August 19, 2016

AI in Cyber Security: Creating the best defence against modern cyber attacks

“Using artificial intelligence or machine learning can help with the information/data overload problem. Instead of presenting security analysts with terabytes of raw data we can present them with easy-to-understand views such as behavioural profiles or virtual "video recordings" of user sessions or a prioritised view of all unusual events. A machine can really efficiently dig through tons of raw data and produce real insight from it thereby freeing up security teams to focus on what's really important for them.” This fast, accurate processing of data also affords defenders another weapon against attackers – that of finding behavioural patterns. This cuts to the second major issue facing security professionals in that attackers are constantly evolving and keeping one step ahead of defenders.


The Rise of the Platform Economy

We are in the midst of a reorganization of our economy in which the platform owners are seemingly developing power that may be even more formidable than was that of the factory owners in the early industrial revolution. We prefer the term “platform economy,” or “digital platform economy,” a more neutral term that encompasses a growing number of digitally enabled activities in business, politics, and social interaction. If the industrial revolution was organized around the factory, today’s changes are organized around these digital platforms, loosely defined. Indeed, we are in the midst of a reorganization of our economy in which the platform owners are seemingly developing power that may be even more formidable than was that of the factory owners in the early industrial revolution.


GE CIO Jim Fowler talks collaboration and IT transformation

Fowler says some GE employees choose to use collaboration platforms that GE owns and has certified, such as Yammer in Microsoft's Office 365 suite. Others gravitate to apps like Slack. GE's employees have access to federated apps such as Yammer and Skype for Business, but they are also free to use other collaboration tools if they adhere to what Fowler calls "guardrails," including support for single sign-on, and audit and data-sharing controls. "If somebody finds that there's another tool that works better and we can license it in a legal way, and we can run it in a secure fashion, and they don't put certain types of data in it, I'm also not going to get in the way of it."


A big data, IoT project brings unique storage demands

The data footprint and storage I/O requirements of IoT and big data differ from those of the traditional data center application. First, IoT data is typically a continuous feed. Data sizes can vary from miniscule to enormous. The number of files to store can reach into the trillions. This makes it easy to quickly create large amounts of data, and, as a result, there is a constant demand for capacity growth. And that growth must scale quickly and in ways that aren't disruptive. Storage systems for an IoT project also need to scale cost-effectively so that an organization can store petabytes of data for a long time. That requires low administration costs and burdens. Most IT staff simply cannot manage a dozen storage systems from six different vendors.


NSA’s use of software flaws to hack foreign targets posed risks to cybersecurity

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute. “This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” The weekend’s release prompted immediate speculation about who might be behind it. A group calling itself Shadow Brokers claimed responsibility. Some experts and former employees suspect, although without hard evidence, that Russia is involved.


Can we defeat DDoS using analytics?

Static defences do not work if a yet-unknown attack is used. Instead our systems need to adapt to new types of attack. Also keep in mind that there still is a proportion of bona fide service requests to use the service. This makes it harder to inspect the traffic and to work out a classification scheme for traffic filtering. Since not all incoming requests can be assumed to be part of the attack it is more complex to derive appropriate filtering rules. If the filters chosen are too specific they do not block the attack, and if they are made too general they may block legitimate traffic. However, as defenders of good, we seek to solve these problems through the application of analytical techniques to detect DDoS attacks. A widely diverse range of statistical methods and machine learning techniques could be used to detect abnormal changes in the resource usage that are indicative of a DDoS attack.


Why Natural Language Processing Will Change Everything

Computer “assistants” like Siri and Cortana are the most visible use of NLP today, but there are many other applications of NLP in use. As mentioned above, Google has poured a great deal of resources into NLP as it relates to search, allowing us to type or speak a natural question and receive a relevant answer. Google also is using NLP to create predictive text responses to emails in its Inbox email client, allowing users to choose from one of three responses and respond to an email with a single click. You may have used NLP for yourself if you have ever used the “translate” link inside Facebook to translate a foreign language into your own (with varying results) or used Google translate on Google or Bing search results. A reliable machine translation has been a goal of NLP since the 1950s, and results are improving all the time.


6 myths about big data

"The biggest myth is you have to have clean data to do analysis," said Arijit Sengupta, CEO of BeyondCore. "Nobody has clean data. This whole crazy idea that I have to clean it to analyze doesn't work. What you do is, you do a 'good enough' analysis. You take your data, despite all the dirtiness, and you analyze it. This shows where you have data quality problems. I can show you some patterns that are perfectly fine despite the data quality problems. Now, you can do focused data quality work to just improve the data to get a slightly better insight." Megan Beauchemin, director of business intelligence and analytics for InOutsource, agreed. "Often times, organizations will put these efforts on the back burner, because their data is not clean. This is not necessary. Deploying an analytic application will illuminate, visually, areas of weakness in data," she said.


How Startups Get Software Built

To what extent programmers on your team in particular impact success or failure is hard to quantify, but clearly, software and those who make it play a critical role in grabbing the market before the competition. Coding for a startup is different from coding for an established company. The startup culture is unique and extends to every angle of the business, from finance to sales to operations to software development. Your offering must be simple and inexpensive. You must be laser focused on your customer and change your offering quickly and constantly based upon customer experience. No silos, no sacred cows. Not just any code will do, and not just any coder will do. The coder, whether one of the founders or not, must be married first to the customer, not to the code. In particular, the software mindset must:


Why Vietnam is an attractive IT offshoring destination

It is typical in the Vietnamese culture for folks to want to stay in their country, be involved in IT on a local basis, and provide for their families. This is a significant difference and an important advantage for the Vietnamese outsourcing environment. Then there is the level of technical talent. Malaysia has technical competency, but does not seem to possess the same scalability as Vietnam. I often hear of organizations struggling to build out teams fast enough in Malaysia because of the quantity of staff needed to do an assignment. I believe that technical competency in Vietnam is superior to the Philippines. However, in the Philippines the English is better. This is why the Philippines are so proficient in call centers.


Quote for the day:


"Treat people as if they were what they ought to be, and you help them become what they are capable of being." -- Johann Wolfgang von Goethe

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

August 18, 2016

3 Things the Network Must Provide for IoT

While government dominates the industries purchasing for IoT telecom, technology, and cloud service providers aren’t far behind. Every industry, in fact, had a pretty good purchase rate for the previous twelve months, indicating there’s a lot more work going on with IoT than is obvious if you’re only watching the consumer space.  Much of what’s going on is in the infrastructure; in the network that’s providing connectivity and immediacy of response by the applications in the back-end that manage, meter, monitor, secure, and interact with those cute little chips embedded in your kid’s favorite teddy bear. Like any app or client (because that’s really what these remote things are, clients) there are a basic set of services they need to operate consistently, predictably, and reliably. Namely, they need services that enable security, delivery, and visibility.


Stateful applications spark container management debate

Typically, stateful applications rely on files on the host, according to Thiruvengadam, and are common in enterprise private cloud scenarios where remote storage of state information in repositories such as Simple Storage Service is not in use. That point of view is typical of a startup that built its IT architecture from scratch, countered Chris Riley, a founding partner at HKM Consulting LLC, in Rochester, Mass. Enterprises running in Amazon Web Services have the option of storing configuration files in Amazon's Elastic File System as external storage for stateful applications, he added. "In the real world, there are still a lot of applications that use file systems for config files, and if you're not building apps yourself and you're leveraging those systems, you have to be aware of host volumes," Riley said.


How well does social engineering work? One test returned 150%

In the wild, the most common attacks would be social engineering, typically involving some sort of email phishing campaign where the attacker sends an email that looks like it’s from a legitimate organization, or maybe from the company itself, and gets a user to click on a link. That link either asks them to type in their user name and password or opens up a document or something else that exploits the workstation, and then the attacker goes from there. That’s what is typically used in ransomware attacks. The human element tends to be one of the hardest things to secure. ... The percentage rate for clicking on the original email was probably closer to 50%. On most engagements we see 25%-30% actually log in so we can capture credentials, and maybe 20% go through the entire process. Still, in a large organization that’s a really high percentage of users.


Shade malware attack examines your finances before demanding ransom

Don't believe for a second that Shade has left the party. It's all part of a larger plan to extort as much money from victims as possible. Shade downloads none other than Teamspy, a bot which uses the TeamViewer 6 remote control utility to communicate with a command-and-control (C&C) server and receive a number of commands, including the ability to start/stop audio and video, download a file from a URL provided by the C&C, and enable remote control. ... Once they know how much money their victims can afford, the attackers can command Teamspy to download a tried-and-true locker version of Shade onto the victim's computer. That encryptor in turn demands a customized ransom amount from the victim, all in an effort to increase the likelihood (and amount) that the victim will pay.



The Internet of Things (IoT) will make your city smarter

"The key to making the technology work is to take the human component out of the mix," says Tim Crawford, former CIO and current strategic adviser with AVOA, which helps companies worldwide connect the dots between today's technologies and tomorrow's state-of-the-art innovation. "The sources of data—sensors for water levels, for instance—can create a heat map of the city's water supply issues. These systems automatically know where the hot spots are during a rain storm and can quickly dispatch the nearest trucks with the necessary equipment to eliminate flooding. There's no need for any human to get involved. You eliminate human error and increase response times all at once."


Is Data Classification a Bridge Too Far?

The challenges posed here are immense. Not only is there an extremely large amount of data being created everyday but businesses still need to manage and leverage their huge store of old data. This stored wealth is not static because every bit of data possesses a lifecycle through which it must be monitored, modified, shared, stored and eventually destroyed. The growing adoption and use of cloud computing technologies layers even more complexity to this mosaic. Another widely unappreciated reality being highlighted in boardrooms everywhere is how these changes are affecting business risk and internal information technology governance. Broadly lumped into cybersecurity, the sparsity of legal precedent in this domain is coupled almost daily with a need for headline driven, rapid fire business decisions.


EU to crack down on online services such as WhatsApp over privacy

According to a draft policy paper seen by the Financial Times, the likes of WhatsApp, owned by Facebook, and Skype, owned by Microsoft, would have to abide by “security and confidentiality provisions”. The policy paper, which is due in September, also outlines how these “over-the-top” services – where voice calls and messages are delivered via the internet – would have to comply with requests from security services, as well as regulating how they can make money from customer data. ... “Trying to replicate regulations that were done for a completely different media in a completely different age is well-nigh impossible,” she said, adding that the plans showed the gulf in views on internet regulation between the US and Europe.


Oldies but Goodies: The Relationship Between POSIX® and UNIX® and Why They Matter Today

Despite what one might think, both the UNIX and POSIX standards are continually under development still even today. The community for each is very active—meeting more than 40 times a year to continue developing the specifications. Things are always changing, so there are new areas of functionality to standardize. The standard is also large so there is a lot of maintenance and ways to improve clarity and portability across systems. Although it might seem that once a technology becomes standardized it becomes static, standardization usually has the opposite effect—once there is a standard, the market tends to grow even more because organizations know that the technology is trusted and stable enough to build upon. Once the platform is there, you can add things to it and run things above it. We have about 2,000 application interfaces in UNIX today.


Security is more than User Education – it’s About Cultural Change

Interestingly enough, there are two types of attacks that do not require a technical vulnerability to be exploited for an attack to be successful. These are DDoS and social engineering. The latter is the focus of this paper. The simplest way to explain how attackers exploit users to gain unauthorised access to an organisation is simply to look at the kill chain and understand how an attacker gets a foothold into an organisation’s network for nefarious purposes. As an example, ramsomware / malware attacks usually are deployed using methods that require a user to click on a link or similar that then downloads a malicious payload onto their network connected desktop machine. Once the malware is deployed, the attacker then uses the desktop that they now control to gain further access into the network.


Programmable infrastructure fends off configuration drift

Duplo is heavily influenced by PaaS systems, particularly Microsoft Azure, where Zenefits principal engineer Venkat Thiruvengadam once worked. However, unlike PaaS offerings from service providers that abstract infrastructure completely away from the user organization, Duplo allows Zenefits' infrastructure administrators to set policies for underlying resources, including the orchestration of monitoring tools. Thiruvengadam says he finds programmable infrastructure a happy medium between automated configuration tools, which he feels don't have a broad enough scope, and full-fledged PaaS, which he sees as too prescriptive. Programmable infrastructure "is a middle ground," Thiruvengadam said. It can set up the infrastructure by implicitly reading the application needs and providing a declarative interface to application teams ... "


Quote for the day:


"Things get done only if the data we gather can inform and inspire those in a position to make difference." -- Mike Schmoker

Posted by at No comments:
Labels: , , , , , , , , , , , ,

August 17, 2016

How to develop a cloud-first architecture and strategy

The first step is to build skills and assess applications. To create your cloud team and assess application readiness, your organization must transform. IT is becoming a broker for cloud services, and the role of cloud architect is a big part of that. Gartner used to ask if an organization could take the risk of moving the cloud, but the question is no longer about "if," Cancila said. The question now is where you are moving and how are you going to get there. The next step in the process is to select cloud providers and services. Consider the different layers of the cloud (SaaS, PaaS, and IaaS) and how they fit into your organization's goals. Also, assess your app architecture and infrastructure.


Why Private Clouds Will Suffer A Long Slow Death

While private cloud proponents have spent the last five years focusing on getting their IaaS offerings working, the big three cloud providers have moved way beyond core computing services. They’re delivering the services IT groups will need in the future to keep their companies from being eaten by software. Google, although its revenue is still small in comparison to AWS and Azure, offers an incredibly interesting machine learning set of services. I’ve worked with them, and they offer tremendous power at an affordable price, delivered in an easy-to-use framework. It’s clear we’re at the beginning of an AI-powered revolution, and Google is staking its claim to be the pioneer in the field, as demonstrated by its Deep Mind offering defeating the world’s champion Go player.


Intel’s New Mission: Find Fresh Uses for Its Famous Paranoia

Silicon Valley treats Moore’s Law as if it is immutable, and with even more reverence than it does paranoia. But it was not a scientific law; it was always an observation about the behavior of a market for computers and software, which paid off at a rate to justify increasing investment in making chips. It is changing, Mr. Krzanich said, because phones, sensors and cloud systems develop at different rates. “It’s lengthened to 24 to 36 months,” he said. “The performance of the ecosystem is much more than Moore’s Law.” That is why Intel is in the wireless and networking fields, and is working on a new kind of three-dimensional memory chip, which Mr. Krzanich said would be out at the end of this year, that can speed performance of big-data-type calculations sevenfold.


Ransomware-as-a-service allows wannabe hackers to cash-in on cyber extortion

The availability of Cerber to anyone who wants to pay for it differentiates it from another of the most successful ransomware families, Locky. "Locky is only being sent by one threat actor -- they use it on their own and don't share or sell it. Cerber acts as ransomware-as-a-service -- those who created it are now leasing it for anyone to use," says Horowitz. That arguably makes Cerber more dangerous than Locky because each affiliate user can infect victims using a variety of different attack methods, although the two most common involve the victim unknowingly executing a malicious program disguised as a legitimate file, delivered in a phishing email, or the victim is infected browsing a compromised website. Researchers believe there are currently over 150 active Cerber campaigns targeting users in 201 countries, with victims in South Korea, the US, and Taiwan accounting for over half of ransom payments.


Visa Alert and Update on the Oracle Breach

“Oracle’s silence has been deafening,” said Michael Blake, chief executive officer at HTNG, a trade association for hotels and technology. “They are still grappling and trying to answer questions on the extent of the breach. Oracle has been invited to the last three [industry] calls this week and they are still going about trying to reach each customer individually and in the process of doing so they have done nothing but given the lame advice of changing passwords.” The hospitality industry has been particularly hard hit by point-of-sale compromises over the past two years. Last month, KrebsOnSecurity broke the news of a breach at Kimpton Hotels. Kimpton joins a long list of hotel brands that have acknowledged card breaches over the last year, including Trump Hotels, Hilton, Mandarin Oriental, and White Lodging, Starwood Hotels and Hyatt.


Forget two-factor authentication, here comes context-aware authentication

Contextual access is, at its essence, an evolution of adaptive authentication that replaces the use of static rules and blacklists with machine learning to assess risk based on user behavior and context. Indeed, many providers already do super simplistic “context,” such as blacklisted locations. These approaches. however, are far too coarse to be effective at balancing security with usability. At the same time, 2FA adoption is hard -- users have to install an app or use insecure SMS. In fact, the U.S. government announced that it is set to phase out text-based 2FA. But contextual authentication can sit in the background and simply do its thing pretty much invisibly (unless higher risk is determined).


Whaling Goes After the Big Phish

Successful whaling attempts are so believable and seemingly trustworthy that executives who should probably know better are clicking on links and attachments that appear to be from fellow executives, employees or business partners. One stellar example of this includes a senior executive with a security firm who received an email that appeared to be from an underling but was actually from a whaler. He was tricked into giving up employee W-2 data. Another incident involved an executive from a major soft drink company that was in talks to choose a bottler in a highly profitable, under-serviced country. Before negotiations were completed, someone working under the executive was spear phished, and the whaler was able to harvest all email related to the negotiations, jeopardizing the talks and putting the company at a distinct disadvantage.


Serverless computing: The smart person's guide

Unlike a cloud application where code is structured in a more monolithic fashion and may handle several tasks, code running on serverless services like Lambda is more typical of that found in a microservices software architecture. Under this model, applications are broken down into their core functions, which are written to be run independently and communicate via API. These small functions run by serverless services are triggered by what are called events. Taking Lambda as an example, an event could be a user uploading a file to S3 or a video being placed into an AWS Kinesis stream. The Lambda function runs every time one of these relevant events is fired. Once the function has run the cloud service will spin down the underlying infrastructure.


NSA Hacked? Top Cyber Weapons Allegedly Go Up For Auction

Although the exploits were poorly coded, “nonetheless, this appears to be legitimate code,” Matt Suiche, CEO of cyber security startup Comae Technologies added. Virginia-based Risk Based Security has also looked at the sample files and said that one of the exploits contains an IP address registered by the U.S. Department of Defense. None of this means that the NSA has been hacked. The Shadow Brokers may have simply come across a compromised system that was hosting the exploits, Risk Based Security said in a blog post. It's also possible the Shadow Brokers are promoting a big scam. Deception-based schemes are very common in hacking, Risk Based Security added. The NSA hasn't acknowledged any ties with Equation Group and on Monday, it didn't respond for comment.


Don't Ditch SMS, But Change the Way You Use It

Ditching text messaging and shifting to a new form of authentication would likely confuse customers, security experts say. Instead, financial institutions should take a more nuanced approach, said Rich Rezek, vice president of market development for authentication solutions for the tech vendor Early Warning. SMS-based authentication "will still remain a tool in the tool kit" since it's inexpensive and simple for banks to set up, and something consumers are familiar with, Rezek said. But banks still must need to take steps to improve how they handle two-factor authentication and SMS. "As fraudsters start to figure out [an authentication method], then you have to evolve and take the next approach," Rezek said. Common ways for a criminal to compromise an SMS authenticator include remotely hacking a phone and having the texts forward to a different phone, or to a computer via voice over internet protocol, Rezek said.


Quote for the day:


“Things work out best for those who make the best of how things work out.” -- John Wooden

Posted by at No comments:
Labels: , , , , , , , , , ,

August 15, 2016

China is disrupting global fintech

Online users expect different cultural, branding, marketing, functionality, cost, customization, engagement, and service experiences. Freeman said, “It’s very difficult to customize traffic-based selling. It’s fraught with challenges” Beyond automated transaction services, companies like PINTEC provide more advanced investment management services, dubbed roboadvisory, digital wealth, or digital advisory services. Although in the early stages, they aim to incorporate big data and artificial intelligence to provide appropriate, affordable solutions. These accounts often blend investment recommendations from the roboadvisor with some client decision-making, which is especially well-suited for Chinese investors who value lower fees and being involved in the process. Jeroen Buwalda, Partner at EY, said, “Asian entrepreneurs have faith in themselves, not fund managers.”


The Role of the Hybrid Cloud and Application Services in Digital Transformation

The cloud actually plays a huge role in digital transformation. In fact, it forms the heart of it. It changes the entire business model to facilitate a more technology-led transformation. Enterprises have the option of choosing from public or hosted private clouds, which would enable them to improve processes and embrace innovation without having to spend huge amounts on infrastructure and avoid the risk of deploying redundant technology when there are good chances for failure. However, choosing the right model, even for cloud computing, is very essential, as each of them has its own advantages and disadvantages. Public clouds, on the other hand, can be better utilized with applications that might have variable resource requirements, like e-commerce apps and gaming apps.


Create a better strategy for innovation, move away from a 70/30 model

Companies want -- and need -- CIOs to drive innovation, yet many IT organizations still follow the 70/30 model where 70% of time and resources are dedicated to "keeping the lights on" IT and 30% to IT innovation. Delivering reliable, secure, efficient and cost-effective IT systems remains responsibility No. 1 for CIOs, but it's time to move the needle. Our question this month to IT leaders: "What have you done in the past 12 months to reduce time spent on 'keeping-the-lights-on' IT functions?" Their strategies for innovation ran the gamut, from implementing on-demand services to identifying real-time business problems to solve.


The Third Wave: Why Big Data is the Future of Legal Tech

Big data analytics allow lawyers to gather this same information, but on a much larger scale. For instance, analytics platforms allow attorneys to view their judge’s complete history, including every decision issued and every case cited, to identify the legal precedent the judge finds most persuasive. While this type of analytics can’t tell an attorney whether this judge is particular about staying behind a podium during cross examination or likes his motions in a particular font size, it does allow an attorney to craft an argument using a judge’s favorite case. In addition, such analytics can inform an attorney’s strategy in litigating a particular case in terms of filing motions that a judge is likely to grant, rather than spending a client’s time and money on motions that a judge hardly ever accepts.


Hackers demonstrated first ransomware for IoT thermostats at DEF CON

Andrew Tierney and Ken Munro of PenTest Partners demonstrated the smart thermostat ransomware at DEF CON. It only took them a few days to hack the thermostat, and this was right before the security conference, so they would not reveal the manufacturer until they could report the vulnerability to the company. This particular IoT thermostat runs a modified version of Linux, has a large LCD screen – the better to show the ransom demand – and has an SD card. As for what the ransomware does, Tierney told Infosecurity Magazine, “It heats to 99 degrees, and asks for a PIN to unlock which changes every 30 seconds. We put an IRC botnet on it, and the executable dials into the channel and uses the MAC address as the identifier, and you need to pay one Bitcoin to unlock.”


Rein in the IT bear: why businesses must take back control

Exactly one half of IT decision makers fear that they cannot drive digital transformation forward at the speed their management team expects. Combine this with the fact that 32% of employees also believe their employers are not driving digital transformation as fast as competitors are doing, and you have the ingredients for a disaster – commercially speaking. When disturbed, a bear becomes unruly and unpredictable. The same result can be seen when too much pressure is placed upon an IT system ill-equipped to handle the demands of digitalisation. When this happens, the IT department struggles to deliver the best quality IT service to end users.  The bear’s unpredictable, volatile and temperamental nature is wreaking havoc, and the carnage left in its wake impedes businesses from innovating to remain competitive in their chosen fields.


INTERVIEW: Blockchain Warp Speed With Ethereum's Raiden

Basically all blockchain based applications that want to scale to real world usage will benefit from Raiden. It can be used for applications like asset trading in gaming or finance, retail payments, micropayments for content (think the next YouTube or Spotify where creators are directly paid for every second consumed). But it's also suitable as an infrastructure for cheaper, faster and more secure correspondent banking. Especially the upcoming machine-to-machine economy will likely use blockchain as an easy to integrate permissionless infrastructure. Some expected applications of Raiden here will be decentralized energy trading, on-demand payments for bandwidth, API-access, sensor data or access to property and infrastructure.


Big data’s humble beginnings

Enterprises are already embracing big data and predictive analytics to hire and retain talent, forecast staffing needs and improve employee satisfaction. In the next two years, 6,400 organizations with 100 employees or more plan to implement big data analytics, providing ample opportunities for a new crop of startups that collect, refine and interpret data to populate the HR analytics landscape. Startups are leveraging Watson’s technology to deliver data-driven recommendations to consumers and healthcare providers; this pattern will soon extend to the health sector at large. People are generating more health-related data than ever before, and doctors, patients and researchers need tools to make sense of it. Physicians will be able to compare patients’ data with health trends in the general population and provide data-driven advice for treatment or prevention of illnesses.


Question: What's missing in Microsoft's data science professional degree?

Arguably more the biggest concern, however, is the module doesn’t teach relational database theory or relational data modelling. Both are surely vitally important to a good data scientist but, as we know, historically relational is something that's proved disposable in big data, an area this qualification no doubt seeks to serve. Without this understanding it’s hard to understand why NoSQL databases are different, what advantages they bring as well as their disadvantages. More importantly, without a good understanding of relational theory, the data scientist misses a huge and well-tested bag of tricks that avoids a whole host of analytical problems. There is a suggestion that the student can go elsewhere to learn this material, but it’s not clear exactly where the student should go.


A Delayed Blockchain Strategy Can Sink an Institution

The blockchain iceberg may not be directly in front of us at the moment, but unless the culture of complacency is tackled head-on, financial services retailers will quickly find themselves in a precarious situation. By preparing properly and bracing for impact, organizations can learn the best way to steer themselves clear of danger, instead of facing a titanic struggle to stay afloat. A blockchain can securely record ownership and any other information about any asset, and with its ability to enable transactions to be completed within minutes or even seconds, it could completely revolutionize the industry. While some suggest it will be a force for good, others suggest that the changes it would impose on the way these organizations operate will leave a trail of ruin in their wake.


Quote for the day:


"Knowledge management is something many companies are sure they need, if only they knew what it was." -- @mldamico

Posted by at No comments:
Labels: , , , , , , , , , , ,

August 14, 2016

There's Now A Cryptocurrency Created by Participating in DDoS Attacks

“Proof-of-DDos might not be a good ultimate end goal, but there are aspects of the idea that may prompt thinking along these or similar lines … We hope that Proof-of-DDoS is eye-catching enough to get people thinking more about these ideas.” The DDoSCoin system also allows its participants to choose specific sites to target through consensus. However, since the proof-of-DDoS concept relies on verifying encrypted TLS connections to a victim website, the participants will only be able to target sites that support those secure connections. Currently, about 56% of Alexa's top million websites support TLS. But that number is expected to increase as the encryption standard becomes more widespread, the researchers say.


Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called "golden key"—which allows users to unlock any device that's supposedly protected by Secure Boot, such as phones and tablets. The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled. And while this means that enterprising users will be able to install any operating system—Linux, for instance—on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.


Deep Instinct’s Artificial Brain Spots Zero-Day Security Threats

Nervana isn’t specializing in security. But like Nervana, Deep Instinct is using GPUs to produce what it describes as an artificial brain. That brain was trained by being exposed to hundreds of millions of files: applications, PDFs, just computer files of any type. About half were benign, and half were malignant. The process took about 24 hours, Schirmann says. Some human intervention was necessary during this first step, just as it is with a human brain that’s early in development. Humans told Deep Instinct’s AI which files were good or bad — but what distinguishes deep learning from machine learning is that the brain wasn’t instructed which features to watch. Based on what it knew about the “good” and “bad” piles, it began drawing its own conclusions about what a malicious file looks like.


Blockchain-Based Peer-To-Peer Solar Energy Trading To Be Trialed In Perth

The technology works, like bitcoin, to identify the ownership of energy as it is generated and then to manage multiple trading agreements between consumers who buy excess solar direct from the original owner/producer, without the addition of market costs and commercial margins. “It’s a software program that tracks the movement of electricity from point to point,” Green explained in an interview with One Step Off The Grid on Friday. “It handles the financial transactions off the back of it as well. “Presently, if you’ve got surplus solar electricity you sell it back for a low feed-in tariff and buy it back (from the grid) for a high rate. Using (Power Ledger), you can sell it to your neighbour at somewhere between the two” – less than the uniform tariff but more than you would get from selling it to their retailer, Green said.


How can Augmented Reality Leverage the FinTech Future?

Augmented Reality, widely being called as AR is a combination of different technologies incorporated to enhance the comprehension of an experience. ... The fundamental principle of AR is to enhance the user experience by presenting him overlaid system generated features to the real world surroundings. AR technology is extensively pragmatic towards mobile users. Number of users dependent on location-based services will be ever growing owing to the advancements in GPS and other dependent technologies. Hence FinTech future which puts its faith in mobile driven technology will get an amplification by encouraging their users to adapt to AR. Augmented Reality will bring Fintech users close to each other. There are many ways in which it can remodel the user experience.


The Field Guide To Data Science

Data Science is an auspicious and profound way of applying our curiosity and technical tradecraft to solve humanity’s toughest challenges. The growing power, importance, and responsibility of applying Data Science methodologies to these challenges is unimaginable. Our own biases and assumptions can have profound outcomes on business, national security, and our daily lives. A new class of practitioners and leaders are needed to navigate this new future. Data Scientists are our guides on this journey as they are creating radical new ways of thinking about data and the world around us.


Undocumented SNMP String Exposes Rockwell PLCs To Remote Attacks

“This vulnerability is due to the presence of an undocumented SNMP community string that could be leveraged by an attacker to gain full control of affected devices and grants the ability to manipulate configuration settings, replace the firmware running on the device with attacker-controlled code, or otherwise disrupt device operations,” Cisco Talos wrote in an advisory. “Depending on the role of the affected PLC within an industrial control process, this could result in significant damages.” According to an advisory published today by the Industrial Control System Cyber Emergency Response Team (ICS-CERT), these PLCs are used in industries such as chemical, manufacturing, food, water, wastewater and others across Europe, the United States and Asia.


WaTerFall requirements in Agile Product Development

In reality, and rather frequently, the best ideas and solutions come much later in the process when development phase is well underway. It is also not uncommon that customers change their minds about initially stated requirements after development begins. In cases like these, to justify BRD scope creep, a tedious and overly bureaucratic process, of change control is implemented – something that requires additional time and effort. By design, BRDs are meant to resist changes; anything that requires an update after BRD is finalized and signed off, carries a negative connotation. Lastly, having BRDs produced without initial participation of technology creates a lot of ‘wishful thinking’ and unrealistic expectations from customers that sometimes look for complex and expensive solutions.


Agile Scaling Frameworks: An Executive Summary

SAFe is anchored and framed by a so-called "big picture" of what a compliant implementation will look like. This generates two problems. Firstly, it encourages the perception that agile change can be templated and overlaid onto existing practices without deep and pervasive change...in other words, the foundations may be weak. Secondly, and ironically, organizations with no Unified Process legacy will find the prescriptions of the template hard to approximate...too much change in other words. Nevertheless SAFe can be an appealing option for organizations which are already vested in the Unified Process or similar methods.


Why Change Management Needs Review By IT Security

Information security should be embedded into the change management process to ensure that all changes have been assessed for risks. This includes assessing the potential for introducing new vulnerabilities into the environment and the potential business impacts that could occur if a change produces undesired results. Changes will always involve some amount of risk, but risk can be minimized if changes are adequately reviewed, assessed and coordinated through a formal change management process. One of the biggest challenges is gaining buy-in from users so that they follow the change management process and not circumvent it. Change management helps avoid problems by increasing upfront communication and identifying issues before they happen.


Quote for the day:


“There is a difference between listening and waiting for your turn to speak.” -- Simon Sinek

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)