Daily Tech Digest - January 24, 2020

Top 10 IT & Technology Buzzwords You Won’t Be Able To Avoid In 2020

AI refers to the science and engineering of making intelligent machines or software that have a human-like ability to make decisions and to improve over time by learning from experience
While IoT was a prominent feature of buzzwords 2019, the rapid advancement and adoption of the internet of things is a trend you cannot afford to ignore in 2020. This leads us to the next of our buzzwords in IT: connected retail. To explain this most essential of 2020 buzzwords: connected retail is the seamless bridge between physical and digital retail, creating a connected, cloud-based ecosystem for enhanced consumer experience and advanced data collection. Such innovations offer the ability to transfer data over a network, creating valuable experiences for both the consumer and the business itself. Connected retail is a buzzword in IT worth mentioning as it will become integral in 2020, with countless applications that offer unique data opportunities to brands across sectors. Take Walt Disney World, for instance. An innovator in the field, Disney launched a smart wristband that allowed guests to tailor their experience within the park. Working with various touchpoints and sensors, guests benefit from a wealth of tailored park information while receiving bespoke deals, discounts, and offers as they interact with the landscape around them.

Why Visual AI Beats Pixel and DOM Diffs for Web App Testing

Functional testing alone cannot help you find unexpected additions to your page. In the new version of the page as shown in the example below, terms and conditions get added at the bottom of the form. The new content requires a test for the new T&C external link (which may link to a new page, or to a hovered text box). If you forget to add a test for the new link, you are blind to its existence and blind to whether or not it behaves correctly. ... Visual AI uses computer vision technology that has been applied in everything from security systems to self-driving cars. Visual AI identifies visual elements that make up a screen or page capture. Rather than inspect pixels, Visual AI recognizes elements as elements with properties (dimension, color, text) and uses the properties of a checkpoint element to compare it to the baseline. The screens get compared at the element level, rather than the pixel level. DOM inspection helps Visual AI identify visual elements for comparison, but Visual AI ignores DOM differences. With Visual AI, you discover visible differences and ignore trivial differences.

Jigsaw puzzle pieces coming together.
Combining VMware’s SD-WAN package with Nyansa’s cloud-based AIOps platform offering, “users will have access to a single platform that can deliver comprehensive and actionable data on network traffic and application performance from the cloud, to branch offices, to the end user and across their wired and/or wireless devices,” wrote Sanjay Uppal, VP and GM, VeloCloud Business Unit, VMware in a blog about the acquisition. “Nyansa can proactively predict client problems, optimize their network, better enable the behavior of critical IoT devices, and justify infrastructure changes based on actual user, network and application data," Uppal stated. “The combination of Nyansa’s AI/ML capabilities with VMware’s existing analytics, visibility and remediation capabilities will make it easier for [customers] to operate and troubleshoot the virtual-cloud network and accelerate the realization of a self-healing network.” The Nyansa buy, expected to close in the first quarter of VMware’s fiscal year, would be the company’s ninth acquisition in the past 13 months.

Quantum-Proof Cryptography: How It Would Work

Researchers are attempting to develop new forms of cryptography that could not be cracked by powerful quantum computing devices that are in the works. That requires devising public key cryptosystems based on computational problems that are difficult to break even using quantum algorithms, says Divesh Aggarwal, principal investigator at Singapore's Center for Quantum Technologies. "The essential idea is you have to come out with a computational problem that you can base public key cryptosystems on and for which we don't know how to solve these problems using quantum algorithms," Aggarwal says in an interview with Information Security Media Group. Today's most widely used cryptosystem - RSA - is based on the problem of factoring integers, and this could be easily solved or broken by quantum computers once they're developed, he says. The National Institute of Standards and Technology in the U.S. is working on standardized quantum proof cryptographic keys, he notes.

7 things your Android phone can do that iPhone owners can only dream of

iPhone users have Siri, but Android gives you Google Assistant. Google Assistant is a much more sophisticated tool than Apple's Siri for a slew of reasons, but the most important one is that it makes use of Google's impressive database. Google Assistant can understand common requests for businesses and names, and it gets requests right more often than wrong. It also returns high-quality responses, drawing from Google Search, a tool that Siri doesn't have access to. Google Assistant also tightly integrates with the phone's other functions, to tell you when it's time to leave for your next meeting and warn you that traffic will be heavy on the way home. If you have any Google Home or Nest Home smart speakers or other compatible devices, you can also use Assistant on your phone to control smart devices around your house like lights, outlets or your thermostat -- even from afar. And it's built right into your Android device. "OK, Google" and "Hey, Google" are the two wake phrases. If you need help knowing what to ask, you can ask Google Assistant for a list of commands: "OK, Google, What can you do?"

Fast String Matching with Wildcards, Globs, and Gitignore-Style Globs

Wildcard string matching and globbing isn’t as trivial as it may seem at first. In fact, mistakes in the past resulted in serious vulnerabilities such as denial of service. Simple patches, such as limiting the number of matches to limit the CPU time, have been applied to fix implementations that suffer exponential blow-up in execution time. More disconcerting is that buggy globbing implementations can be easily located on the Web: just search for wildmat.c to find copies of implementations that may crash when a character class range is incomplete, ... To understand how globbing implementations may cause denial of service, we will take a quick look at some examples. Recursion is often used in simple implementations of wildcard matching with * and ?. The idea is to scan the pattern and the string from left to right while pairwise matching the characters. When a star is encountered in the pattern, the do-match function is recursively called to compare the rest of the pattern to the rest of the string.

MDhex vulnerabilities impact GE patient vital signs monitoring devices

GE Healthcare Carescape CIC Pro
The MDhex security flaws, according to CyberMDX experts, allow an attacker with access to a hospital's network to take over vulnerable patient monitors and/or telemetry aggregation servers, and then silence alerts, putting patient lives at risk. Besides the CyberMDX advisory, the Department of Homeland Security has also published security advisories today meant to warn healthcare providers about the MDhex vulnerabilities. The DHS CISA and FDA advisories contain mitigations that hospitals and clinics can deploy to prevent attackers from exploiting the devices. The general advice is to place these devices on their own separate networks, not connected to the internet, and isolated from any other hospital systems. Patches are not available at the time of writing. A GE Healthcare spokesperson told ZDNet in an email this week that the company plans to release software updates in Q2 2020 to address the reported MDhex issues. According to CyberMDX experts, the vulnerabilities are as bad as they can be, with five out of the six MDhex bugs receiving a rating of 10 out of 10 on the CVSSv3 severity scale.

The Doomsday Clock just moved closer to midnight again. Tech is getting some of the blame.

The group of scientists warned that several major arms control treaties and negotiations have ended or been undermined during the past year, creating an environment conducive to a renewed nuclear arms race. They warned that government action on climate change still falls short. But they also said that threats to the "information ecosphere" -- like the spread of misinformation and fake news -- could also create dangerous global instability. Ongoing disinformation campaigns are corrupting the decision-making processes needed to tackle nuclear and climate threats, the scientists said. "In the last year, many governments used cyber-enabled disinformation campaigns to sow distrust in institutions and among nations, undermining domestic and international efforts to foster peace and protect the planet," the group said. While countries have long attempted to use propaganda to drive their particular political agendas, the internet now provides widespread, inexpensive access to worldwide audiences. The recent arrival of 'deepfake' audio and video could also undermine our ability to separate truth from fiction.

Cisco issues firewall, SD-WAN security warnings

hacker presence on a network
The vulnerability is due to the existence of default credentials within the default configuration of an affected device, Cisco stated. An attacker who has access to an affected device could log in with elevated privileges. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. The second SD-WAN-related problem is in CLI of the Cisco SD-WAN Solution vManage software. An exploit could let the attacker elevate privileges to root-level privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. This vulnerability affects Cisco SD-WAN Solution vManage Software Release 18.4.1, Cisco stated. Cisco said it has released software updates for both SD-WAN vulnerabilities. A couple of the other highly rated vulnerabilities were in Cisco’s implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Blazor State Management

For the best possible user experience, it's important to provide a consistent experience to the end user when their connection is temporarily lost and when they refresh or navigate back to the page. The components of this experience include: The HTML Document Object Model (DOM) that represents the user interface (UI); The fields and properties representing the data being input and/or output on the page; and The state of registered services that are running as part of code for the page. In the absence of any special code, state is maintained in two places depending on the Blazor hosting model. For Blazor WebAssembly (client-side) apps, state is held in browser memory until the user refreshes or navigates away from the page. In Blazor Server apps, state is held in special “buckets” allocated to each client session known as circuits. These circuits can lose state when they time out after a disconnection and may be obliterated even during an active connection when the server is under memory pressure.

Quote for the day:

"And how does one lead? We lead by doing; we lead by being." -- Bryant McGill

No comments:

Post a Comment