Daily Tech Digest - April 23, 2018

Microsoft Boosts Anti-Phishing Skills 

phishing hack scam malware binary code
Dubbed "Windows Defender Browser Protection" (WDBP) the free extension can be added to Chrome on Windows or macOS, and after a post-launch fix, Chrome OS as well. Like the defenses built into Edge, the add-on relies on Microsoft's SmartScreen technology that warns users of potentially malicious websites that may try to download malware to the machine or of sites linked in email messages that lead to known phishing URLs. Microsoft keeps a constantly-changing list of these likely bad destinations on its servers, that list generated in part from telemetry sent by SmartScreen users. At least that's what it appears WDBP does: Microsoft has not documented the extension's operation beyond some general information on its site and in the description on the Chrome Web Store. In the latter, Microsoft said: "If you click a malicious link in an email or navigate to a site designed to trick you into disclosing financial, personal or other sensitive information, or a website that hosts malware, Windows Defender Browser Protection will check it against a constantly updated list of malicious URLs known to Microsoft." That is SmartScreen.


strawberries
Cattle farms and ranches usually stretch over a large land area, making it difficult to monitor the whereabouts of grazing animals without human involvement. Using tracking collars, one can find the location of these animals in real time. Then, a data storage system can record this information in a database to ultimately form a baseline model of their movements during a given time period. Applying intelligent algorithms on these patterns helps us identify if the cattle’s movements are irregular, of if one or more animals are separated from the herd. This usually occurs if they are sick or injured. This solution can easily be implemented by small IoT trackers that communicate over an IoT network like Wi-SUN or other WANs. One could then have networking towers distributed across the fields to cover a large area. This information is then exposed to the farmer or rancher via a web portal or smartphone application, thus making it easy from them to consume it. Another area of IoT use in farming is the utilization of drones to improve crop health. Disease, and the ease of which disease spreads amongst crops, is a real cause for concern as this directly impacts crop yield.


'Tech Accord' Emphasizes Teamwork to Prevent Hacking Damage

The accord is designed to form a more cohesive defense among private companies, researchers, "civil society" and nongovernmental organizations against the range of threats. It also crucially includes a pledge to not assist governments in cyberattacks. "We will protect against tampering with and exploitation of technology products and services during their development, design, distribution and use," Smith writes in a blog post. "We will not help governments launch cyberattacks against innocent citizens and enterprises." Tension sparked between Microsoft and the U.S. government following the WannaCry ransomware outbreak in May 2017. The ransomware used a vulnerability in Microsoft's operating system to rapidly spread, causing millions of dollars in damages. North Korea has been accused by the U.S. and U.K. of developing WannaCry. The vulnerability was believed to have been one of the most productive ones used by U.S. National Security Agency. But a mysterious group calling itself the Shadow Brokers leaked the vulnerability in April 2017. 


Why human vulnerabilities are more dangerous to your business than software flaws

securityengineer.jpg
"Email remains the top attack vector...Attackers are adept at exploiting our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to persuade us to click," the report said. Some 50% of all clicks on malicious emails occurred within an hour of it showing up in the victim's inbox. And 30% happened within 10 minutes of receiving the email. Hackers, either working on their own, with a group, or with a state-sponsored entity, attempted to take advantage of human trust in most cases. Nearly 55% of social media attacks that impersonated customer-support accounts were aimed at financial institutions. "Many of these attacks rely on social engineering," the report noted. "Others simply take advantage of inclinations for immediate gratification, improved status, or even the reward of 'getting something for nothing.'" The report continued: "But as the old adage goes, there is no such thing as a free lunch. The hidden costs of a bargain in social media channels can often be credential loss to phishing, coin mining through browser hijacking, and malware infections."



Analyst balks at blockchain distributed ledger in networking


Mike Fratto, an analyst at GlobalData in Sterling, Va., said he sees no purpose for the blockchain distributed ledger in networking. To Fratto, the technology that has attracted lots of industry attention is little more than a "relatively slow" database scattered across a network of computers. As a foundation for network management, blockchain "would be wildly inefficient," Fratto said in an interview. Also, there are much better technologies already in place for grappling with networks. "Fundamentally, blockchain doesn't solve the problems in network management that need to be solved," he said. In general, blockchain is a ledger used to store transactional information across a network of computers. The distributed nature of the technology makes it highly secure, because any change to a transaction that isn't validated by the whole system is immediately rejected.


Engineering Culture Revived: The Key to Digital Transformation


Superbet has established a market-leading position in Central and Eastern Europe for Retail betting; meanwhile, over the last year we have invested heavily in the establishment of a ‘dot com’ team that will launch us globally online. Along the way, we have embedded many acquisitions and so we have quite a ‘melting pot’ of nationalities and practices, but the entrepreneurial flair runs core through all. So for instance, our Slovakian Payment System team operates completely distinctly from our UK Pricing / Trading products team, but both came to our business with an existing implementation-driven approach to market evolution: the capability to test and learn built in as core practice. As we evolve our teams we are taking care to establish the right ‘conditions’ for engineering culture from the start; so for instance, working to a business outcome, it is the team that decides HOW this will be achieved. The teams are also responsible for recruitment such that new team members are selected by the team.


The New Rules Of IT Business Alignment In The Digital Era

The new rules of IT-business alignment in the digital era
“Budgets are shifting and budgets are everything. Whoever’s got the budget has final say,” observes Matthew Mead, CTO of digital technology consulting firm SPR. Mead has observed this transition in his own work. “Traditionally, if you were selling a business system, you’d sit down with IT representatives and one business person and have a very technical conversation. Nowadays, it’s shifted completely. A lot of times we’ll find ourselves in a meeting where the business has much more representation in terms of numbers of people and IT has much less. I think IT has become more of an influencer and consultant. It used to rule the roost and make the call. Now there are many voices and IT is just one of them.” That makes vendors’ jobs easier in ways that ought to worry every CIO. “When we sold to IT, the information we went over was so much more detailed and rigorous. There were a lot of details that had to be disclosed. Now when we work with a business, the experience is a much larger focus and some details that used to be important are no longer important,” Mead says, adding that some of those no-longer-discussed details might include security and maintenance requirements.


Will enterprise IoT become BYOD on steroids?

05 byod
Unlike BYOD, IoT tools are “headless,” typically tied to line of business to drive top line revenue or bottom line cost cutting objectives. This means the importance of monitoring and managing of these new things, to ensure the best possible performance over computer networks, will eclipse that of conventional networked clients. With all the power and benefits of IoT, IoT will also present a new host of challenges to enterprise IT teams that will exceed other recent challenges enterprise IT teams have had to deal with like interoperability, protocols and security. IoT management is further complicated by the fact that some IoT devices have limited hardware capabilities, restricted networking capabilities and don’t run operating systems that support conventional IT or mobile device management. What’s more, IoT management tasks may be split across different factions in IT or network operations. Without a single source of insight into the performance of IoT devices that can be used by all the different networking constituents, more finger pointing among IT staff is sure to result. Another difficult thing for network managers to get a grip on is the impact of IoT-networked devices on capacity planning. 



Get Ready for Cloud Native, Service-Meshed Java Enterprise


Java EE, cloud native and service meshes — this doesn’t really sound like a good fit. Or does it? Is it possible to develop modern, cloud native Java Enterprise applications that fulfill concerns such as scalability, monitoring, tracing, or routing — without implementing everything ourselves? And if so, how? In an enterprise landscape of microservices there is the challenge of adding technical concerns, such as discovery, security, monitoring, tracing, routing, or failure handling, to multiple or all services in a consistent way. Software teams can potentially implement their individual services in different technologies, yet they need to comply with organizational standards. Adding a shared asset such as an API gateway tangles the services together and somehow defeats the purpose of a microservice architecture. Redundancy, however, should be avoided as well. Service meshes transparently enhance each microservice that is part of the mesh with consistent technical concerns. These enhancements are added in a technology-agnostic way, without affecting the application.


Innovative CIOs make shift to managing IT as a product

Innovative CIOs make shift to managing IT as a product
"It's about: How do I move fast, continually adopting capabilities for our organization, much like if we had a product in the market we're evolving based on customer feedback and needs?" Piddington says. Piddington brought these practices with him to MRE in 2014, instituting a culture around crisper, agile software delivery tied to data operations. Piddington soon discovered a hidden gem: IT had built a software tool that uses machine learning algorithms to assess the health of laptops, server farms and other critical machines MRE consultants use to generate revenue. MRE’s help desk technicians used this information to fix machines before they went down. Recognizing the potential to create a new revenue stream, Piddington commercialized the tool, seeding an early version with some services clients to see if it would work in environments supporting thousands of machines. Under Piddington's leadership, MRE fine-tuned the app to support network endpoint devices and virtual machines and boosted the algorithm’s accuracy from 85 percent to 98 percent, before taking it to market in early 2017. Several customers are using it, he says.



Quote for the day:


"I count him braver who overcomes his desires than him who overcomes his enemies." -- Aristotle


No comments:

Post a Comment