There's irony in Guzman's latest findings. Last year, he had a 2016 Subaru. It lacked the telematics unit, but Subaru had a mobile app that owners could use to track vehicle maintenance. It also used a token that didn't expire, which Guzman says he reported and Subaru fixed. But the same vulnerability appeared again this year. Subaru "must have re-merged the code and reintroduced the vulnerabilities," he says. So how would an attack work? There are preconditions: An attacker would have to know, for example, that the victim has a 2017 Subaru - or later - with Starlink installed. The key to Guzman's attack is capturing the token that gets generated, and there are a variety of ways to do this. One way is by exploiting a cross-site scripting - aka XSS - vulnerability that Guzman also found.
CIOs are searching for employees skilled in the latest mobile, cloud, social and analytics tools, who can build, ship and maintain software using agile and devops methodologies. But such skillsets are in short supply at traditional enterprises whose IT workforces are long in legacy systems and short on digital capabilities. Enter digitally-savvy millennials as mentors. This younger generation, now entering the workforce, is a great resource for educating more tenured staff members on the use of new technologies, Gartner analysts Lily Mok and Diane Berry wrote in a research note earlier this year. “In return, younger staff can gain from senior staff knowledge and capabilities, such as business acumen, proper business protocol and more mature decision-making skills that come with time and experience,” the analysts wrote.
With machine learning you will never be able to adapt to change, which is what every company is looking for. Because change equals innovation! Thus, we consider machine learning as a mathematic optimization technique, which is fully optional. Talking about a decision-making process, everything works correctly without machine learning. Thus, the machine will find a solution on its own. Machine learning can be used to make the way to the solution shorter or more efficient by applying or selecting better knowledge. That's what machine learning is used for. In our case, machine learning classifies the atomic knowledge pieces in the situation of a certain problem and prioritizes and chooses the better suited pieces to provide the best solution. Thus, machine learning helps to select the best knowledge to a specific state of a problem.
It’s a remarkable technical achievement, though a commercial version of the chip may not be possible for a while. Still, it should enable chips with 30 billion transistors, the on-off switches of electronic devices, on a fingernail-sized chip. Researchers say this kind of achievement should enable the $330 billion chip industry to stay on the path of Moore’s Law, or the prediction made in 1965 by Intel chairman emeritus Gordon Moore that the number of transistors on a chip would double every couple of years. IBM is presenting details of its research on its “silicon nanosheet transistors” at the 2017 Symposia on VLSI Technology and Circuits conference in Kyoto, Japan. The development comes less than two years after IBM researchers made a 7-nanometer test node chip with 20 billion transistors.
CIOs have a somewhat adversarial relationship with vendors even though we need them. A lot of CIOs lose sight of that and develop a real animosity toward vendors, which I get because we're bombarded by hundreds of vendors by email and phone calls. But it simplifies the CIO's job to have a small set of partners to manage rather than a wide variety of vendors. A partnership with a select few helps you drive your organization forward, because they become thought leaders, people you can turn to whenever you have big projects. Some CIOs ask: 'How do you know you're getting the best price?' You can test it as you go along and keep the vendors from getting too comfortable with their position. But most vendors understand the importance of the partnership. And with my partners, I can call the CEO and get some action. That's comforting to know.
“What’s going on right now is enterprises are extending the existing security infrastructure or security components they have already invested in to address early IoT issues,” said IDC analyst Robert Westervelt who co-authored a new forecast that said the worldwide market for IoT security product will grow from $11.2 billion in 2017 to $21.2 billion by 2021. “Some of the issues, depending on the industry and use case, are surely embedded system security. And so that’s why we think those two segments — device and sensor, and network and edge — are going to have the most growth over the next five years.” IoT security risks vary by industry. Healthcare organizations, for example, are using IoT patient monitoring tools that rely on sensors, which collect patient health data, and then transfer this data to the cloud so a physician can analyze it.
“With the intense focus on predictive analytics, deep learning, machine learning, and artificial intelligence, these positions should remain relevant for years to come,” says Flavio Villanustre, vice president of infrastructure and security for LexisNexis Risk Solutions. ... “To the best of our knowledge, it’s not clear how we can build machine learning models where only limited amount of data is available,” says Mehdi Samadi, CTO of Solvvy. “This is currently limiting the types of intelligent applications that we expect to see in the near future. The solution to this problem is either to find approaches that help us to generate data, or building more robust machine learning models which can learn from limited data. Transfer learning algorithms, learning from the data available in other domains in order to perform well in a new domain,” is a promising area for engineers, says Samadi.
What Jindal Steel and Power has done at its Angul plant is enable an Industrial Internet of Things (IIoT) setup by creating a network of machines, advanced analytics, supply chain and people. The World Economic Forum, in its 2015 report, called IIoT— the latest wave of technological change that will bring unprecedented opportunities, along with new risks, to business and society. “The IoT framework helps the steel plant work smart,” says Anand. The framework helps the plant workers at the Jindal Steel and Power Plant in Angul to monitor the health and status of the machines. It also provides the interoperability of mobile devices with control systems to ease real time remote management. “The IoT allows the real time process monitoring and control on local network and creates an interface to the mobile devices and analytics layer,” says Anand.
Researchers found a broad range of incident response time among businesses. In half of the successful data breaches, it took five to six weeks or less for defenders to detect malicious activity. In the other half, detection took as long as four years. "Half of [breaches] are dealt with in the first 38 days, which is actually pretty good," says Barbara Kay, senior director of product and solutions marketing at McAfee. "It could be better, but it's not too bad." However, she continues, the four-year window in this data indicates there's a lot of activity in infrastructure that goes undetected for a long time. This is a sign of threat actors hidden deep within the business, which will take "deep hunting" to root out. The longest timeframe will typically be with the most sophisticated type of attacker, Kay adds. Someone who is deep within the network for a long time either wants something or has a vendetta against the company.
The secret to hacking is there is no secret. Hacking is like any other trade, like a plumber or electrician, once you learn a few tools and techniques, the rest is just practice and perseverance. Most hackers find missing software patches, misconfigurations, vulnerabilities, or social engineer the victim. If it works once, it works a thousand times. It’s so easy and works so regularly that most professional penetration testers quit after a few years because they no longer find it challenging. In my 30 years of professional penetration testing, I’ve hacked into every single company I’ve been hired to legally break into in three hours or less. That includes every bank, government agency, hospital and type of business. I barely got out of high school, and I flunked out of an easy college with a 0.62 grade average. Let’s just say I’m no Rhodes scholar.
Quote for the day:
"Never make someone a priority when all you are to them is an option." -- Maya Angelou