Daily Tech Digest - September 12, 2020

Women in Fintech: How Open Banking Can Help Address Data Bias

A disturbing recent example is the story of Jamie Heinemeier Hansson, who was granted permission to borrow 20 times less on her Apple Card than her husband David was. This was despite her having a better credit score, as well as the couple filing a joint tax return and having an equal share in their property. The Apple Card incident highlighted that computers are not impartial. Artificial intelligence may well be able to digest vast amounts of information and identify patterns far beyond the capability of humans, but the historical data from which such systems “learn” in order to draw conclusions can be biased, even if it is unintentional. So a system can make a discriminatory decision about a woman’s credit rating due to inherent bias in its training – for example, as women were less likely to have been granted credit, the algorithm continues that pattern – despite having not specifically asked her gender. However, many believe that while technology can perpetuate these biases, it could also be used to address them, particularly in the open banking era. “I genuinely believe technology can level the playing field fundamentally,” says Sam Seaton, CEO of Moneyhub. 

Simplify agile, devops, and ITSM with Jira automations

Jira automations work like other IFTTT algorithms, except they have access to all the underlying data and workflows within Jira Software. A Jira automation trigger can be one of several types, including Jira issue types, sprints, and versions. You can design automations for when team members add or modify Jira issues, when scrum masters start or complete sprints, or when team leads create, update, or release versions. These triggers are highly useful for scrum masters, product owners, and technical leads who want to simplify the work needed to keep Jira updated with high-quality data. Jira automation also supports triggers tied to devops events such as pull requests, builds, branches, commitments, and deployments. These events connect with Bitbucket, GitLab, and Github and update Jira issue or version status based on developer activities performed in version control. More advanced triggers can run on a defined schedule or respond to webhooks. Teams using these two triggers can get very creative with integrating Jira workflows with other tools or automating administrative tasks on a schedule. Once you configure the trigger, you have the option to add more filtering conditions or to branch the flow and support different sets of actions.

How trusted data is driving resilience and transformation beyond Covid-19

Over the next three to five years, most business workflows will be disrupted by the application of data and artificial intelligence (AI). Efficiency will be prioritised because it underpins business survival. If we take power and utilities as an example, we can expect disruption of the billing workflow, call centres, customer onboarding, customer service, and distribution. Document intelligence will also be used to glean insights from large volumes of information. Ultimately, data and AI will reinvent the entire end-to-end value chains of industries. Companies that recognise the strategic value of data will be the leaders in digital transformation, giving them a competitive position in the market. ... The pandemic has highlighted the value of data since having and sharing information on individuals will be key to defeating the virus. So, in the evolving normal, we can expect more data-sharing platforms – platforms that allow the public sector to share information with the private sector and platforms that allow different companies within the private sector to share information with each other. Boundaries between sectors will blur over time and regulation will adapt to accommodate data sharing.

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

The Bluetooth SIG is recommending that potentially vulnerable Bluetooth implementations introduce the restrictions on CTKD that have been mandated in Bluetooth Core Specification versions 5.1 and later. These restrictions prevent the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length. “The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches,” according to Bluetooth. “As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.” Several Bluetooth-based attacks have cropped up over the past year. In May, academic researchers uncovered security vulnerabilities in Bluetooth Classic that could have allowed attackers to spoof paired devices and capture sensitive data. In February, meanwhile, a critical vulnerability in the Bluetooth implementation on Android devices was discovered that could allow attackers to launch remote code-execution (RCE) attacks – without any user interaction.

Australia’s very small step to make the Internet of Things safer

Security flaws in IoT devices are common. Hackers can exploit those vulnerabilities to take control of devices, steal or change data, and spy on us. In recognition of these risks, the Australian government has introduced a new code of practice to encourage manufacturers to make IoT devices more secure. The code provides guidance on secure passwords, the need for security patches, the protection and deletion of consumers’ personal data and the reporting of vulnerabilities, among other things. The problem is the code is voluntary. Experiences elsewhere, such as the United Kingdom, suggest a voluntary code will be insufficient to deliver the protections consumers need. ... A better option would have been a “co-regulatory” approach. Co-regulation mixes aspects of industry self-regulation with both government regulation and strong community input. It includes laws that create incentives for compliance (and disincentives against non-compliance) and regulatory oversight by an independent (and well-resourced) watchdog. The Australia government has, at least, described its new code of practice as “a first step” to improving the security of IoT devices.

Four ways network traffic analysis benefits security teams

The SecOps team will often need the network data and behavior insights for security analytics or compliance audits. This will usually require network metadata and packet data from physical, virtual and cloud-native elements of the network deployed across the data center, branch offices and multi-cloud environments. The easier it is to access, index and make sense out of this data (preferably in a “single pane of glass” solution), the more value it will provide. Obtaining this insight is entirely feasible but will require a mix of physical and virtual network probes and packet brokers to gather and consolidate data from the various corners of the network to process and deliver it to the security tool stack. NDR solutions can also offer the SecOps team the ability to capture and retain network data associated with indicators of compromise (IOCs) for fast forensics search and analysis in case of an incident. This ability to capture, save, sort and correlate metadata and packets allows SecOps to investigate breaches and incidents after the fact and determine what went wrong, and how the attack can be better recognized and prevented in the future.

A Beginner’s Introduction To DevOps Principles

To put it simply, DevOps is all about integrating these two teams together (hence the portmanteau of a name). It isn’t going to make your developers into sysadmins, or vice versa, but it should help them work together. Each aspect and phase is complemented with tools that make this whole process easier. DevOps is more than just tools and automation, and implementing a set of “DevOps tools” won’t automatically make your team work twice as fast, but these tools are a major part of the process, and it’d be hard to be as efficient without some of them. ... Rather than testing and building only once when everything is finished, in a DevOps environment, each developer will ideally submit changes to source control multiple times a day, whenever issues are complete or a minor milestone is reached. This allows the build and testing phases to start early, and make sure no developer gets too far away from the HEAD of the master source control. This stage is mostly about proper source control management, so having an effective git service like GitHub, Gitlab, or BitBucket are crucial to keeping continuous integration running smoothly. You don’t have to deploy every commit to production right away, but quick automated deployments are a major part of being able to push rapid releases.

It's the biggest job in tech. So why can't they find anyone to do it?

The failure to appoint a senior leader to coordinate the mammoth task of digitizing public services is at odds with the government's rhetoric. Three years ago, the UK re-iterated the need to create a "government as a platform" in a brand-new digital strategy, with the objective of harnessing the potential of digital to improve the efficiency of public services. The goal? To enable "digital by default" across government, and use technology and data to better serve citizens with digitally enabled public services that would be easier, simpler and cheaper. Since then, many reports have emerged stressing the difficulty of achieving this digital transformation journey without proper management from the very top. Last year, for instance, a report from the House of Commons' Science and Technology Committee found that the government's digital momentum was slowing, and that the shift was partly due to a lack of senior leadership. These failures have been especially palpable in the past few months. As the global COVID-19 pandemic threw the world upside down, the need for a government that effectively delivers digital services in a time of crisis became ever-more important.

Visa Warns of Fresh Skimmer Targeting E-Commerce Sites

The Visa alert does not indicate how Baka is initially delivered to a network. But the report notes that the malicious code is hosted on several suspicious domains, including: jquery-cycle[.]com, b-metric[.]com, apienclave[.]com, quicdn[.]com, apisquere[.]com, ordercheck[.]online and pridecdn[.]com. Once the initial infection takes hold, the skimmer is uploaded through the command-and-control server, but the code loads in memory. This means the malware is never present on the targeted e-commerce firm's server or saved to another device, helping it to avoid detection, according to the alert. "The skimming payload decrypts to JavaScript written to resemble code that would be used to render pages dynamically," according to Visa. Once embedded in an e-commerce site's checkout page, the skimmer begins to collect payment and other customer data from various fields and sends the information to the fraudsters' command-and-control server, Visa notes. Once data exfiltration is complete, Baka performs a "clean-up" function that removes the skimming code from the checkout page, according to the alert. This also helps ensure that JavaScript is not spotted by anti-malware tools.

Elon Musk is one step closer to connecting a computer to your brain

While the development of this futuristic-sounding tech is still in its early stages, the presentation was expected to demonstrate the second version of a small, robotic device that inserts tiny electrode threads through the skull and into the brain. Musk said ahead of the event he would “show neurons firing in real-time. The matrix in the matrix.” And he did just that. At the event, Musk showed off several pigs that had prototypes of the neural links implanted in their head, and machinery that was tracking those pigs’ brain activity in real time. The billionaire also announced the Food and Drug Administration had awarded the company a breakthrough device authorization, which can help expedite research on a medical device. Like building underground car tunnels and sending private rockets to Mars, this Musk-backed endeavor is incredibly ambitious, but Neuralink builds on years of research into brain-machine interfaces. A brain-machine interface is technology that allows for a device, like a computer, to interact and communicate with a brain. 

Quote for the day:

"The actions of a responsible executive are contagious." -- Joe D. Batton

No comments:

Post a Comment