Daily Tech Digest - November 13, 2019

Best Strategies For Data Security And Compliance

panel
Assessing which obligations apply to your organisation can be arduous but it’s a vital process when considering the consequences of non-compliance. On balance, the costs incurred to establish the necessary policies, acquire the relevant applications, and hire the right staff are far outweighed by the huge costs which come from failing to comply. The value of adequate preparation is even higher for those industries held accountable to the most stringent regulation. In particular, financial services, healthcare and public sector organisations are key targets for cybercriminals due to the ‘sensitive’ data they handle. Companies operating in these sectors must be even more focused on boosting collaboration between security, privacy and compliance teams to ensure the appropriate privacy and security policy-setting and monitoring has taken place. Organisations can avoid major fines and hits to their bottom line caused by reputation damage and lack of customer trust if they adhere to the data privacy and security regulations that apply to their data. The costs of proactively protecting an organisation against bad actors will very likely save a lot of money in the long run.


“After witnessing a gradual increase in compliance from 2010 to 2016, we are now seeing a worrying downward trend and increasing geographical differences,” said Rodolphe Simonetti, global managing director for security consulting at Verizon. “We see an increasing number of organisations unable to obtain and maintain the required compliance for PCI DSS, which has a direct impact on the security of their customers’ payment data. With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programmes.” Verizon’s report also incorporated data from its in-house Threat Research Advisory Centre (VTRAC), which found that compliance programmes lacking the proper controls to protect data were completely unsustainable and far more likely to be hit by a cyber attack. 


China Said It’s Developing 6G. What Does That Mean?


Though the United States has not launched its own assertive statement about 6G endeavors, critical research on the next generation of wireless technology is already happening at academic institutions across the country. Professor in the Bradley Department of Electrical and Computer Engineering at Virginia Tech Walid Saad and his team are already exploring the future of 6G wireless communication systems—with funding from the United States’ government.  “From my perspective, this announcement doesn’t worry me—it actually corroborates that we are doing the right thing in doing this research. From an academic perspective, it’s also nice to see, whether it’s China or other countries working on similar topics, because we can have collaboration and the exchange of ideas,” Saad said. “So it doesn’t feel threatening at all from an academic perspective, it’s more like ‘that’s nice, let’s see more activity happening.”


7 Ways to Make Test Automation Effective in Agile Development

Develop
One of the main reasons behind not achieving desired results in agile testing with automation is that agile development is all about continuous delivery with a number of short iterations in a development and deployment pipeline. Because of which QA teams often get to run short and frequent regression testing sprints as well. Small testing cycles means that it has now become more complicated for the testers to find, fix, and test the products of each iteration. Thus, it is essential to allocate enough time for testing, automation testing as well. The first step in reducing the test times is to start executing parallel testing, i.e., running multiple test threads at the same time. Parallel testing will not only improve the automation process, but it will also improve the team’s productivity. It will even allow your testers to invest time in more exploratory testing and actually debugging the issues there are. Another vital factor to consider is building robust tests. Testers need to develop quality test scripts that can be integrated with regression testing easily.


How much does it cost to launch a cyberattack

United States one-cent coin / penny / binary code
The low cost of entry, relative ease with which attacks can be deployed, and the high returns means the potential pool of threat actors isn’t limited by technical skill level. “If we look at the barrier to entry three years ago versus the barriers to entry now, a lot of these very focused services really didn't exist or were just starting to kind of really come into the market,” says Keith Brogan, managed threat services leader at Deloitte Cyber Risk Services. “It really isn't that expensive or hard for cybercriminals to go out and make some money very easily. The barrier to entry is very low; you could very easily get access to these different services and enablers and really turn a profit pretty easily. You are in some cases limited by your own imagination,” Brogan adds. This low cost of doing business and high rate of return means disparity between the profit criminals make versus the cost of repairing the damage is huge, says Oliver Rochford, director of research at Tenable. With ransomware, for example, he says even with a payment rate of 0.05% the ROI is estimated to be over 500%. While estimated global revenue of cybercrime is around $1.5 trillion, Rochford says the cost of damage is thought to be upwards of $6 trillion.


Why your providers should support IPv6

world globe global network nodes wifi internet code programming
It would be disappointing to discover that a service provider has not yet implemented IPv6 at all. That would be a huge red warning flag that the service provider is not innovative when it comes to network technology. If the provider isn’t offering IPv6 services at this stage, it calls into question its prioritization of innovation and whether it is falling behind the competition in other areas. This situation really puts the enterprise into a bind if they may need IPv6 capabilities sooner rather than later because the enterprise’s ability to enable IPv6 is based on the IPv6 deployment schedule of the provider. Each enterprise is different and has a different motivation for enabling IPv6 on their public-facing applications and services. IPv6 deployment is an inevitable technology as there is no other alternative to the IPv4 address exhaustion problem. Given that IPv6 is an eventuality for enterprises, they should start to plan for the deployment and assess the constraints to their deployment schedules. Enterprises should ask providers what services they offer with IPv6 to determine where they stand and what options they have.


Micron announces 1TB industrial microSD, aimed at surveillance markets


Micron is positioning the card for edge compute, with surveillance systems increasing storing video on-device, rather than transmitting everything to external storage as it is recorded, eliminating the need for on-site DVRs, lowering TCO costs. This may be an application where QLC NAND makes sense, if it takes three months to fill the microSD on a continuous write (though increasing the resolution of the storage image could undercut this). Given that QLC is rated for 100 to 1,000 erase/write cycles, for three months per device write, a pessimistic view would put the lifespan at 25 years. Micron returned to the microSD market earlier this year with the release of the c200 series, also powered by 3D QLC NAND.  The company previously owned the consumer-focused brand Lexar from 2006-2017, selling it to Longsys in August 2017. Under the direction of Longsys, Lexar re-entered the market in August 2018, introducing its first 1TB (full-size) SD card this January, 15 years after Lexar introduced its first 1GB SD card.


Shared responsibility model key to solving 5G security problem


“With the large number of devices associated with 5G, authentication and identity need to be considered in the scope of security, similar to the public cloud. The 5G service provider can help confirm device identity as well, because the network will know a device’s physical location. In a way, the 5G service provider uses the network itself as a security tool,” she added. Lanowitz said that while introducing 5G networking affected many different technical areas, it was also an ideal opportunity to enhance and modernise approaches to security. For example, software-defined networking (SDN) and network functions virtualisation (NFV) technology will help organisations prepare for the sheer scale of 5G, but in parallel, there is no reason why security cannot also be virtualised and automated to some degree.


Everything you need to know about brain-computer interfaces and the future of mind-reading computers


I'm not sure I'm willing to have a chip put in my brain just to type a status update. You may not need to: not all BCI systems require a direct interface to read your brain activity. There are currently two approaches to BCIs: invasive and non-invasive. Invasive systems have hardware that's in contact with the brain; non-invasive systems typically pick up the brain's signals from the scalp, using head-worn sensors.  The two approaches have their own different benefits and disadvantages. With invasive BCI systems, because electrode arrays are touching the brain, they can gather much more fine-grained and accurate signals. However, as you can imagine, they involve brain surgery and the brain isn't always too happy about having electrode arrays attached to it -- the brain reacts with a process called glial scarring, which in turn can make it harder for the array to pick up signals. Due to the risks involved, invasive systems are usually reserved for medical applications. Non-invasive systems, however, are more consumer friendly, as there's no surgery required -- such systems record electrical impulses coming from the skin either through sensor-equipped caps worn on the head or similar hardware worn on the wrist like bracelets.



Diligent Engine: A Modern Cross-Platform Low-Level Graphics Library

This article describes Diligent Engine, a light-weight cross-platform graphics API abstraction layer that is designed to solve these problems. Its main goal is to take advantages of the next-generation APIs such as Direct3D12 and Vulkan, but at the same time provide support for older platforms via Direct3D11, OpenGL and OpenGLES. Diligent Engine exposes common C++ front-end for all supported platforms and provides interoperability with underlying native APIs. It also supports integration with Unity and is designed to be used as graphics subsystem in a standalone game engine, Unity native plugin or any other 3D application. The full source code is available for download at GitHub and is free to use. ... The repository contains tutorials, sample applications, asteroids performance benchmark and an example Unity project that uses DiligentEngine in native plugin.



Quote for the day:


"Bad times have a scientific value. These are occasions a good learner would not miss." -- Ralph Waldo Emerson



Daily Tech Digest - November 12, 2019

SASE is more than a buzzword for BioIVT

Application security  >  Software code + data protected with a lock
Making the leap to this SASE platform was quite a change for BioIVT. How did Thomson justify the transition to his executives? “We positioned it as a platform for everything that we wanted to be able to do over the next three years with the business,” he says. “The big goal, the business strategy, is growth and acquisition. We presented this as a platform, as a base service that we just had to have in place in order to leverage things like voice over IP, Office 365, Azure, cloud-based computing services, hosting servers in the cloud. Without a common core solid foundation, we wouldn't have been able to do any of those things reliably without adding staff to do monitoring or maintenance or administrative overhead.” Further, Thomson says he positioned the Cato solution as almost a black box tool for networking where they would know what services they were getting. “We could manage it through a web interface, didn't have to worry about specific technical skillsets that we would need to bring in. Just going with Cato's SD-WAN, we dealt with all of those networking things as well as security, which just continues to become more and more important and wasn't something that we could afford to treat as just a single vendor outsource that's half paying attention to what was going on.”



US Cyber Command uploads new malware samples linked to North Korean state-backed financial heists

Analysis of malware samples revealed that one backdoor was capable of uninstalling or updating itself, suggesting that North Koreans hackers are currently trying to hide their identities from security teams. In September, US Cyber Command uploaded 11 malware samples on VirusTotal, many of them linked to Lazarus Group - an umbrella term used to describe the hacking activity carried out to advance the interests of the North Korean government. Some of those samples were found to be similar to "HOPLIGHT," a trojan used by hackers to collect information on the operating systems of victims' machines. Earlier in August, Cyber Command released two malware samples, one of which was a dynamically linked library, while another was an executable file. All these announcements come weeks after a UN report that revealed that North Korea had used 35 cyber attacks to steal $2 billion from foreign financial institutions, and spent the money on its weapons programmes. In September, the US Treasury sanctioned three hacking groups - Lazarus, Bluenoroff and Andariel - all linked with North Korea.


Top concerns for audit executives? Cyber risks and data governance


Cybercriminals are now operating highly sophisticated organizations with a variety of low-cost, readily available hacking tools. A lack of relevant skills and low cybersecurity budgets means that organizations are falling behind in their attempts to counter the growing number of cyberattacks. Without an increase in resources, organizations will continue to be unable to mitigate the threat of cyberattacks, leading to potential data breaches, loss of intellectual property and regulatory exposure. At a minimum, organizations should have foundational security measures in place, such as privileged access controls on sensitive assets and mature vulnerability identification. It is also important to evaluate not only employee cybersecurity training and access management policies, but also the organization’s overall network security mechanisms and operational technology assets. Finally, organizations should ensure their response plan for cyber-physical attacks (which target the control of an organization’s physical infrastructure) addresses all of its vulnerabilities in the event of an incident.


Low-code and no-code development platforms


Low-code tools come with libraries which provide off-the-shelf components, for instance to support the latest innovations such as blockchain and artificial intelligence. Components may be provided by the supplier, third parties or the community of users, and may be free or paid for. There are also application programming interfaces (API) that enable external integrations – calling web services, for example. APIs were often lacking in the original 4GLs. Low-code tools will vary in their support for other features many consider now central to any application building effort, such as version control and support for DevOps. Low-code tools providers also claim faster testing of applications, lower error rates and more reliable security, all of which reduce cost and are areas where 4GLs were felt to fall short. Of course, the low-code tools themselves must be paid for, whereas many 3GL compilers are open source and make use of free open source libraries.


The data science gender pay gap is shrinking—barely


No matter what strategy is used, maintaining a diverse workforce is advantageous for any organization. "Organizations benefit from successful collaboration amongst different perspectives and viewpoints," said June Severino Feldman, CMO of Intelligent Product Solutions. "The greater the gender and ethnic diversity and a company's ability to collaborate effectively, the greater the potential for successful outcomes." Across the world, improvements have been made, but we are far from equality. Here is the break down, by region, of Harnham's research. ... Regardless of what strategy the company uses to encourage a diverse team, all team members must be on-board, starting from the top, Romansky said. "We suggest a holistic approach," Romansky continued. "It has to be a mandate supported by leadership with a variety of strategies that not only attract underrepresented talent—from sourcing, selection, and conversion—but then also engage and include that talent once they're in the door." To welcome diverse talent,companies must work to eliminate bias. "Employers must also look at themselves and their biases honestly -- it feels so much easier and natural to hire the guy who looks just like you, but to routinely follow this practice shortchanges the teams' abilities to adapt, create and innovate," Feldman said.


Real-World Cybersecurity: Keeping Ourselves And Our Children Safe

cybersecurity
Our society is in a period of hyper-connectivity. This goes beyond our cellphones and laptops to include smart TVs, IoT-connected baby monitors and much more. If it’s a popular appliance, there’s at least one manufacturer out there touting an internet-connected version. This trend is creating massive personal data trails. There’s a high likelihood that almost every day, you’re handing over your valuable information without even giving it much thought – whether it’s at the grocery store, on social media channels or within your fitness tracker. Every bit of this data has value assigned to it, both for legitimate organizations and for cyber criminals who are determined to capitalize on it. Risks can include everything from gas pump and ATM card skimmers to schemes as nefarious as scamming people out of their life savings under the auspices of purchasing their dream home. The most vulnerable in the physical world – senior citizens and children – face similar risk in the cyber world. As the general population goes about daily life, convenience and ease of use are top of mind– risk isn’t usually a consideration. As a private citizen, you’re not likely to invest in heavy-duty cybersecurity tools.


Retirements pose threat to cybersecurity expertise in Congress

Retirements pose threat to cybersecurity expertise in Congress
The retirements of Republican Reps. Hurd, Mac Thornberry (Texas), and Greg Walden (Ore.) previously underlined the threat to cyber leadership in the House. Hurd, a former CIA official, is viewed as one of the major cybersecurity voices in Congress, and has co-sponsored numerous bills around this issue, including those intended to secure internet-connected devices against cyberattacks and to secure elections. Hurd also serves as the top Republican on the House Intelligence Subcommittee on Intelligence Modernization and Readiness. In announcing that he would not run for reelection in 2020, Hurd highlighted cyber and tech issues as areas that the government would still need to address, and tweeted that he hoped to "pursue opportunities outside the halls of Congress to solve problems at the nexus between technology and national security." In a separate statement, Hurd highlighted cyber and tech issues, saying, "We are in a geopolitical competition with China to have the world's most important economy. There is a global race to be the leader in artificial intelligence, because whoever dominates AI will rule the world. We face growing cyberattacks every day."


Augmented Reality to Fill Skills Gap


Augmented reality is a new tool that can make the mining and retention of that expertise much better and much more automated. Having an experienced worker perform, for example, a regular maintenance procedure on a piece of equipment and recording a voice over using augmented reality greatly enhances skill and experience transfer rom one generation of workers to the next. “Using an augmented reality headset, a new employee can follow, very specifically, the procedure that was performed by a more experienced worker, with great knowledge transfer and a fraction of the time it would otherwise take,” explains Higgins. With augmented and mixed reality-enabled headsets, workers can safely train, in a digital environment, to address problems such as – increased line speed, quality issues, breakdowns, hazardous conditions, among others. “Systems like Vuforia from PTC is aimed at helping close the skill gap by expertly capturing a procedure that is done in an industrial environment and passing that expertise on to someone else,” he said. Workers can more effectively and efficiently address challenges with more real-to-life instructions presented by veteran co-workers with tribal knowledge of the work environment in this 3D-based work instruction format.


The FBI multi-factor authentication notification that should have never been


There are two factors that can prevent account takeover, which results from the above types of attacks. Mixing true multi-factor authentication with rich context ensures that you are interacting with the intended user and that they understand what they are approving. In a SIM swap scenario, using a secondary form of authentication that isn’t outside the person’s control would be enough to thwart the FBI documented attacks. For instance, a device that is registered to that person and not their phone number. However, such a solution on its own would not be enough to prevent account takeover resulting from a session hijacking. What could help is providing more context around authorization requests and on a secondary device. I find it hard to imagine a hijacking attempt being successful if a user was prompted by their baking website to re-authenticate their session while receiving a request on their authentication device to authorize a credential change. The rich context provides the intended victim with enough information to reject the attempt by the attacker no matter how well they perform the phishing attack.


Cheap IoT satellite network gets approval

distributed / decentralized network connections across the globe
“Swarm will begin rolling out its commercial, two-way data offerings in early 2020,” Sara Spangelo, co-founder and CEO told me in a recent e-mail. The company aims to deploy 150 satellites before the end of 2020, she says. The FCC, in October, granted Part 25 approval for the startup to deploy and operate 150 non-geostationary, Low Earth Orbit (LEO) satellites, for non-voice purposes. Swarm intends to target logistics, energy and the maritime verticals with what it promises to be a cheap service. Data over satellite, while allowing connections remotely across the entire globe unlike cellular, has historically been expensive: Satellite-communications incumbent Iridium’s Short Burst Data rates can be a dollar per kilobyte, for example. Swarm doesn’t say how much its service will cost. However, in January, the company obtained $25 million in Series A funding to build what Spangelo then described as “the world’s lowest cost satellite network.” Telemetry from connected vehicles, farmland agricultural sensors, on-board shipping logistics and remote rural sensors, such as water monitoring in Africa or smart meters, plus remote-area, human-to-human texting are all applications the company believes appropriate for its network.



Quote for the day:


"Leaders are more powerful role models when they learn than when they teach." -- Rosabeth Moss Kantor


Daily Tech Digest - November 11, 2019

5 Potential Oversights In Enterprise Identity Management

5 Potential Oversights In Enterprise Identity Management
If you don’t take the time to consider these potential oversights in identity management, you could face some unneeded costs in your cybersecurity. First, you should seek out a singular solution for your identity and access management (as discussed above). The fewer solutions on your network, the fewer the costs. However, you need to weigh more than just your solutions’ integrations. In addition, you need to weigh the initial deployment costs—you need a solution that fits with your budget. Ideally, you should consider identity management a critical business process and budget accordingly. On the other hand, you still need a solution which fits your network—a more expensive solution may not benefit you.  Finally, your enterprise needs to also consider your IT security team. These individuals will maintain and work with it intimately, and they deserve proper compensation for their services. Moreover, the solution you select must fit with their individual skill sets so they can optimize their performance. “You can’t protect what you can’t see,” says the old cybersecurity adage. 


Data cannot be democratised without giving the consumers of that data an understanding of its trustworthiness and relevance to the business. That means having a firm grasp of the context, quality and business value of all available information sources – both inside and outside the organisation. Data governance is fundamental to enabling businesses to give their executives a holistic view of the metrics that matter and empower them to make agile, evidence-based decisions. It allows data scientists to focus on answering business questions and training AI models with confidence in the outcomes. It enables more and more workflows to be informed or transformed by putting contextual insight or predictive capability in the hands of non-technical users. And when provided within a framework of privacy, data can actively help to preserve customer trust as well as driving automation and delivering intelligent, engaging customer experiences. Amid the great DX gold rush, data needs to be perceived and treated in the same way as any other strategic asset, like people and facilities: managed with the right tools and governed by the appropriate policies and practices.


AT&T Sounds Alarm on 5G Security
Not surprisingly, the top security concerns related to 5G include the larger attack surface (44%), and the number of devices on networks (39%), followed by the need to extend security policies to new IoT devices (36%), and authenticate a greater number of devices (33%). “Most of the transitions in networking have been about faster speeds or increased capacity. 5G introduces more complex networking and is being delivered with virtualization in mind,” analysts wrote in the report. “The latter appears to be a crucial gap in the way enterprises are preparing for 5G, as enterprises will need to take advantage of virtualization to make the network nimbler and more responsive.” Many enterprises have yet to embrace that approach, according to the study. Only 29% of respondents said their organizations plan to implement security virtualization and orchestration during the next five years. Moreover, only 25% are confident that their organization’s current security policies will be effective in a 5G environment. More than half, or 53%, say some adjustments will be required and 22% anticipate a need to completely rethink their security policies.



Bitcoin and the disruption of monetary oppression

One of the tangible social impacts of Bitcoin can be witnessed in the human rights arena. As one example, Song offers an overview of the refugee crisis in Venezuela, explaining that Bitcoin is allowing those wishing to flee the country to sell their belongings and retain their money when crossing the border to Columbia. “There’s very clear evidence of this,” Song explains “because the price of Bitcoin in Columbia is actually lower than everywhere else in the world because there’s such a big supply. Four million Venezuelans have left. That’s 10% of their population. That’s a serious impact. Usually in refugee crises, it has gotten so bad that people were willing to leave everything behind. With this, they get to carry their wealth. It undermines the Maduro government to a large degree.”  The US’s market-driven monetary imperialism has led, Song argues, to a sort of global US dollar hegemony—the impact of which is that all global trade is settled in US dollars; if you’re in Kenya and want to trade with someone in neighboring Nigeria, you have to trade for the US dollar and then back to the Kenyan shilling.


security-2168234_1280
Companies are also finding it hard to recruit enough skilled security personnel to properly protect their systems as there simply isn’t enough talent to go around, Vellante said. And so it may come as a surprise to learn that enterprises are actually becoming more circumspect about how much money they’re willing to spend on security relative to previous years, according to data from Enterprise Technology Research. According to Sagar Kadakia, director of research at ETR, “CIOs no longer have a blank check to spend on security.” One could be mistaken for thinking this means enterprises have thrown in the towel, so to speak, but in fact it’s more of a reflection of how fluid the cybersecurity space is right now. What’s actually happening according to ETR is that spending on cybersecurity is bifurcating, with a select few companies seeing their spending momentum and market share grow at the expense of others. Among those on the up are startups such as CrowdStrike Holdings Inc. and Okta Inc., plus more established players such as Palo Alto Networks Inc., Cisco Systems Inc. and Microsoft Corp. In contrast, the likes of Dell EMC, IBM Corp., Symantec Corp., Check Point Software Technologies Ltd. and SonicWall Inc. are all losing ground according to ETR surveys.


Breaking Into Data Science

Webinar Wrap Up: Breaking Into Data Science
Data scientists are critical in transforming massive volumes of data into action for companies. They were in high demand in the past too but limited to large enterprises and digital natives until recently. Today almost all companies worldwide are investing in data science skills. A top job seeker site, Indeed, shows a 29 percent increase in demand for data scientists year over year and an increase of 344 percent compared to five years prior. According to the LinkedIn Workforce Report, as of late 2018, every large U.S. city reported a shortage of data science skills. There is a gap of 151,717 people with data science skills, particularly acute in New York City (34,032 people), the San Francisco Bay Area (31,798 people), and Los Angeles (12,251 people). The U.S. Bureau of Labor Statistics estimates that there will be around 11.5 million jobs in data science and analytics by 2026. No doubt, data scientists need a strong educational background. If we look at the qualifications of currently working data scientists, 88 percent have a Master’s degree, and 46 percent hold a Ph.D.


IoT Has Spawned Entity-Based Risks -- Now What?

uncaptioned
The exponential growth in IoT devices has led to more ransomware, malware and botnet attacks that are specifically targeting certain equipment. The Mirai botnet is a recent, high-profile example. Using a distributed denial of service (DDoS) attack against infrastructure provider Dyn, it disabled much of the internet on the U.S. East Coast on October 21, 2016. Mirai took over poorly secured IoT devices like security cameras, DVRs and routers by logging in using default passwords. In comparison, smaller, more targeted attacks can easily evade detection by conventional security products. ... Another approach involves using machine learning models to learn what constitutes normal behavior for an IoT device and monitor its activity to detect anomalies as they occur. This requires a mature User and Entity Behavior Analytics (UEBA) system capable of monitoring large numbers of IoT devices in real time. Machine learning provides the force multiplier needed to monitor for IoT security threats at scale. While IoT devices are not complicated equipment in and of themselves, connecting hundreds, thousands or more of them to the network creates a massive attack surface that can be difficult to protect using traditional methods.


Microservices security calls for zero-trust, data classification


"It's looking at running processes and system calls -- looking at what the server is actually doing, not what the log says is being done," Dougherty said. Omada has a small SecOps staff, so it leans on Threat Stack's security operations center (SOC) service to escalate alerts as well. Some tech futurists believe a zero-trust model will eventually mean that security is primarily the domain of applications, and that microservices security will rely on app functions that decide in real time whether to use a certain piece of infrastructure. But for now, zero-trust practitioners say sound security calls for proactive and reactive defenses at both the application and infrastructure level. FullStory is still building up its zero-trust model and microservices security practice, but at GitLab, Wang said the company used all the cybersecurity practices available, from code scanning to developer training to red teaming and bug bounties, and that full spectrum will be necessary for the foreseeable future.


Encrypted Emails on macOS Found Stored in Unprotected Way


Gendler discovered something curious in some of those .db files. “The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails,” he wrote. “And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED.” Further, he discovered that even with Siri disabled, the OS still collects and stores data for Siri, in effect, storing encrypted emails without encryption in a database. This defeats “the purpose of utilizing and sending an encrypted email,” Gendler wrote. Typically, emails encrypted with S/MIME do so with a recipient’s public key, with a corresponding private key—also in the hands of the recipient–required to decrypt the messages, he explained. “If the private key is unavailable or removed, the message should not be readable, by anything,” Gendler wrote. “Unless the private key is compromised, you can be confident that only your intended recipient will be able to access the sensitive data in your email.” Gendler informed Apple on July 29 of the problem, which he discovered occurring on macOS Mojave 10.14 and the beta of macOS Catalina 10.15.


How to navigate cybersecurity in a 5G world


"Security virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers. Enterprise IT is becoming more distributed, and through virtualization networking is following suit. Security needs to follow that trend," according to the report. Endpoint security is also a concern for 5G users. As more 5G devices are connected to the network, such as Multi-access Edge Computing (MEC) nodes, authentication and certification becomes paramount. However, only 33% of respondents said they planned to implement tighter network access controls in the next five years, and only 37% said they were creating new systems for device authentication, the report found. A zero-trust security model could help address these concerns, as it would continually check a user's presence and behavior, regardless if the user is a human or machine. Enterprises are embracing zero-trust, with 68% saying they have implemented it or are in the process, but only 33% said they have multifactor authentication (MFA) in place, the report found.



Quote for the day:


"Failure is simply the opportunity to begin again, this time more intelligently." -- Henry Ford


Daily Tech Digest - November 10, 2019

Scientists Develop “Artificial Leaf” That Sucks CO2 Out of Air & Produces Clean Energy


The innovative technology mimics nature and is inexpensive, scientists say. The “artificial leaf,” as researchers have dubbed it, uses the plant process of photosynthesis to break down the destructive chemical. Carbon dioxide is most known for the havoc it has caused in the planet’s atmosphere. Erratic weather patterns and climate shifts are clear as mounting research points to the carbon dioxide culprit. Recently, catastrophic bushfires have been fanned in the US in California and are currently burning at an unprecedented level in Australia’s NSW state. Although arson is often the initial cause of fire, the scale of the fires is blamed on drought and the lack of water resources to fight the fires due to a shift in weather patterns. ... Professor Wu, who has worked on this since 2015, believes that it will be years before they commercialize the artificial leaf, but hopes by that time, large companies will take the opportunity to reduce their carbon emissions with the leaf technology. Oil, steel, and automotive companies are on Professor Wu’s radar.



AI And ML – The Next Generation’s Weapon In The Battle Against Global Warming

One of the main reasons that AI has been heralded as the next major technology advancement is thanks to the role it plays in predictive analytics. Through crunching enormous amounts of information generated by hundreds and thousands of data points, AI is able to augment, and even challenge, human decision-making. When it comes to the global issue of climate change, AI can play a key role in strengthening climate predictions, deciphering how to allocate renewable energy, and enabling smarter decision-making when it comes to energy sources. By analysing large quantities of data that is generated on a frequent basis from sensors, gauges, and monitors located all over the world, AI can spot patterns quickly and automatically, painting a very accurate picture for scientists as to how our planet is changing. It has taken decades of human-led research to identify climate change, confirm it is actually taking place, and research what is impacting it, which has slowed down our response.


Google's cybersecurity project 'Chronicle' is in trouble


It's not entirely clear where Chronicle will go from here. Before getting folded into Google, it announced its first commercial product, Backstory, which Gillett compared to Google Photos. Companies can dump data from, say, employees' devices or servers into it, and it'll analyze the information to automatically and quickly identify threats. Motherboard was able to talk to at least one employee who said they were happy working at Chronicle, though, and that the team is working on new products other than Backstory. In response, Google engineering VP Sunil Potti told Engadget that Chronicle was "critical" to Google's security business goals, and that the company was "investing aggressively" in the team. You can read the full statement below. This doesn't necessarily represent a bleak end, then. However, the scoop suggests that bouncing back may involve addressing some substantial issues.


Being Our Authentic Selves at Work

Cullen mentioned that nobody is the same at work as they are at home. It is normal to be different in the workplace than at home, but when the individual feels this difference is forced upon them and consumes effort to maintain the difference, then it is a problem. Companies have to think about what their brand is, said Cullen. This impacts the possibilities for people to associate themselves with the company and be themselves. Devin mentioned that it can be small things that indicate people can be themselves, but they can mean an awful lot. It’s important to recognize and address things that inhibit people to be authentic at work. Cullen stated that it’s important for big organizations to show their leadership from the top-down, but equally important is bottom-up leadership. Both are needed to make a difference, as well as sponsorship of diversity and inclusion (D&I). The senior leadership team needs to be a role model and actually put into practise the D&I policies. In addition, it is important to have the bottom-up input, with employees providing feedback and participating in employee resource groups.


Data Science vs. Decision Science

versus
In terms of definition, data science appears to be an interdisciplinary field that uses scientific algorithms, methods, techniques and various approaches to extract valuable insights. Thus, its primary purpose is to reveal the insights from data for further application to the benefit of the various industries. In contrast, decision science is an application of a complex of quantitative techniques to the decision-making process. Its purpose is to apply the data-driven insights in combination with the elements of cognitive science to policies planning and development. So, data is equally important for both, yet the mechanisms are quite different. Now, let's move on to the areas of application. Data science is applied in numerous industries like retail, FMCG, entertainment, media, healthcare, insurance, telecommunication, finance, travel, manufacturing, agriculture, sports, etc. Decision science touches more theoretical areas of business and management, law and education, environmental regulation, military science, public health, and public policy.


How big tech is dragging us towards the next financial crash


There are questions of whether Amazon or Facebook could leverage their existing positions in e-commerce or social media to unfair advantage in finance, using what they already know about our shopping and buying patterns to push us into buying the products they want us to in ways that are either a) anticompetitive, or b) predatory. There are also questions about whether they might cut and run at the first sign of market trouble, destabilising the credit markets in the process. “Big-tech lending does not involve human intervention of a long-term relationship with the client,” said Agustín Carstens, the general manager of the Bank for International Settlements. “These loans are strictly transactional, typically short-term credit lines that can be automatically cut if a firm’s condition deteriorates. This means that, in a downturn, there could be a large drop in credit to [small and middle-sized companies] and large social costs.” If you think that sounds a lot like the situation that we were in back in 2008, you would be right. ... Treating the industry like any other would undoubtedly require a significant shift in the big-tech business model, one with potential profit and share price implications.


Turbo Charging SQL Server 2019 Big Data Clusters With All Flash S3 Storage

SQL Server 2019: Creating a Data Hub
SQL Server 2019 Big Data Clusters facilitate the deployment of scalable clusters of SQL Server, Spark, and HDFS containers running on Kubernetes. All these components run in unison, thus enabling high-value relational and unstructured data to be processed on the same platform using Transact-SQL or Spark. From an architectural standpoint, a big data cluster consists of four main components: The controller provides secure connectivity and cluster management; this essentially acts as the control plane for the cluster. Apache Knox provides a single point authentication gateway for the spark services provided by the storage pool, and Apache Livy enables Spark for job submission via a REST API. A master instance provides a single point of access to the data point, and the controller service acts as the connection point for managing the cluster. ... The compute pool consists of containerized SQL Server instances that use their column store engines to shuffle and aggregate data from both the storage and data pools.


U.S. banks are playing catch-up with Chinese fintechs

For starters, banks will have to fight head-to-head with Big Tech companies, which have many more digital touchpoints and can more easily win clients in the zero-margins race. Secondly, digitizing investment products doesn't work well. If banks offer $1,000 personal loans at zero interest on their apps, they can expect a huge number of clicks. But it is also a big risk management problem. And if banks pitch customers to invest $1,000 in a portfolio on their apps, they can’t expect much adoption (as experienced by robo advisers). Currently, banks rely on these types of traditional platforms: factory, distribution and marketplace. Factory platforms are fairly product-centric and transaction-based. They focus strategically on back-end operations providing access to their banking licenses as a utility. This is a short-term win and a risky strategy because Chinese Big Techs already have acquired banking licenses. The distribution model is more client-centric but still transaction based. Banks use artificial intelligence and big data to understand client journeys.


Humans Plus AI 20X More Effective In Cybersecurity Defense Than Traditional Methods

With AI, companies are able to find and close critical vulnerabilities 40% faster
By 2024, with proactive, hyper-speed operational changes and market reactions, artificial intelligence (AI)-powered enterprises will respond to customers, competitors, regulators, and partners 50% faster than their peers [IDC] Funding in AI has grown YoY every year for a decade. While we predict another new peak in 2020, that will be the crescendo. YoY growth rates have slowed from 67% in 2017 to 25% in 2018. Unless there’s an unforeseen spike or outlier round in Q4 2019, the growth rate will slow again. With more than 2,600 companies globally, the AI startup ecosystem is a saturated market. Over half of those companies and about two-thirds of all funding events are attributed to machine learning and deep learning (which are two out of 13 AI subcategories in our taxonomy). While 69% of funding came from early rounds this year, there are far fewer new entrants recorded, so fundraising should skew to later stages in 2020. The biggest signal of a slowdown is that 20 AI companies have raised unicorn-sized funding rounds in the past 12 months. This cannot be sustainable.


U.S. CTO: Don’t trust Huawei. Edward Snowden: Don’t trust anybody

U.S. chief technology officer Michael Kratsios came to the Web Summit conference in Lisbon with a stern message: You don’t want Chinese telecommunications giant Huawei in your 5G future. “The Chinese government has built an advanced authoritarian state by twisting technology to put censorship over free expression and citizen control over empowerment,” he said on the main stage Thursday afternoon. “The government continues extending its authoritarianism abroad, and in no case is this more clear than with Huawei.” It was an unusually direct slam, at an event which usually plays up themes of international cooperation and learning (and runs a sister event in Hong Kong). But Kratsios plunged ahead. “Chinese law compels all Chinese companies, including Huawei, to cooperate with its intelligence and security services, no matter where the company operates,” he warned. Then he reminded his audience of reports last year by Le Monde that Huawei’s work on the African Union’s headquarters building was followed by data being exfiltrated to servers in Shanghai for five years.



Quote for the day:


“CEOs who survive the complacency trap typically go on to experience some of their best value-creating years.” - HBR


Daily Tech Digest - November 09, 2019

DoH isn't turned on by default for everyone. Google is currently running a limited experiment with a small number of users to see how DoH fares in a real-world test. Details here. Unlike Firefox, which forces all DoH traffic to Cloudflare by default, Chrome's DoH support is different. After DoH is enabled in Chrome, the browser will send DNS queries to the same DNS servers as before. If the target DNS server has a DoH-capable interface, then Chrome will encrypt DNS traffic and send it to the same DNS server's DoH interface. This prevents Chrome from hijacking an operating system's DNS settings, a sensible approach in enterprise environments. ... Next year, Microsoft plans to roll out a new version of its Edge browser, rebuilt on the Chromium codebase. A Microsoft spokesperson told ZDNet the company is supportive of DoH, but they couldn't share their exact plans. However, the Chromium-based version of Edge already supports DoH. ... Mozilla was the organization that pioneered DoH's creation together with Cloudflare. Support for DoH is available in stable versions of Firefox already. You can enable it via the browser's Settings section, in the Networking section. See instructions here.


How to write a GDPR data privacy notice – with template example


Privacy notices are a legal requirement under the GDPR to ensure that individuals are aware of the way their personal data is processed. However, they can also benefit organisations in several ways. For one, privacy policies provide documented proof of your data processing activities. This helps you justify your processing if someone lodges a complaint with their supervisory authority. Privacy policies can also help you win business, as they prove that you take information security seriously. Although they cover a lot of the same topics, privacy notices aren’t to be confused with privacy policies. Whereas a privacy notice is a publicly accessible document, produced for data subjects, a privacy policy is an internal document that explains the organisation’s obligations and practices for meeting the GDPR’s requirements. ... The GDPR states that you can only hold data for as long as is necessary – i.e. as long as the lawful basis for processing is applicable. In most cases, that will be easy to work out; data processed to fulfil contracts, legal obligations, public tasks and vital interests all have clear time frames.


Computers Evolve a New Path Toward Human Intelligence

Alien and racecar abstract images.
Evolutionary algorithms have been around for a long time. Traditionally, they’ve been used to solve specific problems. In each generation, the solutions that perform best on some metric — the ability to control a two-legged robot, say — are selected and produce offspring. While these algorithms have seen some successes, they can be more computationally intensive than other approaches such as “deep learning,” which has exploded in popularity in recent years. The steppingstone principle goes beyond traditional evolutionary approaches. Instead of optimizing for a specific goal, it embraces creative exploration of all possible solutions. By doing so, it has paid off with groundbreaking results. Earlier this year, one system based on the steppingstone principle mastered two video games that had stumped popular machine learning methods. And in a paper published last week in Nature, DeepMind — the artificial intelligence company that pioneered the use of deep learning for problems such as the game of Go — reported success in combining deep learning with the evolution of a diverse population of solutions.


We Need AI That Is Explainable, Auditable, and Transparent


First, AI systems must be subjected to vigorous human review. For example, one study cited by a White House report during the Obama administration found that while machines had a 7.5% error rate in reading radiology images, and humans had a 3.5% error rate, when humans combined their work with machines the error rate dropped to 0.5%. Second, much like banks are required by law to “know their customer,” engineers that build systems need to know their algorithms. For example, Eric Haller, head of Datalabs at Experian told us that unlike decades ago, when the models they used were fairly simple, in the AI era, his data scientists need to be much more careful. “In the past, we just needed to keep accurate records so that, if a mistake was made, we could go back, find the problem and fix it,” he told us. ... Third, AI systems, and the data sources used to train them, need to be transparent and available for audit. Legislative frameworks like GDPR in Europe have made some promising first steps, but clearly more work needs to be done.


7 Reasons Why Emotional Intelligence Is One Of The Fastest-Growing Job Skills


Dealing with workplace pressures and functioning well under stress demands an ability to manage our emotions. People with higher levels of emotional intelligence are more aware of their internal thermometer and therefore better able to manage their stress levels. They tend to have better-developed coping mechanisms and healthy support systems that keep working effectively even in tough situations. The increasing rate of change in the workplace is likely to increase work-related stress and boost the value of those who can manage it. ... Everyone wants to be heard and understood. The ability to listen well and respond to others is crucial for developing strong working relationships. Many of us, though, aren’t as good as we could be at really listening to what others are saying. Because of their ability to understand others, highly emotionally intelligent people are in a better position to put their own emotions and desires aside and take others into account. Their ability to pick up on people’s emotions, through tone of voice and body language, come in handy in team settings.


4 Principles That Helped a Former White House Official Make Cyber Security More Accessible

a man standing in front of a computer screen
As a general rule, the biggest disadvantages a startup has when competing against giants is that it simply doesn’t have access to the same opportunities. Whether you’re talking about hiring the smartest people or investing in services that cost a fortune, big companies may not be doing something radically better, but they sure do have more resources to work with. That is especially the case in the cyber security space. According to Crisler, “Less than 1 percent of the companies in the United States have the resources to implement cyber security in the way that it has been designed toda. Most small- and mid-sized companies do not have budgets nor cyber security experts at their disposal, yet all of the products and services that exist in the market require money, expertise, or both.” And for those reasons, Dark Cubed doubled down on the value proposition of catering to those smaller companies. Whether your company is in the cyber security space or not, leveling the playing field for smaller businesses to compete with giants will both open the market to a lot more potential clients as well as create a value proposition most prospects can’t ignore.


The 5 Most Important Job Skills For The Future

The 5 Most Important Job Skills For The Future
What we’re currently seeing is fewer and fewer skills and jobs for life. Therefore, we need to constantly adapt and learn new things. In fact, the half-life of skills is reducing at a drastic rate. What we’ve learned today will be out of date in two or three years' time. Everyone will need to build their flexibility and adaptability skills, so they are prepared to update their skills every few years and accept new ways of doing things. ... Data is the fuel of the 4th industrial revolution that we’re experiencing today. Companies are bombarded by data. The data explosion is worthless to companies unless their people have the data skills to extract insights and make better decisions based on the data. There is a big data skills gap in the market at the moment. While not everyone needs to be a data scientist, all professionals should be data literate. ... The final important job skill for the future is tech-savviness. The 4th industrial revolution is bringing together a lot of major technology trends. On their own, these individual technologies would transform businesses, but together they are completing reshaping our world.


Newly Announced Ecstasy Programming Language Targets Cloud-native Computing

When a module is built, it gets stamped with a version; typically, that version will be either a development or CI version. The version also contains a version number, supporting the Semantic Versioning 2.0.0 specification, and the version stamp can be updated, so a CI build that does not regress any tests can be stamped as a QC or pre-release build. When the build is ready for roll-out, the pre-release marker can be removed. This is all designed for automation, and designed to be flexible enough to match an organization’s existing processes. The module design is unique in another way: A single module can contain many different versions of the same module. When two different versions of a module are combined, the module only increases by the size of the differences between the versions. This allows a single module file to contain every single one of its supported versions, plus pre-releases of future versions, plus optional patches to older versions, and so on. 


Avoiding Content Sprawl: How CIOs Can Keep up With Digitalisation


The problem with using multiple content management platforms is that there’s no single source of truth. If an end-user needs to find a file, where is the most recent version of the document stored? Perhaps it was shared with a partner on DropBox, so people end up working off the non-master version of the document, meaning that out-of-date documents such as terms and conditions, price lists and contracts could still be in use. Mistakes can then arise from multiple people working on different versions of a document, which could mean that important updates are missed. How many times have you seen “version 7” or “final version” added to a file name? But can you really trust this? When there is a need to cross reference information in multiple areas then the organisation becomes inefficient – time is wasted searching, decisions are made using outdated information and there’s extra work in consolidating various versions of content. There are also regulatory and legal restrictions that require companies to centralise content.


The Complete Guide to the Singleton Design Pattern


“In software engineering, the singleton pattern is a software design pattern that restricts the instantiation of a class to one “single” instance. This is useful when exactly one object is needed to coordinate actions across the system. The term comes from the mathematical concept of a singleton.”— Wikipedia ... The singleton pattern should be used when: There must be a single instance of a class, and this class must be accessible by clients from an access point known to them; and The singleton class can be extended by inheritance, and clients must be able to use extended classes without making any changes to it. The singleton pattern has several advantages, summarised in the following points: You have strict control over how and when clients access a singleton instance. You have controlled access because the singleton class encapsulates its instance; It’s useful when we need to restrict the number of instances that we create from a class in order to save the system resources; The singleton pattern is an improvement over global variables because it avoids polluting the namespace with global variables that only store the singleton instances; and The code is easier to use, understand, and test since the singleton simplifies the code.



Quote for the day:


"I think failure is nothing more than life's way of nudging you that you are off course." -- Sara Blakely


Daily Tech Digest - November 08, 2019

Three digital workplace challenges CIOs face

Three digital workplace challenges CIOs face image
Cybersecurity and information security are still making headlines, with everything from phishing scams to huge data breaches of customer or employee data. CIOs are under intense pressure to ensure they take every action to keep their organisation protected from these attacks. Many organisations, particularly in sectors where employees handle customer or personal data, are likely to have robust information security policies in place. For example, restricting data that contractors can access or giving permissions only to a group of designated people. However, enforcing this across the digital workplace is more challenging than it seems. ... A significant proportion of user behaviour comes through the use of unauthorised applications and devices for work purposes. Many organisations have a problem with shadow IT, although the extent of the problem and the degree of risk are always hard to measure. Shadow IT exposes companies to data breaches and falling out of GDPR rules.



Permission Vs Permissionless Blockchain Explained


A permissionless blockchain is as its name suggests, a blockchain where no permission is required to become part of this blockchain network and contribute to its upkeep. Anyone or anything can become part of a permissionless blockchain. Trading on the network doesn’t require permission, running a node on the network doesn’t require permission, setting yourself a miner doesn’t require permission. Basically, download the required software, set up your wallet, node or whatever components you need to serve your requirements and of you go. I other words a Permissionless Blockchain is a way of saying “public.” As anyone can join a permissionless blockchain, they tend to be described as decentralized in that no one company or permission is a central point in the network as say a Central bank would be in the fiat currency system. As you can imagine this feature of the Bitcoin network appeals to the parts of the Cryptocurrency community that doesn’t like or have faith in centralised control be that either by a state or any other part of the existing financial services industry.


The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020

The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020
Although banking and financial services tend to be slower to adopt new technologies, a PricewaterhouseCooper study confirms the majority of financial services decision-makers are investing in artificial intelligence (AI)—52 percent of executives confirmed they are making “substantial” investments in AI while 72 percent believe it will be a business advantage. One thing that will likely make the rest believe in artificial intelligence’s potential for the industry are the cost savings that are expected to be $447 billion by 2023. ... Blockchain can support banking in several ways. Bitcoin showed how it can be used for payments, but it can also be transformative in the way our capital markets work by tokenizing traditional bonds, stocks, and other assets and putting them on public blockchains. Blockchains would remove the gatekeepers and third parties in the loans and credit system while also making it more secure to borrow money and lowering interest rates. Blockchain could also eliminate manual data reconciliation for bank ledgers. The way information and money are exchanged today will be altered by smart contracts that operate from blockchain technology.


Helium activates wireless network for IoT devices in more than 425 US cities


Through Helium's open-source Software Development Kit, developers can build devices that connect to the network without needing a cellular plan. A number of hardware developers have already created small, low-power devices that communicate over several miles using the company's LongFi technology. Prototypes developed for the Helium network include InvisiLeash's location tracking dog collar, CleanWater AI's remote, low-power pollution monitor, and Bike Route Data Gatherer's bike and scooter tracker. Using cellular for such low-power IoT devices as pet trackers and water quality sensors would be impractical due to power and cost limitations. However, through its peer-to-peer network, Helium can provide the necessary connectivity throughout a city, even reaching into remote areas. Based on initial testing, only about 50 to 100 hotspots are needed to provide complete coverage for an entire city, according to the company. Due to the interest in Helium, the company also announced an expansion of its Patron program across the country. This program offers discounts, priority shipping, network tools, Helium support, and other benefits to those who buy 15 or more hotspots.


Ex-Twitter Employees Spied on Saudi Dissidents: DoJ

twitter spies saudi arabia
The two accessed various account information, including user emails, phone numbers, IP address information, the types of devices used, user-provided biography information, logs that contained the user’s browser info and logs of all particular user’s actions on twitter platform at any time. This information could be used to identify and locate the Twitter users who published these posts, according to the DoJ. It’s not clear whether the two started working at the company with the alleged intent of accessing the data; or whether they were eventually convinced during their employment at Twitter. Abouammo was allegedly compensated for his illicit conduct, including with a luxury watch and $100,000 in cash. “We would like to thank the FBI and the U.S. Department of Justice for their support with this investigation,” a Twitter spokesperson told Threatpost. “We recognize the lengths bad actors will go to try and undermine our service. Our company limits access to sensitive account information to a limited group of trained and vetted employees.”


Defenders can discover phishing sites through web analytics IDs

Detecting phishing attempts  >  A magnifying lens spots a hook trying to catch a fish.
Akamai provided two examples where the use of web analytics UIDs on phishing pages allowed its researchers to identify much larger campaigns. One was a campaign that targeted LinkedIn users and used many misleading domains that all shared the same Google Analytics UID, which was probably added by the phishing kit’s creator. The second was a campaign targeting AirBnB users that used subdomains on 000webhostapp.com, a legitimate site hosting service. The second campaign used the original AirBnB web analytics UID, which allowed the malicious subdomains to be easily identified. “Enterprise security teams can track their own analytic UIDs that are being used in the wild as the result of their website content being copied for building phishing website,” Akamai Security Researcher Tomer Shlomo tells CSO via email. “Security researchers and security vendors will use phishing Toolkit UIDs which will give them the ability to track other phishing websites and the ability to assess the scale of the campaign or find other phishing activities deployed by the same threat actor."


Brazilian government announces creation of AI lab network


The Brazilian government has already put the wheels in motion to get the building blocks ready to fully exploit AI in the public sector. For example, it has announced the creation of a single citizen database in October, which will contain a wide range of personal information about the country's population of over 200 million people, to be fully shared across departments. "What has made a difference throughout history is the ability to work in teams; the ability to reason, plan and think about the future; and our ability to create tools to solve problems and improve quality of life, " Pontes said during his speech. "We have created magnificent things, we have gone through many transformations - machines, engines, electricity, electronics, computers, airplanes - and we have reached a point now that is very special, which is digital transformation," he added. "We now have [technology] that aids the creation of other tools that help us plan and work in teams." The announcement of the AI lab network follows the creation of a partnership between IBM and the São Paulo Research Foundation (FAPESP) to launch a major AI research center in São Paulo next year.


5G brings up questions of cybersecurity vulnerabilities

"For all of the opportunities that 5G will unlock, it will also create new challenges," Pai said. "When 5G is embedded in almost every aspect of our society and economy, from businesses to homes, hospitals to transportation networks, manufacturing to the electrical grid, that means securing our networks will become much more important, and much more difficult." The next-generation technology is expected to bring a wave of innovations, with enhanced internet speeds pushing advances in self-driving cars and virtual reality, along with letting you download movies and TV shows faster than ever. 5G networks are not widespread yet, and experts are hoping to address the security issues before they are. Security researchers have found, for instance, that 5G networks are still vulnerable to International Mobile Subscriber Identity (IMSI) catchers, commonly known as "Stingrays." These surveillance devices impersonate cell towers and intercept network signals from devices, allowing attackers to gather information like location data and call details from people.  


Apollo Foundation Agrees Partnership With Lesotho On Blockchain Development

blockchain
Despite the immense potentials of the technology, Africa as a continent has been lagging behind recording the lowest engagement of blockchain technology. Lesotho is looking to bridge the gap and views the partnership with Apollo as one that can change the level of blockchain developments in the country. According to the terms of the partnership, Apollo will help the Lesotho government to create new wealth opportunities via its fintech solutions, create and implement blockchain systems for the government, reduce financial crime and help maximize the commercial opportunities of the nations natural resources. Speaking on the partnership, Steve McCullah the director of business development for Apollo Foundation revealed that Lesotho has taken a good stride towards blockchain technology. “Lesotho is working to become a leader in technology,”. He also assured the Lesotho government that Apollo can deliver on the terms of the MOU. “We are confident Apollo can help accomplish this mission.


Optics for the cloud: storage in the zettabyte era with Dr. Ant Rowstron and Mark Russinovich

Just in the landscape of what cloud was and what it is now, it’s been a fascinating journey because when I started in Azure in 2010, Azure had been underway for a few years, just commercially launched, but Azure was tiny. Basically, in two datacenters, a few thousand servers. And the number of companies that were saying they were going to do cloud was probably twenty, twenty-five companies. And about four years ago, there were still about seventeen. Three years ago, we were down to thirteen. ... And there’s still six in what Gartner classifies as their “magic quadrant” for an infrastructure as a service. And I think there’ll be more paring down to come and Azure has been continuously in this strong position rising, rising and a couple of years ago, the market and analysts started to recognize us as the strong number two in this space. ... If you think of most of the technologies we use to store data today – things like flash, things like hard disk drives, things like tape – it’s true to say that they were all designed before the cloud existed. And in fact, they were all designed to work in multiple scenarios.



Quote for the day:


"One must be convinced to convince, to have enthusiasm to stimulate the others." -- Stefan Zweig