Daily Tech Digest: logistics

Showing posts with label logistics. Show all posts

September 08, 2016

John McAfee’s company could spoil the party for Intel’s new venture

John McAfee states in the filing that he entered in 1991 into an agreement with McAfee Associates to transfer certain assets to it in exchange of stock and a promissory note, but at no point did he “assign the rights to his personal name, via assignment of trademark or otherwise, or agree to restrict his right to do business using his own name.” At the time of the agreement, John McAfee had not filed for or registered the trademark to “John McAfee” or “McAfee” or any other variation of the name, according to the filing. ... But none refer to John McAfee, who claims that Intel "never consulted, requested or otherwise obtained the permission of McAfee to use his last name as part of Defendants’ Marks on its products," according to the filing.

The Next Successful Hack May Be Your Fault

By a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context. Expecting from the users error-free decision making under these circumstances seems to be highly unrealistic, even if they are provided with effective awareness training. It's easy to become pessimistic about cybersecurity in the face of such behavior by advanced internet users who are well aware of the threat. Ordinary users, just because they are curious or easily distracted, appear to be the most vulnerable element in any computer system, and they are the one that cannot be fixed. As Benenson wrote, "human traits such as curiosity will remain exploitable forever, as humans cannot be patched against these exploits.

As strong as your weakest link: A look at application vulnerability

When it comes to patching and updating software vulnerabilities, operating systems and web browsers seem to get all the love. But in reality, vulnerabilities in those two types of software usually account for a minority of the publicly disclosed vulnerabilities published in the National Vulnerability Database (NVD), the U.S. government’s repository of standards-based vulnerability management data. Where are the rest of the vulnerabilities? The majority are in applications (i.e. software that doesn’t ship as part of operating systems or browsers), and unless you’re spending time protecting those too, your application layer could be a big chink in your IT armor. CIOs, CISOs and their security teams need to focus on assessing and patching known vulnerabilities in all business apps, or they could in fact be missing the bulk of the vulnerabilities that exist in their environments.

IoT for Logistics in India – One of the Largest Upcoming Domains

At the first level, the biggest contribution that IoT has is to monitor assets and focus on avoiding predictable delays. For instance a connected truck will throw up the information on the diminishing engine oil or an over exerted clutch in advance – averting either an accident or an unprecedented delay – thus enabling greater transit predictability. This connected asset will also enable organisations to achieve greater asset utilization. Fleet management can also extend to public services management tracking peak and lean times, to and fro destinations, optimizing the number of vehicles available basis the traffic flow, optimizing the available routes to minimize on road time, minimize fuel consumption, thus impacting better bottom lines.

Encrypting the Internet of Things

"We're talking about some very constrained devices, 8-bit processors [with] little memory, low speed, low power," says cryptographer and IT security author Bruce Schneier. He sees the lightweight cryptography project as important because "a lot of the algorithms we have just aren't suitable for these constrained environments. ... We want good algorithms for constrained devices." NIST plans to create a portfolio of lightweight primitives through an open process, in which submitters describe physical, performance and security characteristics of these algorithms. NIST used a similar process to develop its portfolio of block cipher modes of operations. A block cipher mode is an algorithm that provides an information service, such as confidentiality or authentication.

Half of network management systems vulnerable to injection attacks

Getting access to a network management system gives an attacker a current map of the company's environment, without risking detection by running their own scans. To take advantage of one of these vulnerabilities, an attacker could physically enter an organization's facility and connect a small device, such as a Raspberri Pi, to the network. Or an attacker who already has access to a networked device through some other kind of attack could use this vulnerability to escalate their privileges, Heiland said. The products were Spiceworks Desktop, Ipswitch WhatsUp Gold, Castle Rock SNMPc, ManageEngine OpUtils, CloudView NMS, Opmantek NMIS, Opsview Monitor, Netikus EventSentry, and Opmantek NMIS. All nine vendors have been notified and have released patches to their products, said Heiland.

New tech can help catch spearphishing attacks

"We look at the IP address of the sending domain, the age of the domain, the DNS servers that are being used, all those elements," he said. The average cost of a spear phishing attack is $1.6 million, according to a survey released earlier this year by security firm Cloudmark and research firm Vanson Bourne, and 73 percent of respondents said that spearphishing was a significant threat. Over the past 12 months, 27 percent of organizations received a targeted spearphishing attack, according to a report released today by Osterman Research. And 11 percent of organizations were successfully tricked. "That's a little sobering," said Tim Helming, director of product management at DomainTools, the company that sponsored the research.

Smart Wearables Hold Productivity Potential In Enterprises

Specifically, enterprises such as manufacturing and science labs are starting to use smart eyewear in limited settings, said Jitesh Ubrani, a senior research analyst for IDC, and the coauthor of the Sept. 6 report. Ubrani told InformationWeek that IT is still trying to find where these types of devices fit within the larger enterprise. "Right now we're in the very early stages of how this benefits [enterprises]," Ubrani said in a phone interview. "We're talking about very small pilot programs and not mass deployments, at least not yet. If businesses are not in pilots this year, they may be considering them for next year." In addition to the few pilot programs, the number of offerings for enterprise-ready equipment is slim.

Quote for the day:

"Leaders should use sweet and soft words in case they need to eat those words sometime in the future." -- @GPackwood

August 02, 2016

Accenture, Endgame team up to become the Van Helsing of cybersecurity

The digital era has brought with it a number of new tools and technologies. Things like IoT, the cloud, mobility, DevOps and software-defined networks (SDN) were futuristic things a decade ago but are now the norm. While those technologies have enabled businesses to become agile organizations, they also increased the number of attack points to the level where security teams can no longer keep up. The good guys need to protect an increasingly larger number of entry points, while the bad guys simply need to find a single way in. Once the network has been breached, the threat spreads laterally, information is gathered and data is eventually exfiltrated.

5 Ways to Manage an Outsourced Team on a Startup Budget

Getting everyone to work together on a project can become a costly nightmare due to time zones, work habits and deadlines. Rather than resort to spending fees on a massive project management platform that you really do not need, you can work with companies like Wrike, which offers various products to serve your size and budget but offers functionality to get projects done and enhance the collaborative experience in the process. Everything is located in a central hub for my entire team, including files, due dates, tasks and messages about every project that I'm working on. Best thing about them is I can individually track each individual on my team.

Latham on Systems Thinking

John Latham combines experience and research to create flexible frameworks that facilitate the process of reimagining, redesigning, and transforming organizations. Some of the frameworks such as the Design Framework for Organization Architects™ emerged from practice and later tested and refined. Others emerged from research and further developed in practice such as the CEO research that led to the Leadership Framework for Organization Architects™. These two award-winning, peer-reviewed frameworks form the foundation of the Organization Design Studio™ was founded to provide a virtual space for organization architects to learn how to (re)create the organization they really want!

Ready for a hack

Greg Spencer, principal consulting partner from IT consulting firm Beyond Technology, says the cyber threats facing Australian businesses have materially changed over the last 24 months. “Whereas organisations have traditionally taken solace from the understanding that they are not a target, the emergence of the hacker industry has taken this distinction away,” he says. “All organisations are susceptible to ransom attacks, and more and more seemingly harmless mid-tier firms are the focus of deliberate and targeted electronic intrusions seeking to either gain financially from their information or undertake data kidnap and ransoms.” Often hackers are not necessarily seeking information about their immediate target, but about one of their clients.

This Time, Miller & Valasek Hack The Jeep At Speed

Miller and Valasek reverse-engineered the electronic control unit (ECU) firmware, which communicates via the unsecured CAN bus in short messages. In a nutshell, they tricked the Jeep’s controls by impersonating messages. They basically took the ECU offline and impersonated real traffic to force it to follow their instructions, whether it was to accelerate, or turn the steering wheel 90 degrees. Unlike last year’s hack that the two conducted from Miller’s living room while Wired journalist Andy Greenberg drove the Jeep, this time they physically plugged into the diagnostic port of the vehicle to send their phony CAN messages, mainly for expediency reasons. “Last year, we showed you can remotely send CAN messages.

Economics Behind Ransomware as a Service: A Look at Stampado’s Pricing Model

The law of supply and demand also applies to the ransomware business model. In the course of monitoring the various underground markets over time, we noticed a fluctuation in ransomware prices. In 2012, ransomware services in the Russian cybercriminal underground only cost US$10–20. This included a Windows blocker or a piece of malware “that paralyzed a system’s OS.” This didn’t allow the criminals to hold data for ransom though. In addition, ransomware then weren’t as in demand then compared to now, which could explain why they were sold more cheaply. As more users and even organizations succumbed to paying the ransom just to get access to their files and systems back, it was natural for cybercriminals to hike the threat’s price up.

DevOps: The (Absolutely Critical) Cloud Enabler

One of the most fundamental problems that’s part and parcel of a move to reliance on the cloud is that IT orgs want every scrum team to have its own environment, complemented by an individual database instance. Eventually, that leads to creating a distinct database instance for every single developer. You probably can see where this is headed. I’ve used this comparison time and time again, but cloud and database instances become like the wire hangers in your closet you accumulate every time you pick up clothes from the dry cleaner. They multiply over time and, all of a sudden, you seemingly have a million on your hands, with no idea where they came from and no good way to get rid of them. To compound things, once the proliferation begins, it’s hard to stop.

How the Internet of Things (IoT) Will Impact the Logistics Industry

It’s now a given that a parcel can be tracked every step of its journey, from the moment it’s shipped to when it’s finally delivered into the hands of the consumer. But in most cases, it’s still a matter of barcodes being scanned – usually by humans – as the item goes through various distribution points. With the IoT, an RFID tag is placed on the parcel or pallet and the truck or van acts as the ‘reader’, eliminating the need for humans to do anything more than load the vehicle. The delivery vehicle will then connect to the cloud and transmit the RFID-derived information and its location. And it won’t just be the vehicle’s position – temperature data will be available in real-time as well, except in very remote areas.

CIA Cyber Official Sees Data Flood as Both Godsend and Danger

Today “people are putting all their thoughts, their conversations, their movements, their ideas into this digital stream," Roche said July 30 on the sidelines of the annual Aspen Security Forum in Colorado. A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology. Roche wouldn’t comment on recent hacking incidents, including breaches of the Democratic National Committee’s system and a data analytics program used by presidential nominee Hillary Clinton’s campaign, attacks that technology experts attribute to Russia. But he said that Russia, China, Iran and North Korea top the list of nations posing cybersecurity threats to the U.S. government and its contractors.

IoT and liability: Who pays when things go wrong?

As one might expect, when monetary values can be assigned to liability claims, the blame game get serious. "The question becomes who is ultimately responsible for the interactions of the product," asks Amodio. "And more importantly to the people in the cybersecurity field, who is responsible if a hacker breaches the security to the device and causes damages in the real world?" ... "Manufacturers of IoT devices, IoT network providers, and IoT software developers need to be aware users may bring claims against one or all of them following a device malfunction or security breach," mentions the post. "It is not clear if the aggrieved IoT user will be required to prove they have suffered damage as a result of an IoT player's actions or if the courts and lawmakers will adopt a 'strict liability' approach."