Daily Tech Digest - May 02, 2023

Is misinformation the newest malware?

"When we were thinking about the risks of Twitter being targeted by, let's say, the Russian government, we always had to recognize that there would be attempts to get into Twitter's systems and target the company and exfiltrate user data," Roth said. "There would be attempts to influence the conversations happening on the platforms, and there would be attempts to compromise the accounts of Twitter's users. There were multiple layers to each of these things. And Twitter as a company had a role to play in addressing that conduct across each one of those levels.” Roth pointed to the "great Twitter hack of 2020," when financially motivated people in their twenties compromised a Twitter employee's account to promote a crypto scam on high-profile accounts. This incident is an example of what he called the "illusory distinction" between malware and misinformation. "This was targeting Twitter's employees to gain access to Twitter's backend systems in order to carry out malicious activity propagated across the social network. You cannot think of these problems in isolation," Roth said.

Just Who Exactly Should Take Responsibility for Application Security?

We talk a great deal about shifting left and putting it on individuals. But if developers’ goals and incentives don’t include security, they won’t do it. Humans act in their own interests and unless their interests are made to be something different, they’re going to behave how they want to behave. If a company wants to secure code, it’s on them to put in place the standards, enforce the standards, and actually care and invest. Companies that don’t do those things will never be secure and are basically just setting up people to fail. Companies have to get their priorities right and invest in the tools and training that empowers developers to perform robust security. …But they do need to be engaged There are things that development managers can do to introduce more security in a reasonable way that doesn’t cost a ton of extra time and money. Importantly, they can lead by encouraging developers to take reasonable steps that will help. For instance, when introducing a new library, don’t introduce anything that’s got a known vulnerability, kind of a “do no harm” approach.

Why We Should Establish Guardrails For Artificial General Intelligence Now

Weizenbaum’s fears show that ethical concerns over computers’ capabilities are nothing new. As we enter the exciting age of AGI-led possibilities, perhaps we should take lessons from what happened with social media platforms. When applications like MySpace, Facebook and the like first launched, they were touted as a means to bring people together and enable self-expression through personal posts and photo sharing. The platforms’ intent was to connect people in a convenient, friendly way. What the platforms’ founders didn’t envision is that one day, these networks would bombard members with annoying advertisements that creepily follow them around. They didn’t worry that they were asking members to give their most personal details to large corporations or possibly even governments (e.g., TikTok). They didn’t expect that disinformation would interfere in elections or that children would be bullied or view harmful content. As a result, the operations of these social platforms are now under question and they might face government regulation if they can’t gain control over content and data privacy.

Your decommissioned routers could be a security disaster

Often, they included network locations and some revealed cloud applications hosted in specific remote data centers, “complete with which ports or controlled-access mechanisms were used to access them, and from which source networks.” Additionally, they found firewall rules used to block or allow certain access from certain networks. Often specifics about the times of day they could be accessed were available as well. “With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens,” according to the white paper. The routers—four Cisco ASA 5500 Series, three Fortinet Fortigate Series, and 11 Juniper Networks SRX Series Service Gateways—were all bought legally through used-equipment vendors, according to the paper. “No procedures or tools of a primarily forensic or data-recovery nature were ever employed, nor were any techniques that required opening the routers’ cases,” yet the researchers said they were able to recover data that would be “a treasure trove for a potential adversary—for both technical and social-engineering attacks.”

5 surefire ways to derail a digital transformation (without knowing it)

Digital transformations can start with one initiative, defined goals, and a dedicated team. But CIOs are under pressure to accelerate and find digital transformation force multipliers. That means growing the number of leaders and teams that can plan innovations and deliver transformative impacts. “Innovation does not happen in isolation: It occurs when organizations encourage and nurture it, often with processes to enable nontraditional ways of thinking, working, and the space to try out ideas in a safe environment,” says Hasmukh Ranjan, CIO of AMD. Here’s how I spot derailments: Ask initiative leaders to share access to their roadmaps, agile backlogs, collaboration tools, stakeholder communications, and internal documentation. ... Subject matter experts and internal stakeholders should be contributors to priorities and requirements, not decision-makers or backlog dictators. Digital transformations derail when CIOs miss the opportunity to establish and communicate product management responsibilities for creating and evolving market- and customer-driven roadmaps.

IS Audit in Practice: Advantages of Technology in Achieving Diversity

The benefits of diversity have long been sought after by schools of management. Diverse styles produce a broad range of ideas and approaches, which can translate to a more cohesive work environment and create a competitive edge that impacts the bottom line. Diverse work teams with inclusive mindsets can bridge gaps in understanding that help avoid rework. The classic example is strong collaboration between IT and the business, where post-development user acceptance testing (UAT) produces a go-live outcome that satisfies users. Diverse teams also make it easier to reach a wider audience by creating products and services that are broadly appealing. Technology helps make these products and services more ubiquitous. If diversity can bring such advantages, why is it so hard to achieve? The terms "unconscious bias," "the boys’ club," "cliques" and "the inner circle" suggest that work and social groups form around what is familiar. ... Breaking away from the known and comfortable to include new approaches and different individuals can feel risky, as any change does for those accustomed to operating within established boundaries.

The role of AI as an everyday life assistant

One of the concerns the book raises is how businesses experienced in selling to humans will respond. There is no reason to assume the machine will remain in the domain of low-value purchasing, leaving businesses free to focus their efforts on high-value human customers. “Doubling down on the human market and perceived higher-value human customer service capabilities, the losers will find their cost of sale gradually increasing even as their revenue and total addressable market appears to shrink,” warn Raskino and co-author Don Scheibenreif. Society may not yet be ready for the machine customer, but the idea is finding its way into people’s lives by automating boring or repetitive tasks. In the book, Raskino and Scheibenreif discuss the May 2018 demonstration by Google CEO Sundar Pichai of an AI assistant called Duplex. The AI was so convincing that it was able to book an appointment at a hair salon over the telephone, without the person on the other end of the line being aware that it was a machine making the appointment.

Data infrastructure: The picks and shovels of the AI gold rush

While AI models form the cornerstone of this recent progress, scaling AI requires a robust data foundation that trains models and serves them effectively. This process involves collecting and storing raw data, utilizing computational power to transform data and train models, and processing and ingesting data in real-time for inference. Ultimately, turning raw data into AI insights in production is complex and dependent on having strong data infrastructure. Data engineering teams will play a crucial role in enabling AI and must lean into an ever-improving set of tools to address rapidly growing volumes of data, larger models, and the need for real-time processing and movement of data. Data infrastructure has transformed over the past decade irrespective of AI, driven by the shift to the cloud and a greater focus on analytics. This transformation has created huge commercial successes with the likes of Snowflake, Databricks, Confluent, Elastic, MongoDB, and others. Today, we are in a moment in time where storage and compute limitations have largely been erased thanks to the cloud.

Why platform engineering?

While simple in concept, platform engineering isn’t trivial to execute because it requires a product development mindset. Platform engineers must develop a product that agile development teams want to consume, and developers must let go of their desires for DIY (do it yourself) devops approaches. One place to start is infrastructure and cloud provisioning, where IT can benefit significantly from standards, and developers are less likely to have application-specific architectural requirements. Donnie Berkholz, senior vice president of product management at Percona, says, “Platform engineering covers how teams can deliver the right kind of developer experience using automation and self-service, so developers can get to writing code and implementing applications rather than having to wait for infrastructure to be set up based on a ticket request.” Therein lies the customer pain point. If I am a developer or data scientist who wants to code, the last thing I want to do is open a ticket for computing resources. But IT and security leaders also want to avoid having developers customize the infrastructure’s configuration, which can be costly and create security vulnerabilities.

3 Ways To Manage Conflict In The Workplace

If you’re experiencing a conflict, you might spend some time digging into all the possible root causes of the conflict you’re currently dealing with that may be different from your initial perception. In writing down the possibilities or alternatives, you just might find that the conflict you thought you were struggling with isn’t what the conflict is actually about. This is an exercise to get to the heart of the matter, because we can’t solve for what we don’t even realize exists. ... Justification is often what keeps us stuck in conflict, according to conflict and collaboration consultant Cair Canfield. Conflict can keep us stuck if our egos want us to remain blameless, like we don’t have any part in the problem and so we don’t have to change. But it doesn’t really serve you, because you’ll keep doing the same thing in the same way, rather than be able to move forward productively. ... nstead of immediately shutting down an idea because you disagree with it, ask questions. You might ask, ‘What in your life has shaped your viewpoint?’ Being curious about why the other person sees things the way they do helps your brain to stay open to new information, while being defensive can make you less open minded.

Quote for the day:

"Blessed are the people whose leaders can look destiny in the eye without flinching but also without attempting to play God" -- Henry Kissinger

No comments:

Post a Comment