Daily Tech Digest - January 18, 2020

EU mulls 5-year ban on facial recognition tech in public spaces

People walk past a poster simulating facial recognition software at the Security China 2018 exhibition on public safety and security in Beijing, China October 24, 2018.
The EU Commission said new tough rules may have to be introduced to bolster existing regulations protecting Europeans’ privacy and data rights. “Building on these existing provisions, the future regulatory framework could go further and include a time-limited ban on the use of facial recognition technology in public spaces,” the EU document said. During that ban of between three to five years, “a sound methodology for assessing the impacts of this technology and possible risk management measures could be identified and developed.” Exceptions to the ban could be made for security projects, as well as research and development, the paper said. The document also suggested imposing obligations on both developers and users of artificial intelligence and that EU countries should appoint authorities to monitor the new rules. The Commission will seek feedback on its white paper before making a final decision, officials said.

Huawei and 5G: Why the UK's decision is getting tougher every day

There are serious issues for the UK to consider here. These 5G networks will at some point underpin everything from smart cities to augmented-reality surgery. They have to be secure and unbreakable. An outage of a 5G network controlling an automated factory or motorway full of self-driving cars could be disastrous, especially if it could be triggered at-will by a foreign state. Espionage is another, more obvious and realistic fear. No nation would want its most sensitive data to be read by another. And few would dispute that the Chinese state has regularly used cyber espionage against other governments and businesses. So, first, there is the fundamental issue: can Huawei's equipment be trusted as part of the UK's critical infrastructure? It's a question that the UK's intelligence agencies and technical experts have been pondering long and hard. Up to now their answer has been that, so long as Huawei's kit is limited to the outer reaches of these new 5G networks, the risk is manageable. Huawei's equipment has long been used in UK networks without incident, and the country of origin is not the only, and not even a primary, factor when it comes to assessing security.

Forecast: the top 6 cybersecurity trends for 2020

cybersecurity privacy safety internet binary
Application Programming Interfaces (APIs) have become a vital component in modern IT infrastructures. They allow data to be readily shared between applications as well as opening access to external parties. While they offer significant benefits, they also create vulnerabilities that can be exploited by cybercriminals and incidents are set to rise during 2020. APIs are inherently insecure and offer an enticing entry point into an organisation’s IT infrastructure. The problem is particularly relevant in supply chains where data is shared between multiple parties. When access is provided to core systems via APIs, it becomes difficult – if not impossible – to ensure all links are secure at all times. ... Operational Technology (OT) is the hardware and software that manages devices within an organisation’s infrastructure. Most OT was designed years ago and was never intended to be networked or linked to the public internet. Fast forward to 2020 and OT is increasingly being connected to IT networks to allow remote monitoring and management.

How AI Is Manipulating Economics to Create Appreciating Assets

Think about that statement for a second…you’re buying an appreciating asset, not a depreciating asset. And what is driving the appreciation of that asset? It’s likely courtesy of Tesla’s FSD (Full Self-Driving) Deep Reinforcement Learning Autopilot brain. Tesla cars become “smarter” and consequently more valuable with every mile each of the 400,000 Autopilot-equipped cars are driven. Imagine a mindset of leveraging Deep Reinforcement Learning with new operational data to create products (vehicles, trains, cranes, compressors, chillers, turbines, drills) that appreciate with usage because the products are getting more reliable, more predictive, more efficient, more effective, safer and consequently more valuable. That’s H-U-G-E! An asset that appreciates in value through usage and learning is yet another example of how a leading organization can exploit the unique characteristics of digital assets that not only never deplete or wear out but can be used across an unlimited number of use cases at a near zero marginal cost.

Keeping up with disruptors through hybrid integration

We’re living in a period where information is key, and where companies in every industry are inundated with data from all sides. And this is only set to rise, with IDC predicting that the global datasphere will grow from 33 zettabytes in 2018 to 175 zettabytes by 2025. In terms of how this is stored, many organisations have initiated cloud-first policies, meaning no new data should be stored in their data centres. The reasons for this drive to the cloud are numerous given the number of business benefits. For example, the cloud provides unlimited storage and accessibility from anywhere in the world. While some companies already do everything in the cloud, the vast quantities of data collated by heritage organisations is stored across multiple data sources. It is therefore likely that these organisations will always have some systems stacked in heritage servers as a result of the costs involved, the data’s complexity and the inability to replicate it in the cloud. This means there is a need to integrate data and applications stored on-premise, in the cloud and between the two.

UK’s phone and internet bulk data surveillance unlawful, says EU court opinion

The Advocate General opinion argues that member states cannot use national security exemptions to escape from the safeguards of European law, when they impose legal obligations on telephone and internet companies to retain their customers’ data. Access to communications data must be subject to prior review or an independent administrative authority committed both to safeguarding national security and defending citizens’ fundamental rights and requests for data must be made in specific terms, the AG wrote. Data retention by telephone companies and internet service providers should be limited to specific categories of data that are essential for the prevention and control of crime and the safeguarding of national security, and each category of data should be held for a defined time.

New phishing attack hijacks email conversations: How companies can protect employees

Although the level of conversation hijacking in domain-impersonation attacks is low compared with other types of phishing attacks, they're personalized. That makes them effective, hard to detect, and costly, according to Barracuda. After impersonating a domain, cybercriminals begin the process of conversation hijacking. By infiltrating an organization, attackers will compromise email accounts and other sources. They then spend time monitoring the compromised accounts and reading emails to understand the business and learn about any deals, payment processes, and other activities. This step is also where they can snoop on email conversations between employees, external partners, and customers. Attackers will leverage the information they've picked up from the compromised accounts to devise convincing messages sent from the impersonated domain to trick employees into wiring money or updating and sharing payment information. The entire process of impersonating a domain, monitoring compromised accounts, and hijacking conversations can be expensive and time-consuming.

Mojo Vision is putting an augmented reality screen on a contact lens

The Mojo Lens is a contact lens with an augmented reality display.
Mojo Lens promises to deliver the useful and timely information people want without forcing them to look down at a screen or lose focus on the people and world around them. In terms of mass production, Mojo’s Invisible Computing platform won’t be ready for a while, but the prototypes are coming together. ... “It’s a rigid, gas-permeable lens,” he said. “It is super comfortable because it sits on the white part of your eye.” That’s like the hard contact lenses some people wear because they find the soft ones uncomfortable. The harder lens rests on your eye, rather than on your cornea (that is, it rests on the white part of your eye, rather than the part you see with). Mojo Vision plans to tailor each contact lens to fit the wearer’s eyes. “We want it to sit perfectly like a puzzle piece, and it doesn’t rotate and it doesn’t slip,” Sinclair said. “And that’s … one of the secrets that makes this whole thing work, and why anyone who’s trying to do this … with the soft contact lens is probably going to be miserable, because normal contact lenses are always moving around and sliding around and slipping and rotating.”

It’s the end for Windows Server 2008 support

Windows logo / life preserver / rescue / recovery / fix / resolve / solution
Server 2008 is based on the Windows Vista codebase, which should be reason alone to jettison it. But Windows Server 2016 and Windows Server 2019 are built on Windows 10, which means apps heavily dependent on the OS ecosystem might be hard to move since the internals are so different. “I do work with folks that are still running Windows Server 2008. They understand the ramifications of EOL for support. But most are in a predicament where they aren’t able to move the applications for a number of reasons, including application compatibility, location, etc.," Crawford says. For those apps that are challenging to move, he recommends isolating the system as much as possible to protect it, and putting in a plan to do what is needed to the applications to prepare them for movement as quickly as possible. Microsoft offers and recommends Azure migration, so Server 2008 apps can run in an Azure instance while they are modernized for Server 2019 and then deployed on premises. Migration should be the paramount effort, because if you are running Server 2008 then you're using hardware that's at least eight years old and potentially 12 years old.

What is Perfect Forward Secrecy? A Guide for 2020

Perfect Forward Secrecy
In short, the PFS acronym stands for “perfect forward secrecy,” which is a relatively recent security feature for websites. It aims to prevent future exploits and security breaches from compromising current or past communication, information or data by isolating each transaction’s encryption. Traditionally, encrypted data would be protected by a single private encryption key held by the server, which it could use to decrypt all the historic communication with the server using a public key. This presents a potential security risk down the line, as an attacker can spend weeks, months or years listening in to encrypted traffic, storing the data and biding their time. ... Perfect forward secrecy solves this problem by removing the reliance on a single server private key. Rather than using the same encryption key for every single transaction, a new, unique session key is generated every time a new data transaction occurs.  In effect, this means that even if an attacker manages to get their hands on a session key, it will only be useful for decrypting the most recent transaction, rather than all the data they may have collected in the past.

Quote for the day:

"The cost of leadership is self-interest." -- Simon Sinek

No comments:

Post a Comment