Daily Tech Digest - October 10, 2020

Internet of Things Applications

IoT applications can transform reactive medical-based systems into active wellness-based systems. Resources that are used in current medical research lack important real-world information. It uses controlled environments, leftover data, and volunteers for clinical trials. The Internet of Things improves the device's power, precision and availability. IoT focuses on building systems rather than just tools. Here's how the IoT-enabled care device works. ... Most of you have heard about the term smart city. Smart city uses technology to provide services. The smart city includes improving transportation and social services, promoting stability and giving voice to their citizens. The problems faced by Mumbai are very different from Delhi. Even global issues, such as clean drinking water, declining air quality, and increasing urban density, occur in varying intensity cities. Therefore, they affect every city. Governments and engineers use the Internet of Things to analyze the complex factors of town and each city. IoT applications help in the area of water management, waste control and emergencies. ... By the year 2050, the world's growing population is estimated to have reached about 10 billion. To feed such a large population, agriculture needs to marry technology and get the best results.

Learning from Bugs and Testers: Testing Boeing 777 Full Flight Simulators

Every failure is an opportunity to learn something. Finding and fixing a bug is great, but understanding why the bug is there is where you learn even more. It might be a requirement that wasn’t properly formulated, implemented, tested, or anything else. As a software tester, imagine that a bug you have reported was caused by an untrapped exception in a division by zero. If you saw that bug several times or if your software is mission-critical then it is worth asking every team to check if they have encapsulated all code where they perform a division with a “try catch” statement. The Ariane 5 Rocket blew up because of untrapped exceptions: There go half-a-billion dollars and a dent in reputation. The US Air Force almost lost an F-22 squadron (state-of-the-art fighter jets valued $350 million a pop) when they flew over the International Date Line (IDL) leaving the pilots with only flight controls (dedicated and separated computers). When you cross the IDL the “time” skips by one day depending on your direction of travel. A space probe crashed on Mars because the software testers forgot to test what would occur when sensors are sending erroneous data to the mission computer.

55 New Security Flaws Reported in Apple Software and Services

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources." The flaws meant a bad actor could easily hijack a user's iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts. The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September. After they were responsibly disclosed to Apple, the iPhone maker took steps to patch the flaws within 1-2 business days, with a few others fixed within a short span of 4-6 hours.

An introduction to Windows 10’s new PowerToys

Over the past few months, PowerToys has really cleaned up its installation and update capabilities. Versions 0.18.2 and earlier would require users to jump into Task Manager and terminate various processes and applications before its installation could complete. Via Twitter, one of team leader Clint Rutkas’ associates informed me this was because of the program’s inclusion of the Core .NET DLLs into PowerToys. But as of release v0.20.1, PowerToys handles all open applications without issue. Now, it simply asks for permission to restart the Windows Explorer (process name: explorer.exe) as it finishes up updating or installing itself. Speaking of updates, Rutkas and his programmers are working hard to push frequent updates to PowerToys. A look at the Releases page shows eight releases since early June, or about two per month. ... Pressing and holding the Windows key causes an overlay showing a list of Windows-key shortcuts to appear on the primary Windows display. Once shown, that menu — a.k.a. the Shortcut Guide — persists as long as the winkey remains depressed. These shortcuts, or key combos, require that the Windows key and the named key be depressed together.

3 ways criminals use artificial intelligence in cybersecurity attacks

Generative Adversarial Networks (GANs) are basically two AI systems pitted against each other—one that simulates original content and one that spots its mistakes. By competing against each other, they jointly create content convincing enough to pass for the original. Nvidia researchers trained a unique AI model to recreate PAC-MAN simply by observing hours of gameplay, without a game engine, as Stephanie Condon explained on ZDNet. Bandos said that attackers are using GANs to mimic normal traffic patterns, to divert attention away from attacks, and to find and exfiltrate sensitive data quickly. "They're in and out within 30-40 minutes thanks to these capabilities," he said. "Once attackers start to leverage artificial intelligence and machine learning, they can automate these tasks." GANs also can be used for password cracking, evading malware detection, and fooling facial recognition, as Thomas Klimek described in the paper, "Generative Adversarial Networks: What Are They and Why We Should Be Afraid." A PassGAN system built by machine learning researchers was trained on an industry standard password list and was eventually able to guess more passwords than several other tools trained on the same dataset.

Serverless Horror Stories

One of the well-known challenges of event-driven serverless architectures is the difficulty in tracing requests end-to-end, in order to investigate performance issues. A case in point is when the Segment company encountered a problem with a popular serverless service, DynamoDB. Segment was experiencing a serious performance issue with their DynamoDB instances that was slowing down their entire system. To mitigate this, the company had to increase the provisioned throughput of DB instances, but this in turn vastly increased their AWS bill. When Segment’s own troubleshooting efforts failed to uncover the problem, they asked AWS support for help. Using internal tools, AWS generated a partition heatmap of DynamoDB instances. Although the heatmap was not very readable, they were able to spot a single DB partition that was having performance issues, clearly indicating that their workload was not distributed evenly across partitions. It was still, however, not clear which records or keys were problematic. So Segment continued to investigate the issue and found a relatively trivial bug that was very hard to spot but which, when fixed, reduced their DynamoDB capacity by a factor of four and saved them $300,000 annually.

Travelex Cyber-attack Timeline

We have compiled a detailed timeline of the Travelex cyber-attack based on information that's available freely on the internet and in media reports. Our objective is to simply present this information in an easy-to-consume visual guide that can help cybersecurity practitioners and enthusiasts to get further clarity on what went wrong and how. ... The idea of us creating this timeline is not to vilify/defame any business or victims of a cyber-attack. However, from every cyber incident there is something all of us can learn about covering our bases when it comes to being truly cyber-resilient.  In this case, it appears that the cyber-criminals managed to attack Travelex thanks to the unpatched critical vulnerabilities in its Pulse Secure VPN servers. Hence, the lesson here would be to always ensure that your cybersecurity infrastructure is as updated and foolproof as possible. Regular review of the IT infrastructure is also imperative to ensure that your business is as secure as is possible. ... Amar insists that this initiative isn't aimed at attacking Travelex or any organisation. Our objective to create these attack timelines is purely for educational purposes. Amar has been in the thick of many cyber-attacks and he absolutely understands the pressure, the chaos and the collective desire to do the right thing when in the midst of a major crisis.

How to Build, Deploy, and Operationalize AI Assistants

Some of the issues with non-linear conversations, where the user introduces a new topic in the middle of the conversation or modifies a previous statement, remained. These types of multi-turn conversations are particularly challenging, and they also happen to be the way that most users actually talk. In an effort to resolve some of these issues, the team experimented with Rasa’s TED (Transformer Embedding Dialogue) policy. Using a transformer architecture, the TED policy can selectively pick which conversation turns to pay attention to, and which conversation turns to ignore. Additionally, and perhaps, distinctively in comparison to recurrent neural network architectures, transformers use a self-attention mechanism, by which they’re able to choose which elements in a conversation to pay attention to, in order to make an accurate prediction. In other words, transformers are uniquely equipped to handle non-linear conversations where a user might change topics, engage in chitchat in the middle of a conversation, because they’re less likely to become perplexed when a user does something unexpected. In addition, it provides hyperparameters that can be used to fine-tune the model.

The next frontier for risk tech should be in the cloud

Risk management technology moving to the cloud allows organizations to better incorporate their entire technology stack into their GRC processes. With more available integrations, data can be exchanged more securely and can result in more impactful business insights. And, when information moves seamlessly between applications and platforms, it’s also easier to incorporate more employees and managers into a company’s risk culture and processes. Investing in agile technology gives companies the opportunity to scale, and scale quickly. In a space like GRC and risk management, which relies on data and insights garnered through data, it’s important to not only invest in agile technology but also in software built on a graph database. Graph databases, compared to relational databases, are much more flexible and offer greater user-visibility. Information is more easily stored and the infrastructure allows it to generate relationships between data sets so solutions can unlock more insights and functionality. Now, a cloud-based risk management solution can align with and improve pre-existing processes. As a result, Gartner predicted 100% annual growth through 2022, when naming graph databases one of its biggest data trends.

Data localisation in emerging markets: The case of Turkey

Data localisation requirements under Turkish law have so far been sector-specific and, hence, limited in scope. Several sectors are already under obligation to keep primary and secondary data in Turkey: banking, e-sim technology companies, finance, healthcare and energy. When the social media law discussed above was formally enacted in July 2020, the Turkish ID number requirement for social media logins was dropped and the data localisation measure became a request to the outlets “to take the necessary measures towards hosting Turkey-based users’ data in Turkey” without enforcement. With no clear enforcement mechanism for the data localisation requirement in the Turkish social media law, Turkey diverged from the Russian approach of forced data localisation in social media and approximated to the social media regulation approaches of other G20 member emerging markets such as South Africa and India. Yet another blow towards forced data localization came from the “Personal Data Protection Board” in September 2020, rendering the Convention No. 108 of the Council of Europe (to which Turkey is a signatory) on cross-border transfers of personal data not applicable for Turkey.

Quote for the day:

"Leadership is intangible, and therefore no weapon ever designed can replace it." -- Omar N. Bradley

No comments:

Post a Comment