Daily Tech Digest - February 25, 2018

Using Brainwaves to Guess Passwords


EEG signals can’t be used to simply read out what a person is thinking or doing, and the control they can provide as interfaces is relatively crude. But the University of Alabama experiments add to evidence that they can still spill private information. The new study tested the idea that a person who paused a gaming session and logged into a bank account while still wearing an EEG headset could be at risk from malicious software snooping on personal credentials via brain waves. People first entered random PINs and passwords while wearing the headset, allowing software to learn the link between their typing and brain waves. Saxena says this training step could be achieved in the real world by a game that asked users to enter text or codes as part of gameplay, for example. After observing a person enter about 200 characters, algorithms could make educated guesses at new characters a person entered just by watching the EEG data.



The Truth About Hierarchy

People are suspicious of hierarchies for a reason — they sometimes stifle good ideas and the learning process that leads to good ideas. For example, dysfunctional hierarchies have been blamed for long periods of stagnation that companies such as General Motors Co. experienced. So, how can organizations foster learning and innovation? Here are three things leaders can do to leverage the power of hierarchy on teams yet avoid its pitfalls. ... The key is getting teams to identify the members who possess real knowledge. This is often easier said than done, in part because we tend to have implicit biases about the characteristics or backgrounds that signal expertise. For example, a study at a high-technology Fortune 100 company found that, not surprisingly, teams perform better when their more expert members rank higher in the team’s hierarchy. That study also found, however, that teams often pay attention to the wrong things as they sort out who will have more or less influence.


L.A. Times website injected with Monero cryptocurrency mining script

cryptosteal.jpg
In the case of the L.A. Times website, an AWS S3 bucket that was erroneously configured to be publicly writable was leveraged by hackers to inject the mining script. Curiously, in this instance, the script was not configured to run at max settings, which may have enabled it to go by undetected. Troy Mursch, a security researcher at the Bad Packets Report, discovered the attack of the L.A. Times website. In a statement to ThreatPost, he estimated that the script had been in use since at least February 9th. While the L.A. Times declined comment to ThreatPost, the script was removed from the website late Thursday. Coinhive has persisted on the edge of acceptability for some time. The service has used by The Pirate Bay since last September in lieu of traditional advertisements. The progressive politics website Salon has also started using Coinhive for users who have blocked normal advertising through the use of ad-blocking browser extensions.


The GDPR And Its Impact On The Borderless Economy


The GDPR compels businesses to evaluate their data handling and security practices—some businesses are lax in this regard. Consumers are concerned about the data management practices of companies they do business with, and they want assurance that their private information is secure. Surprisingly, consumers feel more strongly about this than businesses do. A 2017 study found that 79 percent of consumers believe an organization is obliged to control access to their information, but less than half of CMOs and IT security personnel agree. Thus, the GDPR presents a chance to correct lax compliance strategies and focus on what matters to customers. Data protection is critical to digital commerce. With smart, transparent security policies, companies can prove that they take the burden of protecting personal data seriously. The hard work to build trust is a smart long-term move because it makes customers more inclined to increase their digital business transactions with the company—and perhaps decrease transactions with a competitor that is less transparent.


Can China Contain Bitcoin?


China didn’t just impose a speed limit on virtual currency, however. It shut down the entire highway. Perhaps Chinese officials banned ICOs until they figure out how to regulate them. Lu, the entrepreneur who had to return $20 million to investors, hopes that this is the case. He says ICOs present a new business model in which users are stakeholders in the company, which gives them an incentive to invite their friends to join the platform. Lu believes that the virtual-currency exchanges will reopen but be run by the government. He says China will take regulation cues from the outside world, particularly the United States. The SEC recently signaled that it would take a more aggressive stance toward ICOs, perhaps by requiring ventures to register with the commission and disclose extensive information to investors. For now, Lu will continue to work on Bihu.com from Shanghai, raising capital with private investment.


How to Fast-Track Innovation Through M&A


Digital M&A comes down to time and money. Skills, products and services take time to build organically, especially in multinational corporations, and that time can be costly when there are rewards for those who adapt the fastest. This explains why, increasingly, organic build options are being complemented, or supplanted, by focused digital M&A strategies. Nearly three quarters of businesses believe M&A, or other forms of inorganic “buy” approaches, are the most effective way to get to where these companies need to be according to the second edition of Digital Deal Economy, a survey of more than 900 executives worldwide. Options range from acquiring digital capabilities, intellectual property (IP) and technologies wholesale, to more collaborative forms of third-party partnerships, such as alliances, joint ventures and outsourcing. By focusing on the transaction lifecycle through a digital lens, the study identified a group of “leaders”


Creating a Culture of Innovation


Innovation and disruption are possibly the overarching objectives of a digital culture. Successful digital companies are known more for their almost cultural predisposition to innovate and disrupt existing industries and markets. They are typically characterized by enterprise-wide capabilities for innovation built on a strong foundation of digital technologies. But innovation and disruption have not always been a core purpose of conventional organization culture. Most traditional companies were perfectly satisfied to focus on incremental improvements on their core products rather than pursue ambitious programs for reinvention. Disruption was something that even large companies like IBM and Lockheed Martin preferred to spin-off into independent culturally and procedurally air-gapped skunkwork programs. But in a digital culture, innovation is the core purpose of every enterprise. The digital economy has completely redefined the metrics of competitive advantage


Serverless Security: What's Left to Protect?


Serverless is a highly controversial name. Since code needs to run somewhere, clearly it will always need some server to run on! A more accurate (if not as catchy) name may be Server-management-less. When using FaaS, the underlying platform handles the servers for you, offloading the need to provision, manage and monitor these beasts. By offloading the servers from you, FaaS also takes on the responsibility for “patching” those servers – updating the operating system and its dependencies to safe versions when they’re affected by newly disclosed vulnerabilities. Known vulnerabilities in unpatched servers and apps are the primary vector through which systems are exploited, due to their frequency and broad deployment, along with the fact updating apps and servers at scale is hard. Serverless takes the unpatched servers risk off your hands, moving it to the “pros” running the platform, and by doing so makes you substantially more secure overnight.


Eight ways AI will change your business in 2018


We’ve all seen the headlines time and again: technologies like artificial intelligence (AI), blockchain, and the internet of things (IoT) will change our lives and work over the next decade. Such long-term forecasts are important, but business leaders must make decisions right now. They don’t want sci-fi visions. They want to know how and when AI will affect their organizations—and what they should do about it today. PwC just published some predictions about immediate trends to watch, based on insights not only from the technologists in our AI Accelerator and Emerging Tech Labs, but also from our finance, risk, operations, and cyber leaders and teams. And plural “teams” is intentional—not a typo. To develop and execute a near-term AI strategy, organizations must form cross-functional teams. No single function can succeed in isolation. These are the trends that are beginning to emerge but haven’t caught much attention yet


Is your staff’s cyber security awareness up to scratch?

A study carried out by OneLogin found that only 31% of companies require employees to change their password monthly, and 52% admitted that staff were only required to reset their password once every three months. This becomes more of a problem when the same password is used for multiple accounts, making it easy for a criminal hacker to gain access to company data. Another issue is that passwords are often shared with other staff members, defeating the point of having a password at all. Passwords should be kept secret and never be shared with colleagues. Staff can easily undermine your organisation’s cyber security. They need to understand and comply with your cyber security rules and regulations. If not, they will inevitably cause a data breach. A cyber health check will help identify your weakest security areas and recommend appropriate measures to mitigate your risks.



Quote for the day:


"Without big data analytics, companies are blind and deaf, wandering out onto the web like deer on a freeway." -- @geoffreyamoore