Daily Tech Digest - February 10, 2018

Think, Do We Rule Technology, or Does Tech Rule Us?

Image: Shutterstock
As CompTIA notes, we can see the dark side of technology every day. Companies misuse or fail to protect data from hackers. Bad data leads to bad decisions. Then, consider our personal lives. Walk into almost any restaurant and see couples on "date night." No talking, just two people looking at their screens. I wonder if some people spend more time talking to Alexa than they do to other humans. "Balance" is about spending an hour without tech. It also means questioning tech decisions. Balance also is about applying the right technology solution to the right problem or opportunity. The saw about "technology for technology's sake" rings true when you see data scientists working on a corporate island soaking up data that holds no relevance to the business. It surfaces when executives say, "We need the IoT," when they have no clue as to why they need it or what IoT really is. The vast majority of technology adoption is for the better, but we still need to ask a few simple questions along the way. Does everyone need it? In fact, does anyone need it?


What Is Cryptojacking? How To Prevent Detect & Recover From It

vulnerable cryptojacking hacking breach security
Hackers have two primary ways to get a victim’s computer to secretly mine cryptocurrencies. One is to trick victims into loading cryptomining code onto their computers. This is done through phishing-like tactics: Victims receive a legitimate-looking email that encourages them to click on a link. The link runs code that places the cryptomining script on the computer. The script then runs in the background as the victim works. The other method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls. Hackers often will use both methods to maximize their return. “Attacks use old malware tricks to deliver more reliable and persistent software [to the victims’ computers] as a fall back,” says Vaystikh.



Generating new revenue streams through intelligent IoT connectivity

Low-bandwidth messaging can be used to send small quantities of data across the core GSM network, which is embedded across the world in 2G and LTE networks. An MQTT-SN-based messaging protocol provides a globally connected network to support the development of new revenue streams. Because this type of connection doesn’t require any form of internet connection that would otherwise leave it prone to external intrusions, greater stability is offered for IoT devices, keeping connectivity levels high and costs low. ... As IoT technology continues to develop, we will gradually see fully automated solutions – which only send data when parameters change – become increasingly commonplace, minimising the need for human interaction. This will enable easy, wide-scale implementation of new, intelligent IoT solutions, presenting increased cost savings for existing streams, while offering further scope to build new business models. It is now crucial that organisations adapt their business models accordingly, allowing them to utilise IoT in further monetising these services.


Governments eye their own blockchain cryptocurrencies

bitcoin security vault
"They've been pretty emphatic," said Brian Behlendorf, executive director of Hyperledger, a collaborative formed to create blockchain technologyfor business use. "They're talking about third-party cryptocurrencies, like bitcoin and the 1,300 other cryptocurrencies out there. But they're not talking about blockchain technology. They're still extremely bullish on that. "They're pushing hard, as many countries are, for using distributed ledgers - using blockchain - to implement their own domestic digital token," Behlendorf added. While blockchain is the foundation for cryptocurrency, it is not anchored to digital currencies. Blockchain distributed ledgers are used for a myriad of business applications, such as authenticating real estate transfers or for digitizing supply chains or tracking international shipments in real time. A government-backed, blockchain-based digital token would offer the benefits of an international currency usable for settlement of global trade and holdings.


Cyber Warranties: What to Know, What to Ask

A cyber warranty is for all services provided by a solutions provider to their customer base. It covers the cost to re-perform services associated with the system update following an external data breach caused by a vendor's product, explains Matt Kletzli, management liability leader at Schinnerer, which recently launched a warranty for tech solutions providers. Schinnerer, an underwriting manager, teamed up with Guidewire, which builds software for the property and casualty (P&C) insurance industry. Its Cyber Warranty uses Cyance, a risk analytics tool from Guidewire, to gauge the risk of vendors' customers so they can customize strategies. The warranty is for small and mid-size solutions providers making $40M maximum each year. "What we're doing is providing the solutions providers with a tangible contractual agreement with every one of their clients where they have a service agreement in place," says Kletzli.


Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'

Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS. The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Apple has traditionally been very reluctant to release code to the public, though it has made certain parts of iOS and MacOS open source in recent years.


Could Machine Learning Help Startups Beat the Odds?

machine learning helping entrepreneurs
And technology is rapidly reducing the overall cost of starting up. One hundred years ago, the cost to start a business was immense – goods were difficult to transport over long distances. You were limited to a market that immediately surrounded you, and everything had to be done with the help of manual labor. There’s a reason that the average work week was 45.6 hours in 1918, with some estimates placing it at nearly double as industrialization took over later in the century. Today, technology isn’t just industrial in nature. Computer technology is advancing rapidly. Startups can harness the web to gather information and present useful visual data to consumers – just look at how the online gaming industry has become more transparent thanks to big data and ML technology that provides real-time insights. Your smartphone has more technological horsepower than the first space program to successfully reach the moon. Artificial Intelligence (AI) and Machine Learning (ML) allow cars to drive themselves, and computers to beat humans at chess.


Most remain dissatisfied with threat intelligence quality and accuracy

Lack of accuracy and timeliness is among the top complaints about threat intelligence, which in turn hinders its effectiveness and security teams’ ability to quickly mitigate threats. In fact, only 31 percent of respondents cited threat intelligence as actionable. But exchanging threat intelligence amongst peers, industry groups, IT vendors and government bodies can result in more holistic, accurate and timely threat intelligence and a stronger security posture. Two-thirds of respondents (66 percent) reported that threat intelligence could have prevented or minimized the consequence of a data breach or cyber attack, indicating that more infosecurity professionals are realizing the importance of threat intelligence. “Cybersecurity takes a village, and this survey spotlights a real need for the cybersecurity community – and public sector to better cooperate and communicate to share intel on security threats,” said Dr. Larry Ponemon, Chairman of the Ponemon Institute.


The Belgian Federal Computer Crime Unit (FCCU) was able to locate a command and control centre in one of Belgium’s neighbouring countries. Led by the federal prosecutor’s office, the Belgian authorities seized the command and control servers and other servers, while forensic analysis worked to retrieve the decryption keys. ... By sharing the keys with No More Ransom, the Belgian Federal Police becomes a new associated partner of the project, the second law enforcement agency after the Dutch National Police. In recent years, ransomware has eclipsed most other cyber threats, with global campaigns indiscriminately affecting organisations across multiple industries in the public and private sector, as well as consumers. ... The release of the Cryakl decryption keys is yet another successful example of how cooperation between law enforcement and internet security companies can lead to great results, said Europol. 


When should an organization report a data breach?

Notwithstanding requirements, organizations will sometimes notify authorities as soon as possible when there is evidence of a data breach. Doing so always looks good, because it shows you care about your customers’ privacy and ensures your organization is protected. Prompt notifications can also help remedy the situation if data breach details escalate. However, if details worsen, or multiple breaches are involved, notifying the public of each step can lead to unnecessary ‘breach fatigue’. Fallout may occur, as consumers lose trust in an organization beset by confusion. It may also prevent state legislators from incentivizing on cybersecurity regulations, as they become the norm and are considered less urgent. According to databreachtoday.com, “it depends.” Organizations should have established information security management policies and processes well in advance of a data breach.Quote for the day:



Quote for the day:


"Every great movement must experience three stages: ridicule, discussion, adoption." -- Voltaire