Daily Tech Digest - April 03, 2020

How to balance privacy concerns around facial recognition technology

facial recognition technology
Facial recognition without an individual’s consent has been at the center of controversy in recent news. It’s often associated with widespread surveillance and a breach of civilian privacy. Its use should be distinguished as a technology that removes control from the person whose likeness is being captured without consent — in some cases to catch bad actors or known terrorists, but in other cases, the intent is more malicious. For example, American billionaire John Catsimatidis was recently criticized for using the Clearview AI app to profile his daughter’s date. Catsimatidis simply captured a photo of the individual and uploaded it to the app to conduct a full-fledged background check. ... This use case can and should be considered an abuse of the technology and needs to be reinforced by regulatory bodies. Facial authentication, on the other hand, gives the individual full control by offering a choice as to whether they would like to allow the technology to identify them. Facial authentication is performed to protect logins and is permission-based — it offers a superior level of account protection compared to usernames and passwords, knowledge-based authentication or even SMS-based two factor authentication.


FCC wants to add a new swath of bandwidth to Wi-Fi 6

hack your own wi fi neon wi fi keyboard hacker
The driving factor, as ever, is the bottomless demand for spectrum caused by the increasing use of wireless just about everywhere, and the FCC’s announcement cites projections from Cisco that say about 60% of worldwide data traffic will move across Wi-Fi links within the next two years. Using the full 6GHz spectrum – all 1,200MHz of it – is part of the Wi-Fi 6 (802.11ax) standard that can’t be put into use until it is freed up by the FCC. With that spectrum extension in place the standard is known as Wi-Fi 6E, and devices with new silicon would be needed to implement it. “By doing this, we would effectively increase the amount of spectrum available for Wi-Fi almost by a factor of five,” said FCC chair Ajit Pai in a statement. “This would be a huge benefit to consumers and innovators across the nation.” But the incumbent licensed users of parts of the 6GHz spectrum – which are mostly businesses using microwave links for wireless backhaul and public safety services – aren’t pleased. The Utilities Technology Council is one of several groups that has been critical of earlier proposals to open the 6GHz band to broad-based unlicensed use, saying in response to Wednesday’s announcement that assurances that existing users would be protected from interference are unconvincing.



Cnvrg.io launches a free version of its data science platform

3D illustration Rendering wave of binary code pattern Abstract background.Futuristic Particles for business,Science and technology background
Ettun describes CORE as a ‘lightweight version’ of the original platform but still hews closely to the platform’s original mission. “As was our vision from the very start, cnvrg.io wants to help data scientists do what they do best – build high impact AI,” he said. “With the growing technical complexity of the AI field, the data science community has strayed from the core of what makes data science such a captivating profession — the algorithms. Today’s reality is that data scientists are spending 80 percent of their time on non-data science tasks, and 65 percent of models don’t make it to production. Cnvrg.io CORE is an opportunity to open its end-to-end solution to the community to help data scientists and engineers focus less on technical complexity and DevOps, and more on the core of data science — solving complex problems.” This has very much been the company’s direction from the outset and as Ettun noted in a blog post from a few days ago, many data scientists today try to build their own stack by using open-source tools. They want to remain agile and able to customize their tools to their needs, after all.



Australian Privacy Foundation labels CLOUD Act-readying Bill as 'deeply flawed'

"It enshrines an inappropriate level of discretion and weakens parliamentary oversight regarding interaction with governments that disrespect human rights. "It is a manifestation of a drip by drip erosion of privacy protection in the absence of a justiciable constitutionally-enshrined right to privacy in accord with international human rights frameworks." The remarks were made in the opening of APF's submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review of the Telecommunications Legislation Amendment (International Production Orders) Bill 2020. The Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa, as well as remove the ability for nominated Administrative Appeals Tribunal members to issue certain warrants.


Windows 10 security: How the shadow stack will help to keep the hackers at bay

ms-shadow-stack-4-code-execution-mitigations.jpg
Microsoft and Intel worked together on a design called Control-flow Enforcement Technology (CET) several years ago, which adds the new Shadow Stack Pointer (SSP) register and modifies the standard CPU call and return instructions to store a copy of the return address and compare it to the one in memory -- so most programs won't need any changes for compatibility. If the two addresses don't match, which means the stack has been interfered with, the code will stop running. "The shadow page table is assigned in a place that most processes or even the kernel cannot access, and this is supported by a new page table attribute that is not even exposed right now and people can't query it either," Pulapaka said. "The idea is that you will not be able to see that it exists, and you will not be able to touch it -- and if you try to touch it, the kernel doesn't allow it to allow any arbitrary process to touch it." CET also includes some forward call protection: indirect branch tracking does a similar check to CFG but in hardware. The CET specification was first released in 2016 and for compatibility, silicon released since then has had a non-functional version of the instruction that marks indirect branch addresses as safe.


Cyber security matters more than ever

Networks can be accessed in multiple ways, remote offices are common, there is an abundance of bandwidth and cyber security harnesses the power of artificial intelligence and other advanced technologies to help make the mobile office a reality. With more and more people now able to work from home and an estimated 4.1 million people electing to do so, companies need to ensure their cyber security extends beyond the confines of the office walls. With the increasing escalation of the COVID-19 situation in Australia, organisations have closed their physical premises and are enforcing work from home policies to ensure the health, wellbeing, and safety of employees. With much of the workforce now tapping into their home networks to enable business and operational continuity, this raises serious cyber security issues. The State of Cybersecurity in Asia Pacific survey by Palo Alto Networks found that almost half of respondents stated their biggest cyber security challenge was their employees’ lack of cyber security awareness. Imagine if those employees are working from home and accessing devices used by the family for business purposes, this exposes the employee to potential exploitation by cyber criminals and puts the employer at risk.


Zoom Rushes Patches for Zero-Day Vulnerabilities

Zoom Rushes Patches for Zero-Day Vulnerabilities
In recent days, Zoom has faced intense scrutiny over the platform's security and privacy. On Wednesday, researchers revealed that a Zoom feature that's designed to help individuals within an organization quickly connect to others through the desktop app can expose email addresses, full names and profile photos to other users who should not have access, according to Motherboard. Zoom also issued an apology this week for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. Exposed users' data included IP addresses and device model. Zoom has now stopped that data sharing practice and updated its privacy guidelines (see: Zoom Stops Transferring Data by Default to Facebook). On Monday, the New York Times reported that New York Attorney General Letitia James sent a letter to Zoom asking about the company's privacy and security practices. The letter also sought information about vulnerabilities "that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams," according to the report.


Are you overengineering your cloud apps?

Are you overengineering your cloud apps?
People building applications on public clouds have a multitude of cloud services that can be integrated into that application with little time and very little money. AI services, such as deep learning and machine learning, are often leveraged from applications just because of the ease of doing so. In many cases, the use of AI within a specific application is actually contraindicated. Other tempting services include containers and container orchestration systems. Although these are a great addition for a good many apps, I’m seeing them more and more force-fit these days. Developers are being lured by their hype. The trade-off here is that overengineered cloud apps are more costly to build, overly complex, and thus harder to operate over time. Indeed, they may double the cost of cloudops after deployment, as well as double the cloud bill you’ll get monthly. Cloud app designers and developers need to focus on the minimum viable features that the cloud applications need to solve the core problems. An inventory control application perhaps does not need a machine learning system bolted on, but a fraud detection system does.


Microsoft to hospitals: 11 tips on how to combat ransomware

ransomware2018.jpg
Ransomware can be damaging to any business, as it holds critical data hostage; with most companies, the loss can be measured financially. But when a hospital is attacked with ransomware, the cost can be measured in human life, either through direct patient care or through research being done on vaccines and medicine. Further, hospitals are now so focused on the coronavirus that medical staff and employees may forget the usual security protocols when dealing with email and other content. All of this makes them potentially easy prey for ransomware. Though a range of criminal groups and campaigns are known to employ ransomware, Microsoft in its blog post focused on REvil, also known as Sodinokibi. This campaign exploits gateway and VPN flaws to gain entry into organizations. This type of strategy is especially rampant now as so many more people are working from home or remotely. If successful, these attackers can steal user credentials, elevate their privileges, and then move across compromised networks to install ransomware and other malware. Gangs like REvil use human-operated methods to target organizations most vulnerable to attack.


Is remote work the new normal?

remote work
As COVID-19 continues to spread, remote work is no longer an experiment, but a requirement in many nations. While it represents a huge change, the results of a research conducted by OnePoll and Citrix, reveal that a majority of employees around the world are adapting to working from home and believe it will become the new normal for the way work gets done. “Remote work is not business as usual. It represents a totally new way of thinking and operating and can be a difficult adjustment for employees and employers to make,” says Donna Kimmel, Chief People Officer, Citrix. “But business must go on, even in times of crisis. And as the research makes clear, companies that give their people the right tools can help them make the transition, empower them to be and perform at their best, and emerge stronger when conditions improve.” As Kimmel notes, remote work is a completely new concept for most employees. ... “You can have the best technology in the world. But if you don’t provide employees with resources to help them make the adjustment, they won’t use it and continue to engage and be productive,” Kimmel says.




Quote for the day:


"A good objective of leadership is to help those who are doing poorly to do well and to help those who are doing well to do even better." -- Jim Rohn


No comments:

Post a Comment