Typically, he said, the programming - known as an election management system - is created on internet-connected desktop computers operated by local election officials or private contractors. Eventually, data from the election management system are transferred to voting machines. "Unfortunately," Halderman said, "election management systems are not adequately protected, and they are not always properly isolated from the internet. Attackers who compromise an election management system can spread vote-stealing malware to large numbers of machines." Another common perception is that because of the complexity and highly decentralized nature of the American election system, the results from a presidential election cannot be altered.

How containers will transform Windows 10

Helium, or application siloing, exists in Windows 10 today as part of the Creators Update, and especially Windows 10 S. This technology enables legacy Win32 applications to be ported to the Windows Store, using the Desktop Bridge (formerly code-named Project Centennial) to package apps. Application silos allow legacy Windows apps to install and update like native Modern Windows 10 apps. These converted desktop apps have full access to system resources, but use a virtual file system and virtualized registry entries like those associated with User Account Control (UAC) virtualization. A Helium-based container isn't a security boundary in the way that a Hyper-V virtual machine is. It lives on top of the existing registry and file system. You can think of it as the next generation of UAC but applied at an application level rather than a machine level.

Why and how to migrate cloud VMs back on premises

Before even thinking about a reverse migration, there are a number of nontechnical items that you need to consider. First, what does your contract say regarding early termination or leaving the cloud provider? This is more of a problem with smaller cloud service providers than with Amazon Web Services, Azure or Google, but it's worth checking, irrespective of provider. Also, check your licensing. An administrator can't just migrate a cloud VM back on premises and continue using the VM as if it still existed in the cloud. Prior to the migration, you need to check both the OS and application licensing small print. Be smart; get that confirmation in writing. Most likely, you'll find that different licensing rules apply. If you're trying to migrate a platform-as-a-service (PaaS) offering back to your data center, you need to have all the PaaS dependencies lined up.

How Will Analytics, AI, Big Data, and Machine Learning Replace Human Interactions?

“Amelia is working in areas such as wealth management, where she interacts with financial advisors: “They’re looking for the right answer the first time in as short a period of time as possible,” and Amelia was able to deliver just that. … The reaction from the executive team when he had demonstrated Amelia’s ability to answer questions “within seconds of that question being asked, the first time, correctly” had been overwhelmingly positive.” With the newer generation chat bots like Amelia, companies present an immersive and personalized interaction tool with customers, often on their web sites, able to access key data in knowledge management and then, using AI, to tee up the “best-fit” answers to questions (a) that are being asked by customers or (b) should have been asked by them.

AMD launches its Epyc server chip to take on Intel in the data center

Epyc will be socket-compatible with the next generation of the product family, and it also has a dedicated security subsystem, where AMD is burning cryptographic functions into the silicon of the memory controllers, effectively encrypting memory, Moorhead noted. This is AMD's third big try in the server market; it has had enough success and failure to say it knows what it takes to be successful. When it came out with the Opteron Dual Core processor in 2005, offering a twofold single-socket performance advantage over Xeon, it grabbed 20 percent of the market within two years. But a few years later, bugs and postponements in the launch of its Barcelona chip architecture allowed Intel to recapture lost ground.

Why Cisco’s new intent-based networking could be a big deal

A key component of an IBNS is that it provides mathematical validation that the expressed intent of the network can be and is implemented within the network, and that it has the ability to take real-time action if the desired state of the network is misaligned with the actual state. An IBNS is, in theory, a software platform that can be agnostic to the hardware that it runs on. The idea of IBNS has been around for a couple of years, Lerner says, but there have been very few platforms that can enable it. A handful of startups, such as Apstra, Veriflow and Forward Networks have some early components of IBNS in various product offerings. Lerner estimates there are less than 15 intent based-networking platforms in production deployments today, but the number could grow to more than 1,000 by 2020.

How to stop wasting money on security shelfware

Shelfware is not inevitable, and it can be reduced or even eliminated by some proactive and surprisingly simple first steps. Infosec professionals believe it comes down to a more controlled acquisition process, sweating the products you already have -- and getting the basics right before acquiring new solutions. “First, leverage the products that have the broadest of capabilities, something that can give breadth of coverage,” says Malik. “This will help get a lay of the land and understand the challenging areas which can then be focussed on more specifically. Don’t try to boil the ocean, but start from critical assets. Finally, the best way is to experiment with the product and network with peers to see how they have deployed capabilities. Security doesn’t need to be a complex offering -- often it boils down to doing the basics well and consistently.”

GitLab's CEO Sid Sijbrandij on Current Development Practices

The open source model fell short in being able to build a business around it. You need significant work on installation, performance, security and dependency upgrades. If everything is open source you can only make money on support. Taking what we learned in 2013, we engineered GitLab to be user friendly to install and maintain so after one year of subscribing organizations quickly figured out that they did not use the support at all. Therefore, building a business model around support wouldn’t have been sustainable. Instead, we decided that there are some features and functions that are more useful to large development teams, like an enterprise organization. By offering extra functionality to customers with larger development teams or even more advanced needs, we continue to show our value through our product offering.

Quote for the day:

"Education ... is a process of living and not a preparation for future living." -- John Dewey