Boeing's poor information security posture threatens passenger safety
Among a litany of easily remedied security failures, Kubecka reported that Boeing's test development networks were publicly exposed to the internet, potentially enabling a sophisticated adversary to gain access to Boeing software source code and build systems. "Imagine if you are an enemy and you tainted flight control software and suddenly a sensor or detection method didn't work when you go to war with them," Kubecka says. (CSO was able to verify that at least one of Boeing's test servers is still online but won't be publishing technical details to avoid helping potential attackers.) Other basic security precautions that constitute rudimentary due diligence also appear not being followed, including a lack of a TLS certificate (to enable encrypted web traffic via HTTPS) on the Boeing.com website home page, which means a malicious adversary could inject malware into web traffic and infect unsuspecting users. As of last week, more than 90% of web traffic is now encrypted, according to netmarketshare.com, making Boeing an outlier in a sector with known nation-state adversaries. If a company of Boeing's size can't even properly deploy a TLS cert on their website, what other information security lapses might they have committed?
"One of the realities of the future of work is that there's going to be more decisions that are left up to AI and automation," Kropp said. "There'll be more moral and responsibility decisions that are going to occur. HR will have a new job in the future of work, in addition to the jobs it already has. And that job will be to be the ethical steward of the company in an AI enhanced and embraced world." ... "While IT will be great at driving innovation, they won't be able to understand the full ethical questions that are out there to be able to balance across this team," Kropp said. "We believe that HR is uniquely responsible and uniquely positioned to do this from the organization." ... Employee training typically falls under HR's role, which means HR must consider how technology might change their employees' skillsets, Kropp said. "As managerial tasks get automated and the role of the manager changes, for example, if you keep doing the same thing, you're going to waste money on developing and training managers that no longer have the right capabilities," Kropp said. "If you don't change your learning and development strategy and rely on old job learning approaches, you're not have the workforce that you need."
Snowden was speaking via a video link from Russia, where he is now living after leaking details of secret US government surveillance programmes to reporters back in 2013. "Regulating the protection of data presumes that the collection of data in the first place was proper, was appropriate, that it doesn't represent a threat or a danger, that it's ok to spy on everyone all the time whether they are your customers or your citizens -- so long as it never leaks, so long as only you are in control of what it is that you've stolen from everybody," he added. Snowden said that while GDPR is a "good first effort" that the bar was set pretty low before: "What I'm saying is that it's not the solution, it's not the good internet that we want." One of the most significant features of GDPR is that organisations can face a maximum fine of 20 million euros or four percent of worldwide turnover -- whichever is greater. While some large GDPR fines have already landed, Snowden said: "Until we see those fines being applied every single year to the internet giants, until they reform their behaviour and begin complying not just with the letter but with the spirit of the law, it is a paper tiger that actually gives us a false sense of reassurance," he said.
What Comes After Digital Transformation? One Answer Is The Self-Driving Enterprise
Data is often referred to as the new oil. But data is a bit more like crude oil. You have to first find and collect it from all of its vast repositories. Even when you do, it’s unrefined. Data is often bad. It’s all over the place. Oftentimes, key data points are missing, especially in an era of real-time and predictive analytics. You can’t just make decisions with what you have, you need to upgrade, organize and clean the sources, plug it all into an intelligent system and upgrade human capital to connect the dots and make the most informed decisions consistently all at the accelerating speed of business. Pretty much, every CEO knows they have data, operational and human capital problems. Digital transformation is one of the paths forward. You can’t solve it overnight and becoming digital is a game everyone is playing. But you can start making the investment in cognitive platforms that connect the disparate dots while also giving stakeholders the ability to literally ask different questions that beget different answers. This starts to change organizational behavior, develop new human and machine knowledge and capabilities that ultimately change organizational course. Gartner is already starting to track the space, adding several categories to its Hype Cycle for Supply Chain Planning Technologies.
TechUK calls on datacentre sector to scale up climate change action efforts
“Datacentre operators, large and small, commercial (colocation) and in-house (enterprise), private and public sector need to establish baselines, set themselves targets and monitor progress. They should also consider commitments to public disclosure and customer transparency,” the tech trade body’s 28-page Datacentre energy routemap document states. These targets should be informed and aligned to the United Nation’s Sustainable Development Goals, particularly those focused on areas such as clean energy use and climate action, the document added. Some operators are already making waves in this regard, with the report calling out IBM and BT, in particular, for their “well-established and leading-edge climate change programmes”. While others, according to TechUK, still have some way to go to match their efforts. “The picture is not consistent across the industry and many operators can learn from their counterparts or adapt an industry template,” the report said.
Microsoft Security Setting Ironically Increases Risks for Office for Mac Users
By convincing a user to open specially crafted Microsoft Excel content on a Mac that has "Disable all macros without notification" enabled, a remote attacker can gain the same level of access to the system that the legitimate user has, CERT/CC said in its vulnerability note. "Attackers can do anything that they want by exploiting this issue," says Will Dormann, senior vulnerability analyst at CERT/CC. "They could install a virus, steal private files, or install ransomware. The sky's the limit." In a statement, a Microsoft spokeswoman said Microsoft was committed to investigating reported security incidents. "We will provide updates for impacted devices as soon as possible." The problem lies in how Microsoft Excel handles XLM content in SYLK (SYmbolic LinK) files, Dormann says. XLM is a macro format that used to be available in Excel versions up to and including Excel 4.0. Though Excel versions since then use VBA macros, Microsoft has continued to support XLM macros in later Excel releases, including those available with the latest Office versions for Mac.
What security companies – and all of us – can learn from the Deadspin debacle
If you don’t engage the people who make the company what it is, they’re going to walk. If you create a culture of uncertainty in the face of major changes, people are going to leave. If you mandate changes – not based on actual customer or user experience, but because of how it was done elsewhere – you’re going to drive a wedge further between the executive team and the rest of the company. Most importantly, if you put artificial barriers around what people do that are part of the reason for their success, and fire people for stepping out of them, you will cause a mass exodus. That’s what happened at Deadspin this past week. This is a clear example of how not to run a team. Effective managers keep teams engaged, communicate well and keep a culture of certainty even when there is turnover in senior leadership. Healthcare, like many other industries, is infamous for what we call “churn at the top,” where senior leadership changes significantly more rapidly than the levels beneath them. Each of those leaders has their own mandates from other leaders and board, and their own management style.
Digital Realty acquisition of Interxion to reshape data-center landscape
DRT didn’t really get into the interconnection business until 2015, when it acquired Telx. That gave it a boost in the U.S. but not the rest of the world. "This strategic and complementary transaction builds upon Digital Realty's established foundation of serving market demand for colocation, scale and hyperscale requirements in the Americas, EMEA and Asia Pacific and leverages Interxion's European colocation and interconnection expertise, enhancing the combined company's capabilities to enable customers to solve for the full spectrum of data center requirements across a global platform," said Digital Realty CEO A. William Stein in a statement. Interxion's well-established business relationships will give DRT a huge boost in Europe, Middle East, and Africa. Likewise, DRT touts its relationships with leading cloud platform operators and global enterprises as an opportunity to extend its value proposition to a global customer base. “The combination of Digital Realty with Interxion adds interconnection-rich sites in Europe to Digital’s global platform,” said Kelly Morgan, senior vice president for systems at 451 Research, in an email comment to Network World.
After Brexit, will 5G survive the age of the European empire?
DT and Huawei have already been close partners in some of Germany's first 5G rollouts, including what is said to be the first working 5G transmitter in Europe, located just above rooftop level on the antenna shown above, along Winterfeldstrasse in Central Berlin. In late October, Chancellor Merkel once again resisted calls from opposition ministers to take a harder stance on Huawei. The country maintains what it calls a "security catalog" listing global equipment suppliers that have pledged to refrain from including tools that may be leveraged in clandestine surveillance and spying. Although ostensibly toughening its "no-spy" regulations last May, the following October, Huawei officially made the revised approval list, and will continue to be a part of Germany's core 5G network for the foreseeable future. These telcos are among 5G's premier customers. Despite how the EU government would position itself, these companies are the ones tasked with implementing 5G standards, and maintaining interoperability among its implementations,
Q&A on the Book Agile Leadership Toolkit
Culture can’t be manipulated or altered directly, only indirectly. Things like trust, relationship, Rome and culture need time to grow and improve, and they can’t be built in a day. Successful leaders create the right structure so the culture can grow. Agile leaders give their teams a lot of freedom, space, trust, and inspiration for their daily work to increase their customer impact. Agile leaders focus on two important things to improve the culture: habits and informal leaders. The habits of a leader really influence the culture. Take for example when something goes wrong; what is the routine of the leader? Do they appoint firefighters to solely fix the important issue, or do they let the product owner decide how to solve it with the whole team? If the leader appoints firefighters, they probably will never achieve a culture of teamwork and collaboration. Another important thing to focus on is the informal leader. Every team has this role, and this person heavily influences the values – and therefore the local culture – of the team.
Quote for the day:
"Leadership is, among other things, the ability to inflict pain and get away with it - short-term pain for long-term gain." -- George Will
No comments:
Post a Comment