Daily Tech Digest - December 29, 2016

4 Information Security Threats That Will Dominate 2017

"The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations," Durbin says. "In 2017, we will see increased sophistication in the threat landscape with threats being tailored to their target's weak spots or threats mutating to take account of defenses that have been put in place. Cyberspace is the land of opportunity for hacktivists, terrorists and criminals motivated to wreak havoc, commit fraud, steal information or take down corporations and governments. The solution is to prepare for the unknown with an informed threat outlook. Better preparation will provide organizations of all sizes with the flexibility to withstand unexpected, high-impact security events."


People Re-engineering

Some experts don’t like talking about “Crisis Theory” when talking about the “challenges” that the software industry is increasingly facing in today’s harsh business environment. If we look further into the yield of the industry for the last 5 years as expressed by the Standish Group CHAOS Report 2015, we should at least pause. I’ve seen debates from some expert watchers about the methodology used in gathering data and deriving results to produce this report. However, I still don’t think that there is much disagreement on the significance of the report to a wide sector of watchers and practitioners as a source of data on performance in the industry. I personally find that piece of work very representative of what I see on the ground during my daily practice.


Big Data, Crystal Balls and Looking Glasses: Reviewing 2016, predicting 2017

Despite media darling success stories, for most organizations this is probably a bit too much to wrap their heads around at this point. This is understandable, as the pace of change outperforms their ability to digest and keep up with it. As for developers, on either side of the fence (vendor or application developers), both the challenges they are faced with and the stakes are higher. Of course, none of this is all that new. IDC has called this the 3rd platform, but names aside, we've seen it all before: many riding the wave and few actually getting it, the .com boom and bust, initial resistance giving way to unquestioning convert, more or less successful unification of disparate frameworks in application server environments for enterprises, skill shortage and rock star developers, the long tail for people and organizations alike.


Threat Actors Bring Ransomware To Industrial Sector With New Version of KillDisk

The new version of KillDisk encrypts the local hard drives of the machines it infects as well as any network-mapped folders shared across the organization, using RSA 1028 and AES algorithms, CyberX’s vice president of marketing Phil Neray said in a blog this week. The security firm’s reverse engineering of the malware sample showed it containing a pop-up message demanding a ransom payment of 222 Bitcoins or roughly $206,000 in return for the decryption key. Ransomware attacks on companies in the industrial sector could cause significantly bigger problems than similar attacks on companies in other sectors. For example, an attack that succeeded in locking up the operational data upon which physical processes rely could do serious and potentially even catastrophic damage to people and property.


2017 will be big year for AI thanks to tech giants

The technology will be the "backbone of many of the most innovative apps and services of tomorrow," but it remains a mystery for many people who will eventually see AI influence their daily lives, according to LeCun. "Increasingly, human intellectual activities will be performed in conjunction with intelligent machines," he wrote. "Our intelligence is what makes us human, and AI is an extension of that quality." LeCun also predicted that health care services and transportation will be among the first industries that AI transforms. "The most meaningful thing Facebook can do in AI in 2017 is to make their chatbots useful, as so far they are weak and lack slick utility," Moorhead says. "Consumers are using them a few times, see they don't do much well and stop using them."


5 unexpected sources of bias in artificial intelligence

While some systems learn by looking at a set of examples in bulk, other sorts of systems learn through interaction. Bias arises based on the biases of the users driving the interaction. A clear example of this bias is Microsoft’s Tay, a Twitter-based chatbot designed to learn from its interactions with users. Unfortunately, Tay was influenced by a user community that taught Tay to be racist and misogynistic. In essence, the community repeatedly tweeted offensive statements at Tay and the system used those statements as grist for later responses. Tay lived a mere 24 hours, shut down by Microsoft after it had become a fairly aggressive racist. While the racist rants of Tay were limited to the Twitter-sphere, it’s indicative of potential real-world implications.


The Rise of the Internet of Things (IoT)

Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai. Below is a collection of 10 blogs written by industry experts on this topic, that will help you fully understand the implications of this botnet and what it means for the future of connected devices.


What To Do If Your Data Is Taken Hostage

Hopefully the information security team has already planned out a procedure to follow in the event of a ransomware attack. They should begin by notifying the authorities and applicable regulatory bodies. The plan identifies the organization’s recovery time objective (RTO), and recovery point objective (RPO) for data breaches. In the event that a backup exists, then cyber-forensic evidence of the incident should be preserved and documented for/by law enforcement. In the event that there are no redundancy systems or if the secondary systems are compromised, then the information security team can find and implement a vendor solution or decryption tool. In many cases, files may be partially corrupted or incompletely decrypted. Even if a vendor solution is a simple executable, the victim may not be able to assure that their system is not still compromised by inactive ransomware, backdoors, or other malware.


Navigating the Ins and Outs of a Microservice Architecture

Today, enterprises are moving toward a clean SOA and embracing the concept of an MSA within a SOA. Possibly the biggest draws are the componentization and single function offered by these microservices that make it possible to deploy the component rapidly as well as scale it as needed. It isn't a novel concept though. For instance, in 2011, a service platform in the healthcare space started a new strategy where whenever it wrote a new service, it would spin up a new application server to support the service deployment. So, it's a practice that came from the DevOps side that created an environment with less dependencies between services and ensured a minimum impact to the rest of the systems in the event of some sort of maintenance.


How To Minimize Insider Threats In Cyber Security

Dealing with inadvertent and malicious insiders is similarly hard, as it poses similar challenges. It requires a unique set of tools and practices to be implemented, and can only be done when company fully realizes and acknowledges the danger of insider threats in cyber security and how to combat them. All of this is due to the fact that insiders have legitimate access to sensitive data, with which they work on a daily basis. Therefore, it is very hard to distinguish any malicious actions on their part from the usual everyday routine. Whether your system administrator does regular backup or copies data to an external storage in order to steal it and sell it – there is almost no way for you to know. Moreover, it is also almost impossible to distinguish between deliberate malicious actions and inadvertent mistakes.


Quote for the day:


"Tact is the ability to describe others as they see themselves." -- Abraham Lincoln

Posted by at No comments:
Labels: , , , , , , , ,

Daily Tech Digest - December 28, 2016

Simplify your platform with IT systems management tools

What an IT manager should be looking for is a statistically valid prediction of what workloads will be like at a point in time rather than a simple straight-line analysis of what has happened in the past. One example is FreeStor from FalconStor; it applies advanced statistical methods to gauge how storage workloads are trending and enables managers to pre-empt problems. Again, don't forget the software. Workloads need to be packaged, provisioned and managed. That management needs to include workload portability across different areas of your IT platform. ... Then there are the IT systems management tools that try to do as much as possible. For people stung by the vast framework systems of yesteryear, you may be glad to know that today's big systems tend to be more granular and open, enabling quality systems to be plugged in wherever necessary.


Maintaining Data Security with Cloud Computing Options

Data encryption was also a key aspect of the cloud computing guidance. CSPs should know that it is still considered a HIPAA business associate if it only stores encrypted ePHI and does not have a decryption key. An organization is still a BA under HIPAA regulations even if it cannot actually view the ePHI it is maintaining for a covered entity or fellow BA. Data encryption can help reduce the risk of unauthorized access, but it is not enough by itself to maintain ePHI security, according to HHS. “Encryption does not maintain the integrity and availability of the ePHI, such as ensuring that the information is not corrupted by malware, or ensuring through contingency planning that the data remains available to authorized persons even during emergency or disaster situations.”


Ensuring Bitcoin Fungibility in 2017 (And Beyond)

The only way to know that your bitcoins are clean is to go to a centralized service and ask for a background check. Suddenly the value of your coins is being decided by a centralized party. Every platform accepting bitcoin could implement different policies for deciding which coins are clean or dirty. And exchanges in different legal jurisdictions (US, China, India, etc) are likely to have different policies. The bitcoins worth the most money would then be the bitcoins accepted everywhere. This means it's not enough to just ask one exchange for a background check, you have to ask every major platform whether or not they think you have clean coins. And a platform doesn't think that you have clean coins, their decision reduces the value of your holdings regardless of whether you actually use that platform – your coins cannot be traded with any of the platform's users.


Moving to the cloud? Three things to think about before you make the jump

Matt Peers, CIO at Linklaters, says the bringing together of systems and services is still a concern for IT leaders considering a move to the cloud. "I think there's a temptation to draw on the services of many different providers but that can create a huge integration challenge," he says. Peers says effective CIOs will create a balance, drawing on enough cloud providers to take advantage of the competitive tension, while at the same time avoiding the risk of having too many partners to manage. "You don't want to be forever chopping and changing between services," he says. This need for cloud control could lead to a new trend, where expert providers help mop-up the management concerns associated to on-demand provision. Moves in this direction are being made.


More people expected to adopt EMV technology in 2017, but how secure is it?

One big problem remains: While the majority of merchants have implemented EMV technology, the report found, most cards do not offer the more secure PIN card option. Chip technology is also called EMV, which stands for Europay, MasterCard and Visa, the companies that developed it in the 1990s. It has been the standard across much of the rest of the developed world for a decade, particularly in Europe and Asia. Storing data on a chip in theory makes the credit card more secure because it isn’t easy to produce counterfeits — a key problem with cards that store data on a magnetic stripe. This reduces point-of-sale fraud, which involves buying something with a fake credit card at a physical retail counter, but it doesn’t reduce fraud when purchases are made online.


Enabling Strategic HR

These are disruptive times for the Human Resources (HR) organization. HR finds itself at an inflection point due to various external factors, one of them being the current gap that usually exists between the digital experience outside of the workplace and how the HR customer (the employee, manager, contractor, retiree, etc.) interacts with their HR organization. Driven by their usually positive digital experience outside of the office, the HR customer is beginning to ask the question: “Why can’t my interactions with HR be at least as good?” We see an opportunity in the marketplace to explore how an experience-focused, information-driven approach to delivering HR services can achieve a great digital consumer experience, what we call the “digital workplace”. There are five key attributes of what could be considered a “great” digital consumer experience


Cybersecurity: Threat Intelligence and an integrated approach to security

The Chinese mentality has been that, “I need to manage everything as a whole”. It turns out we have over 700 managed service customers, managing over 1200 networks. So we have to pull the stuff together for our customers. And because of this, the assisting methodology we’re bringing forward to our devices is we have to have these things start playing together, either through communication for better dynamic security response, or in terms of better central alerting and management. The problem with most other companies is they’re fixing on their products but very few pure cybersecurity companies actually have their products speak to each other, that siloed mode, I can’t get this device to talk to that device, even though they’re from the same company.


What CIOs Want CEOs to Know About Data Security

The most important step toward data security begins at a fundamental level. One that ensures health data is transmitted to and from vendors, providers, health systems and patients in a safe and secure manner. Consider a hospital sending a patient’s lab results to a physician, or a vendor communicating with a patient or provider about information from a personal fitness device or app. These platforms are ripe for data breaches and, therefore, penalties, lawsuits and even high profile media exposure. Another major question that CEOs and CIOs must address is which data transmission solution is best for their specific organization. Currently a number of vendors, consultants, software programs, etc. are available that promise to help organizations address their data security issues. The best option for each organization will be based on a number of factors, including size, budget, IT staff, expertise and overall goals.


CIOs will thwart cybersecurity threats with behavioral analytics in 2017

It’s no secret that boards are loosening the purse strings for cybersecurity but CIOs will continue to struggle to balance their cyber investments against managing risks to their businesses. Put another way: The choice between what to buy, implement and tune first -- the shiny new behavioral analytics platform or the latest and greatest business email compromise stopper -- poses prioritization challenges many CIOs aren't accustomed to in this age of cyber warfare. Worrall says that even if their boards allocate more funds for cybersecurity, CIOs need to beware of budget abuse. Those who take the “sky is falling” approach become chicken little, he says. One advantage Worrall has working for a networking technology company is that his tech savvy board grasps the intricacies of cyber defense.


Why Cybersecurity Leapt From the Basement to the Board Room

Notably, under the proposed regulations, board or senior compliance officers would need to certify that their organization’s security controls are meeting requirements. This could potentially expose such individuals up to criminal liability if the claim is found fraudulent. ... While overall cybersecurity spending is on the rise, certain organizations aren’t putting a cap on how far. This year, Bank of America has implemented a “whatever it takes” approach to thwarting attacks, giving unlimited budget to its cybersecurity business unit. While there will surely be scrutiny to the effectiveness and ROI of how such (non) budgets are spent, it’s obvious that the C-suite has gotten the message. Lax security practices don’t just mean embarrassing headlines and lost customer confidence.


Quote for the day:


"All progress is precarious, and the solution of one problem brings us face to face with another problem." -- MLK

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 27, 2016

Industries Thrive On Cognitive Cloud

Referred to as “Cognitive on cloud”, this model delivers cognitive services running in the cloud that are consumable via representational state transfer (REST) APIs. These services are available as part of platform-as-a-service (PaaS) offerings such as Bluemix and can be easily bound to an application while coding. Using this approach, cognitive analytics such as voice (tone analyzer, speech-to-text) and video (face detection, visual recognition) capabilities enables quick analysis of petabytes of unstructured data. Developing cognitive applications to run on mobile devices has provided new insights which help organizations create totally new revenue streams. When selecting a cloud service provider however cognitive on cloud ROI requires more than just a total cost of ownership comparison. In addition to this basic analysis, an organization must consider which cloud is cognitive enabled at the Platform-as-a-Service (PaaS) layer.


Could IT change control have prevented an IT deployment failure?

Build all configuration cleanup into IT change plans. Take the necessary time to flesh out a plan to address all related configurations for a specific maintenance task. IT teams typically should remove switch port configurations for decommissioned NICs, update firewall policies and groups when changing a server IP address, and remove domain name system records that are no longer in use. Managing the issue on a daily basis is the optimal approach to prevent IT configuration build up over time. Combat risk of larger change scope through a robust IT change control process. Teams dealing with live production systems fear the service impact of any change. A formal IT change control policy will lessen these unknowns. Thoroughly plan changes, formulate test and backout plans, have peer reviews, follow a set approval process, and schedule and communicate maintenance windows for all changes to critical systems.


After a big 2016, next year may be A.I. tipping point

"We are on the cusp of a change as big as when e-commerce hit," said Chris McCann, president and CEO of 1-800-Flowers.com, in an interview this fall. "It's giving us the opportunity to have such deep relationships with our customers that it'll be like the company hasn't existed before." This past May, Google showed how focused it is on A.I. during its annual Google I/O developers conference, unveiling A.I.-powered products like Google Assistant, its Google Home device, the Allo chat app and the Duo video chat app. And this past October, IBM president and CEO Ginni Rometty said during a keynote at the company's World of Watson conference that in the next five years, every major decision -- personal or business -- will be made with the help of IBM's Watson A.I. system. A statement like that takes a lot of confidence in advances coming in the technology.


How blockchain can create the world’s biggest supercomputer

One of the fields where centralized and cloud-based computing falls short is the Internet of Things, Sønstebø says. “As IoT grows the need for distributed computing becomes an absolute necessity,” he says. Latency in round trips, network congestion, signal collisions and geographical distances are some of challenges faced when processing data produced at edge devices in the cloud. “Devices need to be able to trade computational resources with each other in real time so that the computational load can be distributed,” he says. Some of the emerging lines of software will not be supported by centralized architectures at all, iEx.ec’s Fedak says, such as decentralized applications (DApps), which among others will power fog computing, distributed AI and parallel stream processing. “This class of application is extremely challenging because they’re both data and compute-intensive, and they don’t cope well with centralized infrastructure,” Fedak says.


The Full Spectrum: How a Visual Analytics Platform Empowers the Business

BI and analytics software can help uncover this story, but there are now hundreds of companies offering technologies designed to dig into data. This proliferation of tools is both a blessing and a curse. While competition breeds excellence, there are a few standards or best practices embraced across the board. As a result, the onus is on individual businesses to embrace and uphold policies that will enable the effective use of data in a responsible, governable way. One increasingly attractive solution for doing data right is to leverage a visual analytics platform. Unlike standalone data visualization tools (which can provide useful but sometimes misleading views of the enterprise), a visual analytics platform weaves together all the elements of a full technology stack.


Ransomworm: The Next Level Of Cybersecurity

To make matters worse, Nachreiner expects cybercriminals will mix ransomware with a network worm. Years ago, network worms like CodeRed, SQL Slammer, and more recently, Conficker were pretty common. Hackers exploited network vulnerabilities and tricks to make malware automatically spread itself over networks. “Now, imagine ransomware attached to a network worm. After infecting one victim, it would tirelessly copy itself to every computer on your local network it could reach,” he says. “Whether or not you want to imagine such a scenario, I guarantee that cyber criminals are already thinking about it.” Nir Polak, Co-Founder & CEO of Exabeam, a provider of user and entity behavior analytics, agrees that ransomware will move from a one-time issue to a network infiltration problem like Nachreiner describes. “Ransomware is already big business for hackers, but ransomworms guarantee repeat business.


When the Data Thief is a Company

Companies are particularly vulnerable to this type of attack when they often offer their data for free or at low cost to the public, but professionals a fee to access and use it on their own site or in other materials. What’s to be done? Companies that offer such online data stores for a subscription need to be ever vigilant about unusual traffic patterns that suggest a machine – not a human – is behind the wheel. The differences in use patterns between a crawler and an individual human researcher are easy to spot – if you’re looking for them. Behind the scenes, companies also need to pick any low hanging fruit: making sure that free or temporary accounts can’t be abused to siphon off reams of data and watching for patterns of abuse among registered and paying members. Application security flaws such as weak authentication and SQL injection should, of course, be patched.


Using big data for security only provides insight, not protection

Big data cheerleaders will say you can use this hindsight to fix the problems that let the hacker into your system in the first place. After all, since you know what went wrong, you can patch your system so that it doesn’t happen again, right? While that may be true – you may be able to prevent that specific problem from happening again – cybersecurity simply doesn’t work that way. The threat landscape is dynamic, with new technologies, and thus, new vulnerabilities, emerging every day. Additionally, hackers are like any other criminal: They are savvy, adaptable, and know how to play on human nature. They’re always going to find your weaknesses – and your biggest weakness is your own people, your trusted employees. Most hackers don’t break into systems through the back door. They get their hands on legitimate login credentials and, essentially, walk right in the front door.


Cloud data recovery is critical, but won't always come easy

Public cloud vendors focus more on the front end of the data issues, such as system availability and uptime, and less on recovery. They figure that making their systems available 99.999% of the time should enable users to work with needed information. However, glitches, such as a read/write error, arise, causing corporations to need to recover data. And typically, public cloud vendors offer rudimentary recovery functions. In addition, these vendors draw lines between their own and their customers' backup responsibilities, something not seen with on-premises backup systems. For instance, Microsoft Azure tries to restore customer data lost due to Azure outages, but won't attempt to restore data if users delete files or if files become infected by a virus. In response, more sophisticated ways to backup cloud applications are emerging. Vendors like Commvault Systems and Veeam Software have well-developed, on-premises systems that they are extending to the cloud.


How Zalando Delivers APIs with Radical Agility

As you know, REST is more an architectural style and does not really specify API design details. We need to have some standards in the API design practices to establish a consistent API look and feel. Ideally, all the APIs should look like they were created by the same person. That’s a very ambitious target, but our guidelines help. We recently open-sourced them and have already received external contributions. The API guidelines standardize easier things like naming conventions and resource definitions, but also includes more complex things like non breaking changes and how we want to do versioning. ... In the end, the more critical aspect is that all the different services that are part of the platform fit in an overall architecture where you have really clear, separated functions that can easily be orchestrated to build the business functionality that we have in mind.


Quote for the day:


"I believe that the only courage anybody ever needs is the courage to follow your own dreams." -- Oprah Winfrey

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 26, 2016

Corporate Boards Aren't Prepared For Cyberattacks

Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards. "Our country and its businesses and government agencies of all sizes are under attack from a variety of aggressive adversaries and we are generally unprepared to manage and fend off these threats," said Gartner analyst Avivah Litan, a longtime cybersecurity consultant to many organizations.


Keeping a lid on SaaS & infrastructure costs

As companies continue to adopt cloud services and create even more complex, heterogeneous IT environments, their asset management tools must evolve and expand to optimise on-premises hardware and software assets, and cloud infrastructure services. Costs for cloud infrastructure services and software running in the cloud need to be managed whether they are SaaS applications or Bring Your Own License (BYOL), whereby companies host existing enterprise applications in a cloud environment. The cloud presents license compliance risk in BYOL instances, as well as risk of substantial over-spending on subscriptions for SaaS applications and cloud infrastructure services. In fact, costs can easily spiral out-of-control if not closely managed. However, organisations can keep a lid on these costs with the right Software Asset Management (SAM) processes and tools.


CEP Patterns for Stream Analytics

Real-time streaming data sources and Internet of things has brought Complex Event processing to the spotlight. The ability to collect data from devices using sensors, improvement in data carrier services and the growth of secure transfer to a centralized location has given a kick-start to analyze different data patterns from the various device at a combination. Let us start by defining what an event is. An event is said to occur when something happens which needs to be known for inferring or taking some action. An event processing is a way to track the information of the events by processing data streams and determining a circumstantial conclusion from them. This is associated with events from a single source. Ex: When the temperature of the room is more than 45 c, is what I consider an event for me to lower the temperature of my Air Conditioner.


CIOs: How to be a business leader in three steps

Technology and data are changing how work gets done. The embrace of digital technologies by companies and their customers has created a climate ripe for CIOs to stretch their business leadership muscles -- or risk seeing their roles atrophy. Part of making the leap to "business co-creator," as Deloitte terms it, requires CIOs to educate the business on the technologies and IT governance standards that are the foundation of digital transformation. Here is Kark's three-step strategy for CIOs on how to be a business leader. His advice is bolstered by two survey participants -- Vittorio Cretella, CIO at food giant Mars Inc., and Johnson Lai, CIO at NuVasive Inc., a maker of medical devices -- who function as business leaders at their companies.


16 Tech Jobs That Have A Gender Pay Gap

Computer programmer showed the highest gender pay gap, at a massive 28.3%. In job duties, computer programmers differ from software engineers (whose gap is 6%) in that engineers are more involved in designing software, while programmers receive instructions from engineers and have a more executional role. Game artists, who create visual art for video games, were second on the list, with a 15.8% gap. And information security specialists, who help prevent and repair cybersecurity breaches, ranked third. If you’re familiar with wage-gap statistics, you might be wondering why Glassdoor’s numbers are lower than the widely cited 20% pay gap, reported by the Institute for Women’s Policy Research, a Washington, D.C. think tank. Both IWPR's and Glassdoor's numbers are valid—they’re different because they’re set in separate contexts. This explanation gets a little technical, but bear with me.


Your new PC needs these 15 free, excellent programs

More than a mere blank slate, a new PC is a fresh opportunity—a collection of components that, with the right software installed, could accomplish anything from balancing your household budget to helping to cure cancer. Yes, stocking your PC is an intensely personal task. Even still, some programs are so helpful, so handy, so useful across the board that we heartily recommend them to everybody. These are the programs you want to install on a new PC first. (Longtime readers may notice that the list has slimmed down significantly this year. There’s a good reason for that: The bevy of hassle-killing extras in Windows 10 has allowed us to finally retire perennial favorites like CutePDF and WizMouse.)


The top 10 mobile risks of 2016

Mobile devices had a booming 2016, with usage of iOS and Android handhelds growing steadily throughout the year. By contrast, desktop operating systems other than Windows 10 and OS X generally showed a decline in growth. In fact, last month Marketing Land reported that global mobile internet usage was higher than that of desktop systems as of October, and predicted that nearly 80% of internet usage will be mobile by 2018. As with any element of technology, more widespread usage leads to greater and more widespread threats, and mobility is no exception. Here's a rundown of ten mobile risks we experienced in 2016, as well as some solutions to prevent or protect your devices from them (where applicable).


Weird science! 10 strangest tech stories of 2016

Science and technology news usually takes a backseat in mainstream media coverage. Contemporary attention spans being what they are, technical topics are often deemed too obscure, or their implications too complex, for the average reader. That's a shame, if for no other reason than this: Pay attention and you can find deliciously weird stuff in the sci-tech section, with occasional forays into the truly bonkers. Here we take a look at 1o of the stranger stories of 2016, selecting for items that generally flew under the radar and/or those with odd implications for the future. Click on through for updates on weaponized display technology, erotic robotics, and a biotech initiative that literally defies death.


Software Is Eating The Food World

Snack vending machines are everywhere. Here's how they work. A vending machine company makes a deal with a company that wants to provide snacks to employees. The vending company sends a person around every week or every few weeks to re-stock the machine with items bought at wholesale, collects the money (which is split with the business owner) and makes sure the machine is working properly. Any food placed into an old-school vending machine must be durable. It has to survive for weeks at unpredictable temperatures, and also survive the drop when selected. That's why vending machine food tends to be non-fresh, unhealthy junk food. With most vending machines, there are two or three items that are most popular and other items that might be selected as a second or third choice only after the favorite item runs out. The vending company has no idea.


Technical developments in Cryptography: 2016 in Review

The biggest practical development in crypto for 2016 is Transport Layer Security version 1.3. TLS is the most important and widely used cryptographic protocol and is the backbone of secure Internet communication; you're using it right now to read this blog! After years of work by hundreds of researchers and engineers, the new TLS design is now considered final from a cryptography standpoint. The protocol is now supported and available in Firefox, Chrome, and Opera. While it might seem like a minor version upgrade, TLS 1.3 is a major redesign from TLS 1.2 (which was finished over 8 years ago now). In fact, one of the most contentious issues was if the name should be something else to indicate how much of an improvement TLS 1.3 really is.


Quote for the day:


"You'll never be a bigger person by trying to make someone else feel smaller." -- @LeadToday

Posted by at No comments:
Labels: , , , , , , , , , , ,

Daily Tech Digest - December 25, 2016

Data Scientists Spend Most of Their Time Cleaning Data

Data scientists spend 60% of their time on cleaning and organizing data. Collecting data sets comes second at 19% of their time, meaning data scientists spend around 80% of their time on preparing and managing data for analysis. 76% of data scientists view data preparation as the least enjoyable part of their work 57% of data scientists regard cleaning and organizing data as the least enjoyable part of their work and 19% say this about collecting data sets. These findings are yet another confirmation of a very widely known and lamented fact of the data scientist’s work experience. In 2009, data scientist Mike Driscoll popularized the term “data munging,” describing the “painful process of cleaning, parsing, and proofing one’s data” as one of the three sexy skills of data geeks. In 2013, Josh Wills (then director of Data Science at Cloudera, now Director of Data Engineering at Slack) told Technology Review “I’m a data janitor.


Are bots set to be your next banker?

The global race for banks to be digital first is on, but it is early days still. Leading banks are in the process of learning how to take a mobile-first approach and re-imagine their customer experiences, from opening up a current account to buying a home or taking out a small business loan. While many have begun migrating their customers from the branch or call centre to their digital channels, it’s critical to take a country-specific view and carefully consider the cultural differences and preferences before deciding on the pace of change. The UAE could serve as an ideal test market, research from Google on the matter recently ranked the country as no. 1 in global smartphone penetration, with 73.8 per cent of consumers carrying smartphones. The UAE’s strong retail sector based upon it’s a growing middle class, surging consumer confidence in technology and increasing domestic consumption means there is major potential for digitisation.


Susanne Tarkowski on How Smart Contracts Can Add Value to Your Business

Smart contracts are applications ‘living on’ the Blockchain, and therefore can’t be censored. Simple, immutable and autonomous applications, basically. As Primavera de Filippi eloquently phrased it during her talk at OuiShare Paris 2016 “Smart Contracts are neither smart nor contracts...”. But ironically, smart contracts are however ideally suited to be… well… contracts! In essence, your contract, whether it’s a marriage contract or a freelance gig contract, becomes a self-executing application. The contract goes from being a static agreement to a living application. That’s tremendously exciting. What really turned me onto it was reading the “Lex Cryptographia” blog post by Justin Ranvier back in 2013, that’s when I realized the Blockchain, and smart contract technology more specifically, could be used to replace the government in its core function: security and dispute resolution.


What’s the Difference Between Consumer and Industrial IoT?

In theory, an IoT system should be expandable, allowing dynamic changes to its operation and include devices not provided by a single vendor. Consumer, commercial, and industrial IoT share attributes and are typically built on the same hardware and software platforms. That’s why IoT discussions tend to get murky, especially when delving into the details. For instance, smartphone and tablet apps tend to provide one way of querying and controlling devices. Windows and iOS PCs, on the other hand, generally run the heavier user interfaces, often providing management tools that would be cumbersome on the smaller, portable devices. The IoT devices and software basically differ in areas such as ruggedness and expected lifetimes, as well as who has access to data and how that data is made available to various parties.


‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly

Security fatigue is defined in the study as a weariness or reluctance to deal with computer security. As one of the study’s research subjects said about computer security, “I don’t pay any attention to those things anymore…People get weary from being bombarded by ‘watch out for this or watch out for that.’” “The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people’s everyday life,” cognitive psychologist and co-author Brian Stanton said. “It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet.” “If people can’t use security, they are not going to, and then we and our nation won’t be secure,” Stanton said.


The role of the CIO in a digital age

The CIO is now expected to be an expert in user experience, security, customer centricity, journeys and behaviours. They are storytellers, evangelists and advocates of communicating the art of the possible, they are the voice of the customer and their role is far more commercial than reducing costs. Indeed, modern ‘IT’ functions also generate revenue as well as drive margin. They are ‘schizophrenic chameleons’…on the one hand grounded in strong engineering and process orientation skills and are champions of best practice and on the other they are risk takers, innovators, change agents and disrupters of traditional working models. In addition, they have been further challenged by the rise of the chief digital officer – who tend to be very customer focussed and have come about because of executive perception of legacy IT and a misunderstanding about what ‘being Digital’ really is…. in reality the best CIOs could equally be CDOs.


Transitioning into 'Machine Learnable' Data Management

The MDM to MLDM transition can have various business benefits. Some of them are: quicker procurement times due to closer & quicker material matches; increased market (regional/zonal/geo) penetration due to the much closer & faster accuracy of customer profiles, demographics and segmentation; automation of mundane stewardship activities which will lead to better business resource utilizations. The faster shelf replenishment of the higher revenue products for retailers, improving the e-commerce efficiency for e-tailers and maybe handling & procuring the right parts of a prototype from a vast set of suppliers to beat the competition on a launch. The benefits can be endless. All of this is made possible, as the system can now look at reducing the number of iterations that it takes to arrive at the right threshold based on business priorities and inputs.


We Don’t Need No Stinking IoT! Or Do We?

While countless headlines play up the potential security snafus of the Internet of Things, there is barely a mention of the its potential to improve the security of everything from schools to urban areas. Connected cameras or gunshot detection systems could instantly notify police that there is a sniper in, say, a school. The possibilities extend much further beyond connecting household gadgets and security. Many technology pundits believe we are on the cusp of a new industrial revolution, where devices can warn shop floor owners of potential problems before they occur while bolstering efficiency. In the near future, machines could even transact business with one another. But an average person is likely to only have a vague idea of the power of IoT technology.


How Location-Based Marketing Will Evolve in 2017

Location-based advertising and marketing technology has seen tremendous growth and improvement in 2016. Thanks to innovations in location intelligence, marketers can now leverage real-time data to better target consumers based on where they go, effectively measure how digital ads drive foot traffic into stores, and even connect the consumer journey from ad exposure to store visit to purchase data. Location intelligence is a massive industry. It allows consumer obsession with mobile devices to create significant amounts of data and insights that drive critical decision-making for a wide range of businesses. But since the space is still nascent, marketers should expect evolution in the year ahead. Here are five predictions for location intelligence in 2017:


How data science turns big data into ROI

Big data is the business buzz word of our era, bandied around at conferences and in the press as the universal panacea. However, data on its own is not the answer. As an unprocessed asset data is a cost centre, not a source of profit. Where the ROI lies is in what you do with the data and how you leverage it to drive business decisions, and the answer to that lies in data science.  Long the preserve of academics and rocket scientists, data science is now front and centre of business strategy and is one of the fastest growing areas of technology. Using advanced statistical techniques to extract value from data can be transformational for businesses, boosting existing revenue streams, creating entirely new sources of revenue and identifying areas of inefficiency and waste.


Quote for the day:


"You think you can win on talent alone? Gentlemen, you don't have enough talent to win on talent alone." -- Herb Brooks, Miracle

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 24, 2016

Smart Homes: Are the Security Risks Worth It?

Early smart home systems have some serious security flaws that have come to light within the last few years. Trailblazing smart home manufacturers have been more concerned with innovation and getting their products to market than in keeping up with the latest developments in cyber security. These companies often neglect even the basics of keeping their smart home systems safe, making them ridiculously easy to hack. One Synack security analyst who tested the cyber security of some of these products was able to hack into 15 of 16 smart home devices within 20 minutes. When you consider that those devices could include home security cameras, garage doors, and water pumps, it’s easy to see that these vulnerabilities pose a physical threat to the home’s inhabitants.


The State of Autonomous Vehicles: A "Who's Who" of Industry Drivers

Forward-thinking car manufacturers, in Detroit and abroad, are taking advantage of these disruptive technologies, focusing on building partnerships, acquiring startups, and beefing up internal R&D departments to avoid extinction. These partnerships and acquisitions also signal a maturing market, with further maturity reached as new revenue streams emerge in both automotive and also tangential industries that focus on providing services that complement or depend on the self-driving car experience.  Autonomous vehicles are about more than a "new" iterative feature sets, faster 0-60 speeds, or any other typical measurement of automotive innovation. They enable an entirely unprecedented consumer lifestyle, much like the internet itself, that surpasses traditional industry boundaries and will serve as the foundation for entirely new business models for the corporations that fuel its evolution


Want to know how to choose Machine Learning algorithm?

Machine Learning is the foundation for today’s insights on customer, products, costs and revenues which learns from the data provided to its algorithms. Some of the most common examples of machine learning are Netflix’s algorithms to give movie suggestions based on movies you have watched in the past or Amazon’s algorithms that recommend products based on other customers bought before. Typical algorithm model selection can be decided broadly on following questions: How much data do you have & is it continuous?; Is it classification or regression problem?; Predefined variables (Labeled), unlabeled or mix?; Data class skewed?; What is the goal? – predict or rank?; Result interpretation easy or hard? Here are the most used algorithms for various business problems


5 trends in open source documentation

People are increasingly choosing lightweight markup languages for a number of reasons. They are usually easier to write, at least for simple things. They tend to play better with version control systems, because they're generally line oriented. And they can help lower the barrier to entry for new contributors, although you should be careful not to expect a change in source format alone to drive lots of contributors to your project. ... Another reason static sites are more popular is that source hosting sites are easier to use, and a growing number of technical people use them. One of the draws of a wiki was that somebody could contribute without downloading anything or installing special tools. If your source files are stored in a hosting service like GitHub, anybody with a GitHub account can edit them right in their web browser and ask you to merge their changes.


EHR Data, Machine Learning Create Cost-Based Clinical Pathways

“With medical cost being such an opaque subject, providers may not have the best guidance strategy for the treatments that they offer to their patients,” wrote authors Yiye Zhang, PhD, and Rema Padman, PhD. Value-based care and innovative payment models for chronic disease management are prompting providers to take a more patient-centered approach to treatment, Zhang and Padman said, and require more patient involvement in their own care.  By creating step-by-step clinical pathways based on a patient’s anticipated disease development, big data analytics techniques could help providers “achieve accurate predictions of anticipated future events and costs following different clinical and cost pathways for improved shared decision making, and, subsequently, identify appropriate ranges of cost for targeted clinical pathways within a patient population,” says the article.


The 5 Most Worrying Technology Trends For 2017 And Beyond

Combining AI with advances in robotics, medicine and gene-technology means that people could stop dying or at least live a lot longer. That sounds great at first, but more people living well past 100 years would have massive implications for the economy and society at large. The population would continue to grow at an even faster rate, putting more pressure on resources around the world. ... As technology advances, we run the risk of entering a world of digital feudalism, in which a few technology elites — whether they are individuals or corporations — control our lives and our fate by controlling our data and our world. So far, people can still choose to opt-out, but it’s already inconvenient and uncomfortable. What happens when all transactions are handled digitally, when you can’t do something as simple as buy food, drive a car, or read a book without a digital signature.


5 game-changers coming to cloud in 2017

According to the same IDG survey, 21 percent are worried about vendor lock-in, which is understandable. The big public cloud providers offer one-size-fits-all cloud models that can orphan back-end systems or even require complete rewriting of critical business applications. Once you’re on their proprietary systems, it can be expensive — if not completely cost prohibitive — to move your workloads and data off their cloud. Take a look at this ZDNET story detailing how American Airlines is migrating to the cloud and using IBM Bluemix to develop new services and business models. IBM and American are partnering to build cloud-based applications that solve specific problems unique to their business, workloads and data. It’s a cloud strategy shaped around American’s unique business model, not its public cloud provider’s.


What the 4th Industrial Revolution Means for Future Jobs

Putting a little extra “elbow grease” into your work isn’t necessarily a good thing anymore (and with that, all couch potatoes rejoice). Mundane tasks are being replaced by more significant and engaging work for employees as Smart Technology is allowing for increased worker productivity by having computers do the tedious and time consuming work (sorry lazy people, you still have to actually do some work). Smart Technology is empowering the workforce. With IIoT solutions, employees develop working relationships with intelligent machines to achieve production results that neither human nor machine could accomplish independently. As IIoT innovations continue to develop, it is expected that the number of connected devices will multiply into the tens of billions! Many industrial organizations already see considerable value in IIoT technology as a complementary service to Big Data analytics.


8 Content Marketing Trends To Watch Out For In 2017

Regardless of your expertise in the growing realm of content marketing, one of the most important factors that goes into successfully marketing your brand is knowing how to use your time and budget to effectively relate to an evolving marketplace. ... One of the best ways for brands to capture attention is by creating interactive content. According to a recent study done by The Content Marketing Institute, 81% of the marketers surveyed said, “Interactive content grabs attention more effectively than static content.” Users today like to feel involved in the content they consume. Some of the popular ways brands are implementing interactive content is though quizzes, polls, or assessments.


Conquering the Challenges of Cloud Migration

If you haven't already, you're going to move something to the cloud at some point in the future. Even if you are not sure that a cloud service is right for you, you still need to investigate the cloud migration process to be able to make an informed decision -- even if you ultimately decide not to go that route. If you are not an expert in cloud migration -- I assume most of you are not -- there are services that can help you be successful. Once you decide to migrate some functions to the cloud, you will discover that this is only the beginning. Likely, more functions will be moved spanning years of IT and UC operation. Along this journey, many challenges will surface. Among the most common difficulties is the task of properly maintaining existing application services during the migration. Other challenges will be not disrupting the user experience or weakening the security you already have.


Quote for the day:


"The function of leadership is to produce more leaders, not more followers.” -- Ralph Nader

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 23, 2016

Data quality for developers

Just like code testing, Data Quality is one of things that we generally don't pay attention to until it comes and bites us, and when it does, its usually a customer that notices it and as always, we poor beleaguered developers get to pay the price. I'm starting into a Data Quality project, so I thought it might be good to have a talk about what it is, and how we can put some simple checks and balances in place to help us manage our data, and improve its quality. ... To bring your system to the next level, and make it really robust, you could consider building these kinds of checks into your system whenever data is changed or ingested. While you can get very detailed and domain specific with the following, in general, its possible to be quite generic about data at this level and combine these rules and checks to dramatically improve the quality of your data. The bottom line is we are seeking to ensure our data is in a clean state before allowing it to proceed into production or analysis.


Are You a Modern Software Engineer?

Another lane on our highway is related to architecture and non-functional requirements. One day, you may decide to invest your time into common practices of solving scalability issues of any kind, have a look how high availability is being achieved in some modern and popular products, what helps one solution survive high load, etc. If you are a fan of patterns, then you could have a look at classic patterns first, and then switch to modern ones, recall old school enterprise patterns, or read a book about integration patterns.  If you like the web, then the hype is about monolith vs. SOA vs. microservices, so you can invest time into that area. If you are in a big data world, then and kappa architectures might be interesting to you, too.  Another valuable effort might be to spend time reviewing architectures of successful products.


Leaked files reveal scope of Israeli firm's phone cracking tech

The forensics company claims it can download almost every shred of data from almost any device in a matter of seconds -- on behalf of police intelligence agencies in over a hundred countries -- to help solve crimes. It does that by taking a seized phone from the police, then plugging it in, and extracting messages, phone calls, voicemails, images, and more from the device using its own proprietary technology. It then generates an extraction report, allowing investigators to see at a glance where a person was, who they were talking to, and when. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. Here's everything that was stored on that iPhone 5, including some deleted content.


Executive Ritalin: 3 steps that prevent leadership from killing your project

In rare cases, big problems are quickly solved. More often, large-scale problems require time to fix. And time is something many executives believe is in short supply. As Bob Richards, a vice president for a global manufacturer headquartered in Switzerland notes, “True change -- from a problem-solving standpoint -- takes a lot longer than is usually allowed in companies. You need to get folks involved in identifying the problem, how the problem was created, and then get their input on how to solve the problem.” Richards has devised a simple three-step process for staving off executive impatience that leads to killing off promising projects. He acknowledges an executive’s difficult position, saying, “When you’re in a leadership role, it is one problem after the next and your role is to get problems resolved—and quickly.”


In virtualized networking, availability tracking is key

The ability to track packets through the network is necessary, but it's not enough. With virtualization, network and application management have become tightly interdependent. When an application starts up, virtualized networking management requires creation of virtual components and allocates network paths among application virtual machines (VMs). These VMs may execute on different servers, and may move from server to server in response to shifting loads. When a VM moves, network traffic must be redirected to support the new configuration. In the meantime, performance monitors must report whether applications are meeting service-level agreements and track server and network utilization rates. They collect statistics that show use over time so managers can spot components that are nearing limits.


Refactoring to Reactive - Anatomy of a JDBC migration

Reactive programming is the new kid on the block, offering built-in solutions for some of the most difficult concepts in programming including concurrency management and flow control. But if you work on an application development team there's a good chance you are not using reactive and so you might have questions - how do I get there, how do I test it, can I introduce it in phases? ... In the reactive world we aim to bring a blocking application to a non-blocking state. (A blocking application is one that blocks when performing I/O operations such as opening TCP connections.) Most of the legacy Java APIs for opening sockets, talking to databases (JDBC), file/inputStream/outputStream, are all blocking APIs. The same is true about the early implementations of the Servlet API and many other Java constructs.


Programming Robotics using the Intel® XDK, Node.js, and MRAA library

There are many different platforms, programming languages, and tools that you can learn. Dfrobot* created a tank robot platform called Devastator that contains the Romeo* controller board. This board was modified for use with the Intel® Edison compute module to bring more capability to the kit with an increased number of I/O’s, integrated WiFi, USB Host, servo control, and increased processing power. The kit can be programmed using the Arduino* IDE and a USB connection out of the box. This article describes another method of programming the robot using the Intel® XDK to program the robot over WiFi, Node.js*, and the MRAA library. In particular, the article will discuss about the tools used, the Romeo controller board, mapping peripheral pins, creating an Intel XDK project, and the implementation of the sensor & actuator components for the robot.


New Accounting Standards Change The Rules Of IT Leasing

It’s just the latest shakeup in the IT equipment leasing industry which has also been reeling from reductions in the cost of IT equipment and increased adoption of cloud computing. “The profits of the companies that lease IT equipment are under pressure,” Kirz says. “At the same time, cloud adoption is shifting lessor relationships from the end-client to the cloud provider, and many cloud providers are building their own data centers with commodity equipment, thus shrinking the lessors’ market size.” ... In the face of these trends, a number of large independent leasing companies have recently sold themselves to large banks resulting in market consolidation. Crestmark Bank bought equipment-leasing company TIP Capital in late 2014. Huntington Bank acquired Macquarie Equipment Finance last April. And Wells Fargo purchased GE Capital Vendor Finance in March.


How Big Data and the Internet of Things are Saving and Making Millions

With Big Data processing power and IOT insights, repairs and maintenance can be optimized to avoid delays, stoppages, and safety risks. These technologies are used to pinpoint precisely what leads up to an issue. Often, the issues can be resolved instantly and remotely, before they escalate. In this instance, Big Data and IOT sensor input simplify the process of obtaining appropriate data, which gives companies the chance to react effectively and avoid crisis situations. Manufacturing companies are reaping huge benefits by deploying Big Data technologies. Automakers worldwide use data analytics to monitor the cost of steel and other raw materials, helping them identify when they can purchase at the best price point. How can this be done? A database of several suppliers is built on a Hadoop framework; this tracks which supplier offers the most competitive price and can deliver at the optimal time. The result? Car manufacturing costs are reduced significantly.


How artificial intelligence can eliminate bias in hiring

"AI/machine learning can help close the diversity gap, as long as it is not susceptible to human bias. For example, recruiting contact center employees could provide AI/machine learning models with the historical application forms of hired contact center employees with high customer satisfaction scores. This allows the model to pick up on the subtle application attributes/traits and not be impacted by on-the-job, human biases," Alexander says. By simply using an automated, objective process like this, it's possible to drastically reduce the scope for human bias. If, for example, fairly trained AI/machine learning tools are used to whittle an applicant pool down from 100 applicants to the final 10 interviewees, that means that 90 percent of the pool reduction would be done in a process immune to any human biases, Alexander explains.


Quote for the day:


"Motivation is what gets you started. Habit is what keeps you going." -- Jim Ryun

Posted by at No comments:
Labels: , , , , , , , , , , , , ,

Daily Tech Digest - December 22, 2016

Magisto: The machine-generated creativity you're looking for?

There is an attitude in the technology space that startups should look to automate every time-consuming or mundane process. Sick of doing laundry? A web service will do it for you. Not keen on vacuuming? The Roomba solves your issues. These examples, while telling a sad tale of humanity's laziness, at least remove an arguably low-level and mundane task. But what of automating creativity -- can you, and should you? That is exactly what Magisto is setting out to do. The company has what it calls a "smart video storytelling application." What that means in English is that using Magisto, customers can upload video and imagery, choose a theme and a soundtrack and, only a few minutes later, have a complete video to use.


Big Banks Are Stocking Up on Blockchain Patents

Until now, many blockchain startups have downplayed the importance of patents and pinned their hopes on wider adoption through open source. Hyperledger, a venture led by companies including IBM, Accenture and Intel, makes its code free for others to use and enhance. Chain, which lets companies use the blockchain to issue and transfer assets, released its code in late October. Even R3 -- a consortium of some of the largest banks -- made its Corda blockchain available last month. As such projects have multiplied, some blockchain supporters have suggested open-source makes patents irrelevant. It doesn’t, according to Vitalik Buterin, co-creator of the popular Ethereum blockchain. Companies could find themselves being sued by one-time collaborators. Large firms could wield patents to muscle into promising businesses developed by today’s startups.


How to manage the top 4 tech culture challenges

Leading a tech team in the current culture of competition and globalization comes with a unique set of challenges, and requires a distinct set of leaderships skills to mitigate them. A recent report from corporate training and leadership development firm VitalSmarts lays out the particular competencies tech leaders need to build successful organizations and products. "Everybody who's ever worked in tech feels like there's something quite different and unique about that culture and the whole industry," said VitalSmarts vice president of research David Maxfield. "The questions we were asking were: 'Are these differences real, do they matter, and if so, how?'" The researchers first interviewed more than a dozen leaders from tech firms asking about the unique challenges of the field.


VMs prove most popular Docker infrastructure -- for now

"Capacity wasn't important. Stability was the primary driver," said Stephen Eaton, infrastructure technical lead at Dealertrack Technologies, a holding of Atlanta-based Cox Enterprises. Encapsulating applications in containers that float over infrastructure made the workflow easier for the entire IT group. However, as he ramps up containerization -- the goal is 80% of the group's apps on Docker containers within a year -- Eaton will be closely watching network-attached storage performance. With five times as many apps using the storage resources, will there be latency with logs or scaling that necessitates changes to the underlying Docker infrastructure? ... Containers also change the equations for dynamic and static load balancing. While container-monitoring capabilities are not yet close to those available for virtualization, log-monitoring tools such as Sysdig and Splunk are working on the visibility issue with admin-friendly dashboards.


Digital Transformation and Bimodal IT

As we all know, the Traditional IT team in each enterprise is entrusted with the responsibilities of maintaining functionality, safety, and predictability. Generally speaking, these are the teams that ensure that the show is running without any interruptions. The Exploratory IT team, however, are the specialists, specifically employed to implement the latest, futuristic version of IT. They work on systems and processes that will increase the ability of the company today and optimize its capabilities for the future. They are the guys who, for example, are implementing the new move to the cloud, creating the proof of concepts for the latest IoT offering, demonstrating to the world your connected car expertise, or training the new team created to work on the latest systems. They train the “would-be” employees and make all the necessary plans and strategies for the future migrations.


Alice: A Lightweight, Compact, No-Nonsense ATM Malware

Trend Micro first discovered the Alice ATM malware family in November 2016 as result of our joint research project on ATM malware with Europol EC3. We collected a list of hashes and the files corresponding to those hashes were then retrieved from VirusTotal for further analysis. One of those binaries was initially thought to be a new variant of the Padpin ATM malware family. However, after reverse analysis, we found that it to be part of a brand new family, which we called Alice. ATM malware has been around since 2007, but over the past nine years we have only learned of eight unique ATM malware families, including Alice. This new discovery is remarkable because it shows a clear tendency for malware writers to attack an ever-increasing variety of platforms. This is especially acute against ATMs, due to the high monetary value they represent.


Multi Modal Delivery with SAFe 4.0

To create an integrated system that actually creates value for customer and business takes capabilities that take trips piercing multiple layers, touching multiple systems, each with their own ingest and delivery model for new functionalities. In the example above, generated from a real customer situation, the process layer comprises a team of teams that in itself operates as an Agile Release Train. However, this needs to be timing orchestrated and technically integrated with deliveries from other groups. The customer facing front ends are delivered by an external supplier who is running traditional Scrum on a 2 week iteration cadence, while the back end Mainframe Services delivery has not yet transformed, and is operating on a traditionally planned project basis.


Here are the biggest IoT security threats facing the enterprise in 2017

In 2017, the IoT device security debate will escalate, putting pressure on manufacturers to architect fundamental security principles into the designs of internet-connected products. We may even see governments around the world take an active role in IoT safety legislation. Everyday appliances (e.g., the iron, washing machine and dryer) are subjected to rigorous testing, both by the manufacturer as well as independent testing labs, but a similar approach is not being taken with respect to cybersecurity for IoT devices. As a result, most are unsecure by design, and many vendors choose convenience (e.g., using default credentials in their appliances) over implementing proper security measures—a flagrant violation of best practices in product development.


Nokia and Apple trade accusations in patent lawsuits

The eight patents covered in one of Nokia's Texas lawsuits, filed Wednesday, are related to the H.264 Advanced Video Coding standard approved by the International Telecommunication Union, according to Nokia's complaint. A second Texas lawsuit covers 10 patents for a range of other technologies. Apple products using the H.264 video codec include the iPhone, iPad, iPod, Apple Watch, Macs, and Apple TV, Nokia said in its complaint. "Despite all the advantages that have been enjoyed by Apple, Apple has steadfastly refused to agree to license Nokia's H.264 patents on reasonable terms," Nokia's lawyers wrote. "Dozens of companies have licensed Nokia’s patents for use in their products ... Apple, however, refuses to pay Nokia's established royalty rates."


Cybersecurity Confidence Report Card

For the second year, practitioners cited the “overwhelming cyber threat environment” as the single biggest challenge facing IT security professionals today, followed closely by “low security awareness among employees” and “lack of network visibility” due to BYOD and shadow IT. No doubt, the dangers are real. Just last week Yahoo disclosed that over a billion user accounts had been stolen – back in 2013. Quest Diagnostics says that the hack of an internet application on its network exposed the personal health information of about 34,000 people. Venafi CISO Tammy Moskites doesn’t like assigning scores, but she does acknowledge that she’s constantly challenged with “making sure that we’re doing the right things right.” “We’re going to be more challenged with making sure that we’re able to be quick and agile when and if an attacks occurs,” Moskites says.


Quote for the day:


"Be sure you put your feet in the right place, then stand firm." -- Abraham Lincoln

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)