Daily Tech Digest - February 12, 2018

Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

A bunch of shadow people leg it across a backdrop of dollar bills (conceptual illustration)
The malicious code was first spotted by UK-based infosec consultant Scott Helme, and confirmed by The Register. He recommended webmasters try a technique called SRI – Subresource Integrity – which catches and blocks attempts by hackers to inject malicious code into strangers' websites. Just about every non-trivial website on the planet loads in resources provided by other companies and organizations – from fonts and menu interfaces to screen readers and translator tools. If any one of these outside resources is hacked or tampered with to perform malicious actions, such as mine crypto-coins, all the websites relying on that compromised resource will end up pulling the evil code onto their pages and into visitors' browsers. SRI uses a fingerprinting approach to stop vandalized JavaScript from being imported into webpages. If an internet dirtbag changes a third-party provider's source code, the alteration is detected and blocked by the individual websites using this signature technique.



After dismissing security flaw, Amazon patches Key smart lock anyway


The hack effectively blocks the bolt from locking once it's opened, allowing the hacker to later walk right into the victim's home. MG shared specifics of the bug with ZDNet, which he asked to withhold until Amazon fixed the flaw. He published his own write-up after Amazon dismissed the bug last week. "I posted the [proof-of-concept] video with technical details redacted," said MG. "Amazon reached out to me the same day and I started helping them understand the attack." "There was a window of time I didn't hear back for about half a day, meanwhile Amazon PR started talking about the attack and saying it was a non-issue," he added. "Annoying... but I promised Amazon that I would withhold technical details until they released a fix." "A day later, would completely explain the entire attack to Forbes even though a fix wasn't rolled out," he said. When reached, Amazon spokesperson Kristen Kish said the attack was "not a real-life delivery scenario" because "the security features built into the delivery application technology used for in-home delivery are not being used in the demonstration."


How IoT Security Is Integral To Gaining And Retaining Consumer Trust

How IoT security is integral to gaining and retaining consumer trust - IT Next
Technology is only adopted when it actually gets enmeshed with our everyday life; considering this, IoT still has a long way to go. As for the future, it is impossible to offer precise predictions as to what devices will be developed. As a paradigm, IoT should further simplify our lives by utilizing connected devices. On the one hand, IoT opens up exciting new business opportunities and a trail for economic growth. On the other hand, it also opens the door to a variety of new security threats. Since IoT involves networking of “things” or objects that are relatively new and their product design doesn’t always consider security an important factor. Most of the IoT products in the market are often sold with old and unpatched embedded operating system and software. It is generally observed that purchasers of these IoT devices often fail to change the default passwords or fail to select sufficiently strong passwords. IoT also faces a greater number of possible threats as compared to earlier internet technologies due to the various reasons


What It Takes to Transform Your Firm


“If you set the bar too low, that sounds like incrementalism,” she says. Modest steps over a protracted timeline tend to exhaust an organization, making it difficult to reach the finish line. In her view—somewhat counterintuitively—firms that set a lofty target, one with the power to inspire the organization, may stand the best chance of ultimately achieving it. But lofty targets must remain rooted in a company’s core purpose. “Up front, you’ve got to have clarity on why you’re in the business that you’re in,” she says. “If you’re not sure why you’re doing what you’re doing, it’s going to be very hard to set up a transformation that will support your brand position.” Before any transformation, the executive, marketing, and strategy teams should discuss implications for the business model and the brand, outlining in detail how the proposed new direction complements the company’s core purpose. Is this a natural and logical change?


Hybrid Databases for Real Time Online Transaction Processing and Analytics

Hybrid Databases for Real Time Online Transaction Processing and Analytics
In the conventional data warehouse model, though, the latency between the time that a transaction has occurred and when it is extracted, transformed, and loaded into the data warehouse prevents any immediate analysis that can influence actions in real time. In essence this model limits any options that would allow the use of the data for complex analysis that might provide useful insights to inform someone of an immediate manual action or to trigger an automated reaction to a customer interaction. And as organizations seek to differentiate their customer centricity initiatives by establish strong customer relationships that are supported by automating reactions to customer interactions though system touch points, there is a need to eliminate this latency and facilitate more immediate analytics so that opportunities for customer engagement and revenue generation are not missed That being said, there are developing options to finesse this impediment.




Time to stop sweating


"Organisations, especially in the mid market, haven't spent a huge amount on IT really since the banking crisis. Money was tight after that and there was uncertainty around spending," he said. "A lot of people have held back but it's got to the point now where sweating has now become in some cases impactful on the business growth and the sustainability of the business," he added that the brakes were now coming off on some investments in order for the customer to remain effective. "It isn't an open cheque book and it still has to be done with the right level of due diligence and checks on it and it has to be linked very closely to aligning it to the business value," he said.  Retail and hospitality are having to react to a growing number of different payment methods, review apps and changing customer expectations. As a result the investment is going into making sure the technology can help firms deal with those changes.


10 top ways IT and data pros are boosting their careers

It's often been said that with technology, the only constant is change, notes Peter Tsai, a B2B technical marketer and IT content writer at Spiceworks in his blog. Therefore, if you're not consistently learning, you’re standing still while the world of tech passes you by. It's no wonder that the majority of IT pros we talked to said learning new things will be a priority this year. ... They say the best things in life are free, but it's also true that money talks, Tsai explains. Staying gainfully employed was probably the second most popular response in our poll, because you need cash to pay for things like food, shelter, video games, and Star Wars tickets. ... In a Spiceworks career study, 67% of IT pros said that tech certifications can help increase job opportunities, Tsai explains. Additionally, 55% said that having a tech certification can help you negotiate a higher salary. Also, some IT recruiters screen candidates based on certs. Therefore, many IT pros want to earn credentials that give their CVs a better chance of moving to the top of the stack.


The Elephant In The Room Is Ransomware


How many times have I heard this catastrophic scenario that predicts the end for tape (again)? It’s Monday, and your manager asks you to delete someone’s personal data from your backup copies because the data protection officer received an email asking the company to follow the “right to be forgotten.” So, you grab a coffee and start figuring out where to find the data—but how can you delete a single file in a tape? You can’t. You’ll need to wipe the entire tape. Should you restore everything? Delete the personal information and backup the remaining data again? Sounds complex. Now imagine that this happens many times per day because of this new regulation—the GDPR. Kind of scary, right? It seems like we’re living in a world where backup software doesn’t use catalogues to track what data is stored where—a world where you need NSA tools to just make a file inaccessible to the public or internal users. But let’s imagine another scenario. It’s Sunday morning and you find that part of your systems have been encrypted by a ransomware attack. You decide to use your backups…until you discover the criminals encrypted your backups first.


How to ensure your IT and security teams stay aligned amid digital transformation

The rapid adoption of new, unfamiliar technology can leave companies vulnerable during the transition, and security teams can feel like they are in the dark as they wait for new systems to be implemented. With the risk of surveillance feeds going down during a technology migration, it’s no wonder that these security experts are nervous about a major shift to cloud and IoT solutions. On the other end of the spectrum, IT teams regularly assess rapidly evolving project requirements and are used to supporting business initiatives with new networks, servers and cloud technology. But managing additional video surveillance tools eats up IT bandwidth, and keeps technology teams from pursuing work such as IoT integration and the implementation of machine learning technology. Because the IT team is tasked with maintaining on-premise servers, they are responsible for designing and executing network upgrades as dictated by the security team’s needs.


How BPM Ensures Future Digital Success For Enterprises

How BPM ensures future digital success for enterprises - IT Next
BPM is a vital component of any device that has IoT connectivity. IoT devices excel at sensing, alerting, augmenting reality, and generally interacting seamlessly with the wearer, but are somewhat lacking in areas such as system integration, data processing and process logic. BPM fills this gap by integrating people, processes, tools, systems and devices. BPM’s role in IoT is to determine what is to be done with data received from other devices. BPM supports time sensitive, dynamic business processes, and takes advantage of the real-time data coming out of and going back into IoT devices. Growing adoption will result in more data and more connected devices. Digitalization using BPM involves using digitized data to enable organizations to make quicker decisions, enable optimization of processes and, ease the life of users. BPM provides the ability to integrate processes that involve devices, systems, and humans. Advanced BPM solutions provide access across devices with responsive user experiences, allowing access-driven information sharing across the enterprise.




Quote for the day:

"Managers maintain an efficient status quo while leaders attack the status quo to create something new." -- Orrin Woodward