Heartbleed bug denial by NSA and White House
"[The] NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report," NSA spokeswoman Vanee Vines said in an email, adding that "reports that say otherwise are wrong." A White House official also denied the US government was aware of the bug. "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House national security spokeswoman Caitlin Hayden said in a statement.
Tech Bytes: IT Governance For Small Businesses - Constraints
There is a perception that IT Governance best suits for large organizations and small organizations tend to ignore it considering the efforts and resources that is required in practicing the IT Governance within. But IT Governance is equally important for smaller organizations as well, so that the IT function however small it is deliver maximum value for the business and at the same time to keep the risk exposure to the minimum. Existing frameworks like COBIT are too extensive for small businesses to use in implementing IT governance. These frameworks however are too complex and costly to implement and small businesses may consider it a bigger battle to implement and manage such framework.
Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
Chrome 34 also debuted a tweaked version for Windows 8.1's "Modern," née "Metro" mode, responding to critics who had blasted Google for adopting a non-standard scrollbar they said made it harder for them to navigate pages. Those grievances had focused on two: Chrome's scrollbars were significantly thinner, and Google dumped the scroll arrows, also called "steppers," within the scrollbar. Google quickly recanted the stripping of steppers, and just days after the new Metro-mode user interface (UI) appeared, said it would restore them in Chrome 34. The company made good on that promise this week.
Aereo Founder: If We Lose, 'We Have No Plan B'
Chaitanya “Chet” Kanojia is defiant. Losing isn’t even on his radar. He has no Plan B. Maybe he’s in denial, or maybe he’s just that unflinchingly confident. Either way, the serial entrepreneur is dead-set on expanding his controversial Aereo streaming TV service into 50 new coverage areas, even as he braces for a Supreme Court showdown later this month against the major broadcasters who claim the disruptive startup is illegally ripping off their copyrighted content. It’s almost as if he’s acting like it’s not happening, even announcing yesterday that Aereo subscribers, who can already watch and record live broadcast television on their smartphones, tablets, computers, and smart TVs thanks to him, will also be able to do so via Google Chromecast starting on May 29.
The Data Analytics Handbook
“Data Analytics Handbook” is a new resource meant to inform young professionals about the field of data science. Written by a group of students at UC Berkeley: Brian Liou, Tristan Tao, and Elizabeth Lin, Edition One of the book includes in-depth interviews with Data Scientists & Data Analysts at: Facebook, LinkedIn, Yelp, BigML, Cloudera, and many more. Edition Two includes interviews with CEOs and Managers from Y-Hat, BigML, Cloudera, Mode Analytics, Flurry, and many more. This compelling resource answers common questions such as: What exactly do the sexy “Data Scientists” do? We start with this simple question. What other professions are there in Big Data?
Australia depending on vulnerable 'cyber' environment: DSTO
"The program will support the monitoring, management and protection of Australia's cyber enabled enterprise." it said. "It will focus on aiding, enhancing and future-proofing the Australian Cyber Security Centre (ACSC) capability; advanced tools and techniques particularly for ACSC transition of technology and processes to national networks; and establishing national S&T workforce and skills that are relevant and responsive to operational cyber security needs." The new policy is expected to incorporate much of 2009's National Security Science and Innovation Strategy, but provide a greater focus on online security, stronger defence, improvement of foreign affairs and countering terrorism and organised crime.
Tests Confirm Heartbleed Bug Can Expose Server's Private Key
Security experts thought it might be possible that the private key could be divulged by exploiting the Heartbleed flaw, which may have affected two-thirds of the Internet and set off a mad scramble to apply a patch that fixes it. "This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability," wrote Nick Sullivan of CloudFlare on the company's blog. By obtaining the private key for an SSL/TLS certificate, an attacker could set up a fake website that passes the security verification.
Agile is not Dead, it's Morphing
There is a requirement to articulate the enterprise requirements for agility as a reference architecture for business agility. In today’s fast moving world core architecture for the business, services, implementations, technology and deployments needs to be: under continuous development using Agile principles; derived from the assessment of business needs for response to change, and constantly updated to reflect competitive and technology opportunities and threats; mapped to service architectures, patterns, policies and modernization strategies; and modeled using MDA/MDD to allow delivery as consistent architecture runways for portfolio and demand management, programs and projects.
Cloud security challenges go all the way to the board
So how should businesses go about security risk management when considering cloud service providers? Those considering the cloud can be confronted by providers that only offer opaque visibility into how they manage security and data. But isn't that scenario also true when assessing a provider of closed-source software or an outsourcer that offers assurances based on service level agreements? The customer needs to build a framework to assess a provider and compare them with rivals but not overburden the provider with assurance requirements.
Employers more likely to take on young people with work experience
The survey revealed that almost half (49%) of employers would consider creating new roles for young people who impressed them during work experience placements. Skills and enterprise minister Matthew Hancock said: “Creating more opportunities for young people to gain experience and confidence is crucial if we want to help them secure employment. Traineeships could be the difference which gives these young people their first break, unlocking their potential and giving them the work experience employers are looking for.
Quote for the day:
"There are risks and costs to action. But they are far less than the long range risks of comfortable inaction." -- John Fitzgerald Kennedy
"[The] NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report," NSA spokeswoman Vanee Vines said in an email, adding that "reports that say otherwise are wrong." A White House official also denied the US government was aware of the bug. "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House national security spokeswoman Caitlin Hayden said in a statement.
Tech Bytes: IT Governance For Small Businesses - Constraints
There is a perception that IT Governance best suits for large organizations and small organizations tend to ignore it considering the efforts and resources that is required in practicing the IT Governance within. But IT Governance is equally important for smaller organizations as well, so that the IT function however small it is deliver maximum value for the business and at the same time to keep the risk exposure to the minimum. Existing frameworks like COBIT are too extensive for small businesses to use in implementing IT governance. These frameworks however are too complex and costly to implement and small businesses may consider it a bigger battle to implement and manage such framework.
Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
Chrome 34 also debuted a tweaked version for Windows 8.1's "Modern," née "Metro" mode, responding to critics who had blasted Google for adopting a non-standard scrollbar they said made it harder for them to navigate pages. Those grievances had focused on two: Chrome's scrollbars were significantly thinner, and Google dumped the scroll arrows, also called "steppers," within the scrollbar. Google quickly recanted the stripping of steppers, and just days after the new Metro-mode user interface (UI) appeared, said it would restore them in Chrome 34. The company made good on that promise this week.
Aereo Founder: If We Lose, 'We Have No Plan B'
Chaitanya “Chet” Kanojia is defiant. Losing isn’t even on his radar. He has no Plan B. Maybe he’s in denial, or maybe he’s just that unflinchingly confident. Either way, the serial entrepreneur is dead-set on expanding his controversial Aereo streaming TV service into 50 new coverage areas, even as he braces for a Supreme Court showdown later this month against the major broadcasters who claim the disruptive startup is illegally ripping off their copyrighted content. It’s almost as if he’s acting like it’s not happening, even announcing yesterday that Aereo subscribers, who can already watch and record live broadcast television on their smartphones, tablets, computers, and smart TVs thanks to him, will also be able to do so via Google Chromecast starting on May 29.
The Data Analytics Handbook
“Data Analytics Handbook” is a new resource meant to inform young professionals about the field of data science. Written by a group of students at UC Berkeley: Brian Liou, Tristan Tao, and Elizabeth Lin, Edition One of the book includes in-depth interviews with Data Scientists & Data Analysts at: Facebook, LinkedIn, Yelp, BigML, Cloudera, and many more. Edition Two includes interviews with CEOs and Managers from Y-Hat, BigML, Cloudera, Mode Analytics, Flurry, and many more. This compelling resource answers common questions such as: What exactly do the sexy “Data Scientists” do? We start with this simple question. What other professions are there in Big Data?
Australia depending on vulnerable 'cyber' environment: DSTO
"The program will support the monitoring, management and protection of Australia's cyber enabled enterprise." it said. "It will focus on aiding, enhancing and future-proofing the Australian Cyber Security Centre (ACSC) capability; advanced tools and techniques particularly for ACSC transition of technology and processes to national networks; and establishing national S&T workforce and skills that are relevant and responsive to operational cyber security needs." The new policy is expected to incorporate much of 2009's National Security Science and Innovation Strategy, but provide a greater focus on online security, stronger defence, improvement of foreign affairs and countering terrorism and organised crime.
Tests Confirm Heartbleed Bug Can Expose Server's Private Key
Security experts thought it might be possible that the private key could be divulged by exploiting the Heartbleed flaw, which may have affected two-thirds of the Internet and set off a mad scramble to apply a patch that fixes it. "This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability," wrote Nick Sullivan of CloudFlare on the company's blog. By obtaining the private key for an SSL/TLS certificate, an attacker could set up a fake website that passes the security verification.
Agile is not Dead, it's Morphing
There is a requirement to articulate the enterprise requirements for agility as a reference architecture for business agility. In today’s fast moving world core architecture for the business, services, implementations, technology and deployments needs to be: under continuous development using Agile principles; derived from the assessment of business needs for response to change, and constantly updated to reflect competitive and technology opportunities and threats; mapped to service architectures, patterns, policies and modernization strategies; and modeled using MDA/MDD to allow delivery as consistent architecture runways for portfolio and demand management, programs and projects.
Cloud security challenges go all the way to the board
So how should businesses go about security risk management when considering cloud service providers? Those considering the cloud can be confronted by providers that only offer opaque visibility into how they manage security and data. But isn't that scenario also true when assessing a provider of closed-source software or an outsourcer that offers assurances based on service level agreements? The customer needs to build a framework to assess a provider and compare them with rivals but not overburden the provider with assurance requirements.
Employers more likely to take on young people with work experience
The survey revealed that almost half (49%) of employers would consider creating new roles for young people who impressed them during work experience placements. Skills and enterprise minister Matthew Hancock said: “Creating more opportunities for young people to gain experience and confidence is crucial if we want to help them secure employment. Traineeships could be the difference which gives these young people their first break, unlocking their potential and giving them the work experience employers are looking for.
Quote for the day:
"There are risks and costs to action. But they are far less than the long range risks of comfortable inaction." -- John Fitzgerald Kennedy
