Daily Tech Digest - October 02, 2018

SIE Europe
SIE Europe is co-founded by three international Internet luminaries: Dr. Paul Vixie, Chairman and CEO of Farsight Security, Christoph Fischer, CEO of BFK edv-consulting GmbH and Peter Kruse, co-founder of CSIS Security Group A/S. “We founded SIE Europe to build a European-based community of Internet defenders who want to make the Internet safer for all users. As part of this initiative, SIE Europe will provide the infrastructure to collect, aggregate and share real-time DNS data in strict compliance with the privacy laws and regulations of the European Union, including General Data Protection Regulations (GDPR),” said Dr. Paul Vixie, Chairman and CEO of Farsight Security. All online transactions, good or bad, begin with the DNS. By providing visibility to the IP addresses, domain names and other digital artifacts of the DNS used by threat actors, security professionals will be able to accurately identify and map criminal infrastructures in their networks and take preventive measures to protect their networks from future cybercrime activity.



Facebook could face up to $1.6bn fine for data breach


Facebook said the attack exploited the “complex interaction of multiple issues in our code” and stemmed from a change made to the video uploading feature in July 2017. In response, Facebook said it had fixed the vulnerability, informed law enforcement and reset the access tokens of the almost 50 million accounts known to be affected. “We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login,” said Facebook. The company has also turned off the “View As” feature while it conducts a security review, but admitted it has yet to determine whether accounts were misused or any information accessed. Facebook said it is also still trying to establish the location and identity of the attackers and will reset the access tokens of any other accounts it believes may have been affected.


The CTO role: ‘It’s about planning and business opportunities’

Every CTO role is different, and in this case, Hanson, focuses on the sales side of the business, whereas other CTOs are more concerned with the development of products. “We have some very intelligent people in our product management division who look after the actual development of products. So I’m not on the product side. I’m more on the sales side,” confirms Hanson. His responsibility centres around making sure he finds out how Informatica’s prospects and consumers use the company’s technology. He needs to understand their challenges, governance and compliance issues moving forward; well as the pressures in their marketplace and how they need to leverage data to be successful and competitive in the marketplace. “It’s really my job to try and collect that information, and think about innovative uses for our products as they currently exist, and what type of initiatives we should try and help our prospects and customers with,” explains Hanson.


Big Data: changing the future of business models

null
The ability to analyse and make informed decisions from the use of data and its analytical capabilities is vital if a business is to succeed. In an increasingly competitive industry, it is imperative that firms are able to make quick and increasingly complex decisions to cater for the changing demands from customers and evolving market conditions.  By harnessing data, businesses can identify new opportunities within their existing business operations, create more efficient operations, increase profitability and improve customer service. By embracing data, businesses can gain a competitive edge over their rivals, ensuring they don’t lag behind the competition. Over the years, our data team has worked alongside businesses to help them find data-driven solutions and technologies with the aim of fast tracking their objectives and stimulating growth.


How I Lost My Faith in Private Blockchains

The business and legal worlds operate from an aspect of centralized entities, and while that remains the case, any forced attempts at decentralization are likely to come short. While it is possible that in the future we may see decentralized businesses, they are far more likely to come from the public blockchain world where they are able to grow organically in an entirely new paradigm. In the meantime, institutions and individuals should be evaluating permissioned blockchains like any other technology: it isn't magic, and it should be assessed like one would assess any other. The benefits of a technology should never be assumed based on buzzwords, hype or fear that "everyone else is doing it so why shouldn't I?" Instead, benefits should be assessed by asking what is the business problem, what are the different technology options available, and what are the quantifiable costs and benefits of each.


LinkedIn the latest to introduce its own server designs

LinkedIn the latest to introduce its own server designs
The idea behind the designs is to reduce the amount of work it takes to deploy servers in a data center. Again, this seems to assume people will build their own the way LinkedIn and other hyperscalers do it. It’s all designed to be like building with Lego bricks. LinkedIn also wanted to standardize hardware across both primary and edge data centers, which is likely why Vapor IO is involved. Edge locations don’t have a readily available technician, so if a company sends a technician to an edge container, the last thing it wants to do is make the tech waste time trying to figure out the layout of the equipment. By having common hardware between the two, the technician will work with familiar gear. LinkedIn claims these designs will mean being able to build infrastructure for 1 percent of the cost and six to ten times faster integration time, with greater power efficiency and other cost savings. However, it does not address the issue of IT staff building the hardware. LinkedIn, Google, Facebook, etc., can afford to hire engineers who build servers all day. Your average IT shop does not.


This is how cyber attackers stole £2.26m from Tesco Bank customers

The attackers most likely used an algorithm which generated authentic Tesco Bank debit card numbers and, using those virtual cards, they attempted to make thousands of unauthorised debit card transactions. The FCA said Tesco Bank's failures include the way in which the bank distributed debit card numbers and mistakes made in the reaction to the attack which meant that no action was taken for almost a day after the incident was first uncovered. A number of deficiencies in the way Tesco Bank handled security left customers vulnerable to cyber attackers in an incident that was "largely avoidable", said the FCA analysis of the incident which Tesco Bank had to this point been tight-lipped about -- to the frustration of other financial institutions. Poor design of Tesco Bank debit cards played a significant role in creating security vulnerabilities that led to thousands of customers having their accounts emptied. One of these involved the PAN numbers -- the 16-digit card number sequence used to identify all debit cards.


Google Chrome 70 is coming. Are your security certificates in order?

Google Chrome 70 is coming. Are your security certificates in order?
For those unfamiliar with the details of this, in 2017 Google and Mozilla decided to deprecate all Symantec-issued digital certificates based on their assessment that Symantec did not correctly validate its SSL certificates prior to issuing them to customers. Google and Mozilla then decided to put in place a multi-step plan to distrust any certificates issued from the Symantec PKI. This plan phased out Symantec certificates over the next year and a half. Instead of following the Google plan, Symantec elected to sell its certificate business to DigiCert. Despite the transaction, the requirement to replace all certificates issued from the Symantec PKI remained intact, requiring millions of certificates to be replaced during 2018. To assist customers in replacing their certificates, DigiCert contacted each certificate holder, offering free replacement certificates chained to the trusted DigiCert roots. The first major distrust date was on December 1, 2017, when no additional TLS certificates could be issued through the Symantec PKI. Prior to that date, DigiCert cut over all issuance processes to its PKI and validation systems.


Open Compute Project eyes European enterprise adoption with Experience Centre opening


The OCP’s championing of 21-inch server rack designs is often cited as a partial barrier to enterprise adoption of its technologies, as it makes it potentially harder for users to deploy the technology in existing datacentres where smaller server racks are consistently the norm. The centre’s opening is being overseen by datacentre infrastructure manufacturer Rittal and OCP supplier and service provider Circle B, in conjunction with Switch Datacenters, who is in the midst of building a datacentre based on OCP principles. “The three companies have determined that in the technology sector, IT managers at large enterprises and governments in the ... “These principles form the basis on which many hyperscalers operate. By adopting OCP designs in their datacentres large enterprises and governments can benefit from the same advantages as the hyperscalers: cost reductions, lower energy usage and much more flexibility.”


Building Agile Data Lakes with Robust Ingestion and Transformation Frameworks – Part 1


With the advent of Big Data technologies like Hadoop, there has been a major disruption in the information management industry. The excitement around it is not only about the three Vs – volume, velocity and variety – of data but also the ability to provide a single platform to serve all data needs across an organization. This single platform is called the Data Lake. The goal of a data lake initiative is to ingest data from all known systems within an enterprise and store it in this central platform to meet enterprise-wide analytical needs. However, a few years back Gartner warned that a large percentage of data lake initiatives have failed or will fail - becoming more of a data swamp than a data lake. How do we prevent this? We have teamed up with one of our partners, Clarity Insights, to discuss the data challenges enterprises face, what caused data lakes to become swamps, discuss the characteristics of a robust data ingestion framework and how it can help make the data lake more agile.



Quote for the day:


"One measure of leadership is the caliber of people who choose to follow you." -- Dennis A. Peer