Daily Tech Digest - March 06, 2018

Introduction to Learning to Rank (LTR) search analysis

Introduction to Learning to Rank (LTR) search analysis
A classification technique called Learning to Rank (LTR) is used to perfect search results based on things like actual usage patterns. LTR isn’t an algorithm unto itself. The actual ranking is often done with an algorithm called support vector machine (SVM), but recently gradient-boosting trees (GBTs) have been used instead. There are multiple implementations of Learning to Rank available. The most famous open source implementations are XGBoost, RankLib, and part of Apache Solr, which was donated by Bloomberg. ... Learning to Rank has been part of search efforts for a couple of decades. It is used generally to fix results based on user preferences or implicit behavior (read: clicks). Because LTR is based on a machine learning classification model, it is a supervised learning method. This means that you train a model based on some preprocessed data. This data with hand-labeled ranks is then used to optimize future results

Nearly half of CIOs now plan to deploy artificial intelligence

"Don’t fall into the trap of primarily seeking hard outcomes, such as direct financial gains, with AI projects," Andrews said. "In general, it’s best to start AI projects with a small scope and aim for 'soft' outcomes, such as process improvements, customer satisfaction or financial benchmarking." Expect AI projects to produce, at best, lessons that will help with subsequent, larger experiments, pilots and implementations. In some organizations, a financial target will be a requirement to start the project. "In this situation, set the target as low as possible," Andrews said. "Think of targets in the thousands or tens of thousands of dollars, understand what you’re trying to accomplish on a small scale, and only then pursue more-dramatic benefits." Big technological advances are often historically associated with a reduction in staff head count.

Millennials are bigger victims of fraud than senior citizens, FTC finds

The FTC report is the latest study to challenge the conventional wisdom that older adults are the ones falling prey to fraud. As previously reported by TechRepublic, younger adults are more likely to lose money to a tech support scam, and self-reported tech-savvy people are more likely to become the victim of phishing and identity theft. All these studies point to an incorrect perception about tech users that needs to change for the sake of personal and organizational security: Young adults aren't safer by default. There is, of course, a caveat to the FTC's report: It's a collection of complaints the organization received, so it can't necessarily be treated as an absolute representation of who is paying out to scammers. That said, the numbers do line up with a report from Microsoft mentioned by our sister site ZDNetin late 2016: Half of adults between the ages of 18 and 34 fell for online tech support scams, while only 17% of those over 55 did.

Enterprise IoT: Business uses for RFID technology

ecommerce - order tracking - shipment logistics - RFID
Internet of Things (IoT) has made a big buzzword over the past few years as organizations have added intelligent controls to refrigerators, soda machines, washer and dryers, medical robots and lightbulbs. While the consumerization of IoT is in our everyday life, enterprises have been looking for ways IoT can benefit them and their users to improve day to day tasks. One of the big enablers of IoT in enterprises has been the simple addition of RFID tags for day-to-day operational functions. Some RFID tags that have batteries, active transmitters and built-in electronics to capture and relay information run $15-$50 apiece. On the other hand, passive RFID tags are extremely inexpensive running 5 to 10 cents each. Passive tags have no active electronics, they merely have an identification code similar to a barcode, but unlike barcodes that require line-of-sight readers to scan them, passive RFID tags can activate and respond several feet away with no need for line-of-sight access.

Windows Defender can now spot FinFisher government spyware

Microsoft says it has cracked open the notorious FinFisher government spyware to design new ways to detect it and protect Windows and Office users. FinFisher is sold to law-enforcement agencies around the world and its maker, European firm Gamma Group, has been criticized for selling it to repressive regimes. Last year, researchers at FireEye discovered FinFisher being distributed in Word documents loaded with an attack for an Office zero-day targeting Russian-speaking victims. In some countries ISPs have also assisted FinFisher rollouts by redirecting targets to an attack site when they attempt to install popular apps. Malware researchers at ESET have found it difficult to analyze recent versions of FinFisher due to techniques it uses to prevent sandboxing, debugging, and emulation. Microsoft's threat researchers say FinFisher's level of anti-analysis protection puts it in a "different category of malware" and reveals the lengths its makers went to ensuring it remains hidden and hard to analyze.

SEC's new cybersecurity guidance falls short

rules procedures guidelines process structure
By comparison, other cybersecurity regulations have significant enforcement power behind them. Breach notification laws, for example, are in place in 48 states, Washington, DC, and Puerto Rico, according to the law firm Perkins Coie. A year ago, New York began requiring comprehensive cybersecurity assessments from financial services companies in the state. This May, the European Union's General Data Protection Regulation (GDPR) goes into effect with fines of up to 20 million euros or 4 percent of annual global revenues, whichever is higher. This new SEC guidance doesn't compare to that, says Badway. "Not even close." As a result, he says, he doesn't see corporations rushing out to improve their cybersecurity processes in response to the new SEC guidance. They might be more motivated to improve by shareholder lawsuits, he adds, but the new guidance isn't likely to provide more fuel for the plaintiffs. "The criteria are the same," he says. "I don't think anything has changed."

Smart homes pose a cyber threat to their owners and tenants

Cyber criminals can use a smart home system as an entry point for remote attacks. David Emm, principal security researcher at Kaspersky Lab, said: “The fact that smart home hub meters are open to attack from cybercriminals is very concerning due to the wealth of people using these devices on a day-to-day basis.” Kaspersky Lab has discovered vulnerabilities that could affect smart homes. Criminal hackers could gain access to a smart product’s server, steal personal data, and use it to access accounts and take control of systems within a person’s home. Researchers testing a smart device found that it sent user data, including smart hub login credentials, to a corresponding server. Other personal information, such as the user’s phone number for text alerts, may have also been included and sent. Malicious actors have found a way to send seemingly legitimate requests to servers to download information, including the device’s serial number. If the serial number is not included, cyber criminals can use basic methods to obtain it.

6 Questions to Ask Your Cloud Provider Right Now

(Image: ra2studio via Shutterstock)
The cloud is fairly new territory for many organizations and, consequently, it’s an area where mistakes are made stemming from confusion around the role cloud service providers play in security, and how companies should work with them. "Organizations looking to host their data in cloud service providers have the best intentions in mind, and the clients I speak with are looking at security as being a key motivator," says Mark Judd, research analyst at Gartner's Research Analyst Lab. But, Judd says, many businesses are in the mindset of thinking that because major players like Amazon and Microsoft have not been directly compromised, any data they put in those companies' cloud environments will automatically be secure. The problem is, security works both ways. "They neglect to realize that moving into a cloud does not automatically make their data secure, but requires an understanding of the shared responsibility in regards to security controls between the organization and the cloud provider," Judd explains.

Cryptocurrency mining malware now as lucrative as ransomware for hackers

One of the reasons the cryptocurrency mining operation has proved to be so lucrative for one of the most successful groups observed is because the malware is deployed using techniques more usually associated with sophisticated and state-backed hackers. In this instance, the cryptocurrency mining malware is being distributed with the aid of process-hollowing - a technique which lets the malware unmap the legitimate code of processes and overwrite them with malicious code. Victims of this campaign are lured into downloading legitimate-looking software which has instructions to download the miner hidden inside. As the process initially looks like a legitimate form of software, it isn't detected by anti-virus products. Once the dropper software has been installed, a Windows installer 'msiexec' is run, and it downloads and executes malicious modules from a remote server which carry out the process-hollowing, allowing the attackers to alter the code with the instructions to carryout mining for cryptocurrency.

Data-Driven Thinking for Continuous Improvement

It’s a culture where there is no "status quo" or "because that is how we do things here." People are encouraged to find better ways of doing their jobs. We allow trials of new approaches. If they work well, we adopt them. We not only give people ownership over their work but also over the organization and its processes. One example of this is our Journey Team structure. We knew that our existing team model wasn’t working well for the individuals on the teams, but they never got "permission" to fix it. After moving towards our new culture, an ad-hoc group of product and engineering team members came together to design a new team structure. Journey Teams are now our organizational model. ... It was an extended effort that involved creating a solid foundation of multiple elements. First, we created a framework to bring clarity to the company strategy and priorities. For people to make good suggestions, they need to understand the company’s business context.

Quote for the day:

"He uses statistics as a drunken man uses lamp posts... for support rather than for illumination." -- Andrew Lang