March 06, 2016

Why President Obama’s cyber security plan is one (big) piece of the puzzle

Cyber security is a complicated latticework of disparate yet interconnected elements: public and private entities, domestic and foreign agencies and overlapping legal frameworks. Take the Judicial Redress Act, which President Obama signed into law on February 24. In addition to providing limited access to US courts for citizens of certain countries – court access would be conditioned on covered countries permitting the transfer of personal data – the Judicial Redress Act has other international implications, specifically in the context of US-EU negotiations. The finalisation of the Judicial Redress Act was considered by the European Union as a prerequisite to an umbrella agreement, initialed by US and EU officials last September


Can you take the Internet out of the Internet of Things?

Does it really make sense for every device to have a Wi-Fi chip in either itself or in a gateway, or should all devices route through some always-connected gateway? Based on the growing number of “standards,” varying power, range and data rate requirements, it’s evident there is likely not going to be any sort of IoT topological convergence. This is because, in some cases, a device simply needs to report its proximity to a phone (think beacons), or because a device operating in a challenging RF environment struggles with higher frequency radios used by Thread or Zigbee and are not the ideal technical selection. In many cases, a gateway and a variety of sensors makes total sense.


Exploring Banking as a Platform (BaaP) Model

Network effects impact us all on a daily basis, via social networks and other marketplaces. These same social networks and marketplaces, after having gotten us used to interacting with one another in a different way, are now encroaching on financial services, with payments and lending initially being their target. Smartphones, broadband internet, the 24/7 availability of commerce and data, and social networks have made us organize ourselves very differently than in the past. The Millennial generation, weaned on this new paradigm, now have completely different expectations than their parents or grand parents of communication and commerce. There are other reasons why financial services industry incumbents need to shift to a platform strategy.


Meet tech's new odd couple: the CIO and CMO

While both sides recognize the need for alignment and a joint strategic plan, there remains a disconnect in how each party views its contribution, according to a November 2014 Forrester report on CMO-CIO collaboration. For example, the research, spearheaded by Pattek, found that while about 70 percent of the executives in both groups believe their strategic planning process emphasizes enhancing customer acquisition, retention and loyalty, only 61 percent of marketers think the CIO is actively engaged in that process. In contrast, 76 percent of the IT leaders said the CIO plays an active role. In addition, 70 percent of marketers and 66 percent of tech management executives said they agree that marketing technology plans will gain more support and funding if they're developed jointly by the CMO and CIO.


No, your Raspberry Pi 3 won't overheat in everyday use, says its creator

While a typical workload for the Pi might see the demand on the CPU spike momentarily, in the vast majority of use cases these periods of high CPU utilisation will not be sustained for long periods, he said. "In most use cases you see a very spiky performance profile. So what you're looking at is 'Can I run very fast for a second?' or 'Can I run very fast in bunches of 50ms?'." And while putting a case on the board will increase the temperature, again for the typical user it will not drive the board to become hot enough to throttle its speed - he said. Upton explains the throttling behavior as being a consequence of making the Pi's hardware more powerful.


The Amazing Ways Big Data Is Used In China

The Chinese financial industry is quickly adapting into a Big Data-driven model, too. In 2013 a number of legislation changes regarding use of customer data quickly led to an explosion in the use of Big Data analytics by banks, investment funds and insurance companies. In 2012 it was estimated that the entirety of the heavily regulated Chinese banking industry held around 100 terabytes (100,000 gigabytes) of customer data. By March 2014, just one of China’s “Big Four” banks, the state owned Industrial and Commercial Bank of China, was said to have amassed 4.9 petabytes (4,900 terabytes, or 4,900,000 gigabytes) of mostly unstructured data. Just as it is in the west, this data is mostly used for marketing of retail banking products.


Artificial intelligence brings its brains and money to London

Both DeepMind and its successors involve “deep reinforcement learning” – giving computers the tools to draw conclusions based on large amounts of data, in the way that humans make assumptions based on experience. The potential applications are vast, from helping doctors diagnose patients to spotting faults in infrastructure such as transport networks – and other uses that even its inventors are yet to conceive of. But measuring progress in AI is not easy. The layperson usually cites the Turing test, developed by Bletchley Park codebreaker Alan Turing in 1950. It focuses on whether a computer can convince a human in a blind test that they are talking to another human. But that test, says Shanahan, is more about “tricking” people through mimicry than developing AI genuinely capable of learning.


Getting the greatest value from your cyber security budget at the end of the financial year

As the financial year creeps inexorably towards its close, you’re probably thinking about the best way of wringing every last drop of value from your budget. If you’re concerned about information security and how it affects your business, why not make the most of your available resources by implementing a best-practice information security management system (ISMS), based on the international standard ISO 27001? ... The good news is that it’s very likely you already have many of ISO 27001’s controls in place, so bringing your current practices into line with the Standard could well be within your grasp. The best way to determine how much work you need to carry out is to conduct a gap analysis.


What Keyboards Do Programmers Prefer?

As developers, we all have preferences in the tools we use for work: a powerful machine, one (or two) large screens, having the freedom to choose our OS, our IDE, etc.... Yet in most companies, we rarely pay the the same level of attention to keyboards. The one that comes with your computer (PC or Mac, desktop or laptop) is often the default choice and we almost never challenge its quality and usability, even though a keyboard is one of the most basic tools of our job, allowing us to perform most of our everyday tasks. So why neglect the quality (and the look!) of a tool that we use eight hours a day? This article is an overview of all the different choices made by the developers team behind the insurance comparison site LesFurets.com. And you'll see how every one of them has an approach of its own.


Strategy, Not Technology Drives Digital Transformation

The ability to digitally reimagine the business is determined in large part by a clear digital strategy supported by leaders who foster a culture able to change and invent the new. While these insights are consistent with prior technology evolutions, what is unique to digital transformation is that risk taking is becoming a cultural norm as more digitally advanced companies seek new levels of competitive advantage. Equally important, employees across all age groups want to work for businesses that are deeply committed to digital progress. Company leaders need to bear this in mind in order to attract and retain the best talent.


Quote for the day:


"Every time you have to speak, you are auditioning for leadership." -- James Humes

Posted by at No comments:
Labels: , , , , , , , , , ,

March 05, 2016

IoT will crash and burn if security doesn't come first

It's important to understand the damage lax security can do -- to your company and the industry -- and address IoT security early. Hibbard said he has seen firsthand how a lot of players in the space do not consider security as a competitive advantage. "If you're thinking about buying or making IoT, offshoring it to an APAC region, make no assumptions that they're going to know anything about security. You won't be able to retrofit it, so if you want it, order upfront," he said. ... "Show your work," he added. "You need ... to make sure you're properly documenting processes that you went through; you want to make sure you get credit later. You don't want to say to the FTC that you don't have the records."


Global fintech survey results: 51 experts reveal 2016 trends

Payments tech continues to be top of mind for the influencers – followed by security and lending. In 2014, the respondents predicted security technology will be the hottest sector in fintech, however, the sector continues to have a large gap between what is available and what is needed in the market, with a huge interest predicted to continue into 2016. ... 43% of the respondents thought Blockchain adoption by banks will be the single largest trend of 2016. Larger deal sizes, an increased geographical spread and capturing the unbanked market followed with almost an equal amount of interest as the key highlight for the coming year.


Cashless societies: The pros and cons

Thanks to its aggressive adoption of IoT, Sweden is on its way to becoming the world’s first cashless society, according to a study from Stockholm's KTH Royal Institute of Technology. Currently, 80% of payments in the country are made by cards. By the end of 2014, four out of every five transactions in Sweden was cashless. Swedes mainly use debit cards (pin required) and the mobile payment app Swish, which is largely responsible for the nation’s decreasing circulation of cash. Eric B. Delisle, founder of the cyber security company ICLOAK, says the more citizens use cashless systems, which require a computer or device, the more people who have preferred living in an analog world will be pushed into the 21st century. This means new security measures will be needed.


Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials

The hacker's alterations made sure that he was able to control user login, creation and edit commands, intercepting user data before being encrypted, and sending the user's cleartext passwords to wooranker's server. Furthermore, wp-options.php also created an admin account on the infected website, with the credentials support / support@wordpresscore.com, which he could use if anything else failed. All of this meant that wooranker would always have an admin account on all infected websites, and he would always be notified of what passwords users were using when accessing infected sites.


Bridging the operational technology and Internet of Things divide

By its very nature, a connected world has zero tolerance for downtime yet IoT does not only change the requirement for systems availability; it significantly increases the threat landscape, creating greater security risks and challenges. Indeed, while IT may be willing to accept the fact that a very high proportion of organisations (80%) have experienced outages over the last three years, this fact will not play well within OT, which has actively embraced predictive monitoring in order to achieve 100% uptime. Moreover, organisations are also missing out on essential business information. By failing to consolidate OT into the core network, organisations cannot enable CxOs to take advantage of a depth of real-time analytics that should be informing changes to every part of the building, estate and production systems.


The Trends Disrupting The World of Financial Technology

The battle already underway will create surprising winners and stunned losers among some of the most powerful names in the financial world: The most contentious conflicts (and partnerships) will be between startups that are completely reengineering decades-old practices, traditional power players who are furiously trying to adapt with their own innovations, and total disruption of established technology & processes ...  The blockchain is a wild card that could completely overhaul financial services. Both major banks and startups around the world are exploring the technology behind the blockchain, which stores and records Bitcoin transactions. This technology could lower the cost of many financial activities to near-zero and could wipe away many traditional banking activities completely.

How hackers attacked Ukraine's power grid: Implications for Industrial IoT security

Some aspects of the Ukraine cyber-attack remain opaque -- specifically, whether a modular component called KillDisk (a hard disk wiper) actually caused the power outage, or whether it simply made it impossible to restore the compromised systems using SCADA protocols. As if further evidence of a political motive was required, researchers at security companyTrend Micro recently reported that the same combination of BlackEnergy and KillDisk "may have been used against a large Ukrainian mining company and a large Ukrainian rail company" around the same time as the attacks on the power utilities. Whether the perpetrators' ultimate goal was to destabilise Ukraine via coordinated cyberattacks on its critical infrastructure...


Software - Looking into the Future

dominates. Software is changing practically all industries and is the major driver of innovation across all industries. While we used to distinguish components, systems, and services, we today see flexible boundaries driven entirely by business cases to determine what we should package, at which level, and in which component, whether it’s software or silicon. ... Software is getting more complex, more connected, and more life-critical. This complexity’s sources are hidden in the nature of software, which often consists of many components from different vendors and runs on hardware manufactured by different vendors. Also, software teams frequently are multifunctional, and team members are responsible for many activities such as planning, developing, and executing plans, roadmaps, and strategies—without adequate training.


Scrum with Trello

Trello recently passed the 10M user mark and is fast becoming a popular tool for Agile teams of all flavours. Its simplicity and the great web and mobile experience seem to win some teams over versus other more complex solutions out there. It is also pretty un-opinionated on how you use it, which can lead to some confusion as to how best to implement a Scrum process in Trello. I've been talking to a lot of people over the last year about how they're using Trello for their Scrum and Kanban processes, as well as reading everything I could on the internet relating to running Agile processes in Trello. So, today I present to you with the fruits of that labour:


An AI way to make call centre interaction less hideous?

What makes this interesting though, is that it is very different to the usual visions of AI in customer service. These tend to focus on Virtual Assistants – by the likes of Nuance and IPSoft – which want to replace real agents with digital ones wherever possible.In this scenario AI is used to help machines learn from human interactions and these solutions have become part of the “robots stealing our jobs” debate. It is not as cut and dried as many make out, of course. And individuals involved in this type of tech argue that employing Virtual Assistants simply frees up human employees for more sophisticated forms of customer interaction. Yet Farmer is adamant: “We’re the first people to use AI to improve quality [in customer service].”
Quote for the day:


"Authentic leaders will sometimes push and sometimes pull but either way, they will always keep things moving." -- @LeadToday

Posted by at No comments:
Labels: , , , , , , , ,

March 04, 2016

SSD Prices Plummet Again Close in on HDDs

the market for SSDs with PCIe interfaces, which are used by laptop makers such as Apple to attach flash directly to a motherboard, is expected to grow at the highest annual growth rate ever over the next six years. "This growth can be attributed to the advantages of PCIe, which include high speed, enhanced performance scaling, and detailed error detection and reporting," the report said. "Thus, the demand for SSDs with PCIe interface is expected to increase from the client as well as enterprise end users." Samsung, according to TrendForce, will continue to dominate the SSD market this year because of a price advantage it has with TLC-based SSDs using 3D-NAND flash, which Samsung markets as V-NAND. V-NAND stacks silicon cells up to 48-layers high to increase density, thereby reducing cost.


What Happens to Stolen, Sensitive Data?

Bitglass, a data protection company, ran the experiment and released findings in its report "Where's Your Data?" Bitglass researchers created a digital identity for an employee of a fictitious retail bank, a Web portal for the fake bank and a Google Drive account complete with real credit card data. They pretended that the fake employee's Google Drive credentials were stolen via a larger phishing campaign. They leaked those "phished" Google Apps credentials to the Dark Web and tracked activity in the fake employee's online accounts. Hackers did not know that Google Drive activities were being monitored for a month and that files were embedded with Bitglass watermarks. Here's what happened next.


CEOs force CIOs, CMOs into digital transformation bunker

"CEOs are telling CIOs and CMOs to put in place a new foundation for digital business," Cochrane says. "The CEO tells the CMO I want a strategy for customer experience and he tells the CIO to make it happen." IT has to enable marketing with tools and extend those tools to every customer touch point. That requires CIOs to account for every customer interaction with the corporate brand across the call center, physical stores, online and mobile devices. ... Cochrane says that while the CMO has traditionally owned the customer experience with little influence from the CIOs, that needs to change because of the vast amount of information streaming into businesses from social media, as well as from various Internet-connected devices. With the data surface broadening so much, CMOs need help from the CIO.


Graphene sheets for capturing and storing energy

In terms of optics, the problem is when you think of a material, as it gets thinner, it absorbs less light. So, when you go below 50 nanometers, you have a transparent layer. You might have a layer that's 50 nanometers thin, but to the outside world, it looks transparent, because it's too thin to absorb light. But you're trying to marry light with electronic circuits. And as soon as your devices get smaller and smaller, it gets invisible. So now, you have to boost the thickness of the optical layer if you want to operate in the wavelength we're comfortable with. In this program, we're making this leap. We're creating surface structures that absorb light.


Redesigning Wi-Fi may let devices communicate more easily

Most conceptions of the internet of things assume the chips in sofas, wallets, fridges and so on will use technologies such as Wi-Fi and Bluetooth to communicate with each other—either directly, over short ranges, or via a base-station connected to the outside world, over longer ones. For a conventional chip to broadcast a Wi-Fi signal requires two things. First, it must generate a narrow-band carrier wave. Then, it must impress upon this wave a digital signal that a receiver can interpret. Following Moore’s law, the components responsible for doing the impressing have become ever more efficient over the past couple of decades. Those generating the carrier wave, however, have not.


Data Backup and Business Continuity

As information across all industries and businesses becomes increasingly digitized, the importance of ensuring that this information is continuously accessible has never been greater. And as storage technology has evolved from floppy disks to CD-ROMs, DVDs, portable hard drives and offsite cloud backup, the expectation of 24x7 uptime and constant availability certainly hasn't slowed down. Then there's the matter of compliance and regulatory restrictions, which have become increasingly strict as both IT and business best practices have progressed.HIPAA, HITECH, PCI compliance, and myriad related requirements around data capture, storage, transfer and processing have forced backup vendors and technologies to shapeshift both point solutions and integrated software and services.


Bimodal IT is only harmful when oversimplified

Although the bimodal concept can be polarizing, I believe much of the blowback originates from assumptions made due to an unfortunate choice of name, reflexive distaste for analyst buzzwords and particularly the term’s originator, the analyst firm so many love to hate. A common construction takes bimodal to mean bipolar, with IT segregated into two separate, but unequal entities: Mode 1 where all the stuffy IT old-timers live out their days caring for decaying databases and molding mainframes, versus Mode 2 where all the cool kids play with the latest toys and work unshackled from IT bureaucracy and processes. If that’s your view, bimodal is a recipe for disaster: a warring, dysfunctional IT organization.


Using Blockchain Technology in Crowdfunding

Blockchain technology isn’t perfect yet; some might say it’s not even ready for prime time. Today, the primary drawback is how long it takes to authenticate transactions. A transaction today in Bitcoin takes about 10 minutes to clear, and Bitcoin is a microscopic market compared to, say, credit card transactions. Indeed, the Bitcoin community is engaged in a civil war as to how, or even whether, to change the technology to speed up transactions. But you can understand why blockchain technology is attracting so much interest from government and private industry. For example, the music industry is plagued by uncertainty over ownership of rights. The title industry exists because of uncertainty as to the ownership of real estate. Credit card issuers spend tens (hundreds?) of millions of dollars processing and authenticating transactions.


How doctors are turning smartphones into surgeries with video appointments

“We have a good insight into patient needs and demands. We understand there are limits and you can’t treat everybody and that’s why we have a filter system.” But the healthcare technology sector is not just dealing with problems around primary care. The future of this sector could see technology that monitors how patients use medication — containers designed with a mechanism which sends a signal to both doctor and patient confirming that tablets have been taken. Remote sensoring devices, which a patient wears on a troublesome joint, could analyse the problem and lead to a quicker, more accurate diagnosis. And sensors that monitor blood sugar or chemical levels could automatically drive responses to balance those levels.


Are We Winning the Cyber War? A Look at the State of Cybersecurity

As you might expect, the experience of attacks on a daily, weekly or monthly basis were reported less frequently. An alarming trend is that 54 percent of study participants did not know how frequently they experience cyber-incidents. While 73 percent believed they were able to detect and to respond to incidents, 42 percent felt they could only do so for simple attacks. In an era of increasingly sophisticated and persistent attacks, being able to identify and respond to attacks is imperative. Board and executive concern and support for cyber activities are increasing. Eighty-two percent of security executives and practitioners participating reported that boards are concerned or very concerned about cybersecurity. This is not surprising given the higher level of awareness about cyber in general and the number of high profile attacks that we have recently seen.


Quote for the day:


“Adding manpower to a late software project, makes it later.” -- Frederick P. Brooks Jr.

Posted by at No comments:
Labels: , , , , , , , , , , ,

March 02, 2016

Lifting of Iran sanctions brings hope to regional IT industry

“Once sanctions have been terminated, Iran can move forward in using ICT to transform industries across the country,” said Lalchandani. “The extent of these projects will depend largely on whether global oil prices rebound in the coming years. If they do, the increase in petrodollar revenues will help drive considerable transformation initiatives in the public sector, as well as significant modernisation efforts across the energy, manufacturing, telecommunications, finance, transportation and retail verticals.” Meera Kaul, CEO at regional value-added IT distributor Optimus Technologyand Telecoms, agreed, saying this is a big opportunity for the regional IT supply channel. With the sanctions lifted, the $420bn Iranian economy could open up for regional businesses, she said.


Internet of Things generates ROI for many, but roadblocks remain

Less than a quarter of respondents to the latest Tech Pro Research survey said their company is currently using IoT-connected devices to collect data, but more respondents said their business plans to get into the IoT game within the next year. Respondents in those two groups reported a wide variety of uses for data insights, including predicting trends, improving products, capacity planning, R&D and security. Among respondents whose companies who have implemented IoT data collection, 71% said that less than 20% of their IT budget goes towards those efforts, with the majority spending most of their IoT funds on software.


Firms expect greater government cybersecurity oversight

According to the SEC's Office of Compliance Inspections and Examinations, other areas of focus include governance and risk assessment, access controls, data loss prevention, training, and incident response. "We expect continued scrutiny of the areas covered in past years, with new emerging risk areas being evaluated," said Glenn Siriano, financial services leader for KPMG Cyber at KPMG. Those new areas include emerging technologies, new external threat vectors, deeper assessments of third-party vendors, usage of social media, and managing insider threats, he said. And the SEC has been moving beyond conducting inspections and issuing guidance, said Dave Mahon, CSO at CenturyLink.


Virtual insanity: Is 2016 the year users go big on VR?

“No doubt VR will help to create buzz among media, gamers and the niche audience demanding immersive experiences,” said Husson. “But will it offer consumer benefits for the masses? The short answer is: no. In 2016, reach for VR platforms will remain limited. “While the primary use cases will be for immersive gaming and entertainment environments, innovative marketers at retail, automotive, travel or hospitality companies will start piloting VR prototypes to connect in new ways with consumers in the discovery and explore phases of the consumer lifecycle. The vast majority of marketers should not even care about it and have many other things to fix.”


Are site reliability engineers the next data scientists?

It’s no secret that “data scientist” is one of the hottest job titles going. DJ Patil famously proclaimed data scientist “The Sexiest Job of the 21st Century” before moving on to join the White House as the first chief data scientist of the U.S. Once a rarefied in-house role at a few leading Internet companies such as LinkedIn and PayPal, data science has since grown into a global phenomenon, impacting organizations of all sizes across many industries. More recently, a buzzy new job title has emerged from the same group of companies: that of site reliability engineer, or SRE. Will SREs follow the same path of rapid growth that data scientists did before them? Before we dive into that question, let’s consider the context that has led to the creation of site reliability engineering.


How America's Biggest Cities Make Sense Of Their Data

"The question is, how do we use data to allow cities to tackle big and small problems?" says Saf Rabah, VP of product at Socrata. Untouched and unanalyzed government data—what Rabah calls "dark data"—usually sits on enterprise file systems and databases. The city of Seattle, for example, has 1,200 different enterprise systems, says Rabah. Socrata’s job is to make that data usable—but not just for the city. Aside from other government departments, there are three groups that could benefit from data made public: citizens, developers, and advocacy groups. "Citizens have information needs too, like, ‘I need to know how safe my neighborhood is,’ or ‘I’m about to move to a new city.’ Everyone has information needs that are very unique to them at that point in time," says Rabah.


Online Backup: Reliable and Affordable Solution for Data Protection

It keeps important data safe from disruptions and disasters, and provides a way to keep applications and data off-site in highly secured environment. There are great advantages to using backup technology, such as automation functionality and encrypted data. There are some business experts who state that the cloud is not a secure source for important data. However, online backups have encryption capacity to keep data safe. Conversely, hard drive (external) storage is not secure, and could be stolen or misplaced. Online backup is also reasonably priced. By using online backup, companies are given an opportunity to keep important files and documents safe from disarray and disaster at reasonable rate.


Agile Productivity: Willpower and the Neuroscience Approach

You have your impulse self (reptilian brain and limbic system) and a rational self that protects you from that impulse self (see “The Science of Willpower”). Your prefrontal cortex protects you from your impulsive animal mind. But because the deeper layers of brain are older, more energy efficient, and more powerful, the impulse self has more energy than the rational self. You cannot switch off your internal crocodile or monkey. You can only use the neocortex to override them and prioritize rational decisions. But if you are drunk, tired, sleep deprived or distracted, your prefrontal cortex does not work properly. You start making decisions based on immediate gratification (like drinking coffee with sugar to gain energy), not thinking about what will happen next.


How Much Security Can You Turn Over to AI?

Just detecting anomalies can still leave you with a lot of data to look at. A large organization could see thousands of anomalies a day, so Splunk uses further analysis to keep that manageable. Maier expects the tool to surface five or 10 threats a day, in enough detail to make it clear what’s happening (avoiding the problem where noisy or overly complex alerting systems are ignored when they find a real breach). “We have the full picture on the ‘kill chain’ [of the attack]. We provide a security organization with the information, from the compromise point – when did the attacker come in, what was the initial attack vector, when did they expand in this environment, what other files or servers or user accounts did they connect to?


Algorithm Design Techniques: The Assignment Problem

The assignment problem is designed for exactly this purpose. We start with m agents and n tasks. We make the rule that every agent has to be assigned to a task. For each agent-task pair, we figure out a cost associated to have that agent perform that task. We then figure out which assignment of agents to tasks minimizes the total cost. Of course, it may be true that m != n, but that's OK. If there are too many tasks, we can make up a "dummy" agent that is more expensive than any of the others. This will ensure that the least desirable task will be left to the dummy agent, and we can remove that from the solution. Or, if there are too many agents, we can make up a "dummy" task that is free for any agent. This will ensure that the agent with the highest true cost will get the dummy task, and will be idle.


Quote for the day:


"It's not always necessary to be strong, but to feel strong." -- Jon Krakauer,

Posted by at No comments:
Labels: , , , , , , , , , ,

March 01, 2016

Create maps in R in 10 (fairly) easy steps

There are many options for mapping. If you do this kind of thing often or want to create a map with lots of slick bells and whistles, it could make more sense to learn GIS software like Esri's ArcGIS or open-source QGIS. If you care only about well-used geographic areas such as cities, counties or zip codes, software like Tableau and Microsoft Power BI may have easier interfaces. ... But there are also advantages to using R -- a language designed for data analysis and visualization. It's open source, which means you don't have to worry about ever losing access to (or paying for) your tools. All your data stays local if you want it to. It's fully command-line scripted end-to-end, making an easily repeatable process in a single platform from data input and re-formatting through final visualization.


Infrastructure As Code

Using code to define the server configuration means that there is greater consistency between servers. With manual provisioning different interpretations of imprecise instructions (let alone errors) lead to snowflakes with subtly different configurations, which often leads to tricky faults that are hard to debug. Such difficulties are often made worse by inconsistent monitoring, and again using code ensures that monitoring is consistent too. Most importantly using configuration code makes changes safer, allowing upgrades of applications and system software with less risk. Faults can be found and fixed more quickly and at worst changes can be reverted to the last working configuration. Having your infrastructure defined as version-controlled code aids with compliance and audit. Every change to your configuration can be logged and isn't susceptible to faulty record keeping.


The Hybrid Cloud: Your Cloud, Your Way

No matter where the journey begins, one of the first realizations is that there is no one particular solution or one particular answer in how to best utilize cloud solutions. The journey typically evolves over time and requires multiple clouds with a combination of both public, private and possibly managed clouds- resulting in a hybrid cloud end state. Before deciding on a cloud approach, it is important to understand all of the possibilities that cloud technologies provide, and agree on business initiatives, priorities, and desired results required to support your business needs and intended outcomes. The decision should not focus entirely on which type of cloud to deploy – private, public, managed or hybrid – but rather focus on delivering the right cloud or clouds, at the right cost, with the right characteristics (i.e. agility, costs, compliance, security) to achieve your business objectives.


Skyhigh Networks Unveils Industry’s First Cloud Security Reference Architecture

The Skyhigh Cloud Security Reference Architecture recognizes the complexity of today’s modern enterprises, where users are mobile and work from a variety of locations, both on premises and remote, using a variety of devices, both managed and unmanaged, to access thousands of cloud services, both IT sanctioned and unsanctioned. It also advises on which use cases and environments are best suited for the most common CASB deployment modes. “As the first CASB player in the market with the most number, scale, breadth, and maturity of CASB deployments, Skyhigh continues its quest to help organizations securely adopt cloud services,” said Rajiv Gupta, “We hope the reference architecture helps organizations cut through the noise so they can leverage the power of cloud services using the most advanced security technologies on the market, both existing and new.”


International regulators take an interest in crypto-currencies & the blockchain

“… distributed ledger technology has the potential to revolutionise financial services … However, … there are a lot of regulatory and consumer issues … to be discussed as the technology evolves. For example, how individuals gain access to a distributed network and who controls this process, [and] what data security exists for users … Innovation can be an iterative process … During … development, it’s crucial that innovators are allowed the space to develop their solutions. The FCA continues to monitor … this technology but is yet to take a stance … In the meantime, we continue to work with firms … to ensure consumer protections are being factored in during the development phase … We are particularly interested in exploring whether block chain technology can help firms meet know your customer or anti-money laundering requirements more efficiently and effectively.


Most software already has a “golden key” backdoor: the system update

From an attacker perspective, each capability has some advantages. The former allows for passively-collected encrypted communications and other surreptitiously obtained encrypted data to be decrypted. The latter can only be used when the necessary conditions exist for an active attack to be executed, but when those conditions exist it allows for much more than mere access to already-obtained-but-encrypted data. Any data on the device can be exfiltrated, including encryption keys and new data which can be collected from attached microphones, cameras, or other peripherals. Many software projects have only begun attempting to verify the authenticity of their updates in recent years. But even among projects that have been trying to do it for decades, most still have single points of devastating failure.


ATMZombie: banking trojan in Israeli waters

The Trojan is dropped into the victim machine and starts the unpacking process. Once unpacked it stores certificates in common browsers (Opera, Firefox) and modifies their configurations to match a Man-In-The-Middle attack. It eliminates all possible proxies other than the malware’s and changes cache permissions to read-only. It than continues by changing registry entries with Base64 encoded strings that contain a path to the auto-configuration content (i.e. traffic capture conditions using CAP file syntax) and installs its own signed certificate into the root folder. Later it waits for the victim to login to their bank account and steals their credentials, logs in using their name and exploits the SMS feature to send money to the ATMZombie.


Hybrid Cloud Versus Hybrid IT: What’s the Hype?

The difference between hybrid cloud and hybrid IT is more than just semantics. The hybrid cloud model is embraced by those entities and startups that don’t need to worry about past capital investments. These newer companies have more flexibility in exploring newer operational options. Mature businesses, on the other hand, need to manage the transition to cloud without throwing away their valuable current infrastructure. They also deal more with organizational change management issues and possible employee skill set challenges. The new, bimodal IT model is also a concern for these enterprises, Forbes reported. This is a tricky dilemma because both hybrid cloud and hybrid IT have been known to deliver some pretty significant advantages. Some of the biggest benefits of moving to an updated cloud or IT environment include:


Millions of OpenSSL secured websites at risk of new DROWN attack

According to the researchers who found the flaw, that could amount to as many as 11.5 million servers. How bad is DROWN really? Some of Alexa's leading web sites are vulnerable to DROWN-based man-in-the-middle attacks, including Yahoo, Sina, and Alibaba. Thanks to its popularity, the open-source OpenSSL is the most obvious target for DROWNing, but it's not the only one. Obsolete Microsoft Internet Information Services (IIS) versions 7 and earlier are vulnerable, and editions of Network Security Services (NSS), a common cryptographic library built into many server products prior to 2012's 3.13 version, are also open to attack. You can find out if your site is vulnerable using the DROWN attack test site.


Ten server deployment checklist considerations

A comprehensive server deployment checklist involves a lot more than buying adequate computing resources at an attractive price. It takes talented IT administrators and other personnel to source, acquire, prepare, install, configure, manage and support a fleet of servers -- whether in the tens, hundreds or thousands -- in a data center. The emphasis on reducing data center hardware footprints and lights-out operations can sometimes cause IT staff to overlook important issues. These top 10 logistical considerations should factor into every rack-and-stack server deployment checklist.


Quote for the day:


"And the little screaming fact that sounds through all history: repression works only to strengthen and knit the repressed." -- John Steinbeck

Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)