Daily Tech Digest - February 01, 2019

What is application security? A process and tools for securing software

The faster and sooner in the software development process you can find and fix security issues, the safer your enterprise will be. And, because everyone makes mistakes, the challenge is to find those mistakes in a timely fashion. For example, a common coding error could allow unverified inputs. This mistake can turn into SQL injection attacks and then data leaks if a hacker finds them.  Application security tools that integrate into your application development environment can make this process and workflow simpler and more effective. These tools are also useful if you are doing compliance audits, since they can save time and the expense by catching problems before the auditors seen them.  The rapid growth in the application security segment has been helped by the changing nature of how enterprise apps are being constructed in the last several years. Gone are the days where an IT shop would take months to refine requirements, build and test prototypes, and deliver a finished product to an end-user department. The idea almost seems quaint nowadays.

India’s largest bank SBI leaked account data on millions of customers

The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500. But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information. It’s not known for how long the server was open, but long enough for it to be discovered by a security researcher, who told TechCrunch of the leak, but did not want to be named for the story. SBI Quick allows SBI’s banking customers to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts. It’s ideal for millions of the banking giant’s customers who don’t use smartphones or have limited data service.

The Crucial Academy Diversity in Cyber Security project is a Brighton-based initiative aiming to retrain veterans in cyber security, and is focused on female, neurodiverse and BAME candidates. Neil Williams, CEO of Crucial Group, said the funding will help support its initiative, and that, as a veteran, he understands the importance of projects such as Crucial. The QA: Cyber Software Academy for Women runs across several cities in the UK, including London, Bristol and Manchester, training women for cyber security roles. The Blue Screen IT: Hacked project will use the funding to scale a project that already exists, giving people, including those from poorer socio-economic backgrounds, neurodiverse and special needs talent, the skills needed for a cyber career. As well as train people in cyber, the project will also aim to create a “network of community Security Operations hubs”, according to Michael Dieroff, CEO of Bluescreen IT.

Don't Measure Unit Test Code Coverage

Some people use code coverage metrics as a way of enforcing the habits they want. Unfortunately, habits can't be enforced, only nurtured. I'm reminded of a place I worked where managers wanted good code commit logs. They configured their tool to enforce a comment on every commit. They most common comment? "a." They changed the tool to enforce multiple-word comments on every commit. Now the most common comment was "a a a." Enforcement doesn't change minds. Instead, use coaching and discipline-enhancing practices such as pairing or mobbing. To build up tests in legacy code, don't worry about overall progress. The issue with legacy code is that, without tests, it's hard to change safely. So the overall coverage isn't what matters; what matters is whether you're safe to change the code you're working on now. So instead, nurture a habit of adding tests as part of working on any code. Whenever a bug is fixed, add a test first. Whenever a class is updated, retrofit tests to it first. Very quickly, the 20% of the code your team works on most often will have tests. The other 80% can wait.

Meet The Chatbots That Will Make You Feel Better, One Text At A Time

The AI is trained to hold actual conversations rather than being a response generating program, like the early ELIZA. X2AI’s Tess is being used to support health care professionals like psychologists in clinics and hospitals across the US and Europe by giving patients access to 24/7 therapy support. They’ve also most notably collaborated with organisations and aid agencies in Lebanon to help Syrian refugees cope with their unimaginable situation. The Karim chatbot provides a mental healthcare service in an area where it is not available and now has one of the largest structured Arabic conversation data sets in the world. Similarly, Woebot Labs recently launched the first scientifically backed mental health therapy chatbot. You can chat with Woebot via Facebook Messenger for a two-week free trial, before then signing up to a $39 a month service. Stanford University researchers published a study showcasing how Woebot was able to help alleviate depression and anxiety over two weeks in its users. 

Don’t Collect Biometric Data Without Providing Notice

Interestingly, a lot of lawsuits and would-be lawsuits fail because the plaintiff is unable to show harm. For example, if a biometric identifier were stolen and the thief used that identifier to steal a prototype from a manufacturer, that manufacturer could show harm since there was a cost associated with developing the prototype, likely a cost associated with developing the associated intellectual property, lost revenue, etc. However, the Rosenbach v. Six Flags case isn’t about a security breach, it’s about a lack of disclosure. Under BIPA, plaintiffs don’t have to show actual harm in order to receive a monetary award. For BIPA case defendants, the effect is “unjust enrichment” because plaintiffs are getting money for nothing. “It’s not always huge businesses that get hurt by this and get sued,” said Kay. “A number of top tier companies were among the first entities sued. The second wave over the past two years has been mostly focused on finger scanning by employers. Some of them are big national companies [including] hotel chains, airlines and restaurant franchises. 

Android Pie: 30 advanced tips and tricks

Android 9 Pie
Looking to do a little housekeeping and clear away all your recently used apps from Pie's Overview list? Swipe up once from the nav bar to open the Overview interface, then scroll all the way to the left of the app-representing cards. Once you've moved past the leftmost card, you'll see a "Clear all" command that'll do exactly what you desire. Android Pie tries to predict what you're likely to need next and then offer up specific actions — commands within apps, like calling a particular person or opening a certain Slack channel — at the top of your app drawer. If you see a shortcut there that strikes you as being especially useful, you can touch and hold it and then drag it onto your home screen for permanent ongoing access. You can also find any shortcut offered within Pie's app drawer by pressing and holding the icon for the associated app and looking at the menu of options that appears. You can touch and hold any item from that menu to drag it onto your home screen for future use, too.

What is digital health? Everything you need to know about the future of healthcare

The industry's aims are diverse and complicated: preventing disease, helping patients monitor and manage chronic conditions, lowering the cost of healthcare provision, and making medicine more tailored to individual needs. What makes the healthcare industry interesting is that those aims could potentially stand to benefit both patients, as well as their healthcare providers. By gathering more data on markers of health, from activity level to blood pressure, it's hoped that digital health will allow individuals to improve their lifestyles and maintain good health for longer, and so need fewer visits to their physician. Digital health tools could also help identify new illnesses or the worsening of existing ones. By enabling doctors to step in earlier during the course of a disease, digital health tools could help shorten the length of a disease, or help ease symptoms before they really take hold.

Cisco goes after industrial IoT

6 industrial iot oil rig oil drilling cranes
The industrial IoT rollout has enabled the network edge to extend its natural boundaries into places that traditional IT and network support hasn't had to have a lot of complexity and innovation, noted Vernon Turner, Principal and Chief Strategist at Causeway Connections. “Now that there is a lot of application development and deployment being done at the 'Extended Enterprise,’ it is only natural that a company such as Cisco follows with its capabilities in software, Turner said. "In particular, the ability to drive intent-based network functionality is critical for industrial-based workloads that now demand traditional IT-based attributes such as security, scale and flexibility.” One of the stumbling blocks for success is the customer experience of end-to-end integration and delivery of services. “For example, there can't be natural breaks between sensor-based data being generated by a shop-floor robot on a production line and the enterprise back-office systems for parts and material because of either different networks and different data systems – they both need to be delivered in a seamless manner,” Turner said.

How organizations need to react to new data privacy challenges

Development of inventories of personal data is likely the biggest trend, given how important they were to GDPR compliance in 2018 and how important they’ll be for CCPA compliance this and next year. They’re sometimes called “data maps,” and they’re crucial for understanding where personal data is located in an organization down to the server level, how it’s being protected, and with whom it’s being shared. ... The best data protection technology ever invented is an alert employee. The best way to get alert employees is through routine training in best practices. That include topics such as: what qualifies as personal information, how to recognize phishing and similar attacks, and who to ask when you have questions. I believe the majority of employees understand the gravity of the threats to personal information and expect their employers to acknowledge this and act accordingly.

Quote for the day:

"The leader has to be practical and a realist, yet must talk the language of the visionary and the idealist." -- Eric Hoffer

No comments:

Post a Comment