Daily Tech Digest - March 15, 2019

Your digital ecosystem is under performing but no one can figure out why

Your digital ecosystem is under performing but no one can figure out why image
Senior IT professionals have to focus on the human experience to fully understand the intricacies of a sophisticated digital ecosystem and how it affects user experience both inside and outside the enterprise. Otherwise it’s just guesswork and looking for a needle in a haystack. But guesswork is time consuming and resource intensive and can significantly jeopardise business success or even a company’s survival. As a result IT departments are under huge pressure to understand, find and solve the issues in the shortest time possible. To do this IT professionals need to take a different approach and use an analytics solution that doesn’t focus on engineering parameters but on how real users interact with the digital services. CIOs can now use smart analytics tools that cut through the complexity of the digital ecosystem and are able to analyse the system through the human experience lens. Only in this way can they uncover why the company’s digital infrastructure is under performing and correlate it with the effect on user experience.

Interoperability testing verifies that components within the application, server and database work together and deliver the expected results. It's not sufficient to only test components or applications; you must test all the components with which they interact. A development team could create mock systems that simulate interoperability testing for a solid first step. But simulations don't replace interoperability tests, which cover as many possible connection points and functions as possible for all partners. Interoperability testing is challenging, which is why software development teams attempt to get around it. For example, in a partnership, one development team from Company A won't have its code ready until right before the expected release date, while Company B wants to thoroughly test their interoperable code before release. So, Company B's developers create mock code that simulates the existence of Company A's expected code. That simulation, while imperfect, helps both teams avoid logistical challenges.

Securing the mobile enterprise means thinking outside the VPN box

Not long ago it was sufficient to meet corporate security and external audit requirements by implementing a VPN constructed with firewalls and network access control (NAC) protocols, which secured access to network nodes when devices attempted to access them. But in today's world, users increasingly sign in to applications and off-premise clouds and cloud-based systems directly. They don't necessarily go through a VPN tied to an internal network-resident IT to gain access. This creates many more points of access to enterprise IT resources that might be in-house or off premises. ... The message is clear for IT network managers: New ways of creating secure perimeters around corporate IT resources must be found and establishing perimeters must go beyond what was historically defined as a physical network. "Business leaders face a digital imperative to boost user productivity, while also mitigating the risk of data breaches that are growing in size and frequency," said Sudhakar Ramakrishna, CEO of Pulse Secure, which provides software-defined secure access.

Two-thirds of all Android antivirus apps are frauds

The AV-Comparatives team said that out of the 250 apps they've tested, only 80 detected more than 30 percent of the malware they threw at each app during individual tests. The tests weren't even that complicated. Researchers installed each antivirus app on a separate device (no emulator involved) and automated the device to open a browser, download a malicious app, and then install it. They did this 2,000 times for each app, having the test device download 2,000 of the most common Android malware strains found in the wild last year --meaning that all antivirus apps should have already indexed these strains a long time ago. ... However, results didn't reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn't actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names Essentially, some antivirus apps would mark any app installed on a user's phone as malicious, by default, if the app's package name wasn't included in its whitelist.

How did Facebook go down despite multiple data centers?

Facebook / privacy / security / breach / wide-eyed fear
Facebook said it wasn’t an attack, like a Denial of Service attack, and has since issued a statement attributing it to a configuration error. “Yesterday, we made a server configuration change that triggered a cascading series of issues. As a result, many people had difficulty accessing our apps and services," said Travis Reed, a Facebook spokesman. "We have resolved the issues, and our systems have been recovering over the last few hours. We are very sorry for the inconvenience and we appreciate everyone’s patience,” The question for me is how could a company with redundant data centers around the U.S., not to mention internationally, be taken down like this? All told it has seven data centers in the U.S. Redundancy is supposed to help prevent this kind of problem. Well, not exactly. In the case of a bug or operating problem, redundancy doesn’t help. In fact, it can spread the problem quickly, notes analyst Rob Enderle. “Redundancy can help with certain things like a complete system failure, but it doesn’t help with a virus or software bug because it can replicate it, so redundancy can’t help here,” he said.

Android Q's quietly important improvements

Android Q picks up where Pie left off and limits access to even more non-resettable device identifiers — numbers that are unique to your phone and can't be changed. Such numbers can easily be used to track your activity over time, since they're consistent and tied exclusively to you. With Q, both the device IMEI (international mobile subscriber identity) and serial number join the list of restricted identifiers, meaning apps can access them only in very limited and genuinely necessary scenarios. The software also now randomizes your phone's MAC address — another unique number that's traditionally permanent and unchangeable — every time it connects to a new Wi-Fi network. That was introduced as an off-by-default "experimental" feature in Android P and is now an on-by-default primary setting in Q. What else? Android Q changes the way apps are able to access your phone's Bluetooth, Wi-Fi, and mobile data functions so that they don't receive any associated location info unless it's absolutely necessary.

National Cyber Security Programme at risk of missing targets

“Improving cyber security is vital to ensuring that cyber attacks don’t undermine the UK’s ability to build a truly digital economy and transform public services. The government has demonstrated its commitment to improving cyber security,” said NAO head Amyas Morse. “However, it is unclear whether its approach will represent value for money in the short term and how it will prioritise and fund this activity after 2021. Government needs to learn from its mistakes and experiences to meet this growing threat.”  MP Meg Hillier, chair of the Public Accounts Committee (PAC), said the programme was another example of an important government initiative being launched without getting the basics right. “There were serious weaknesses in its initial set up, undermining its contribution to government’s overall cyber security strategy,” she said. “The increasing cyber threat faced by the UK, and events such as the 2017 WannaCry attack, make it even more critical that the Cabinet Office take immediate action to improve its current programme and plan for safeguarding our cyber security beyond 2021.”

Fresh POS Malware Strikes Small and Midsize Companies

Although DMSniff is newly discovered, it likely has been around since 2016, Reaves and Platt write. They suspect, with low confidence, that attackers may be brute-forcing SSH credentials on devices or scanning for other vulnerabilities, leading to an infection. The malware uses several tricks to maintain persistence and keep a low profile. DMSniff is encoded with a domain generation algorithm, or DGA, which generates an endless pattern of domains. If the malware's creator activates one of those domains, it can be used as a command-and-control server. That's a technique borrowed from botnet herders. Using DGAs helps maintain a botnet's resiliency. If hosting companies or law enforcement shut down a known C&C node, the malware can call out to a different one. The C&C servers can be frequently rotated, making it difficult to cut off communication to the botnet. Flashpoint notes that that use of a DGA in POS malware is rare.

F5-Nginx deal reflects mainstream trend toward microservices

As network and application management worlds collide in IT, a wide array of vendors scrambles to target developers. Thus, as with container management and IT monitoring, DevOps pros will have a bounty of choices among microservices network management products that attack the problem from multiple angles. Network management competitors to F5, such as Cisco, also offer software-defined network tools and microservices management platforms that incorporate Kubernetes container orchestration. Server virtualization bellwether VMware plans to join its NSX software-defined network IP with Heptio's ingress controller and service mesh capabilities. Meanwhile, DevOps software players such as HashiCorp already offer multi-cloud network abstraction tools that F5 said it plans to deliver through Nginx. Nginx is also something of an outsider in service mesh, which has generated strong buzz among DevOps early adopters. 

While the comfort and elegance of serverless architectures is appealing, they are not without their drawbacks. In fact, serverless architectures introduce a new set of issues that must be considered when securing such applications, including increased attack surface, attack surface complexity, inadequate security testing, and traditional security protections such as firewalls. Today, many organizations are exploring serverless architectures, or just making their first steps in the serverless world. In order to help them become successful in building robust, secure and reliable applications, the Cloud Security Alliance’s Israel Chapter has drafted the “The 12 Most Critical Risks for Serverless Applications 2019.” This new paper enumerates what top industry practitioners and security researchers with vast experience in application security, cloud and serverless architectures believe to be the current top risks, specific to serverless architectures.

Quote for the day:

"You can't just wish change; you have to live the change in order for it to become a reality." -- Steve Maraboli

No comments:

Post a Comment