Daily Tech Digest - July 20, 2017

7 Hot IT Outsourcing Trends - 7 Going Cold

Enterprises are moving more workloads to the public cloud, but continuing to run certain applications in dedicated private cloud environments for security, regulatory or competitive reasons. So they’re looking for providers that can seamlessly manage and integrate their hybrid cloud environments, says Rahul Singh, managing director with business transformation and outsourcing consultancy Pace Harmon. ... Over the past decade, the offshore delivery of infrastructure management services from network services and help desk support to server maintenance and desktop management became mainstream. But remote infrastructure management is no longer a growth industry for IT services providers; it can’t compete on price with the public cloud, where adoption rates are growing at compound rates of 25 percent a year.


OCI container standards arrive at last

OCI's newly finalized standards cover two key components of the container ecosystem -- the image format for containers, and the runtime specification. The OCI Image Format, as the first is formally called, is easy enough to grasp. It describes the way a container image is laid out internally and what its various components are. OCI likens the Image Format to Linux package manager formats like .deb and .rpm, "a dependable open specification that can be shared between different tools and be evolved for years or decades of compatibility." The other standard, the OCI Runtime Specification, describes how a container is configured, executed, and disposed of on all the major platforms where OCI containers run -- Linux, Windows, and Solaris. All three platforms now support Docker-style containers, but each platform has its own implementation quirks, and the spec is intended to encompass those.


Top cloud security controls you should be using

All cloud services are not the same, and the level of responsibility varies. Software-as-a-service (SaaS) providers will make sure their applications are protected and that the data is being transmitted and stored securely, but that is typically not the case with cloud infrastructure. For example, the organization has complete responsibility over its AWS Elastic Compute Cloud (EC2), Amazon EBS and Amazon Virtual Private Cloud (VPC) instances, including configuring the operating system, managing applications, and protecting data. In contrast, Amazon maintains the operating system and applications for Simple Storage Service (S3), and the organization is responsible for managing the data, access control and identity policies. Amazon provides the tools for encrypting the data for S3, but it is up to the organization to enable the protection as it enters and leaves the server.


This scary Android malware can record audio, video and steal your data

In total, there are three versions of GhostCtrl -- one which steals information and controls some of the device's functions, a second which adds more features to hijack, and now the malware is on its third version which combines the most advanced capabilities of previous incarnations while adding further malicious capabilities. Those include monitoring the phone's data in real time, and the ability to steal the device's data, including call logs, text message records, contacts, phone numbers, location, and browser history. GhostlCtrl can also gather information about the victim's Android version, wi-fi, battery level, and almost any other activity. The most worrying aspect of the malware isn't just its ability to intercept messages from contacts specfied by the attacker, as GhostCtrl can also stealthily record audio and video, enabling the attackers to conduct full-on espionage on victims.


Instead of hacking self-driving cars, researchers are trying to hack the world they see

Researchers from Google, Pennsylvania State University, OpenAI, and elsewhere have been studying the theoretic application of these attacks, called “adversarial examples,” for years, and declared that they would be possible in the real world. By altering just 4% of an image, a Google paper showed that AI could be fooled into perceiving a different object 97% of the time. Now, an independently-published paper from the University of Illinois at Urbana Champaign has brought the discussion specifically to self-driving cars, but the conclusions of the paper are much less clear-cut. Over a number of tests, the Illinois team printed fake stop signs with and without altered pixels and recorded videos approaching the signs as a self-driving car would. The resulting paper’s conclusion was that due to the different angles and sizes that the car would see the sign, a single pattern applied to a sign could not reliably fool a car.


Massive Amazon S3 breaches highlight blind spots in enterprise race to the cloud

According to Rob Enns, vice president of engineering for Bracket Computing, the prevalence of the S3 breaches highlights the fact that organizations must own their cloud security—they cannot outsource it. ... "To manage complexity in these new environments, consistency from on-premise to cloud and enabling IT to retain control of information security gives application architects and developers a base on which they can move fast while remaining compliant with the enterprise's security requirements." When considering a public cloud storage provider, Tran said, businesses should look at both the Service Letter Objective (SLO) and Service Letter Agreement (SLA) to determine what level of risk they're willing to take on, as they address different issues. Sometimes, the risk is too much and it needs to be left on the table.


The Dark Web Goes Corporate

Just as many enterprises no longer build or even deploy their own in-house tools, so too do many criminals outsource the deployment of their misdeeds. Even if you're sick of the endless "-as-a-service" acronyms in IT, you'll need add another one: RaaS, or ransomware-as-a-service. "RaaS providers give their customers fully functional ransomware with a dashboard to track victims and support services should they need it," says Shier. "In exchange, the authors of the RaaS portal ask for either a percentage of the ransom or a flat fee. The only thing left is for the customer to distribute the ransomware, possibly using the services of a spammer purchased separately or by doing it themselves using the knowledge they gained from the tutorials." And if you need more evidence of this in the real world, experts are now beginning to see the Petya ransomware as a RaaS attack.


Why you should use Apache Solr

Apache Solr is a subproject of Apache Lucene, which is the indexing technology behind most recently created search and index technology. Solr is a search engine at heart, but it is much more than that. It is a NoSQL database with transactional support. It is a document database that offers SQL support and executes it in a distributed manner. ... Solr is a document structured database. Entities like “Person” are composed of fields like name, address, and email. Those documents are stored in collections. Collections are the closest analog to tables in a relational database. However, unlike in a relational database, “Person” can completely contain the entity, meaning if a person has multiple addresses those addresses can be stored in one “Person” document.


Elon Musk’s top cybersecurity concern: Preventing a fleet-wide hack of Teslas

“I think one of the biggest risks for autonomous vehicles is somebody achieving a fleet-wide hack,” Musk said in response to a question from North Dakota Governor Doug Burgum. “In principle, if somebody was able to hack, say, all of the autonomous Teslas, they could, say—I mean just as a prank—they could say like ‘send them all to Rhode Island’ from across the United States. And that would be like, well OK, that would be the end of Tesla. And there would be a lot of angry people in Rhode Island, that’s for sure.” Preventing a fleet-wide hack is “pretty fundamental.” In fact, he said, “It is my top concern from a security standpoint—that Tesla is making sure that a fleet-wide hack or any vehicle-specific hack can't occur.” Musk added


Affordable React Native Mobile App Development

Although a write once, run anywhere approach may seem attractive as it minimizes development efforts and corresponding costs, it is deemed impractical in today’s technological landscape. Different devices and operating systems offer unique features and design languages to mark their brand and differentiate themselves from the competition, so applications must adapt to those differences and use those unique features to maximize user experience. In such environments, a learn once, write anywhere approach, which is best exemplified by React Native, would be most suitable. Developers skilled in React Native can develop applications for different platforms, thereby eliminating the need for additional developers for different operating systems. React Native can, therefore, result in huge savings in development costs.



Quote for the day:


"Too often we enjoy the comfort of opinion without the discomfort of thought." -- John F. Kennedy