Daily Tech Digest - September 13, 2017

Strategic thinking in the age of digital transformation

“Most board members are 60-plus, which means that many don’t have first-hand experience of technology,” Clayton explains. “On the other hand, those IT and digital specialists who do are young, in their late-20s or 30s, and may not have enough experience to be an effective NED.” She adds: “We need to find a balance and it’s tricky to get this right. You only have to look at British Airways and its IT crisis to see how essential it is that boards do have the right expertise and knowledge base. ” It’s an issue that affects all organisations with a big customer base and data, not just corporate boards. Clayton adds: “Charities are also highly vulnerable to IT issues. Imagine if Oxfam’s donor list were hacked?” And the problem will get worse as technology speeds up.


Nearly 400 million PCs at risk from new attack method that could hide any malware

"Bashware does not leverage any logic or implementation flaws in WSL's design. In fact, WSL seems to be well-designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system," Check Point researchers said. Hackers using Bashware also don't require to write malware programs for Linux to run them via WSL on Windows. Instead, Bashware installs a program called Wine, which in turn launches and hides known Windows malware. In order for hackers to use Bashware, they need to already be in possession of the victim's PC admin privileges.


DNSSEC key signing key rollover: Are you ready?

DNSSEC works as a hierarchy with different bodies responsible for each layer and signing the key of the entities in the layer below. The key signing key is a cryptographic public-private key pair, and the root zone KSK secures the topmost layer of the hierarchy, the starting point for DNSSEC validation. There is nothing wrong with the key—it hasn’t been stolen or tampered with—but it is good security practice to periodically rotate the signing key so that even if it falls into the wrong hands, everyone is already using the newer, stronger key. There is no reason to wait for something bad to happen—for the key to be cracked, for example—before updating to a newer, stronger, key. “Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate,” the United States Computer Emergency Response Team (US-CERT) wrote in a recent advisory.


How to Upgrade Judges with Machine Learning

Kleinberg suggests that algorithms could be deployed to help judges without major disruption to the way they currently work in the form of a warning system that flags decisions highly likely to be wrong. Analysis of judges’ performance suggested they have a tendency to occasionally release people who are very likely to fail to show in court, or to commit crime while awaiting trial. An algorithm could catch many of those cases, says Kleinberg. Richard Berk, a professor of criminology at the University of Pennsylvania, describes the study as “very good work,” and an example of a recent acceleration of interest in applying machine learning to improve criminal justice decisions. The idea has been explored for 20 years, but machine learning has become more powerful, and data to train it more available.


The best laptops of 2017: Ultrabooks, budget PCs, 2-in-1s, and more

Choosing the best laptop is about to get a lot harder. Fall is coming—and so are a slew of new laptops. In fact, if you’re hunting for a new ultraportable, we recommend holding off on any purchases for the time being. Intel recently announced four 8th-generation Core i5 and Core i7 mobile processors that could result in a dramatic leap in performance in thin-and-light convertibles, 2-in-1s, hybrids, and traditional laptops. Reveals of notebooks with these chips have begun, with likely more to follow. If you must buy now, though, we’ve got you covered with our current top laptop picks. And if you’re instead in the market for a gaming laptop or even a budget laptop, you’re in luck: Recent reviews include the Gigabyte Aero 15, Asus ROG Zephyrus GX501, and the Acer Aspire E 15.


In the boardroom: mobility in a connected world

I certainly think it is a critical part of virtually every boardroom conversation out there – to have an effective understanding of how that individual company or identity is going to participate in the realm of IoT. Certainly this next era is IoT. Depending on whose numbers you want to believe, there is somewhere between 20 and 50 billion devices that will be hanging off the internet by 2020. Whether we like it or not, it’s coming to us and our devices more directly, through any kind of product manufacturer or government agency, or any other business models. First and foremost we’ve got to provide our customers and end-consumers with an experience that will differentiate us, where utilising our assets will lead to increased demand and loyalty.


Rapid7 CEO: Rethink IT & Security Organizational Structures

Companies are under constant pressure to innovate in today’s fast-paced business environment. That might mean creating a better product, improving efficiency, or creating a better customer experience. Unfortunately, the security function tends to be separate from the innovation process or, worse, after the innovation has created a new vulnerability. That problem will persist unless companies rethink their organizational structures around IT and security. That’s the message that Rapid7 CEO Corey Thomas is delivering in his keynote today at the company’s United 2017 event in Boston. He believes that IT and security teams can work together effectively to innovate, create a better user experience, and adopt new technology without increasing the vulnerability surface.


British Army enhances data-driven decision making to staunch churn

“The model has proven instrumental in helping staff officers identify the conditions that could lead to the early exit of valuable personnel, allowing them to take pre-emptive action to encourage the soldier to stay.” Since initial deployment, adoption of its platform has, the supplier said, expanded to 700 users in the army today. “While primarily used by planners and policy makers, SAS also sees significant use by logistics, education and investment teams as well as for sentiment analysis of the workforce,” it said.  The army is using SAS Visual Analytics and now using SAS Operations Research to help it optimise processes and personnel deployment. It has also recently approved a proof of concept for SAS Text Analytics, which it hopes will allow it to use open source data and more efficiently process freedom of information requests and paperwork.


The Time Is Now for Digital Transformation

You do not want to look back and discover you should have started earlier. You may be creating a crisis which you have not yet discovered. A great quote from Stanford economist Paul Romer is, "A crisis is a terrible thing to waste." Unfortunately, a crisis may be the only way you can convince your organization to rapidly embrace digital transformation. Digital transformation is a change in business and a change in mind set. Think of it as a business turnaround. It doesn't matter whether you are a non-profit, government, business, or any other type of organization. Digital transformation will require imagination. How you did business in the past will not be the best way to do business in the future. The traditional IT organization with projects that may last months or years is inadequate for digital transformation success.


BlueBorne is Bluetooth's Stagefright moment

BlueBorne takes advantage of the fact that Bluetooth-enabled devices are always listening for other devices they can connect to. While devices typically have to be manually paired to form that initial wireless connection, once paired those devices reconnect automatically whenever they are near each other. BlueBorne exploits the vulnerabilities in a way that it can establish the Bluetooth connection with devices nearby without having to go through the pairing process. Unless someone happens to be looking at the list of Bluetooth devices, it’s unlikely these connections will ever be discovered. “BlueBorne is different from past Bluetooth-based exploits, which relied on weaknesses in the protocol that no longer exist, or authentication-based issues related to idiotic PIN codes,” said Nadir Izrael, CTO and co-founder of Armis. “It [BlueBorne] requires nothing from the user.”



Quote for the day:


"Facts do not cease to exist because they are ignored." -- Aldous Huxley