Daily Tech Digest - August 16, 2017

The merging of enterprise and consumer identities means it’s time for a universal identity

An Identity Broker is a system that can support Bring-Your-Own-Identity (BYOI) schemes by taking a user’s existing identity and allowing them to authenticate to unaffiliated websites using that identity. With identity brokering, a single user account can be linked to identities from different identity sources. This is done using protocols such as SAML 2.0 or Open ID connect specifically set up for a brokering scenario. In the future, we may see an increasing number of identity providers that not only support isolated enterprise identities, but rather providers that increasingly support numerous external identities, such as social media accounts, healthcare smart cards, commercially acquired identities, as well as identities created with off-the shelf wearables that are embedded with smart card chips.


Is the smart home predestined for a mass-market win?

Looking at wider trends in home automation, particularly in architecture and interior design, the question begs to be asked: Are designers and solution experts trained to focus as intently on security and privacy as they are in making the home connected? Once a home’s ‘infrastructure’ is exposed to the internet or becomes wireless-enabled, it becomes susceptible to cyberattacks locally, and globally. For example, it’s not out of the realm of possibility that a criminal could access a smart home’s data, or even open garage doors, locks and other devices without ever physically touching the property. The design phase is where smart home products receive their security DNA, so it’s important not only to ensure devices are able to defend against known security vulnerabilities, but also easily accommodate future over-the-air fixes.


Forget Tough Passwords: New Guidelines Make It Simple

"We focus on the cognitive side of this, which is what tools can users use to remember these things?" Grassi says. "So if you can picture it in your head, and no one else could, that's a good password." While these rules may seem suspiciously easy, Grassi says these guidelines help users create longer passwords that are harder for hackers to break. And he says the computer security industry in both the public and private sectors has received these new rules positively. "It works because we are creating longer passwords that cryptographically are harder to break than the shorter ones, even with all those special character requirements," Grassi says. "We are really bad at random passwords, so the longer the better." Previously, security experts recommended the use of password manager apps to ensure users' accounts were protected.


10 Artificial Intelligence (AI) Technologies that will rule 2018

Artificial Intelligence is changing the way we think of technology. It is radically changing the various aspects of our daily life. Companies are now significantly making investments in AI to boost their future businesses. According to a Narrative Science report, just 38% percent of the companies surveys used artificial intelligence in 2016—but by 2018, this percentage will increase to 62%. Another study performed by Forrester Research predicted an increase of 300% in investment in AI this year (2017), compared to last year. IDC estimated that the AI market will grow from $8 billion in 2016 to more than $47 billion in 2020. “Artificial Intelligence” today includes a variety of technologies and tools, some time-tested, others relatively new.


Google’s DeepMind made an AI that can imagine the future

The researchers argue that giving AI imagination is crucial for dealing with real-world environments, where it’s helpful to test a few possible outcomes of actions ‘in your head’ to predict which one is best. Recently, DeepMind’s founder Demis Hassabis wrote a paper published in Neuron about how the development of general-purpose AI is dependent on understanding and encoding human abilities like imagination, curiosity, and memory into AI. With these papers, his company seems to be making headway in at least one of those areas. ... Of course the type of imagination described in these papers is nowhere near what humans are capable of, but it does show that AIs can and benefit from being able to efficiently imagine different scenarios before acting.


CodeFights offers a unique tool for developer recruiting

Sloyan described CodeFights as like Angry Birds, but for coding. A developer can choose a world -- that can be a language like Python or a concept like graphing -- and then pick a location in that world to begin. Each task solved is a coding problem, and they get more complicated at each step. Johnston said it was all fun, but it was also very much like the kinds of problems you might be asked to solve during a developer recruiting interview. And it’s competitive. "You can compete with real people and race to see who can code up a solution," he explained. "Or you can compete against company bots, which is much more difficult. I competed against two of the company bots, and I beat them."


Cost of insider threats vs. investment in proactive education and technology

The strength of an investment is normally measured by the certainty and size of return it will provide. The proposals with the most profitability potential usually win; which is what makes cybersecurity proposals such a hard-won investment. When pitching for an investment almost every department will emphasize the urgency of their need for funds, and often they can prove profitability. However, in security an investment does not provide more revenue normally, but it does provide savings during the inevitable cyber attack. In the security discipline we usually call this loss prevention, while in business this falls under the category of opportunity cost. When executives talk about opportunity cost, they are attempting to measure the value of one investment option against another one.


Google Chrome under attack: Have you used one of these hijacked extensions?

The main intent of the attack on Chrome extension developers is to divert Chrome users to affiliate programs and switch out legitimate ads with malicious ones, ultimately to generate money for the attacker through referrals. The attackers have also been gathering credentials of users of Cloudflare, an availability service for website operators, which probably could be used in future attacks. The hijacked extensions were coded mostly to substitute banner ads on adult websites, but also a range of other sites, and to steal traffic from legitimate ad networks. "In many cases, victims were presented with fake JavaScript alerts prompting them to repair their PC, then redirecting them to affiliate programs from which the threat actors could profit," notes Kafeine.


Social cybersecurity: Influence people, make friends and keep them safe

The basic idea behind this is that we're looking at how to change people's awareness, knowledge and motivation to be secure. The work is grounded in a discipline known as social psychology. This discipline looks at how people influence one another. ... We use a technique known as social proof, which is people tend to do what everyone around them is doing. One of the common pranks fraternities will do from time to time is to have a few fraternity members point up at the sky, and if you look at the number of passers-by who also look up, it's actually very high. It's a simple mechanism that most people aren't aware of, but it's very common. Another example is, let's say you just got off a plane, which way do you go? Do you turn left or right? The simple heuristic is to follow where everyone else is going, and you will probably be going in the right direction.


Scottish Parliament hit by “brute force” cyber attack

Chief executive of Holyrood, Sir Paul Grice relayed the confirmation of the attack in a message to MSPs and staff with parliamentary email addresses. Grice said “robust cyber security measures” identified the attack early, and systems “remain fully operational”. This early identification can be attributed, in part, to the major the cyber attacks that have plagued organisations in recent months, namely the number of Scottish NHS boards affected in May. Parliamentary corporate body member David Stewart told MSPs in June that as a result of this clearly escalating threat, an independent review of “cyber security maturity” had been carried out, and had “offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks”.



Quote for the day:


"The value of having numbers - data - is that they aren't subject to someone else's interpretation." -- Emily Oster