Daily Tech Digest - August 12, 2019

Can an AI system invent? Does the tech have the intellectual right?

Can an AI system invent? image
There is presently a consensus inherent in patent law globally that the owner of a patent is the inventor unless the rights have been assigned to another person, entity, or their employer. However, the law also requires that the inventor must be a person who has contributed in some material way to the invention’s conception. Therefore, under current law, only a human is capable of being named as inventor and the AI system is a tool they have utilised to facilitate their innovation. The academics and inventors involved in the Artificial Inventor Project believe that this stance is outdated, and that such AI systems should be named as inventors with the owner of the machine being named as the owner of the patent. If indeed, AI systems such as The Creativity Machine seem to be capable of ‘inventing’, without any form of human intervention this could lead to patents without ‘inventors’. Some innovators may be concerned that the current lack of clarity regarding the patentability of AI-based inventions could become a barrier to progress. 

For Invisible Border Control, Start with Old-School Security Protocols

To minimize the risk of data breaches, the application layer is the only layer of technology within a computer that should be permitted to encrypt and decrypt sensitive information. So then, a second main point for implementers of border control security is that they should encrypt sensitive data within the application to ensure confidentiality. The encryption should be supplemented by secure key-management techniques using dedicated cryptographic hardware such as the Trusted Platform Module – a low-cost, high-security chip designed over a decade ago. Lack of such basic security controls led to breaches at thousands of companies over the last 15 years, including the U.S. Office of Personnel Management, Uber and Marriott. It would also be wise to add integrity controls to transactions through the use of digital signatures, given the fact that completely new systems are being created to support invisible boundaries. Not only are such transactions independently verifiable without the use of blockchain, but subtle, yet sophisticated attacks are possible when such security is not in place.

Democratic Presidential nominees are ignoring the issue of our cybersecurity infrastructure

What is, in effect, another sort of breach, is the collection, aggregation and manipulation of our privacy by digital aggregators such as Google and Facebook, which is then further manipulated and stolen by criminals. How do we solve these problems? Blatantly dictating solutions would inevitably fail. What we can do successfully is set standards of performance and responsibility, coupled with timelines and severe penalties for failure to perform. There must be accountability –something that sometimes exists in industry (albeit at inadequate levels), but that is wholly missing in government at all levels. While I care deeply about cybersecurity, I am not na├»ve about the extreme pressure confronting politicians to score well in polls – a requirement to have a shot at winning their party’s presidential nomination. Arguably, cybersecurity awareness may not fit this bill. If enhanced cybersecurity is to be injected into the Democratic election agenda, the public must actively promulgate such a step. Supporting an outcry is the irrefutable fact that the signs of risk are flagrant.

Modern-Day SOCs: People, Process & Technology

Part of building a SOC also requires organizations to decide whether it will be an internal, external, or hybrid. Each has its pros and cons. The upsides to an internal SOC include the assurance that comes with it being staffed by employees who are familiar with the organization's infrastructure and understand its security posture. That said, making an internal SOC successful comes at a cost.  A more cost-friendly route could be contracting an external party to deliver SOC services, according to Durbin. "An external SOC has the advantage of minimal initial outlay costs and reduced running costs due to the economies of scale associated with outsourcing," he says. "However, it is also important for organizations to recognize that they retain responsibility for the SOC and therefore need to keep SOC governance in-house." Members of ISF have expressed to Durbin that a hybrid SOC offers "the best of both worlds" by addressing some of the limitations that can encumber the performance of an internal or external SOC, he says.

Ransomware attacks are getting more ambitious as crooks target shared files

Despite a rise in ransomware attacks against cloud and network services – which in some cases see attackers make off with hundreds of thousands of dollars – organizations can prevent themselves from becoming the next victim. "It is hard to stop, but it can be defeated. There are many precursor signs to a ransomware attack that can be detected and responded to, before a ransomware attack succeeds," said Morales. "Continuous monitoring for network behaviors to proactively detect and respond to attacks does give an organization an opportunity to save themselves from the loss of data," he added. Organizations can also go a long way to avoid falling victim to a ransomware attack by ensuring that systems that don't need to be facing the open internet aren't remotely accessible, and by applying security updates to prevent malware taking advantage of vulnerabilities. Businesses should also keep regularly updated offline backups of their data, so if the worst does happen, the systems can be restored without giving into the demands of cyber criminals.

The Intel Assembly Manual

Reading this through will enable you to understand how the operating systems work, how the memory is allocated and addressed and, perhaps how to make your own OS-level drivers and applications. To help you understand what's happening, the github project includes many aspects of the article (and I 'm still adding stuff). It's a ready to be run tool which includes a Bochs binary, VMWare and VirtualBox configurations and a Visual Studio solution. The entire project is build in assembly using Flat Assembler. Assemblers like TASM or MASM will not work, for they only support specific architectures. Bochs is the best environment to experiment, because it includes a hardware GUI debugger which can help you understand the internals. Debugging without Bochs is impossible, because the debuggers are either real mode only (like MSDOS Debug) and assume you will always have some sort of control, or are able to run only in an existing environment.

Researchers find security flaws in 40 kernel drivers from 20 vendors

kernel socket driver
The common design flaws is that low-privileged applications can use legitimate driver functions to execute malicious actions in the most sensitive areas of the Windows operating system, such as the Windows kernel. "There are a number of hardware resources that are normally only accessible by privileged software such as the Windows kernel and need to be protected from malicious read/write from userspace applications," Mickey Shkatov, Principal Researcher at Eclypsium told ZDNet in an email earlier this week. "The design flaw surfaces when signed drivers provide functionality which can be misused by userspace applications to perform arbitrary read/write of these sensitive resources without any restriction or checks from Microsoft," he added. Shkatov blames the issues he discovered on bad coding practices, which don't take security into account. "This is a common software design anti-pattern where, rather than making the driver only perform specific tasks, it's written in a flexible way to just perform arbitrary actions on behalf of userspace," he told ZDNet.

A billionaire software mogul doesn't want his company to grow up

While SAP may be Plattner’s primary obsession, the software mogul has used his considerable wealth (he is the fifth-richest German with a net worth of about $15 billion) to finance his educational, philanthropic and sporting ventures. Plattner built a museum in Potsdam on the outskirts of Berlin to house his art collection, and financed the Hasso Plattner Institute in the same city, a vast IT campus that churns out software engineers. Investors have criticized SAP for being too slow to rejuvenate its executive suite, and for relying too heavily on Plattner to drive innovation. (Plattner, because he’s limited in what he’s allowed to do as chairman, also advises SAP on technology issues). In response, the company can point to some recent high-profile promotions of younger talent. One is Plattner’s protege Juergen Mueller, SAP’s 37-year-old chief technology officer. Mueller, a graduate of Plattner’s HPI, has been pushing artificial intelligence at SAP.

At A Glance – Doxxing

Doxxing is one of many threats businesses face however, it isn’t always carried out with malicious intent. Doxxers can aid the police and emergency services by uncovering the identity of criminals, reveal the true personas behind abusive or harmful content, and discourage people from engaging in illegal or socially taboo online forums. In one well known example, a Reddit user called ‘violentacrez’ fell foul of doxxing carried out by an American journalist. Worried that their true identity would be revealed, violentacrez deleted their account. It was too late. Violentacrez, the online identity used by Michael Brutsch, has been at the centre of a controversial debate over misogyny and unsavoury internet use for over 10 years. Organisations may even use doxxing for business research and analysis but this is not generally seen as an advisable or legitimate use. Doxxing does have serious implications for business as part of an ever growing cyber threat. Organisations should make it a priority to educate stakeholders and safeguard against such attacks.

6 Security Considerations for Wrangling IoT

The sheer increase in the volume of consumer IoT fostered by retail and tech giants has created a massive attack surface. Consumers may have dozens of IoT devices in their homes. And with all of their variations in software, suppliers, and connection points, the possibilities for things to go wrong seem endless. For instance, the simple task of turning on your home security system (an IoT device that communicates with a server), driving your car (your phone or car could also be an IoT device), and using a streaming camera at home seems innocuous on their own, but the data may be tracked by various parties, and combining them causes alarming possibilities of potential malicious activity. To better ensure safety and security, education is needed across the entire IoT ecosystem — from consumers to device manufacturers, service providers, third parties, and developers. Findings show the top reasons for IoT security vulnerabilities include weak passwords, insecure web APIs, cloud and mobile interfaces, insecure third parties, network services, and data transfer to name a few.

Quote for the day:

"Remember: Rewards come in action, not in discussion." -- Tony Robbins

No comments:

Post a Comment