Daily Tech Digest - April 17, 2018

Why router-based attacks could be the next big trend in cybersecurity

wifihack.jpg
The joint report indicates that once attackers have exploited SMI commands, "for the most part, cyber actors are able to easily obtain legitimate credentials, which they then use to access routers," which allows the attacker to act as a man-in-the-middle, further enabling them to exfiltrate additional network configuration data, modify device configurations, copy OS data to an external server, create GRE tunnels, and mirror or redirect network traffic. In order to avoid risks to your organization, the report advises blocking Telnet use entirely as well as SNMPv1 and v2c, and analyzing logs for any SNMP traffic, noting that "Any correlation of inbound or spoofed SNMP closely followed by outbound TFTP should be cause for alarm and further inspection." Additional mitigations include standard precautions such as not duplicating passwords between devices, not using default device passwords, and not allowing internet access to the management interface of devices.



DataStax Enterprise 6: Faster, fit and finish

Cassandra offers a "masterless" architecture, which means no single node is indispensable to the cluster. This enhances fault tolerance, availability and resiliency, but it has also created a burden: node repair operations, necessary to support the architecture, have been manual and arduous. In DSE 6, a new "NodeSync" feature makes node repair a completely automatic and implicit operation. Effectively, with the version 6 release, DSE becomes self-repairing. And while OpsCenter will still provide an interface to monitor the operation, such monitoring is purely optional, as the operation is now autonomous. Features like this one make it crystal-clear that DataStax understands Enterprise pain points and wants to address them head-on. Another proactive and automated feature in the care and feeding of DSE nodes is "TrafficControl." This feature will address Java Virtual Machine stress and other overload effects when too many concurrent requests are routed to a particular node in the cluster. The feature orchestrates the requests by queuing them, thus allowing the node to process them in an orderly fashion.


Machine learning is the new normal: AWS


Speaking at the AWS Summit in Sydney this week, Olivier Klein, head of emerging technologies at AWS in the Asia-Pacific region, said that the cloud service provider wants to push such capabilities into the hands of more people – from data scientists and developers to IT professionals. “Machine learning is now the new normal,” he said, adding that organisations that know how to harness machine learning will be successful, because they can get better, faster and more accurate predictions of their customer needs. This will help to improve customer experiences, starting with the ability to understand user interactions with sensors, internet of things devices and websites, through machine learning techniques. Take New Zealand-based Magic Memories, for instance. The supplier of guest photography services at theme parks has been using wristbands and AWS’s Rekognition artificial intelligence (AI) service to identify guests who may appear in different images, according to its head of engineering CJ Little.


How CIOs partner with CMOs to transform customer experience

How CIOs partner with CMOs to transform customer experience
Customer experience is the responsibility of every employee in the enterprise. But CIOs and CMOs, in particular, share a variety of corresponding and complementary objectives when it comes to customer experience strategy. This makes partnership not only desirable, but necessary. “When CMOs lead customer experience, they need a lot of cooperation across the enterprise, but typically the CIO is the most vital partner they can have,” says Augie Ray, a Gartner research director who covers customer experience (CX) for marketing leaders. “The reason for this is that information and insight are the lifeblood of customer experience. You cannot be customer-centric and make outside-in decisions unless you have the data, analysis and, understanding about what customers perceive, want, expect, feel, and do. Technology budgets worldwide reflect the criticality of tight alignment between marketing and IT. According to IDG’s 2018 State of the CIO Survey, 42 percent of global marketing teams have budgets specifically earmarked for investments in technology products and services.


Research finds that Open Banking has a Consumer Perception Problem

The research strongly suggests that banks are doing little to communicate with the consumer as 85 per cent of consumers have either never heard of, or are unsure what the Open Banking initiative is and how it will affect them. This is despite the Financial Conduct Authority (FCA) ordering nine of the country’s biggest banks – several of which missed the 13 January launch – to open up the information they hold so that it can be used to create new banking products and services. In addition to only one-in-six (14.3 per cent) being aware of the Open Banking initiative, less than a quarter (22.8 per cent) of respondents had heard about it directly from their own bank or building society. CREALOGIX is a fintech top 100 firm and a global market leader in digital banking. Its fintech solutions offer bank clients a better customer experience, greater security and effortless online money management. The CREALOGIX product and service range spans the areas of Digital Banking, Digital Payment and Digital Learning.


Successful Hybrid IT Deployment by Accident? Nope, It Takes Planning

61e76495-73c7-4ce5-9350-04542e8519fd
Businesses that design their hybrid IT strategy by implementing two key technologies are more successful. These technologies include the use of continuous delivery automation and composable infrastructure. Continuous delivery is important because it promotes a constant, iterative development environment that is essential for keeping up with the changing needs of users. Composable infrastructure is also vital because it allows infrastructure to be treated as software code. IT operators can quickly and easily construct new infrastructure from a collection of building blocks, using software-defined, policy-based templates. Businesses that adopt continuous delivery combined with composable infrastructure report greater control over their workloads— 61% say they have extremely high levels of control, compared to 24% of those without these two technologies. Both technologies used together allow organization to better overcome challenges, realize innovation faster, and gain greater control over workloads.


How to Achieve #DigitalTransformation

The digital transformation starts by understanding the organization's business initiatives, and then prioritizing which initiatives are top candidates for enhancement through digital transformation. "Begin with an end in mind" to quote Stephen Covey. Organizations can then create a digital transformation roadmap that dictates how the organization leverages data, analytics (data science) and application development capabilities to deliver cloud-native "intelligent" applications (applications embedded with machine learning and artificial intelligence to optimize key processes and business decisions) and "smart" entities (that leverage the edge, fog and core IoT analytics to support the creation of "learning" business entities such as cities, cars, airports, hospitals, utilities and schools. In the end, digital transformation helps organizations become more effective in leveraging data and analytics to power their business models by optimizing key business processes, reducing security risks, uncovering new revenue opportunities and create a more compelling customer engagement and creating a more compelling, more prescriptive customer engagement


AI & Jobs: Retraining will become a 'lifelong necessity', warns report

istock-908436188.jpg
"As AI decreases demand for some jobs but creates demand for others, retraining will become a lifelong necessity and pilot initiatives, like the Government's National Retraining Scheme, could become a vital part of our economy," the report states. "This will need to be developed in partnership with industry, and lessons must be learned from the apprenticeships scheme." Childhood education will also need to be reformed, according to the report, with schools teaching both the skills needed to work alongside AI and to take full advantage of the technology available. "For a proportion, this will mean a thorough education in AI-related subjects, requiring adequate resourcing of the computing curriculum and support for teachers," it states. "For all children, the basic knowledge and understanding necessary to navigate an AI-driven world will be essential. In particular, we recommend that the ethical design and use of technology becomes an integral part of the curriculum."


Blockchain Implementation With Java Code


Another significant technical point of blockchain technology is that it is distributed. The fact that they are append-only helps in duplicating the blockchain across nodes participating in the blockchain network. Nodes typically communicate in a peer-to-peer fashion, as is the case with Bitcoin, but it does not have to be this way. Other blockchain implementations use a decentralized approach, like using APIs via HTTP. However, that is a topic for another blog. Transactions can represent just about anything. A transaction could contain code to execute (i.e Smart Contract) or store and append information about some kind of business transaction. Smart Contract: computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. In the case of Bitcoin, a transaction contains an amount from an owner’s account and amount(s) to other accounts. The transaction also includes public keys and account IDs within it, so transferring is done securely. But that’s Bitcoin-specific. Transactions are added to a network and pooled; they are not in a block or the chain itself.


An Elaborate Hack Shows How Much Damage IoT Bugs Can Do


The Senrio attack starts by targeting a security camera that is still vulnerable to an inveterate IoT bug the researchers disclosed in July, know as Devil’s Ivy. Using an unpatched Axis M3004-V network camera as an example, an attacker would find a target exposed on the public internet to start the attack, and then use the Devil’s Ivy exploit to factory reset the camera and take over root access, giving them full control over it. Once the attacker has taken over the camera, they can view the feed. In the scenario the Senrio researchers imagine, this IP camera has been rightly cordoned off from the rest of the network, able to communicate only with a router. Even with that well-intentioned stab at segmentation, the attacker can simply springboard from the camera to attack the router next. With a compromised camera, the attacker can find out the router’s IP address and its model number tohelp determine whether it has any vulnerabilities. In Senrio’s attack, the router is a TP-Link TL-WR841N that's still vulnerable to a custom code-execution vulnerability



Quote for the day:


"Authority without wisdom is like a heavy axe without an edge, fitter to bruise than polish." -- Anne Bradstreet