Daily Tech Digest - January 22, 2018

Buildings should behave like humans

Buildings should behave like humans
“When we look at buildings as living structures, we can understand how various systems are connected and operate together,” says Dr. Filip Ponulak, principal data scientist at Site 1001, in a press release. Ponulak says all buildings should now be listening for issues. He says it’s an innovative way of managing new buildings. Site 1001 believes its system would also work in older buildings. Chief Innovation Officer Eric Hall told me one could draw an analogy with an aging car, except that unlike cars, buildings don’t have odometers to help identify failing parts. In other words, by collecting data on failings, for example, predicting upkeep becomes possible — you know when things are likely to fail and can pre-empt them, like a flexible car service schedule. That lets facilities management “move to an entirely conditional and proactive maintenance schedule,” says Hall on the company’s website. Data centers fit into this platform, too, the company says. Indeed, I’ve written before about folks who think AI will ultimately self-manage the data center



The future of AI and endpoint security

network security digital internet firewall binary code
The key to machine learning success currently lies in the cloud. Traditional servers are not large or fast enough to process the data and create the models needed to detect and combat attacks, but by using cloud servers the process is quicker, easier and much more affordable than ever before, bringing it into the reach of more enterprises. Hackers are already using automated systems, machine learning and AI to create new cyber threats. Security experts think the next 12 months will see an acceleration in the adoption of machine learning by hackers as they try to carry out increasingly sophisticated phishing attacks. However, AI antivirus solutions are still relatively thin on the ground. Although a small number of companies do offer machine learning and AI cyber threat solutions for endpoints, such as Cylance, Darktrace and Symantec, this really should become the industry standard. Microsoft at least seems to have learned from its experience of WannaCry and is apparently turning to AI to create the next generation of anti-virus software.



Infosec expert viewpoint: Google Play malware

Another issue facing Google Play security is the complex and fragmentary nature of the Android device ecosystem, which has given rise to a patching problem, as unpatched devices are attractive targets. Google has been striving to improve on this issue, but a lack of direct control (multiple wireless carriers and manufacturers are responsible for pushing patches to a multitude of devices) will continue to hamper its efforts. Users should be discerning and skeptical when downloading anything and have passive protection along with regular backups. Watch out for malicious apps mimicking popular, reputable apps and check an app’s permissions to make sure it does not have access beyond its stated functionality. Although they cannot make up for preventative measures such as checking permissions, anti-malware products provide some protection from malicious code and can partially make up for failures to avoid malicious apps.


Collect the Dots: The New Possible for Digital Evidence

At the heart of this transformation is the power of computers. On all fronts, computational capability has soared in the last few years. Processor speeds are much faster than before, and multi-core technology takes that power to new levels. Network speeds have increased greatly, enabling much more data to be sent where it's needed, quickly and efficiently. And at the foundation of computing, the cost of data storage has never been lower. Cloud computing is another major force of change. The on-ramp for enterprise cloud computing has been long by some accounts, as many analysts predicted a faster migration from traditional data centers. But in 2017, enterprise cloud really took off. That's partly due to the ongoing juggernaut of Amazon Web Services, which arguably managed to pull off a 10-year head start on its competitors. But now, all the major software vendors are involved, including Microsoft with Azure, IBM with Bluemix, Oracle Cloud, Google Cloud and the SAP HANA Cloud Platform.


Wide-area networks: What WANs are and where they’re headed

Many believe that SD-WAN is poised to take off in 2018, moving from an early adopter technology to mainstream implementation. Research firm IDC has predicted () that SD-WAN revenues will hit $2.3 billion in 2018, with a potential revenue target of $8 billion by 2021. The first phase of SD-WAN aimed at creating hybrid WANs and aggregating MPLS and Internet connections to lower costs; the next phase will improve management, monitoring and provide better security, according to Lee Doyle of Doyle Research. A subset of SD-WAN called SD-Branch will help reduce the need for hardware within branch offices, replacing many physical devices with software running on off-the-shelf servers. Mobile backup across a SD-WAN can provide a failover for broadband connections as wireless WAN technology (4G, LTE, etc.) costs decrease. ... Asynchronous Transfer Mode (ATM) is similar to frame relay with one big difference being that data is broken into standard-sized packets called cells.


OnePlus Attackers Steal Credit Card Data From 40,000 Customers

Data Breach Alarm
The admission that there was a data breach comes three days after OnePlus announced that it was temporarily disabling credit card payments on its website. OnePlus disabled the credit card payments on Jan. 16, after receiving reports from customers that they were seeing unknown credit card charges after buying something online from OnePlus. "One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered," OnePlus stated in an advisory on the breach. The attack appears to had been ongoing from mid-November 2017 until Jan. 11, 2018, OnePlus said. According to the company, credit card information (card numbers, expiration dates and security codes) that was entered on the Oneplus.net site may have been compromised. Users who saved their credit card information on the site, as well as those who use PayPal, do not appear to be impacted by the breach, however.


Take your online security more seriously this year

“People, me included, are lazy,” says a Web Developer, Joe Tortuga, “And ease of use is inversely related to security. If it’s just difficult, people won’t just do it.” Well, if you don’t work towards a safer internet for yourself and others, then who would? One of the most important online security measures that we should adopt is using strong, difficult-to-guess passwords. Alas, in most cases, our passwords are not strong enough to confuse a hacker who tries to find a back door. A strong password should contain different characters that make it difficult to guess. In some cases, when signing up for a particular service on the internet, users use their real details, an online approach that many internet security experts kick against. “What happens is that you build up an online profile of yourself across several sites that hackers can use to guess your weak passwords,” says Murphy Shaun, CEO of Online Security Agency, PrivateGiant.


Understanding Supply Chain Cyber Attacks

Host organizations now face having to adapt security procedures to include not just internal infrastructures, but also vendors, customers, and even partners. While internal IT and security departments might have strong security practices for thwarting a wide range of direct attacks, third-party collaborators might not adhere to the same culture. Consequently, programs for vetting vendors need to be in place before fully integrating them into internal infrastructures. Building a vendor management program is ideal and should start with defining an organization's most important vendors. Building the program around a risk-based approach ensures that vendors are constantly evaluated and assessed, and their policies are consistent with the host organization. Besides requiring vendors to provide timely notification of any internal security incident, periodic security reports should be included in the collaboration guidelines to regularly ascertain their security status.


What are the key areas that need to be transformed for a smart city concept?

Manchester Smart City
True Innovation comes from collaboration. This belief sits at the core of the Open Innovation challenge, which was launched today by Cisco and Manchester Science Partnerships (MSP), who are on the search to work with some of the UK’s best small and medium-sized enterprises (SMEs) with a vision to transform Manchester through smart technologies. Convened by CityVerve, the UK’s smart city demonstrator, the challenge will see eight SMEs selected to participate in an eight week initiative in Manchester to combine technology, data and creativity to tackle some of the city’s biggest problems in healthcare, transport and energy. Commencing in March 2018, the initiative gives SMEs the opportunity to work with partners from public sector, corporate and academic worlds who are part of the CityVerve Internet of Things (IoT) test bed. The eight selected SMEs from across the UK will have the opportunity to put their innovative solutions to the test, in a real-life situation.


Salted Hash Ep 15: The state of security now and the not too distant future

The adage of ‘it’s not if you’ll be hacked, but when’ is still realistic, but maybe now It’s wiser to consider what your organization can do to get in front of any potential situation and prevent as much damage as possible. “My prediction is that you’re going to start to see executives start to stop treating IT Security as a product they can implement, and start treating it as an operational concern as equally as important as managing their finances,” Lee remarked. In addition to looking ahead, we also take a look back at some interesting moments in 2017. One of the standouts is the Justice Department naming foreign actors and indicting them for their acts. This leads to an interesting conversation of the crossover between law and government operations, and down the path of once it’s on the internet, it’s there forever.



Quote for the day:


"There are three secrets to managing. The first secret is have patience. The second is be patient. And the third most important secret is patience." -- Chuck Tanner