Daily Tech Digest by Kannan Subbiah

Daily Tech Digest - September 17, 2017

Reasoning About Software Quality Attributes

Quality attribute requirements such as those for performance, security, modifiability, reliability, and usability have a significant influence on the software architecture of a system. Architects need to understand their designs in terms of quality attributes. For example, they need to understand whether they will achieve deadlines in real time systems, what kind of modifications are supported by their design and how the system will respond in the event of a failure. There are large and thriving attribute communities that study various quality attributes but they each have their own language and sets of concepts. However, architects tend to think in terms of architectural patterns. What the architect needs is a characterization of architectural patterns in terms of factors that affect the various quality attributes so that a software design can be understood in terms of those quality attributes.

Where Is Social Media Headed in 2018 and Beyond?

There’s a real movement to create social media platforms that cut-through the censorship of big brother, and give users more control. And it’s not all about bypassing government censorship. Even Facebook has found themselves in hot water, facing down claims that Facebook censors conservative news sources in their “Trending” news widget. There’s also the fact that social media giants make billions of dollars by selling ads that rely on the content we freely give them. As publishers and users, we aren’t getting a slice of the pie. As I researched this article, I stumbled across an exciting new concept in social media -- the idea of taking social media to the blockchain. Yes, you read that correctly. The same technology that’s used to power bitcoin and other cryptocurrencies could be coming to a social media app near you.

How to Evaluate Software Quality from Source Code

Compute the codebases’s cyclomatic complexity, normalized over the number of methods. This tells you the complexity of the average method, which carries critical significance. More paths through the code means more tests needed to verify the application’s behavior. And this, in turn, increases the likelihood that developers and testers miss verification scenarios, letting untested situations into production. Does that sound like a recipe for defects? It should. Coupling and cohesion represent fairly nuanced code metrics. I’ll offer an easy mnemonic at the risk of oversimplifying just a bit. You can think of cohesion as the degree to which things that should change together occur together. And you can think of coupling as the degree to which two things must change together.

DDoS protection, mitigation and defense: 7 essential tips

“A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud," says Day. “Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge. No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud. Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust.

Why Shift-Left Testing is Critical for Enhancing Software Quality?

As the name suggests, testing gets shifted to the left of the development process and deals with the defects on the go rather than waiting till the end of the process. In the Agile environment, this implies that the software gets faster to the market and can be updated on a continuous basis. Shift left testing approach introduces the tester right from the inception of the software development process. This eases the efforts of the developers while developing the software application that needs to meet the desired quality standards. An Agile approach cannot function without the concept of Continuous Testing and development. It operates on the fundamental premise that the software can be released at any time during development, or upgraded in case of commercial demands. The significance of Shift-left in an Agile set-up is indispensable, as it binds testing effectively with development and continues to ensure quality.

Data Science’s Dirty Little Secrets

If expertise on data, platforms and programming isn’t sufficient, what are the specificities of a data scientist? From our point of view, it all begins with the candidate’s understanding the logics of specific markets and industries. Data Science is also a frame of mind — data scientists are continuing scanning their physical and digital environments for problems to be solved. They day job consists of exploring the nature of the problems to be solved, qualifying the data at hand, identifying which methodologies can produce better choices in given contexts, and transforming data into insightful action. They don’t isolate themselves in front of a computer, but as Lee Baker suggests, they serve as detectives of the realities of the company and its clients, as well as mediators between the technical and operational services inside the organization.

Enterprise Architecture Is Not The Answer - It Is Part Of The Answer

As a matter of practicality, for Enterprise Architecture to be successful, there are many things that have to work out before, in parallel with, and after Enterprise Architecture efforts result in an Enterprise Architecture. There are governance things going on, there are development things going on, there are operations things going on. Each of these areas can benefit from some good old Enterprise Architecture thinking and, as well, Enterprise Architecture success needs these areas to be successful! Again, Enterprise Architecture is not THE answer, it is part of something bigger. In most enterprises governance comes in many forms including strategic management, portfolio management, project management, etc. Most of the methods applied in each of these follow some sort of decision-making loop.

Machine learning methods (infographic)

Artificial intelligence (AI) and machine learning are a hot topic in the enterprise, with company leaders having high hopes for how they can be used to improve and automate business processes. In fact, some 54% of organizations are making substantial investments in AI today, and that number jumps to 63% in three years, according to our 2017 Global Digital IQ Survey. So how will AI solve business problems, like helping you figure out why you’re losing customers or assessing the risk of a credit applicant? It depends on a number of factors, especially the data you are working with and the type of training that will be required. Learn about the most common algorithms and their uses cases below.

Oath for Programmers

What matters is what the layman thinks about this -- and by extension what legislators think about it. In the end, it will be the everyday ordinary civilian who will demand the commitment to professional behavior; and will demand that behavior be monitored and enforced. ... There are two kinds of harm that a software developer can do to their users. The first is the most obvious. The software could fail. It seems perfectly reasonable that we should promise to do our very best to deliver software that does not fail. The second form of harm that programmers routinely do to their users is to harm the _structure_ of software. Users expect software to be easy to change. It is _soft_ ware after all. Users need their software systems to keep pace with the rapid change in society and technology. It seems perfectly reasonable that we should promise to do our very best to keep software soft.

To control AI, we need to understand more about humans

In a future with more pervasive AI, people will be interacting with machines on a regular basis—sometimes without even knowing it. What will happen to our willingness to drive or follow traffic laws when some of the cars are autonomous and speaking to each other but not us? Will we trust a robot to care for our children in school or our aging parents in a nursing home? Social psychologists and roboticists are thinking about these questions, but we need more research of this type, and more that focuses on the features of a system, not just the design of an individual machine or process. This will require expertise from people who think about the design of normative systems. Are we prepared for AIs that start building their own normative systems—their own rules about what is acceptable and unacceptable for a machine to do—in order to coordinate their own interactions?\

Quote for the day:

"To have long term success as a coach or in any position of leadership, you have to be obsessed in some way." -- Pat Riley

Daily Tech Digest - September 16, 2017

Computers Are Taking Design Cues From Human Brains

Across Microsoft’s global network of machines, Mr. Burger pointed out, alternative chips are still a relatively modest part of the operation. And Bart Sano, the vice president of engineering who leads hardware and software development for Google’s network, said much the same about the chips deployed at its data centers. Mike Mayberry, who leads Intel Labs, played down the shift toward alternative processors, perhaps because Intel controls more than 90 percent of the data-center market, making it by far the largest seller of traditional chips. He said that if central processors were modified the right way, they could handle new tasks without added help. But this new breed of silicon is spreading rapidly, and Intel is increasingly a company in conflict with itself. It is in some ways denying that the market is changing, but nonetheless shifting its business to keep up with the change.

Monetizing data: A new source of value in payments

Probably the greatest potential of data monetization comes from merging cardholder data with data from the merchant side to gain an end-to-end view on transactions that can unlock additional value. The opportunities include coupling consumers with preferred merchants, channels, and potentially products; geo-referring transactions to identify a customer’s location; and understanding the dynamics of local markets at a sub-postal code level. The payments providers best placed to capture these opportunities are those with a large market share in both issuing and acquiring in specific markets, or those acting on one of the “legs” that are able to develop effective partnerships with players strong on the other “leg”: for instance, a large merchant acquirer partnering with a primary issuing bank.

Man versus machine: not the war that’s been expected

NATO believes it will get to a point where AI can make strategic decisions on vital NATO issues. This move means AI transcends driverless cars, and transitions to decisions in international diplomacy, where an automated decision could potentially trigger a global conflict or war. If these two instances were enhanced through cognitive computing, we would start to see AI evolve to the point where it has enough brain-power to learn from each decision and maybe even understand the impact. Cognitive computing marries AI and machine learning and “learns” from data without interference from humans. It acts as an autonomous entity that senses and perceives the environment, learns and adapts and takes rational actions to ensure it reaches its goal.

We must not let regulation crush innovation

We have seen this recently with the Financial Conduct Authority’s queries into distributed ledger technology (DLT), where, despite controls being in place, discussions have been opened about the suitability of that technology to meet specific regulatory demands. Yet at the same time, regulators are also offering regulatory sandboxes for fintech innovation. So there is a fine balance to be found between understanding the potential for new technologies, and proper governance around them. If regulators do decide to pursue regulation of the regtech sector itself, the process of financial services firms exploring innovative solutions may become more difficult. The financial services industry needs to promote both innovation and governance, in a technically savvy, efficient and controlled way

Meet the elevators of the future: Moving people sideways and data to the cloud

The cabins can go sideways and aren’t limited to one per shaft due to a unique motor technology that makes the elevators more like a looping metro system within the tower. But it isn’t just the hope of a chocolate factory-inspired elevator utopia that sparks ThyssenKrupp’s innovation, ... Data from Max-connected machines — such as door movements, trips, power-ups, car calls and error codes — are collected from around the world and then sent to the cloud to be analyzed by algorithms and machine learning. From there, operational patterns are picked up and the various components’ remaining lifetimes are calculated so technicians can replace parts before a breakdown occurs. Elevators can then be scheduled for maintenance during off-peak hours to minimization disruption and, therefore, increase efficiency.

Why Blockchain May Be Key to IBM's Future

IBM definitely has a lead when it comes to blockchain technology, having been involved in its development almost since the day people first realized that distributed databases might be useful outside the realm of cryptocurriencies. It was also one of the first companies to put the technology into production for it's own purposes, integrating it into its own supply chain. It also might be uniquely positioned to bring blockchain adoption to financial institutions, which have recognized the technology's benefits but have been cautiously slow to adopt it. The company has worked with the financial sector since the days when computer technology was in its infancy and Big Blue was about the only game in town. That means it's built a lot of trust over the years. It also means it has a deep understanding of the needs and concerns of bankers and others in the financial trades.

6 Best UI Design Principles to Develop Mobile Apps

“Design is not just what it looks like and feels like. Design is how it works," Steve Jobs famously said. This powerful quote points to the significance of a good user interface design along with a rich user experience. In simple words, the design of your mobile app can literally make or break your mobile application. So, to make your mobile app a success, it needs to be gorgeous inside and out. ... Feedback is another important aspect of design, as it validates action of a user. In simple words, to let users know that the particular action was completed, whether, through text, image or sound is important. So, make sure your app provides instant feedback for every interaction. However, make sure feedback happens in a user-friendly and timely manner.

Don’t Be Tricked by Unstructured Data Analytics Technology

Unstructured data involves a variety of formats such as audio data, images, texts, web data, office documents, and device logs. Each data format needs a specific processing technique, such as speech recognition, image comparison, full-text search, and graphic computation. There isn’t a technique to analyze all forms of unstructured data. Similarly, there’s no reason to replace the image comparison technique with the speech recognition technique, or substitute full-text search with graphic computation. A software vendor who specializes in a certain technology will certainly advertise its domain, like facial recognition technology or text mining, instead of just claiming that it is an expert that doesn't offer anything special.

Threat Intelligence Strategies Suffer from Data Overload

“It’s abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption,” said Larry Ponemon, chairman and founder of the Ponemon Institute.“Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization’s security program. The significant growth in adoption over the past year is encouraging as it indicates widespread recognition of the value threat intelligence provides.” Other respondents cited difficulty in the integration of threat intelligence platforms with other security technologies and tools (64%), and a lack of alignment between analyst activities and operational security events (52%).

Don't Delay: Replace Symantec TLS/SSL Certs Now

Google alleged Symantec had issued digital certificates without thoroughly verifying requesters. That's crucial, because holding a certificate for a website means an attacker could potentially decrypt web traffic, exposing sensitive data. Symantec had a robust TLS business. Through acquisitions of TLS businesses run by VeriSign, Thawte, Equifax and others, it held about 30 percent of the market. Part of the reason Google became so involved in the debate is that it was one of the victims of lax TLS issuance. Google charged in September 2016 that it found Symantec's Thawte division issued extended validation pre-certificates for www.google.com and google.com, an egregious and potentially dangerous error.

Quote for the day:

"If you don_t find a leader, perhaps it is because you were meant to lead." -- Glenn Beck

Daily Tech Digest - September 15, 2017

Tesla crash shows man and machine must cooperate

This complex failure, which both man and machine contributed to, sounds an important warning about autonomous-drive technology: until the systems are so good they need no human input, the human driver must remain at the center of "semi-autonomous" drive system design. Engineers must assume that if there's a way for people to misuse these systems, they will. Just as important, companies need to understand that if they over-promote a semi-autonomous drive system's capabilities in hopes of pulling ahead in the race to autonomy, they run the risk of making the technology less safe than an unassisted human driver. There's a lesson to be learned here from aviation. As computers and sensors improved in the 1980s, aircraft manufacturers began to automate more and more of the controls simply because they could.

What is Kotlin? The Java alternative explained

Kotlin has relaxed Java’s requirement that functions be class members. In Kotlin, functions may be declared at top level in a file, locally inside other functions, as a member function inside a class or object, and as an extension function. Extension functions provide the C#-like ability to extend a class with new functionality without having to inherit from the class or use any type of design pattern such as Decorator. For Groovy fans, Kotlin implements builders; in fact, Kotlin builders can be type checked. Kotlin supports delegated properties, which can be used to implement lazy properties, observable properties, vetoable properties, and mapped properties. Many asynchronous mechanisms available in other languages can be implemented as libraries using Kotlin coroutines, which are experimental in Kotlin 1.1.

Markets, GPS could be first to go in the event of global cyber conflict

Evil state-sponsored hackers do want to wreak mass havoc on the societies they deem to be the enemy. I would counter that it is probable, not just possible, that cyberattacks will shut down the power grid, erase or paralyze financial data systems (see above) or cause military equipment to malfunction in the near future. ... “It certainly is very odd that so many incidents have taken place in a relatively short period of time,” Finnish computer programmer Harri Hursti told me. Hursti said vulnerabilities in GPS technology would be the logical place to start any investigation into the U.S. Navy mishaps that have plagued the Pacific fleet this year, but pointed out that there was not enough information about the systems used to make an educated guess at what may have happened.

What is BlueBorne? Billions of phones, laptops and TVs at risk of silent Bluetooth hack

"These silent attacks are invisible to traditional security controls and procedures," said YevgenyDibrov, the chief executive of Armis, in a statement. "Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them," he added. Armis said that it first reported the vulnerabilities to Google, Microsoft and Linux in April and patches have now been released as part of vendors' regular scheduled updates. Users are recommended to urgently download all security fixes to stay safe. Ars Technica reported that the time to exploit a device was "no more than 10 seconds" and that it would theoretically work even if a device was already paired with another. A spokesperson for Microsoft claimed it first released patches for BlueBorne in July this year.

Power, Performance, and the Cloud

There are a lot of security vendors today offering cloud-enabled security tools, devices and platforms. What is lacking is a comprehensive security approach that can tie the hybrid nature of networks together into a single, holistic security strategy without compromising performance. Many of the security tools on the market continue to operate in isolation, which diminishes effective cross-platform visibility. Cloud-based tools don’t necessarily work well in more traditional, physical environments. And nearly all of them collapse in terms of performance when deep inspection is required, which is nearly all the time given the increasingly sophisticated nature of threats and the fact that more than half of all network traffic is now encrypted.

10 tips for better search queries in Apache Solr

Apache Solr is an open source search engine at heart, but it is much more than that. It is a NoSQL database with transactional support. It is a document database that offers SQL support and executes it in a distributed manner. Previously, I’ve shown you how to create and load a collection into Solr; you can load that collection now if you hadn’t done it previously. ... The original scoring mechanism that Solr used is called TF-IDF, for “term frequency versus the inverse document frequency.” It returns how frequently a term occurs in your field or document versus how frequently that term occurs overall in your collection. The problem with this algorithm is that having "Game of Thrones" occur 100 times in a 10-page document versus ten times in a 10-page document doesn't make the document 10 times more relevant. It makes it more relevant but not 10 times more relevant.

Digital Transformation Is More Outside The Enterprise Than Inside

When an enterprise starts a digital transformation initiative, the boundaries for that extend far beyond the enterprise. It goes and touches every part of the ecosystem, which we loosely call the customer, whether he is a paying customer, a prospective customer, a next generation customer or an accidental customer. With all the availability of the digital technologies, we have far more ways to engage the so-called customer. The CIO in the years gone by, whether he was a driver, implementer, endorser, his focus was handling IT systems. Today the CIO’s hands are full in keeping the lights on, and still in a cost-sensitive position, he still has to prepare for the future. ... When you start thinking about real digital transformation inside and outside the enterprise, he may not have the bandwidth and that’s where the CDO comes in.

Workplace IoT Puts Companies on Notice for Smarter Security

Given the understandable unease, employers may be tempted to take a knee-jerk approach and ban employees from using their connected devices in the workplace, similar to what they did when people started taking smartphones to work. But organizations should avoid that inclination and instead focus on providing clear instructions for how employees can safely and appropriately use their devices in a way that does not put the organization at risk. Otherwise, current and prospective employees may look for a friendlier workplace to take their devices — and their talents. Putting a sound IoT policy in place — with emphasis on separate network segments for employee-owned devices — is a far better alternative. The policy should address issues such as whether devices will be allowed to connect to the Internet and how to handle devices capable of recording sound or video.

The future is coming. Here's what it might look like

Emergent technologies are poised to radically change how we work and live. They will transform our cities and workplaces, shifting jobs and entrepreneurship in new directions, and spur new ways to manage our lives. All of society will be affected, up to and including how we interact with machines themselves. Sophisticated machines and applications that communicate online will accelerate demand for broadband internet and challenge existing information and telecommunication norms. All of this will require ongoing discussions about security, infrastructure and open-data policy and planning. We now need action. We must move past: “We know it’s coming and have to do something” to “Here is how we can implement and collaborate to make it happen.”

Is TDD a Form of OCD?

The current fanatical TDD experience leads to a primary focus on unit tests (...) I don't think that's healthy. Test-first units leads to an overly complex web of intermediary objects and indirection (...) It's given birth to some truly horrendous monstrosities of architecture. A dense jungle of service objects, command patterns, and worse. It is easy to see that most organizations are shifting away from TDD as a testing paradigm and towards Behavioural Driven Development (BDD). Atlassian’s Heather Krebsbach writes unequivocally in 2016: This test-first approach became increasingly popular and was coined as test driven development (TDD), but businesses quickly realized it didn’t give them the visibility and coverage they needed for the most important business cases in their systems. So, a variant of TDD was born called behavior driven development (BDD),

Quote for the day:

"The useless men are those who never change with the years." -- J.M. Barrie,

Daily Tech Digest - September 14, 2017

Delivering Genuine Emails in an Ocean of Spam

Deliverability is the industry term for an email’s ability to reach a given in-box. If an organization sends high-quality emails that maintain a sizeable forensic distance between themselves and the hordes of spam, more of them will pass the filtering inspections and end up in the customer’s in-box. If more emails end up in more customers’ in-boxes, then more are opened and clicked on (engaged with, in marketing speak). But this isn’t just a desirable outcome for marketing-oriented emails. If you need to deliver an alert or a confirmation email to users, it’s imperative that it lands in their in-box. For example, suppose you’re trying to send information on medications that are vital to your customers’ health. Huge amounts of spam continually try to sell various dubious medicines to the public, and automated spam filters have become sensitive to them.

AbsurdIT: the old data centre computing model is broken

Companies that dispensed with older approaches and embraced client/server and new technologies more generally aren’t any better off as the spaghetti cranked out by generations of systems from various vendors has led to issues of space, heat, complexity and high energy consumption. Little wonder that there is a thriving boutique business in designing and refurbishing data centres. Some even repurpose spaces from cowsheds, aeroplane factories and caves to churches, military bunkers and salt mines. Attempts to cool facilities have led to a boom in firms selling liquid cooling, fans, heat sinks, air- and glycol-cooled chillers and other devices. And here’s the rub: cooling sucks up about as much electricity as the machines they are taking the heat off. We all know why we have this absurdity (or absurdIT, if you will). Change is tough and, in the case of the data centre, often requires comprehensive auditing

Unwanted By Oracle, Java EE Gets Adopted By Eclipse

Oracle cited Eclipse’s experience in Java EE and related technologies as why it is transferring Java EE to Eclipse. “This will help us transition Java EE rapidly, create community-friendly processes for evolving the platform, and leverage complementary projects such as MicroProfile,” said Oracle softwareevangelist David Delabassee. (MicroProfile arose as a Red Hat- and IBM-driven effort to fit Java EE with microservices capabilities last year after part of the Java community feared that Oracle was neglecting the platform. MicroProfile has since moved over to Eclipse.) "Moving Java EE to open governance and collaboration is going to be a process, not an event,” said Eclipse Executive Director Mike Milinkovich. "Our early discussions with Oracle, IBM, and Red Hat have shown that there is a lot of support for this among their leadership teams.”

7 Tips to Fight Gmail Phishing Attacks

"We have definitely seen a rise in sophistication of phishing attacks over the past few years and a shift toward 'quality' over 'quantity,'" says Amy Baker, vice president of marketing at Wombat Security. Broad-based attacks are still happening, but spearphishing and BEC are on the rise. "Cybercriminals are increasingly using social media channels to mine for data and lay the groundwork for high-value attacks," Baker continues. "In these situations, we see multi-faceted approaches that incorporate social engineering techniques outside of email that ultimately make an email communication more believable." Hackers want to take advantage of users' familiarity with Gmail, and other products from high-visibility organizations like Amazon and Facebook.

Why Redis beats Memcached for caching

You’ll almost always want to use Redis because of its data structures. With Redis as a cache, you gain a lot of power (such as the ability to fine-tune cache contents and durability) and greater efficiency overall. Once you use the data structures, the efficiency boost becomes tremendous for specific application scenarios. Redis’ superiority is evident in almost every aspect of cache management. Caches employ a mechanism called data eviction to make room for new data by deleting old data from memory. Memcached’s data eviction mechanism employs a Least Recently Used algorithm and somewhat arbitrarily evicts data that’s similar in size to the new data. Redis, by contrast, allows for fine-grained control over eviction, letting you choose from six different eviction policies. Redis also employs more sophisticated approaches to memory management and eviction candidate selection.

UK companies are still struggling to comply with latest data protection regulations

Companies in the UK mostly store in the public cloud product information (47 percent), information about clients (40 percent), and information about employees (39 percent), and avoid storing off-premise what they perceive to be more sensitive data, such as research into new products ... “The risk of being GDPR non-compliant means not only negative publicity and damage to the companies’ reputation as it has been until now, but also penalties that can total up to 4% of a company’s global annual revenue,” Bitdefender’s Senior eThreat Analyst Bogdan Botezatu says. “With 2017 having already set new records in terms of magnitude of cyberattacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields.”

House passes bill paving the way for driverless cars

The “Self Drive Act” was unanimously approved by the House Energy and Commerce Committee in July, before Congress left for August recess, and passed the full House on a voice vote. “Self-driving cars hold the promise of making America’s roads safer, creating new economic opportunities, and helping seniors and those with disabilities live more independently," Commerce Chairman Greg Walden (R-Ore.) and Rep. Bob Latta (R-Ohio) said in a joint statement. “This bipartisan bill paves the way for advanced collision avoidance systems and self-driving cars nationwide, and ensures that America stays a global leader in innovation.” The bill would pre-empt states from implementing certain laws governing the new technology. It would also allow car manufacturers to deploy up to 100,000 self-driving cars a year that don’t meet normal safety standards.

Beware: Your Latest Cybersecurity Threat Could Be the One You Just Hired

Many employees are now familiar with the phenomenon. Spear phishing is specific kind of phishing attack where the phishers pose as trustworthy individuals. The attackers use email spoofing to mask unfamiliar email addresses with those of a coworker or manager to get an employee to divulge important information, make a money transfer, or open an attachment with a piece of malware. This type of scam is becoming increasingly prevalent. It is estimated that over 400 businesses are targeted by business email compromise (BEC) scams every day, with small- and medium-sized businesses the most targeted. Estimates from the FBI place the value of money lost to BEC scams over the past three years at $3 billion, with more than 22,000 businesses falling victim worldwide.

What You Need To Know About Law Firm Cybersecurity

As entities, law firm systems contain highly-sensitive financial data, corporate strategies, trade secrets, business transaction information and plenty of both PIIA and PHI. Unfortunately, many firms lack a complete, effective, privacy and security program. According to an ALM Legal Intelligence study, 22% of law firms did not have an organized plan in place to prepare for or respond to a data breach. Only 50% of law firms included in the study have cyber security teams in place to handle and implement the types of complex programs and initiatives necessary to deal with a data breach. And, unsurprisingly, hackers have noticed these vulnerabilities. In February of 2016, Russian cybercriminal, under the name of “Oleras,” targeted law firms; in March, the Wall Street Journal reported that the nation’s biggest firms have been hacked

Break down silos to manage your cyber risks

A lot of has changed very quickly in the cybersecurity realm in recent years. Where previously it was largely a support function, today cybersecurity is front and centre for any organisation that relies on technology. “Increasingly, it is the very fabric of the digital business itself,” said Mr Gerry Chng, partner and cybersecurity leader at professional services firm EY. “As a result, you need to have the whole business come together and it is really the board and the management that need to be overall responsible and accountable for cybersecurity and bring the right resources into it,” Mr Chng added. Experts say while it is tempting to assume that cybersecurity is a big organisation issue that does not affect smaller companies as significantly, this would be the wrong mindset.

Quote for the day:

"The most common way people give up their power is by thinking they don't have any." -- Alice Walker

Daily Tech Digest - September 13, 2017

Strategic thinking in the age of digital transformation

“Most board members are 60-plus, which means that many don’t have first-hand experience of technology,” Clayton explains. “On the other hand, those IT and digital specialists who do are young, in their late-20s or 30s, and may not have enough experience to be an effective NED.” She adds: “We need to find a balance and it’s tricky to get this right. You only have to look at British Airways and its IT crisis to see how essential it is that boards do have the right expertise and knowledge base. ” It’s an issue that affects all organisations with a big customer base and data, not just corporate boards. Clayton adds: “Charities are also highly vulnerable to IT issues. Imagine if Oxfam’s donor list were hacked?” And the problem will get worse as technology speeds up.

Nearly 400 million PCs at risk from new attack method that could hide any malware

"Bashware does not leverage any logic or implementation flaws in WSL's design. In fact, WSL seems to be well-designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system," Check Point researchers said. Hackers using Bashware also don't require to write malware programs for Linux to run them via WSL on Windows. Instead, Bashware installs a program called Wine, which in turn launches and hides known Windows malware. In order for hackers to use Bashware, they need to already be in possession of the victim's PC admin privileges.

DNSSEC key signing key rollover: Are you ready?

DNSSEC works as a hierarchy with different bodies responsible for each layer and signing the key of the entities in the layer below. The key signing key is a cryptographic public-private key pair, and the root zone KSK secures the topmost layer of the hierarchy, the starting point for DNSSEC validation. There is nothing wrong with the key—it hasn’t been stolen or tampered with—but it is good security practice to periodically rotate the signing key so that even if it falls into the wrong hands, everyone is already using the newer, stronger key. There is no reason to wait for something bad to happen—for the key to be cracked, for example—before updating to a newer, stronger, key. “Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate,” the United States Computer Emergency Response Team (US-CERT) wrote in a recent advisory.

How to Upgrade Judges with Machine Learning

Kleinberg suggests that algorithms could be deployed to help judges without major disruption to the way they currently work in the form of a warning system that flags decisions highly likely to be wrong. Analysis of judges’ performance suggested they have a tendency to occasionally release people who are very likely to fail to show in court, or to commit crime while awaiting trial. An algorithm could catch many of those cases, says Kleinberg. Richard Berk, a professor of criminology at the University of Pennsylvania, describes the study as “very good work,” and an example of a recent acceleration of interest in applying machine learning to improve criminal justice decisions. The idea has been explored for 20 years, but machine learning has become more powerful, and data to train it more available.

The best laptops of 2017: Ultrabooks, budget PCs, 2-in-1s, and more

Choosing the best laptop is about to get a lot harder. Fall is coming—and so are a slew of new laptops. In fact, if you’re hunting for a new ultraportable, we recommend holding off on any purchases for the time being. Intel recently announced four 8th-generation Core i5 and Core i7 mobile processors that could result in a dramatic leap in performance in thin-and-light convertibles, 2-in-1s, hybrids, and traditional laptops. Reveals of notebooks with these chips have begun, with likely more to follow. If you must buy now, though, we’ve got you covered with our current top laptop picks. And if you’re instead in the market for a gaming laptop or even a budget laptop, you’re in luck: Recent reviews include the Gigabyte Aero 15, Asus ROG Zephyrus GX501, and the Acer Aspire E 15.

In the boardroom: mobility in a connected world

I certainly think it is a critical part of virtually every boardroom conversation out there – to have an effective understanding of how that individual company or identity is going to participate in the realm of IoT. Certainly this next era is IoT. Depending on whose numbers you want to believe, there is somewhere between 20 and 50 billion devices that will be hanging off the internet by 2020. Whether we like it or not, it’s coming to us and our devices more directly, through any kind of product manufacturer or government agency, or any other business models. First and foremost we’ve got to provide our customers and end-consumers with an experience that will differentiate us, where utilising our assets will lead to increased demand and loyalty.

Rapid7 CEO: Rethink IT & Security Organizational Structures

Companies are under constant pressure to innovate in today’s fast-paced business environment. That might mean creating a better product, improving efficiency, or creating a better customer experience. Unfortunately, the security function tends to be separate from the innovation process or, worse, after the innovation has created a new vulnerability. That problem will persist unless companies rethink their organizational structures around IT and security. That’s the message that Rapid7 CEO Corey Thomas is delivering in his keynote today at the company’s United 2017 event in Boston. He believes that IT and security teams can work together effectively to innovate, create a better user experience, and adopt new technology without increasing the vulnerability surface.

British Army enhances data-driven decision making to staunch churn

“The model has proven instrumental in helping staff officers identify the conditions that could lead to the early exit of valuable personnel, allowing them to take pre-emptive action to encourage the soldier to stay.” Since initial deployment, adoption of its platform has, the supplier said, expanded to 700 users in the army today. “While primarily used by planners and policy makers, SAS also sees significant use by logistics, education and investment teams as well as for sentiment analysis of the workforce,” it said. The army is using SAS Visual Analytics and now using SAS Operations Research to help it optimise processes and personnel deployment. It has also recently approved a proof of concept for SAS Text Analytics, which it hopes will allow it to use open source data and more efficiently process freedom of information requests and paperwork.

The Time Is Now for Digital Transformation

You do not want to look back and discover you should have started earlier. You may be creating a crisis which you have not yet discovered. A great quote from Stanford economist Paul Romer is, "A crisis is a terrible thing to waste." Unfortunately, a crisis may be the only way you can convince your organization to rapidly embrace digital transformation. Digital transformation is a change in business and a change in mind set. Think of it as a business turnaround. It doesn't matter whether you are a non-profit, government, business, or any other type of organization. Digital transformation will require imagination. How you did business in the past will not be the best way to do business in the future. The traditional IT organization with projects that may last months or years is inadequate for digital transformation success.

BlueBorne is Bluetooth's Stagefright moment

BlueBorne takes advantage of the fact that Bluetooth-enabled devices are always listening for other devices they can connect to. While devices typically have to be manually paired to form that initial wireless connection, once paired those devices reconnect automatically whenever they are near each other. BlueBorne exploits the vulnerabilities in a way that it can establish the Bluetooth connection with devices nearby without having to go through the pairing process. Unless someone happens to be looking at the list of Bluetooth devices, it’s unlikely these connections will ever be discovered. “BlueBorne is different from past Bluetooth-based exploits, which relied on weaknesses in the protocol that no longer exist, or authentication-based issues related to idiotic PIN codes,” said Nadir Izrael, CTO and co-founder of Armis. “It [BlueBorne] requires nothing from the user.”

Quote for the day:

"Facts do not cease to exist because they are ignored." -- Aldous Huxley

Daily Tech Digest - September 12, 2017

Automation, robotics, and the factory of the future

Advances in computing power, software-development techniques, and networking technologies have made assembling, installing, and maintaining robots faster and less costly than before. For example, while sensors and actuators once had to be individually connected to robot controllers with dedicated wiring through terminal racks, connectors, and junction boxes, they now use plug-and-play technologies in which components can be connected using simpler network wiring. The components will identify themselves automatically to the control system, greatly reducing setup time. These sensors and actuators can also monitor themselves and report their status to the control system, to aid process control and collect data for maintenance, and for continuous improvement and troubleshooting purposes.

The next big thing in hard disks may be glass

Hard disk makers are in a big of a struggle for survival. As SSDs grow in capacity and shrink in price, hard disk makers are losing business on the low end. Only the cheapest of laptops don’t have a SSD standard any more. And with affordable 1TB SSDs on the market, it’s a good choice for most desktops, as well. ... Forget 3TB or 6TB hard disks, we now have 12TB and 14TB drives coming to market. These are done by cramming a lot of disk platters in the drive case and using helium inside the drive to reduce friction. Even there, drive makers are reaching the limits of physics. But a Japanese firm, Hoya Corp., thinks it has the solution. The company told Nikkei Technology it believes glass substrates, already used in 2.5-inch notebook drives, can be designed for 3.5-inch desktop and server disks.

Hybrid Cloud – is it really the future of enterprise IT?

It’s clear to see that the appetite for agility and flexibility in the enterprise IT arena is increasing dramatically. Just like virtualisation revolutionised the traditional data centre over a decade ago, cloud-based technology is driving a dramatic shift in how enterprise organisations design, deploy and manage IT services today. IT professionals now expect the on-demand, robust and consistent characteristics of cloud-based platforms to exist across the entire IT estate they carefully manage and the services they consume. End-users and consumers expect fast, reliable and accessible services without any real appreciation for the technical complexities involved in delivering new applications that meet these demands. Business leaders want to see increased productivity, greater security and a better return on investments as a result of adopting new, modern cloud-based technologies.

10 Tips For Getting Started With Machine Learning

AI adoption outside of the tech sector is mostly at an early, experimental stage, with few firms deploying it at scale, McKinsey reports. Companies that have not yet adopted AI technology at scale or as a core part of their business are unsure of the returns they can expect on such investments, according to McKinsey. But Olley, whose ML efforts at Elsevier have helped pharmaceutical clients discover drugs and deliver relevant medical information to clinicians, said use cases for ML abound in talent management, sales and marketing, customer support, and other areas. ... In fact, it may make sense to embed data science and machine learning into every department, including sales, marketing, HR and finance. Olley suggested CIOs try something that works for him at Elsevier, where he pairs data scientists with software engineers or oncology specialists

Number of women in executive roles could surpass men by 2037

The number of women in executive leadership roles, STEM fields, and small business ownership roles could match or exceed that of men within the next 20 years, according to the the 2017 Bank of America Women Business Owner Spotlight survey. The report, which surveyed 1,022 small business owners (375 women) on the aspirations and concerns of women business owners, found that a majority of the respondents believed women would at least match men in the number of these roles filled. A majority of the respondents also believed that women would reach pay equity with men within that time frame as well. Of the women surveyed, 80% believed there will be equal or greater representation in STEM fields, 68% believed there will be equal or greater representation in the C-suite, 61% believe women's wages will be equal to or greater than men's

How Android One could complete Google's grand Android plan

Unlike on the high-end of the spectrum, where every detail counts and a finely tuned holistic experience is part of the package, letting third-party phone-makers retain some amount of branding and control of these lower-cost devices is a compromise Google can afford to make. After all, Google may not want to invest the resources in developing its own devices at every level of the Android price spectrum. Creating a comprehensive line of products would be costly, for one, and it'd risk alienating and irritating third-party manufacturers even more than it (probably) already has. For now, at least, this could be a clever way to accomplish a good-enough-for-the-affordable-realm goal while getting just involved enough to maintain critical core standards.

Top 5 elements of cybersecurity risk management

Cybersecurity has evolved to become one of the greatest threats to global organisations and the individual alike in the last few years alone. This transition has left behind the world of simple software that applies locks, doors, moats, drawbridges, turrets and shields to a business, and now risk management is key. Attacks and the hackers behind them have become more formidable, capitalising on unsecured IoT devices to launch grievous enterprise-scale attacks such as the notorious Mirai Botnet. While the severity and sophistication of attacks has increased, some of the most damaging attacks are still simplistic, but the volume of attacks has exploded. This never before seen volume is leaving IT to face a bombardment that cannot be controlled, meaning that attacks are bound to end up inside the network, or they already are.

Build a cloud-based infrastructure one layer at a time

Cloud-based infrastructure is like a multilayer cake, with each component providing a foundation for the next. To get a grasp on the entire stack, IT teams must delve into the individual technology layers involved, starting from the bottom -- the data center -- and moving up to the cloud applications and services that users access. In this series, you'll learn how to prepare for a shift to cloud-based infrastructure, including private, public and hybrid clouds. You'll learn about prepping a server fleet for a private cloud implementation, how to evolve storage and networking architectures for private and public cloud, and how to make application development and infrastructure management processes cloud-ready. We also offer insights on how cloud bridges a gap between old and new with mobile computing, enabling employees to be productive from any location on any device.

In-House or Cloud? Where is More Secure?

Without the right security strategy and best in class technology, both approaches can be unsecure. Thus, the real question to ask yourself is whether you feel comfortable with the security of your systems? Data loss protection, data encryption, access control, anti-malware and DDoS protection are just a few of the areas you need to address. Secure data processing requires highly trained and experienced engineers, investment in security infrastructure and appropriate security governance. With that in mind, can you say that you are truly at ease with the effectiveness of your security? Today, the real question is not whether we should outsource IT infrastructure, but when we will be ready to do so.

The Sun sets on Solaris and Sparc

This isn’t exactly a shocking development. Back in January, Oracle laid off 1,800 workers, a tiny number relative to its size, but it included 450 workers from the company's hardware group and reportedly half of the Solaris division. Layoffs have a habit of coming in waves, and last Friday’s was the second wave. Also in January, Oracle changed the release road map for Solaris. Instead of Solaris 12, it switched to "Solaris 11.next," a rolling release that would be pretty much security fixes but no new features or advances in the OS. The same thing happened with the Sparc line, with Sparc next replacing planned chip upgrades and featuring less ambitious improvements to the line. Sparc and Solaris won’t disappear overnight, and Oracle has promised to support both until 2034. But the two will likely be long gone by then.

Quote for the day:

"You must expect great things of yourself before you can do them." -- Michael Jordan

Daily Tech Digest - September 11, 2017

Functional Risks: Adapt or Die

The security function within an organization is one of the most misunderstood parts of an organization and I tip my hat those that recognize the benefits of a finely tuned security function. For those in a security function, the following is not something new, but rather an affirmation that a competent, proactive security leader(s) can wear many hats in an organization in support of their objective of preventing threats to organizational assets, and moreover responding to events with the goal of minimizing the recovery time and impacts to the organizations brand and image. Beyond the multi-disciplinary responsibilities that a security leader has, they will be the person that everyone in the organization will seek guidance and direction from during a crisis.

More artificial intelligence, fewer screens: the future of computing unfolds

In the survey, 79% of executives agree that AI will help accelerate technology adoption throughout their organizations. ... The Accenture authors cite a prime example of where AI is making its first inroads into enterprise UI and UX: voice-activated systems. "Advances in natural language processing and machine learning make technology more intuitive to use, like telling virtual assistants to schedule a meeting instead of accessing scheduling software to find a time, create an event,and type the details," they state. "AI already plays a variety of roles throughout the user experience. At the simplest level, it curates content for people, like the mobile app Spotify suggesting new music based on previous listening choices. In a more significant role, AI applies machine learning to guide actions toward the best outcome."

Evolving Threat from Botnets, IoT Zombies

Today there are vibrant online marketplaces where just about anyone—even those with very limited technical knowhow—can buy tools to execute an attack. Cryptographic currencies enable untraceable digital payments, while old-fashioned economics is driving the growth of these marketplaces. Demand for services now outpaces supply, and DDoS-as-a-Service providers can bring in more than $100,000 annually. Purchasing an attack can be surprisingly inexpensive. On the Clearnet, for as little as $19.99 a month, an attacker can run 20-minute bursts for 30 days utilizing a number of attack vectors like DNS, SNMP, SYN and slow GET/POST application-layer DoS attacks. All an attacker has to do is create an account, select a plan, pay in Bitcoin and access the attack hub to target the victim by port, time and method.

A damaging spring of internet worms and poor performance

In what threatens to become an unpleasant trend, uninsured disruptions and other business fallout from these attacks are increasingly cited as key factors in disappointing earnings reports. Cybersecurity is becoming a ratings boon for CNBC and other media outlets that report on stock markets and financials. More than a few security professionals are feeling the heat, however, as the industry is forced to take a closer look at the up-leveling of age-old deployment methods, like spear-phishing emails and internet worms, which don't require human interaction to spread. What else could go wrong? Plenty. With HTTPS deployments on the rise, researchers from top universities and technology companies like Google have joined forces to document growing concerns about the risks associated with traditional man-in-the-middle defenses using Transport Layer Security (TLS) interception.

Disinformation as a service? DaaS not good!

The computer-enhanced disinformation campaigns launched by Russia and others are fairly crude, and the effort to cover their tracks limited. The future of disinformation is likely to be much more sophisticated and harder to defend against. Disinformation is rapidly going multimedia, for example. Advances in A.I. and CGI will enable convincing audio and video that can make it appear that anyone is saying or doing anything. University of Washington researchers used A.I. to create a fake videoshowing former president Barack Obama saying things he never actually said. And Stanford researchers developed something they call Face2Face, which creates real-time faked video, so basically anybody can be shown to say anything in a live video chat. These techniques aren't perfect. But given time and better technology, they will be.

Why Microsoft will drive serious Linux innovation

Even so, given just how dependent Microsoft increasingly is on Linux, it’s time for the company to not just innovate around the edges of the Linux ecosystem but to start contributing directly to the Linux kernel, commensurate with the value it derives therefrom. Ten years ago, Microsoft couldn’t do this without suspicion. Today, this is what we expect of Microsoft. Microsoft seems to understand this ... Without fanfare, Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and Stephen Hemminger. Hemminger’s hire is particularly interesting not only because he’s considered one of the big-time kernel developers, but also because it was he back in 2009 who called out Microsoft for violating the GPL in its Hyper-V code.

Researcher publicly discloses 10 zero-day flaws in D-Link 850L routers

Peeved about previous vulnerability disclosures experiences with D-Link, a security researcher has publicly disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers. Security researcher Pierre Kim opted to publicly disclose the vulnerabilities this time, citing a “very badly coordinated” disclosure with D-Link in February; that time around he had reported nine vulnerabilities, but he said it took D-Link five months to release new firmware which ended up patching only one the flaws he found. Overall, Kim thinks D-Link 850L routers are “badly designed” as “basically, everything was pwned, from the LAN to the WAN. Even the custom MyDLink cloud protocol was abused.”

How Network Automation Can Speed Deployments And Improve Security

Traditionally, network provisioning and configuration management are manual, error-prone processes. Network virtualization enables the creation of networks in software, abstracted from the underlying physical hardware. IT can provision networks quickly, with network and security services attached to workloads using a policy-driven approach. Automation takes things to the next level; network functions, including managing bandwidth, load balancing, and performing root cause analysis, are provisioned automatically based on predefined policies. To eliminate the network bottleneck at the University of New Mexico, it deployed VMware’s NSX network virtualization platform and vRealize Automation cloud automation software.

Modernization boosts cybersecurity anxieties, survey says

The chaotic nature of IT transformation may also be a factor, as agencies attempt to simultaneously operate in two worlds: the old IT environment and the new. Tony Sager, senior vice president at the Center for Internet Security, said it's already challenging for federal IT leaders to meet the regulatory reporting requirements of the status quo without the "trauma" that comes from most large scale IT transformations. "Where I see people stressed is if they see old requirements they're stuck dealing with while trying to change the IT infrastructure at the same time," said Sager. Of those who said their security issues have increased, more than half (53 percent) cited their IT staff's difficulties supporting and completing the transition from old technologies to new. Increased compliance reporting was the second-most frequently cited reason

How to detect preinstalled malware in custom servers

Super Micro designs and assembles server components, such as network cards, storage interfaces and CPUs. For the Super Micro operating system to run on modern systems, it interfaces with the BIOS and firmware and, many times, the BIOS and firmware include significant functionality. These tools could be from an additional third-party contracted by the manufacturer. The BIOS and firmware may need to be updated, and can still be compromised. Despite being custom servers, many of the server's components are similar to that of mass market servers, and Super Micro uses similar firmware and drivers to keep costs low. As more third parties get involved, the server attack surface grows larger, and responsibility for hardware security of the finished product gets less clear.

Quote for the day:

"Life is too short to waste time waiting for other people's approval on how you live it." -- Steve Maraboli

Daily Tech Digest - September 10, 2017

Why You Need a (Big) Data Management Platform for Your Digital Transformation

The organizations and businesses of today must think far beyond the traditional confines of an enterprise and need to consider the entire ecosystem to ensure that they are making the right decisions which can help with survival. It is now essential for organizations and businesses to take several factors into consideration, the most prominent of which are the customers, suppliers, competitors, and consortiums which the organization or business might be a part of. Fortunately for many, a digital transformation makes all of that—and much more!—possible. The importance for organizations and businesses of evaluating and analyzing data streams in the world today cannot be emphasized enough.

How can creative industries benefit from blockchain?

In the creative economy, blockchain can redefine how artists are remunerated by acting as a platform for creators of intellectual property to receive value for their work. A common complaint lodged by artists is that, as performance-rights organizations and new intermediaries such as YouTube and Spotify increasingly insert themselves into the value chain between artists and their audiences, artists receive smaller cuts of revenue and have less say over how their creative works are priced, shared or advertised. For example, on Spotify it would take between 120 to 170 streams for rights holders to receive their first penny. “Today, when anyone wants to pay for the right to play a song at a concert or the right to play a song in a movie, this causes quite a lot of transaction friction and takes time,” says Wences Casares, CEO of Xapo, one of the largest custodians of Bitcoin.

How Quantum Computers Will Revolutionize AI, Machine Learning And Big Data

Once one of these industry leaders succeed at producing a commercially viable quantum computer, it’s quite possible that these quantum computers will be able to complete calculations within seconds that would take today’s computers thousands of years to calculate. ... That will be critical if we are going to be able to process the monumental amount of data we generate and solve very complex problems. The key to success is to translate our real-world problems into quantum language. The complexity and size of our data sets are growing faster than our computing resources and therefore place considerable strain on our computing fabric. While today’s computers struggle or are unable to solve some problems, these same problems are expected to be solved in seconds through the power of quantum computing.

How to Keep Your Company’s Information Organized

While plenty of businesses start out with a relatively well-organized information system, it's essential that the company's organization protocol continually adapts and evolves. Businesses need to make a point to ensure that their system of organization is constantly reviewed and improved to compensate for the biggest areas of weakness. All of the policies that a company puts in the place in order to educate employees about proper information organizations should be expanded and systematically sharpened on a regular basis for maximum efficiency. The more committed that your company is to constantly improving its organization efforts, the safer its information will ultimately be. By making sure to establish the most stable control points for information monitoring, your company is always in the best position to counteract any potential security breaches.

How Blockchain Revolutionizes Supply Chain Management

Blockchains make it possible for ecosystems of business partners to share and agree upon key pieces of information. But they can do it without having to appoint an intermediary and deal with all the complex negotiations and power plays that come with setting the rules before handing over really critical business information. Instead of having a central intermediary, blockchains synchronize all data and transactions across the network, and each participant verifies the work and calculations of others. This enormous amount of redundancy and crosschecking is why financial solutions like bitcoin are so secure and reliable, even as they synchronize hundreds of thousands of transactions across thousands of network nodes every week.

Seven aftershocks of the Equifax breach: What bankers need to know

"This is about fraudsters being able to go out and open a brand new account in your name, and potentially selling Social Security numbers," Clements said. "The thing that wakes people up, at least wakes me up, is that it's a lot of numbers and the nature of the information means the type of damage that could be done is a lot more serious than just taking over a credit card." Equifax said that it hasn't seen any unusual activity among any of the 143 million victims. To Clements, this is cold comfort. "This stuff takes time," he said. "If names and Social Security numbers and dates of birth are out there, they will be used at some point. No one should take reassurance that a few weeks in, they don't detect a high level of activity." When he worked at Citi, "you'd see, months later, stolen information turning into new accounts or fraudulent activity. There's a long shelf life here."

A Small Oversight by Equifax In the Middle of a Massive Data Breach

So, what was this oversight? Well, it is highly likely that the folks managing the rollout of the website https://www.equifaxsecurity2017.com/ forgot to consider that scammers would very quickly look to register very similar domain names to spoof their victims. Luckily, they caught this error quickly and appear to have taken corrective action. Here are the facts behind this assertion. The domain name of their primary site was registered on August 22nd, 2017 at around 22:07 UTC. This domain was registered through MarkMonitor, Inc. and points Cloudflare name servers. All standard stuff. However, when I was doing my research I ran a quick lookup using the tool URLCrazy. This tool processed 251 different versions of the original domain name and I started to see some interesting results.

Cryptographic vulnerabilities in IOTA

Though the technology is exciting, the due diligence required to make sound investments in the technology isn’t keeping up with the pace of the hype. Aside from the financial risk, I don’t think developers and investors are thoroughly evaluating these systems technically, either. Many investors are relying on signaling — if enough well-known institutions like universities or large companies sign on as investors or advisors, it indicates approval of the project and its software. The problem is that some of these technologies have serious issues, and the large companies and well-known individuals either aren’t doing due diligence and investing the resources and time needed to evaluate the projects with which they are partnering, or aren’t sharing their findings with everyone else. The cryptocurrency space still doesn’t have a good way to assess these projects.

How big data can build better customer relationships

By utilizing big data for business intelligence and customer insights, an element of ‘dangerous guesswork’ is eliminated. Instead of hunches, benchmarked metrics help corroborate findings and guide marketing decision-making and idea formulation. Landing pages, launch ideas, social media campaigns — all these can be sent out en-masse, with the incoming data analyzed for effectiveness and ROI. At the same time, real-time data also compels businesses to be able to change their minds and pull back from campaigns quickly if initial feedback is negative. From a customer experience point of view, data is all about joining up the dots between a business’s disparate channels and services. With evidence-based segmentation and reporting in place, adjustments further down the line can justified and implemented easily, providing a more fluid and user-driven customer experience.

Understanding your network of continuous delivery tools

The Continuous Delivery Map is designed to help you make sense of all the different tools available, providing you with a simple visual guide of where they sit in the overall Devops landscape. Each line represents a different technology category and includes products that are available within that category. We’ve based the map on a simple metro system, akin to the London Underground, with each line representing a specific catgory. You can click on any ‘stop’ and learn more about the tool, in what context it can be used and its capabilities. It also offers insight into where the different tools can integrate with one another. The map also highlights the fact that, as with a distribution network, a central hub exists, from which the various tools can be orchestrated – much like an assembly line. This hub enables processes which have been planned, structured and defined to be repeated.

Quote for the day:

"It is the framework which changes with each new technology and not just the picture within the frame." -- Marshall McLuhan