Daily Tech Digest - April 25, 2020

pharming  >  faudulent website redirect
A pharming attack tries to redirect a website's traffic to a fake website controlled by the attacker, usually for the purpose of collecting sensitive information from victims or installing malware on their machines. Attackers tend to focus on creating look-alike ecommerce and digital banking websites to harvest credentials and payment card information. These attacks manipulate information on the victim’s machine or compromise the DNS server and rerouting traffic, the latter of which is much harder for users to defend against. Though they share similar goals, pharming uses a different method from phishing. “Pharming attacks are focused on manipulating a system, rather than tricking individuals into going to a dangerous website,” explains David Emm, principal security researcher at Kaspersky. “When either a phishing or pharming attack is completed by a criminal, they have the same driving factor to get victims onto a corrupt location, but the mechanisms in which this is undertaken are different.” Pharming attacks involve redirecting user requests by manipulating the Domain Name Service (DNS) protocol and rerouting the target from its intended IP address to one controlled by the hacker. This can be done in two ways.


Technology, Financial Inclusion, and Banking in Frontier Markets

The lack of local knowledge of emerging and frontier markets can make it exceptionally difficult to serve those with limited infrastructure in the right way. A strong understanding of local financial processes and more complex environments are vital to providing financial services in hard-to-reach territories. It also helps to build trust and relationships with key organizations in that region. Where the relationship becomes mutually reinforced is when financial inclusion increases and we get more data on people within the market. As we understand consumer behaviors and markets are better understood, more players are willing to serve them and we are able to reach more people with financial services. When the two complement each other well, we can make a real difference in improving access to these services. While 72% of founders say that diversity in their startup is extremely or very important, only 12% of startups are diversity leaders in practice.


Software Testing: The Comeback Kid of the 2020s

Software Testing
Ultimately, developers don’t have the time or desire to keep these tests current over the long term. Unit testing has been a best practice for more than 20 years, yet despite waves of unit test automation tools (including one created by Albert Savoia not long before he declared testing dead), unit testing remains a thorn in developers’ sides. Does that mean we give up the benefits of unit testing altogether? Not necessarily. In order to take on unit testing per se, testers would need to understand the developers’ code as well as write their own code. That’s not going to happen. But, you could have testers compensate for lost unit test coverage through resilient tests they can create and control. Professional testers recognize that designing and maintaining tests is their primary job and that they are ultimately evaluated by the success and effectiveness of the test suite. Let’s be honest, who’s more likely to keep tests current, the developers who are pressured to deliver more code faster, or the testers who are rewarded for finding major issues (or blamed for overlooking them)?


Checking AI bias is a job for the humans

Checking AI bias is a job for the humans
Machine learning models are only as smart as the datasets that feed them, and those datasets are limited by the people shaping them. This could lead, as one Guardian editorial laments, to machines making our same mistakes, just more quickly: “The promise of AI is that it will imbue machines with the ability to spot patterns from data, and make decisions faster and better than humans do. What happens if they make worse decisions faster?” Complicating matters further, our own errors and biases are, in turn, shaped by machine learning models. As Manjunath Bhat has written, “People consume facts in the form of data. However, data can be mutated, transformed, and altered—all in the name of making it easy to consume. We have no option but to live within the confines of a highly contextualized view of the world.” We’re not seeing data clearly, in other words. Our biases shape the models we feed into machine learning models that, in turn, shape the data available for us to consume and interpret.


Starbleed vulnerability: Attackers can gain control over FPGAs

Starbleed
Attackers can gain complete control over the chips and their functionalities via the vulnerability. Since the bug is integrated into the hardware, the security risk can only be removed by replacing the chips. The manufacturer of the FPGAs has been informed by the researchers and has already reacted. FPGA chips can be found in many safety-critical applications, from cloud data centers and mobile phone base stations to encrypted USB-sticks and industrial control systems. Their decisive advantage lies in their reprogrammability compared to conventional hardware chips with their fixed functionalities. This reprogrammability is possible because the basic components of FPGAs and their interconnections can be freely programmed. In contrast, conventional computer chips are hard-wired and, therefore, dedicated to a single purpose. The linchpin of FPGAs is the bitstream, a file that is used to program the FPGA. In order to protect it adequately against attacks, the bitstream is secured by encryption methods. Dr. Amir Moradi and Maik Ender from Horst Görtz Institute, in cooperation with Professor Christof Paar from the Max Planck Institute in Bochum, Germany, succeeded in decrypting this protected bitstream, gaining access to the file content and modifying it.


How To Secure 5G — And The Internet Of Things Too

Internet of Things connectivity
“From a cybersecurity standpoint, things haven’t really changed that much,” he said, “so, the challenges remain the same.” As he told PYMNTS, the key challenge is to make sure that the systems and devices are better than reasonably secure before they go on the 5G network in the first place. That challenge is intensifying as 4G gets ready to give way to 5G. Adding devices boosts vulnerability, he said. Each one of those devices represents a possible point of attack for hackers and fraudsters. There are hundreds of millions of devices now that can, conceivably, be compromised, in some way — and there will be billions of devices in the future. The challenges of cybersecurity, he said, are the same whether from the standpoint of a manufacturer building an Internet of Things (IoT) device or from a healthcare company that is building devices that will be used by providers or a telecom company building network equipment. “The key question,” Knudsen said, “is how do you build that system or device in a way that minimizes risk?”


Blockchain Revolutionizing Banking and Financial Markets


If a change is to be made in a particular block, it is not rewritten. Instead, a new block is created which contains the cryptographic hash of the previous block, the amended data, and the timestamp. Hence, it is a non-destructive way to track data changes over time. In addition, Blockchain is distributed over a large network of computers and is decentralized which reduces the tampering of data. Now, before a block is added to the Blockchain each person maintaining a ledger has to solve a special kind of math problem created by a cryptographic hash function. Whoever solves the hash first gets to add the ledger to the block chain. Blockchain can also be private, public and even hybrid private-public. Hence, Blockchain can literally revolutionize the way we access, verify and transact our data with one another. ... Blockchain has come up with a peer-to-peer effective solution for lenders and borrowers without any involvement of third parties. A Spanish Bank gave the first crypto-loan service in 2018.They are fast (takes less than 48 hours), have much cheaper operational costs, are more secure and transparent.


How to become a data scientist without getting a Ph.D

Doctor with Medical Healthcare Research Concept
There are data scientists at every company. Instituting a mentor program, for example, combined with a continuous learning curriculum can greatly improve data fluency across an organization. And this is no longer an option — it's an imperative. Data is king in business. Data science is a means by which you can use data to make business decisions. Without the basic data science skills, employees can't make these important decisions.  As your team becomes more comfortable with the language of data, they'll be more comfortable bringing data to bear on important business decisions. It will become clear that some team members are more comfortable using data skills than others are. Encourage the proficient ones to mentor others. Even at DataCamp, where data science is our business, some people don't work with data continuously. When they need help on a complex problem, they pair up with those who do.  It's all about shared tools, skills and responsibilities — they can dramatically improve communication and understanding between employees, which ultimately improves workplace culture.


Multi-Cloud Cost Optimization For The Enterprise

Multi-Cloud Cost Optimization
How much will the public cloud cost? You should begin your cloud cost management strategy by looking at the public cloud providers’ billing models—just like any other IT service, the public cloud can introduce unexpected charges. How much storage, CPU and memory do your applications require currently? Which cloud instances would meet those requirements? Then, it’s a question of estimating how much those applications would cost in the cloud and comparing these figures to how much it currently costs you to run them on-premise. If you plan to use multiple public cloud providers, integration and other factors can lead to unexpected fees—try and plan application deployments to see where you might be liable for extra costs.  Initially, it seems that most vendors offer similar packages and prices—when you examine them in detail however, perhaps one vendor has a much lower price for certain types of workloads. Understand your business requirements before committing to a cloud vendor, and avoid vendor lock-in.


5 ways to empower remote development teams


QA teams that have never tested remotely must surmount technical, process-oriented and cultural challenges. Issues include how to collaborate virtually, procure off-site resources and manage asynchronous work schedules. Adjustments to workplace culture can help just as much as -- if not more than -- new tools. Follow these best practices for remote QA work from Gerie Owen, an experienced test manager. For example, communicate more frequently with team members, with more detail and context than usual. Owen also offers advice for organizations that lack sufficient network capacity for remote QA resources. ... Many enterprises must make distributed Agile development work. Read how to manage distributed Agile development and its various challenges, as detailed by software architect and technical advisor Joydip Kanjilal. He outlines, for example, what practices a remote development team can adopt to fulfill the values and principles of Agile. To improve camaraderie, a team might host regular video conferences.



Quote for the day:


"There is no 'one' way to be a perfect leader, but there are a million ways to be a good one." -- Mark W. Boyer


No comments:

Post a Comment