Daily Tech Digest - February 14, 2018

Microsoft to test blockchain-based self-sovereign ID system

blockchain challenge
"Today, the Microsoft Authenticator app is already used by millions of people to prove their identity every day. As a next step we will experiment with Decentralized Identities by adding support for them into Microsoft Authenticator," Patel wrote. "With consent, Microsoft Authenticator will be able to act as your User Agent to manage identity data and cryptographic keys." On the new platform, only a user's hashed ID is rooted on a blockchain, while actual identity data is encrypted and stored in an off-chain ID Hub that Microsoft can't see. "Once we have added this capability, apps and services will be able to interact with [a] user's data using a common messaging conduit by requesting granular consent," Patel said. "Initially, we will support a select group of [digital ID] implementations across blockchains and we will likely add more in the future."


Fileless Malware: Not Just a Threat, but a Super-Threat

Those invisible aliens may not have landed on earth just yet, but invisible malware — called fileless malware or in-memory malware — is wreaking havoc and bringing intergalactic war-style destruction to IT systems the world over. Like an invisible alien, fileless malware can strike from multiple directions, without victims even being aware they were targeted, until it's too late. Fileless malware — in which hackers call malware routines remotely and load them into memory in order to compromise or steal data — is not new, but hackers increasingly have turned to that type of attack. According to McAfee, fileless threats with PowerShell malware grew by 119% in the third quarter of 2017 alone, and they have been such a rousing success that hackers plan to greatly expand their use this year, security experts are convinced. But fileless malware is just one of numerous threats and attacks that are now in vogue;


3 common pitfalls of microservices integration—and how to avoid them

3 common pitfalls of microservices integration—and how to avoid them
Microservices are all the rage. They have an interesting value proposition, which is getting software to market fast while developing with multiple software development teams. So, microservices are about scaling your development force while maintaining high agility and a rapid development pace. In a nutshell, you decompose a system into microservices. Decomposition is nothing new, but with microservices you give the teams developing services as much autonomy as possible. For example, a dedicated team fully owns the service and can deploy or redeploy whenever they want to. They typically also do devops to be able to control the whole service. They can make rather autonomous technology decisions and run their own infrastructure, e.g. databases. Being forced to operate the software typically limits the number of wired technology choices, as people tend to choose boring technology much more often when they know they will have to operate it later on.


Untrained employees can undercut cybersecurity efforts

“If employees don't understand what their responsibilities are when interacting with a company computer system, it's going to be difficult for them to truly protect it," said Mark Burnette, partner at Brentwood-based LBMC Information Security. "They might unknowingly do something that would put the company's data at risk.” Employees may have the company’s best interests at heart, but at the end of the day, it truly comes down to employers to educate them. According to Burnette, the single biggest step employers can take is to routinely provide multifactor authentication. That means using something more than just a password to access sensitive data. The most common form of this is some sort of token, like a key fob with a rotating password or a code sent via SMS to a cell phone.  “This is something companies have to get ahead of. They cannot rely on their users to always catch it. In many cases, the attacks are so good that anyone would fall for them,” he said.


The sudden death of the website


Now, almost every website looks the same — and performs poorly. Offline, brands try to make their store experiences unique to differentiate themselves. Online, every website — from Gucci to the Gap — offers the same experience: a top nav, descriptive text, some pictures and a handful of other elements arranged similarly. Google’s rules have sucked the life out of unique online experiences. Of course, as e-commerce has suffered, Google has become more powerful, and it continues to disintermediate the consumer from the brand by imposing a terrible e-commerce experience. There also is a hidden knock-on effect of bad website design. As much as 90 percent of calls placed to a company’s contact center originate from its website. The journey looks like this: Consumers visit a website to get answers, become confused and have to call. This has become an epidemic, as contact centers field 268 billion calls per year at a cost of $1.6 trillion.


5 Top Threats While Using Social Media Accounts

With your physical life becoming integrated with your cyber life, social media has become the important tool to keep in touch with your work and friends. With the advent of social networks like Facebook, WhatsApp Twitter, YouTube, FourSquare, and Google+, we have changed the way we interact with our bosses, colleagues, and friends. Social media plays a significant role in our lives and by default they are also a high risk for security threats. Cyber risks are directly proportional to popularity. The more popular any App or service is, the more risks it has from cybercriminals. Take Facebook for instance. With over billion users, it is the most hacked social media network. To make sure that your social media account doesn’t get hacked, you need to know the threats you face from cybercriminals to better prepare your self. Here are the top five security threats currently out there to help you stay safe online.


Chrome 68 to condemn all unencrypted sites by summer

slide 14 chrome logo
Google's campaign to call out HTTP websites as unsafe began in 2014, with the search giant ramping up the effort in September 2016, when it told users Chrome 56 would shame pages that didn't encrypt password or credit card form fields. Chrome 56 debuted in late January 2017, and immediately started to apply the "Not secure" label to pertinent pages. The push for always-HTTPS - backed by Google and others, including Mozilla, maker of Firefox - has worked, Schechter argued. Eighty-one of the web's top 100 sites, she asserted, now used HTTPS by default, while 68% of Chrome traffic on Windows and Android (by pages) and 78% on both macOS and Chrome OS was encrypted. That was up significantly from September 2016, when Schechter said half of all Chrome desktop page loads were being served via HTTPS. Eventually, Chrome's "Not secure" label will be accompanied by a red-for-danger icon.


Israel is becoming an artificial intelligence powerhouse

As has been the case in other tech sectors, including Cybersecurity and Fintech, Israeli AI startups are generating quite a buzz. Broadly speaking, Israeli tech startups have continued to attract tremendous interest from investors, raising a total of $5.24 billion in 2017, an increase of 9 percent from the previous year. Yet, broken down by sector, it is astounding that a staggering $1.1 billion of investment, nearly 20 percent of the aforementioned total, was directed towards AI companies. Driven by multi-sector demand for AI technology, activity in the sector is broad and encompasses all industries, with Israeli AI firms developing solutions across a wide cross section of verticals including Technology, Industrial, Automotive, Enterprise, Healthcare, Fintech, and Marketing. Given the breadth of activity, it is not surprising that Israeli AI startups are receiving global acclaim. Last year, seven Israeli AI companies appeared on CB Insight’s list of “the most promising artificial intelligence companies in the world”.


The Difference between Data Scientists, Data Engineers, Statisticians ...


A data engineer is someone who is dedicated towards developing, constructing, testing, and maintaining architectures, such as a large scale processing system or a database. The main difference between a data engineer and its often confused alternative data scientist is that a data scientist is someone who cleans, organizes, and looks over big data.  You might find the use of the verb “cleans” in the comparison above really exotic and inadvertent, but in fact it has been placed with a purpose that helps reflect the difference between a data engineer and data scientist even more. In general, it can be mentioned that the efforts that both these experts put in are directed towards getting the data in an easy, usable format, but the technicalities and responsibilities that come in between are different for both of them.  Data engineers are responsible for dealing with raw data that is host to numerous machine, human, or instrument errors. 


Financial services firms most adept at making balanced security investments

The report also notes while cyberattacks have a greater financial impact on the financial services industry than on any other industry, financial services firms continue to make prudent and sophisticated security technology investmentsthat contribute to reducing the cost of breaches significantly. The greatest proportion of financial services firms’ cyberdefense spending is for more advanced solutions like security intelligence systems, followed by automation, orchestration and machine-learning technologies. “While the cost of cybercrime for financial services companies continues to rise, our research found that these companies have considerably more balanced and appropriate spending levels on key security technologies to combat sophisticated attacks than do those in other industries,” said Chris Thompson, a senior managing director at Accenture who leads financial services security and resilience in the company’s Security practice.



Quote for the day:


"When Things Fall Apart " is when we usually have the most to learn about ourselves. -- Oprah Winfrey