Daily Tech Digest - December 11, 2021

Why a Little-Known Blockchain-Based Identity Project in Ethiopia Should Concern Us All

We have countless examples of the dangers of national ID schemes in general, including from Kenya, Uganda, Pakistan, India and elsewhere. But while national ID schemes can be highly problematic, building them on blockchain could be catastrophic. Putting aside the very obvious logistical hurdles, including very low internet penetration rates in Ethiopia (that are significantly lower in more rural regions) and the displacement of children from schools due to ongoing conflict and humanitarian challenges, there are much deeper problems with Hoskinson’s plans. Blockchain is fundamentally an accounting technology designed to track and trace digital assets through an immutable ledger of transactions. Blockchain-based ID schemes similarly treat identity as a transactional, mathematical problem. The more transactions, the more profitable for the network. There are also serious privacy and data protection concerns with the logging of all this metadata. While proponents of blockchain-based ID claim that concerns are unfounded if the system is designed correctly and identity documents are kept off ledger, the dangers of metadata in this context are well-documented.

Everyone is burned out. That's becoming a security nightmare

In many organisations, it's cybersecurity staff who are there to counter activity that could make the network vulnerable to cyberattacks – but according to the paper, cybersecurity professionals are more burned out than other workers. The research suggests that 84% of security professionals are feeling burned out, compared with 80% of other workers. And when cybersecurity employees are burned out, they're more than likely to describe themselves as "completely checked out" and "doing the bare minimum at work" – something that one in 10 cybersecurity professionals described as their state of mind compared with one in 20 of other employees. That attitude could easily result in security threats being missed or flaws not being fixed in time, something that could put the whole company at risk from cyber incidents. "Pandemic-fueled burnout – and resultant workplace apathy and distraction – has emerged as the next significant security risk," said Jeff Shiner, chief executive officer at 1Password. "It's particularly surprising to find that burned-out security leaders, charged with protecting businesses, are doing a far worse job of following security guidelines – and putting companies at risk".

How Can We Get​ Blockchains to Talk to Each Other?

Solving this problem is a booming area of research though, and last month Schulte and his colleagues presented a potential workaround at the IEEE International Conference on Blockchain Computing and Applications. Their approach relies on blockchain relays, which are essentially smart contracts running on one blockchain that can verify events on another blockchain. If a user wants to transfer an asset they first destroy, or “burn,” it on the source blockchain, which is typically done by sending the asset to a user address that doesn’t exist. This transaction also includes details of the asset and which blockchain and user they want to send it to. Third parties monitor the source blockchain for these burn transactions and then send them to the relay for a small reward, which verifies the burn transaction and recreates the asset on the new blockchain. The challenge, says Schulte, is that these verification processes invoke transaction fees that can quickly make the approach impractical. So they created a verification on-demand system where the relay assumes transactions are valid unless they are disputed. 

DeFi architect Andre Cronje said it’s time to give up on the inaccurate term “decentralized finance”

“We aren’t decentralized, the old guard will keep trying to use it as their “attack” vector,” he added in a disheartening tone, as he proposed a couple of alternative coined terms. According to Cronje, “open finance” or “web3 finance” present some better-suited options that would describe the sector more accurately. Cronje’s unreserved commentary is tough to challenge–thanks to his vast experience and track record. After launching Yearn in 2020, Andre made a move that granted him a somewhat legendary status in the crypto community–he chose to distribute all YFI tokens amongst liquidity providers, without withholding any for himself, or the Yearn development fund. Some of Cronje’s recent projects include the decentralized stablecoin exchange protocol Fixed Forex, and Keep3r Network, which facilitates the interaction between those looking for external developers and job executors–known as Keepers. He was also involved in developing Fantom–a highly scalable Layer 1 blockchain.

DevOps Teams Struggling to Keep Secrets

From Carson’s perspective, secrets management is the ability to move away from hardcoded passwords or static keys to just-in-time privileges or one-time-use passwords so even when comprised they cannot be used. “Many privileged access management solutions that protected privileged access for years have extended functionality to developers to help move the value into DevOps so they can manage credentials for applications, databases, CI/CD tools and services without causing friction in the development process,” he said. Approaches like privileged access security helps enable API-as-a-service and provides instant availability of secrets, SSH keys, certificates, API keys and tokens. Bambenek added the problem isn’t choosing a secrets management process or tool, but rather that they aren’t in place at all. “Pick something that will keep keys and secrets out of public cloud repositories that developers will use that allows for quick and easy rotation of keys as the need arises,” he said. 

DeepMind debuts massive language A.I. that approaches human-level reading comprehension

DeepMind’s language model, which it calls Gopher, was significantly more accurate than these existing ultra-large language models on many tasks, particularly answering questions about specialized subjects like science and the humanities, and equal or nearly equal to them in others, such as logical reasoning and mathematics, according to the data DeepMind published. This was the case despite the fact that Gopher is smaller than some ultra-large language software. Gopher has some 280 billion different parameters, or variables that it can tune. That makes it larger than OpenAI’s GPT-3, which has 175 billion. But it is smaller than a system that Microsoft and Nivida collaborated on earlier this year, called Megatron, that has 535 billion, as well as ones constructed by Google, with 1.6 trillion parameters, and Alibaba, with 10 trillion. Ultra-large language models have big implications for business: they have already lead to more fluent chatbots and digital assistants, more accurate translation software, better search engines, and programs that can summarize complex documents.

Dangerous “Log4j” security vulnerability affects everything from Apple to Minecraft

This vulnerability was discovered by Chen Zhaojun of the Alibaba Cloud Security Team. Any service that logs user-controlled strings was vulnerable to the exploit. The logging of user-controlled strings is a common practice by system administrators in order to spot potential platform abuse, though those strings should then be “sanitized” — the process of cleaning user input to ensure that there is nothing harmful to the software being submitted. The exploit has been dubbed “Log4Shell”, as it’s an unauthenticated RCE vulnerability that allows for total system takeover. There’s already a proof-of-concept exploit online, and it’s ridiculously easy to demonstrate that it works through the use of DNS logging software. If you remember the Heartbleed vulnerability from a number of years ago, Log4Shell definitely gives it a run for its money when it comes to severity. “Similarly to other high-profile vulnerabilities such as Heartbleed and Shellshock, we believe there will be an increasing number of vulnerable products discovered in the weeks to come,” the Randori Attack Team said in their blog today.

It’s time for tech to embrace security by design

Basic cybersecurity hygiene is the key to protecting your devices against the most common types of malware, but we also need security built into technology to prevent these sophisticated cyberattacks. The Secret Service is certainly best known for protecting the president. But its other primary mission is to safeguard the nation’s financial infrastructure and payment systems to preserve the integrity of the economy from a wide range of financial and electronic crimes, including U.S. counterfeit currency, bank and financial institution fraud, illicit financing operations, identity theft, access device fraud and cybercrimes. With the prevalence of mobile devices in today’s world, that means that, as the Department of Homeland Security (DHS) recommends, “users should avoid — and enterprises should prohibit on their devices — sideloading of apps and the use of unauthorized app stores.” The pandemic has been a boon to cybercriminals, taking “advantage of an opportunity to profit from our dependence on technology to go on an internet crime spree,” said Paul Abbate, deputy director of the Federal Bureau of Investigation.

Simulating matter on the quantum scale with AI

Although DFT proves a mapping exists, for more than 50 years the exact nature of this mapping between electron density and interaction energy — the so-called density functional — has remained unknown and has to be approximated. Despite the fact that DFT intrinsically involves a level of approximation, it is the only practical method to study how and why matter behaves in a certain way at the microscopic level and has therefore become one of the most widely used techniques in all of science. Over the years, researchers have proposed many approximations to the exact functional with varying levels of accuracy. Despite their popularity, all of these approximations suffer from systematic errors because they fail to capture certain crucial mathematical properties of the exact functional. By expressing the functional as a neural network and incorporating these exact properties into the training data, we learn functionals free from important systematic errors — resulting in a better description of a broad class of chemical reactions.

A Paradigm Shift in App Delivery

As the shift to cloud accelerates, organizations are also looking for ways to reduce risk as they deliver apps over the cloud. “I think recently the pandemic has made every digital business an experience-delivery company,” Gupta said. “If you talked about transition to cloud and SaaS a few years back, everybody was going towards it. But the question now is how fast I can go, and how confidently while reducing the risk I can achieve with a hyper transition to the cloud and it’s [creation of] a lot of new opportunities and challenges.” Another main reason organizations are making the shift to cloud-based deployments is to benefit from “auto-scaling,” Gupta said. “But the challenge with auto-scaling is that you have to do a lot of guesswork about CPU and memory… and if your intent or requirements change, you must go back to square one and repeat that cycle multiple times,” Gupta said. This is among the reasons why organizations are increasingly rethinking their application-delivery approaches. “This is the time to look at your application-delivery infrastructure and to take a new radical approach to build a new application delivery and security infrastructure,” Gupta said.

Quote for the day:

"It is time for a new generation of leadership to cope with new problems and new opportunities for there is a new world to be won." -- John E Kennedy

No comments:

Post a Comment