Daily Tech Digest - March 01, 2023

Intel Releases Quantum Software Development Kit Version 1.0 to Grow Developer Ecosystem

The SDK is a customizable and expandable platform providing greater flexibility when developing quantum applications. It also provides for users to compare compiler files, a standard feature in classical computing development, to discern how well an algorithm is optimized in the compiler. It allows users to see the source code and obtain lower levels of abstraction, gaining insight into how a system stores data. Additional features include: Code in familiar patterns - Intel has extended the industry-standard LLVM with quantum extensions and developed a quantum runtime environment that is modified for quantum computing, and the IQS provides a state-vector simulation of a universal quantum computer. Efficient execution of hybrid classical-quantum workflows - The compiler extensions allow developers to integrate results from quantum algorithms into their C++ project, opening the door to the feedback loops needed for hybrid quantum-classical algorithms like the quantum approximate optimization algorithm (QAOA) and quantum variational eigen-solver (VQE).

Day in the Life of a Chief Developer Experience Officer (CDXO)

According to Cauduro, the overarching goal is to put himself in the developer’s shoes—he constantly thinks about common developer workflows and considers how to create a seamless experience throughout the entire development life cycle. Next is spreading awareness throughout the company about DX principles and how to increase DX within their offerings. A CDXO will likely answer directly to executive leadership but might interface with many departments. A CDXO may direct teams to construct developer-specific tools, like libraries, documentation, SDKs and self-service environments. “DX is a mindset,” said Cauduro. “The whole company needs to be engaged in it.” “As with any C-level position, your job is on the one hand to make your team’s life easier in any way you can,” said Burazin. “And on the other to convey the developers’ issues or ideas to the company in hopes of nudging the company in the correct direction.”

ChatGPT vs GDPR – what AI chatbots mean for data privacy

As an open tool, the billions of data points ChatGPT is trained on are made accessible to malicious actors who could use this information to carry out any number of targeted attacks. One of the most concerning capabilities of ChatGPT is its potential to create realistic-sounding conversations for use in social engineering and phishing attacks, such as urging victims to click on malicious links, install malware, or give away sensitive information. The tool also opens up opportunities for more sophisticated impersonation attempts, in which the AI is instructed to imitate a victim’s colleague or family member in order to gain trust. Another attack vector might be to use machine learning to generate large volumes of automated, legitimate-looking messages to spam victims and steal personal and financial information. These kinds of attacks can be highly detrimental to businesses. For example, a payroll diversion Business Email Compromise (BEC) attack, composed of impersonation and social engineering tactics, can have huge financial, operational, and reputational consequences for an organisation 

‘Most web API flaws are missed by standard security tests’

APIs can become less of a liability by including security-focused team members during design, encouraging secure coding, conducting regular security tests, and monitoring programming calls for attacks and misuse. Securing web APIs requires a different approach to classic web application security, according to Ball. “Standard web application tests will result in false-negative findings for web APIs,” he explains. “Tools and techniques that are not calibrated specifically to web APIs will miss on nearly all of the common vulnerabilities.” A notable example is a vulnerability in the USPS Informed Visibility API, first reported by security researcher Brian Krebs. The web application was thoroughly tested one month before Krebs reported the data exposure. During testing, tools like Nessus and HP WebInspect were applied generically to the testing targets, and therefore a significant web API vulnerability went undetected. This undiscovered security flaw, in the USPS Informed Visibility API, allowed any authenticated user to obtain access to email addresses, usernames, package updates, mailing addresses, and phone numbers associated with 60 million customers.

Exploring biometrics within payments

It’s an obvious question but despite all the potential benefits of adopting biometric security, the technology still features several vulnerabilities and weak points. First, it cannot be relied upon for a fingerprint scanner or smartphone camera to be available at every transaction. While consumers can use biometric authorization on most mobile devices, desktops still make up a large portion of eCommerce sales. Additionally, companies will need to adopt hardware capable of reading and interpreting this data to accept biometric payments. The price of this hardware could be cost-prohibitive, depending on what is needed and how far a company wants to take contactless payments. Finally, we cannot forget the consumer factor. They are more anxious about their privacy and where personal data goes than ever before. Even if biometric scans do not actually save or store their biometric information, many consumers might still refuse to provide these identifiers.

Building resilience in a polycrisis world

Seeing and responding to risk differently first requires leaders to clearly pinpoint where plausible risks could materialize and do the most damage to key operations and services. This can be tricky if companies have traditionally approached risk in a siloed way. Company leaders should spend time with one another to work through what if? scenarios, with an eye toward highlighting where exactly in the business a problem or failure would be most catastrophic to customers. ... Now that the executives had their focus—the outcome of getting cash—they could begin looking at all the ways customers do so, including ATMs and the workers who service them, brick-and-mortar banks, and the tech and third parties that help with electronic transfer payments and build resilience across all functions, rather than focusing on individual mechanisms. Prioritization exercises also help leaders tease out false assumptions. Leaders at a UK housing management company had believed that collecting rents via the company’s app was the key to business continuity.

Field-Programmable Qubit Arrays: The Quantum Analog of FPGAs

FPQAs make quantum algorithms more resource-efficient by reducing qubit and gate overhead. The ability to quickly update the qubit layout and connectivity enables rapid testing, benchmarking and optimization of algorithms—in a way, delivering a customized computer for each calculation. One example of how FPQAs can be used to achieve better quantum computing performance is optimization. Many optimization problems can be described mathematically in terms of graphs. The nodes describe the variables in the optimization problem and the edges can represent various relationships between them. For instance, the nodes can describe the potential location of 5G towers, and edges describe pairs of towers that cannot be simultaneously operated without generating interference. In another, more abstract representation, each node can be a stock, and an edge between two nodes denotes that these stocks are correlated. These graphs can be mapped onto analog FPQAs by assigning each node to a qubit and setting the connectivity so that two qubits interact if the corresponding atoms have an edge.

CISA director urges tech industry to take responsibility for secure products

Accepting the continued use of unsafe technology products presents a greater risk to the nation than the Chinese spy balloon that was shot down off the coast of South Carolina and cannot be allowed to continue, Easterly said. “By design, we’ve normalized the fact that technology products are released to market with dozens, hundreds or thousands of defects — such poor construction would be unacceptable in any critical field,” she said during the address. The burden for cybersecurity has disproportionately been placed on consumers and small organizations who are least aware of the threats or able to protect themselves. Easterly said no one would be expected to go out and buy a car that lacked seat belts and air bags as standard features, and nobody should be expected to go out and pay additional money for secure technology products. Government can advance legislation to prevent technology companies from disclaiming liability by establishing higher standards of care, Easterly said.

Cybersecurity in wartime: how Ukraine's infosec community is coping

Defending organizations during an ongoing war put Cossack Labs' cybersecurity experts on an accelerated learning path, says Pilyankevich's colleague Anastasiia Voitova, head of customer solutions. "What I learned is that the priorities are very different from peacetime," she says. "The risks are different; the threats are very different. We have this real enemy. It's not textbook security. No. These are real issues, and we need to build real mitigation to these real issues." One could easily fall into the trap of creating systems that use the highest possible level of security, but Voitova believes this can be a mistake because a system that's too paranoid won't be usable. "This trade-off drama of how to balance security and usability, right now, can cost you even more because if you create a super secure system, but no one will use it, it will lead people to adopt insecure methods," she says. "And if insecure messages are intercepted, people might be injured." Such mistakes are more likely to occur as the war continues and users face prolonged stress and tiredness.

The CIO’s new C-suite mandate

Executives who used to stay in their own lane now find themselves needing closer alignment with one another to manage economic uncertainty, explosive growth, and digital and business transformations, and CIOs have become central figures as business strategists and changemakers. This new C-suite dynamic requires three big shifts to be successful, according to Dan Roberts, CEO of Ouellette & Associates Consulting. CIOs must change the narrative of their relationship with their counterparts, they must prepare their IT teams to deliver on the new narrative, and they must convince the C-suite to share the technology load. It’s a tall order for sure. “I would say just 10% to 15% [of C-suite relationships] are healthy and thriving and are in the trenches together with shared ownership and accountability,” Roberts says. But those CIOs who can look across the enterprise and find new ways to drive revenue or better orchestrate the customer experience and then can communicate and sell their vision to their C-suite counterparts are at the high end of the maturity curve, he adds.

Quote for the day:

"We get our power from the people we lead, not from our stars and our bars." -- J. Stanford

No comments:

Post a Comment