Government must prove its plans to police encryption work, says ex-cyber security chief
Technology companies and cryptographers claim that the government’s demands are
simply not possible - the government is in effect, trying to argue against the
laws of mathematics. If the UK and US governments can read encrypted messages,
so potentially can criminals, or hostile nation states such as North Korea or
Russia. Extensively researched proposals to find a compromise, including
proposals by Ian Levy, technical director of the National Cyber Security Centre
to use “virtual crocodile clips” to listen in to encrypted communications, have
failed to convince sceptics, said Martin. Plans by Apple to introduce
“client-side scanning” technology to detect child abuse images before they are
encrypted provoked a backlash from the world’s top cryptographic experts and
internet pioneers and have now been suspended. An expert report identified over
15 ways in which states or malicious actors, and targeted abusers, could turn
the technology around to cause harm to others or society.
India: One Law To Rule Them All: On NFTs And India's Prospective Cryptocurrency Law
It is not the case that NFTs do not pose any risks. Like traditional art, which
has always had a money laundering problem. NFTs pose the same (or even
greater) money laundering risks. Greater risks, because the prices of NFTs are
determined in private, in one-to-one trade. Like with art or real estate, the
value attributed to a trade cannot be questioned and hence these assets can be
sold at any price and the balance be settled for cash. One of the things
that works in favour of NFTs though is that if they are on a public blockchain
such as Ethereum and the user uses a centralised platform to purchase them,
transactions are traceable. Other than the money laundering risks, NFTs neither
pose the same category of risks, nor the same degree of risks as
cryptocurrencies. NFTs are non-fungible and cannot be used as a medium of
exchange as opposed to several cryptocurrencies that can be. This alleviates
central bankers' concerns around monetary policy and control of cross-border
payments.
Design Pattern vs Anti Pattern in Microservices
An anti-pattern is a common response to a recurring problem that is usually
ineffective and risks being highly counterproductive.” Note the reference to “a
common response.” Anti-patterns are not occasional mistakes, they are common
ones, and are nearly always followed with good intentions ... Ambiguous
Service: An operation’s name can be too long, or a generic message’s name
can be vague. It’s possible to limit element length and restrict phrases in
certain instances. API Versioning: It’s possible to change an external
service request’s API version in code. Delays in data processing can lead to
resource problems later. Why do APIs need semantically consistent version
descriptions? It’s difficult to discover bad API names. The solution is simple
and can be improved in the future. Hard code points: Some services may have
hard-coded IP addresses and ports, causing similar concerns. Replace an IP
address, for example, by manually inserting files one by one. The current method
only recognizes hard-coded IP addresses without context. Bottleneck
services: A service with many users but only one flaw.
Designing Resilient Microservices — Part 1
The more interesting question is — What do you do when you detect a dependency
failure (partial or full). The obvious answer is to return an appropriate HTTP
or gRPC error code to your caller, but depending on your business logic/content,
you should explore a graceful degradation. For example, if your application is
enabling users to track the status of the order, and the exact location of the
delivery agent (which is served by a dependency) is unavailable, you could
choose to use extrapolation to compute an approximate location. This is further
subject to a timing threshold so that if the dependency recovers, we could pivot
back to providing the most recent/accurate response. Another solution often
suggested for handling of faults is retries. While the principle is simple, the
more critical question is how many times should I retry and how long should I
wait between retries. A misconfigured retry logic can actually take a service
under stress (in brownout) to a blackout. Consider, for example, a service that
has N callers and each of whom have M callers.
DeFi Lending: When Will It Threaten Traditional Lenders?
In our view, DeFi will be disruptive for financial-services companies even if
almost all applications currently relate to digital assets. Banks, insurance
companies and other traditional financial firms are considering the advantages
of DLT solutions and monitoring developments in the DeFi market. Ignoring this
trend might lead to a wake-up call in the future, although we think this is a
few years off, given that DeFi is still in its infancy. DeFi lending could
improve the liquidity of certain digital assets. Holders of better-established
digital assets can diversify their portfolios by pledging existing digital
assets for the purchase of other types. DeFi lending can, therefore, improve
liquidity within the overall digital-assets ecosystem. That said, it does not
come without risk. Given the typically collateralized nature of the
activities, we believe that volatility in the valuations of the digital assets
posted as collateral could translate into volatility in the valuations of the
digital assets acquired. The volume of activities remains relatively low, but
greater DeFi-lending volumes could ultimately lead to increased contagion
risks between digital assets.
The Evolution of Enterprise Architecture in an Increasingly Digital World
EA talent is hard to find. They must be comfortable with both business
strategy and with the digital technologies necessary to implement the
strategies. To better understand the key role played by EA teams in their
companies, McKinsey conducted a survey that received over 150 responses from a
variety of countries and industries. Respondents who described their companies
as “digital leaders” said that EA teams add value by following several best
practices, including: Engage top executives in key decisions. The most
effective EA teams invest their time in understanding their company’s business
needs. 60% of enterprise architects at companies considered digital leaders
said they interacted most with C-suite executives and strategy departments,
compared with just 24% of those in other companies. Digital transformations
are more likely to succeed when a company’s senior leaders understand the
impact of technology on the business “and commit their time to making
decisions that seem technical but ultimately influence the success or failure
of the company’s business aims.”
Turning up the scale knob on threat intelligence operations
The only way to harness the true potential of threat intelligence is to gain
maximum benefit by fully leveraging that intelligence to facilitate rapid
detection of and response to emerging threats. The need of the hour is
modern-day threat intelligence platform (TIP) capabilities that come
integrated within a comprehensive cyber fusion center that can drive the
entire threat intelligence lifecycle management from ingestion to actioning
and response in a fully automated way. Modern-day TIPs integrate frameworks
like MITRE ATT&CK Navigator that enable you to gain insights into
adversaries’ TTPs to identify trends across the kill chain and produce
contextualized intelligence. Such TIPs have made operationalization of
different types of threat intelligence—strategic, tactical, technical, and
operational—possible for security teams. As threat intelligence continues to
be the central theme in today’s cybersecurity programs, the need to scale
threat intelligence capabilities has become vital for business and operational
success.
Executive Q&A: The Value of Improved Data Management
There are three main challenges that enterprises face in achieving the maximum
benefit from their data. First, the compounding effect of continually adding
new data sources, and thus more data, dilutes the value of data under
analysis. Adding demographic data enriches the data set, which is like adding
electrolyte to tap water -- it is good and can be done easily. The challenge
we face today is that we also have many new sources for the transaction data
(e.g., from online purchases, business partners, and mobile apps). We suddenly
have data for every page visit, every click, and every location. This is like
upgrading a faucet to a fire hose in your kitchen. In theory you have access
to a lot of water, but how much of it will go wasted if you don't have the
right tool or technology to process it? Second, the increasing reliance on
data captured or purchased in the cloud raises questions about how to
rationalize on-premises data as part of an analytics strategy. For many
organizations, data generated on premises cannot leave the confines of its
firewall. This complicates the creation of a complete picture of the truth.
4 Ways Data Governance Can Improve Business Intelligence
Data is the lifeblood of all operational processes. Data is an asset that
needs to be managed so that it is highly accessible, easily usable and
reusable, and highly secure. Developing effective data governance can help
business owners streamline all operational processes and improve
decision-making, so any potential efficiency gaps are easily mitigated. When
properly implemented, it can reduce data inconsistencies to a minimum and
remove the risk of human error from the equation. According to Statista, the
US alone saw over 1000 data breach cases with over 150 million records exposed
to cybercriminals. Granted, this is lower than back in 2018 when 471 million
records got exposed, and these attacks seem to be decreasing lately, but the
overarching trend since 2005 is alarming. We also need to address the insight
provided by an Osterman Research study stating that companies typically move,
store, and archive 75% of their critical data and intellectual property within
their complex ecosystems of communication channels.
13 Areas Where NFTs Have Huge Potential!
Tokenization offers more transparency, and the transactions involved are easy to execute and, most importantly, cost-effective. The representation of intellectual property is also infringing on the patent system. IP-based NFTs are one way to deal with intellectual property. The IPwe platform allows the representation of patents by storing and sharing the NFTs on this platform. The forum is hosted by the IBM Cloud and is supported by the IBM Blockchain. Clients can also trade, buy, license, finance, sell, research, and market patents there. The patent marketplace is the first of its kind, and companies benefit from treating and showcasing their patents as digital assets for security or to secure the value of their business. The freely accessible registry is supported by IBM AI and will be further expanded in the coming months. The registry features current, active, and historical patent records that can be tokenized through NFTs.
Quote for the day:
"Supreme leaders determine where
generations are going and develop outstanding leaders they pass the baton
to." -- Anyaele Sam Chiyson
No comments:
Post a Comment