Daily Tech Digest - December 09, 2016

Most embedded software has been traditionally written by hardware companies that only developed their code because they had to in order to make their product useful in the first place. For most device manufacturers, software development is a cost centre, not a revenue generator. As such, software development will often be pushed to the bottom of the pile in an effort to limit overall costs. The end result is that most manufacturers are happy to sell their devices to wholesalers or retailers and then forget all about them – they rarely continue to provide long-term support. At best, consumers may be lucky enough to find an appropriate firmware update in some obscure corner of the manufacturer’s website, which frankly only the most technical consumers will really know how to install.


Unsupervised learning is how an algorithm or system analyzes data that isn’t labeled with an answer, then identifies patterns or correlations. An unsupervised-learning algorithm might analyze a big customer data set and produce results indicating that you have 7 major groups or 12 small groups. Then you and your data scientist might need to analyze those results to figure out what defines each group and what it means for your business. In practice, most model building uses a combination of supervised and unsupervised learning, says Doyle. “Frequently, I start by sketching my expected model structure before reviewing the unsupervised machine-learning result,” he says. “Comparing the gaps between these models often leads to valuable insights.”


Customers today have more choice and opportunity to engage with banks and non-traditional banks than ever before. How the traditional banks respond to this new world of digital banking will define whether they sink or swim. All of them want to be digital banks, but does this resonate with their customers? Findings from SAP’s 2016 Australian Digital Experience Report show the banking industry has more consumers that are unsatisfied than are delighted with the digital experiences provided. The business outcome of getting digital interaction right in Australia is huge, as customers delighted with the digital experiences are five times more likely to remain loyal over those unsatisfied and more willing to share personal information such as buying preferences. Customer insight and understanding are where the business is; and using this data to better personalize only comes with accurate, appropriate, and timely information.


According to the agreement, upon a referral being received, the FCA or HKMA both intend to "assist the innovator businesses in understanding the regulatory regime" that they oversee and explain "how such regimes may be relevant" to those companies. The agreement also confirms that the FCA and HKMA intend to "share information about innovations in financial services in their respective markets", such as on emerging trends and regulatory issues pertaining to innovation. The FCA and HKMA may also pursue "joint innovation projects on the application of novel financial technologies", share expertise and knowledge, and facilitate staff secondments to one another, under the new cooperation agreement.


The totality of the BlackBerry solution is called BlackBerry Secure and is grounded in the company''s mobile software security platform. It helps companies manage and secure their mobile devices and connected things and secures communications for all messaging and file types - ultimately opening up new markets for BlackBerry where multiple endpoint mobile security management and applications are critical. For example, BlackBerry''s platform helps to prevent hackers from penetrating devices and computers, provide intelligence for highly secure supply chain communications, ensure patient confidentiality in healthcare and safeguard assets in the financial industry. 


When faced with transformation initiatives, the path of least resistance can often be to adapt existing processes to that change, without taking the opportunity to identify efficiencies or cost savings, as the scale of reviewing all processes and the impacts on both operations and customer deliverables are too great. I speak with many government agencies that are in the process of ’transforming’ and they have simply replaced a paper process with ‘handraulic’ electronic processes that pass through many hands, eyes and email inboxes due to compliance requirements or governance policies. A good example of this is when information has to leave your organizational silo, either as part of a joint responsibility across multiple government agencies, or when content based approvals must be sought from outside of your organisation. 


“Companies are going to need to invest in more technology to protect them from security threats,” said Brendan Jacobson, co-founder of NetGain Technologies. “It is just going to get worse.” It’s not necessarily that the attack tools are getting smarter; it’s the manner in which they are being used. Malicious players don’t even have to be highly tech savvy, said Cody Shackelford, systems engineer with Data Strategy, which acquired Louisville-based boice.net this year. Basic malware or ransomware packages are readily available on the black market or dark web, he said. Attackers today are succeeding by researching a target company or agency to determine a weak link 


Often lacking sufficient budget and headcount, security staff are overburdened. Given all the pressure to “get everything done,” sometimes things just don’t get done correctly. Misconfiguration of a tool and neglecting to follow security policies to the letter are regular mistakes. So is spinning up a certain service, such as a container, a proxy or monitoring tool, but forgetting to secure it. Still another consequence of time pressures can be forgetting to update security patches or not updating them on time. About half of IT professionals see outdated security patches as a problem and cite human error and patch management as stumbling blocks to making web apps totally secure. Cutting corners may sometimes be a good way to get the job done quickly, but it also makes way for poor security. Security managers must keep their teams on their toes. 


The industry's main effort to bend the technology to its will -- the R3 consortium -- recently saw the departure of several banks, including founding members Goldman Sachs and Banco Santander, and reportedly reduced its fundraising target. Charley Cooper, managing director of R3, explained that initial expectations were unreasonably high, blaming the "hype cycle" on tech firms and their dreams of disruption. Now, R3 has unveiled its new platform: Corda, a decentralized database that does not use a blockchain, as its technical whitepaper specifically points out. In a blog post, R3 architecture consultant Ian Grigg argues that Corda will become a formidable opponent to the two most popular blockchain technologies, Bitcoin and Ethereum, because it is the only solution that "asked the users what they want."


NativeScript supports Angular 2 and allows for true native performance on mobile applications – without having to learn multiple native languages. By using native components, the framework offers a native look, which give users the experience they both expect and demand. When it comes to developing, think of how much work you’d have to do to build simple Android and iOS apps using traditional native development approaches. In the case of a button, you’d have to take multiple steps across Android and iOS to accomplish what you need to. But with NativeScript and Angular 2, you can build that same button in a few lines of code; write the code in JavaScript/TypeScript; place the button in an Angular 2 component; style that button with CSS; install JavaScript modules to help you out from npm; and at the end of the day, there is only one code base to maintain.



Quote for the day:


"Winning by helping others succeed scales much better than winning at another's expense." -- @ThisIsSethsBlog


Daily Tech Digest - December 08, 2016

OpenStack enterprise adoption still awaits full embrace

Every one of those critical area points -- image placement, compute distribution and load -- are fundamental things you figure would just work," Berisha said. Ultimately, Berisha decided on a managed services engagement with VMware Integrated OpenStack. Whether it is a vendor distribution or managed OpenStack cloud, the financial benefits of the open source cloud computing software might not always pan out, because the vendor distributions that eliminate the complexity may also diminish the anticipated cost savings. "A lot of these distros are incredibly expensive," Forrester's Nelson said. She pointed to a recent request for proposal for 30,000 VMs that required $4 million for software licensing.


Backdoor Accounts Found In 80 Sony IP Securtity Camera Models

Sony was informed about the issue in October and released firmware updates for all affected camera models on Nov. 28. Users are advised to install these updates as soon as possible, because security cameras have recently been an attractive target for hackers. "We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not by an 'unauthorized third party' like in other cases," the SEC Consult researchers said. The affected cameras can be attacked over the local network or over the internet if their Web interfaces are publicly accessible. A search via the Censys.io search engine revealed around 4,000 Sony security cameras connected to the Internet, but these are likely not all of them and it's unclear how many are actually vulnerable.


The world in 2045, according to Pentagon researchers

"Imagine a world where you could just use your thoughts to control your environment," Sanchez said. "Think about controlling different aspects of your home just using your brain signals, or maybe communicating with your friends and your family just using neural activity from your brain." According to Sanchez, Darpa is working on neurotechnologies that can enable this to happen. There are already some examples of these kinds of futuristic breakthroughs in action, like brain implants controlling prosthetic arms. Just last week Darpa demonstrated this amazing tech for the first time and gave a paralyzed man back the sense of touch — with brain implants that provided the feeling "as if his own hand were being touched," he reported. The future has more than just brain implants. Many other exciting things could change the buildings and other objects around us, says Stefanie Tompkins, a geologist and director of Darpa's Defense Sciences Office.


CIOs assess how Apple and Google approach enterprise apps

Google has a fairly robust strategy, whereas Apple's approach is designed to meet specific business objectives, according to Wiora. "I think what technology leaders are looking for is a platform that integrates easily and is secure," he says. "Both companies have historically had their challenges and overcome a lot of them." Many IT professionals are receptive to Android and Google, but businesses should be cautious about overreliance on Google partners because the company could eventually follow Microsoft's lead and supplant some third-party services with its own, Wiora says.  Apple's approach to enterprise development works best for large companies that require a more formalized program or have existing relationships with Apple's current partners.


The Digital Shift: Embracing New Technology and Engaging Your Employees

There are three main reasons why some companies find it difficult to leverage more digital technology within their organizations. First, “new and improved” to some people can feel like “change and work” to others. When digital aspects are introduced into a job function that has existed for years without them, the benefits to users aren’t always obvious. For instance, rolling out instant messaging, which is supposed to make collaboration easier, may feel like just another thing to monitor and respond to that didn’t exist before. Some employees are simply set in their ways. Putting tools like document management systems or portals in place to automate or simplify common tasks takes time. Tagging and uploading a document to SharePoint or Dropbox — so everyone in your company has access to it anywhere


While Circle Pivots Away from Bitcoin, Blockchain Doubles Down on the Digital Currency

In an interview with the Wall Street Journal, Circle CEO Jeremy Allaire claimed the company’s fiat-denominated payments are growing many times faster than bitcoin payments on their platform. Allaire also claimed Bitcoin has not evolved quickly enough to support common, everyday payments, and he pointed to what he perceives as development gridlock among Bitcoin Core contributors as the main cause of this lack of progress. Although Allaire is frustrated with the Bitcoin Core development community, the reality is that they released their main scalability improvement,Segregated Witness, this past October. While Circle has continued their pivot away from bitcoin, Blockchain is doubling down on the digital currency.


Microsoft to turn millions of PCs and tablets into smart 'home hubs' 

'Home Hub is designed to run on Windows 10 PCs, mainly All-In-Ones and 2-in-1's with touch screens, but can work on any Windows 10 machine.,' it is claimed. As well as giving access to Microsoft's Cortana AI assistant, it will allow families to more easily create share accounts. 'There will also be a 'family account' that is always logged in,' Windows Central says. That account can see everything the 'family' is supposed to see, such as specific apps, calendar appointments, to-do's, and more. The new software will also be able to control smart home devices, including lights, doors, locks and more. It will use Microsoft's Cortana to allow voice control - much like Apple's siri HomeKit integration.  The firm is also expected to work with theird parties to create dedicated home hub devices, with talks already underway with HP and Lenovo.


Bluetooth 5 Is Out: Now Will Home IoT Take Off?

With Bluetooth 5, BLE matches the speed of the older system, and in time, manufacturers are likely to shift to the low-power version, he said. Range has quadrupled in Bluetooth 5, so users shouldn’t have to worry about getting closer to their smart devices in order to control them. Also, things like home security systems – one of the most common starting points for smart-home systems -- will be able to talk to other Bluetooth 5 devices around the house, Parks Associates analyst Tom Kerber said. Another enhancement in the new version will help enterprises use Bluetooth beacons for location. BLE has a mechanism for devices to broadcast information about what they are and what they can do so other gear can coordinate with them. Until now, those messages could only contain 31 bytes of information.


Where does India Stand in the Impact of Digital Technology on Businesses?

According to Sunil Mangalore, Managing Director, CA Technologies India, “India is at the cusp of a major revolution, as we see digital technologies being at the centre of business strategy for leading businesses. ... The need however for Indian CXOs, is to collaborate with a strategic partner and ensure adoption of digital technologies and practices that helps them grow their business revenues while enhancing customer satisfaction and retention.” ... Digital advancement in any field, least of all in businesses, can’t take place without sufficient supply of energy for daily living, for the industries and for the digital technology to function. India has to resolve this issue seriously, if it wants to make an overall transition to a completely digitised business model at par with the completely industrialised countries.


Cyber-insurance: What will you be able to claim for and is it worth it?

At the moment, CLIC can cover costs relating to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines. It can cover third-party damages, where these might include specific defacement of a website and intellectual property rights infringement. And would even cover losses due to a threat of extortion, and professional/legal fees related to dealing with the extortion. And the same goes for costs related to data lost by third-party suppliers and costs related to the theft of data on third-party systems. Simultaneously, some companies are attempting to provide a ‘guarantee scheme' of sorts, which promises to pay a specified amount of money should their product fail and a data breach was to occur.



Quote for the day:


"Great minds discuss ideas; Average mind discuss events; Small mind discuss people" -- Eleanor Roosevelt


Daily Tech Digest - December 07, 2016

Macbook Pro vs Surface Book i7

The Surface Book is essentially a business user's dream. You get just enough ports to keep you connected to a desktop station without needing any dongles, adapters or converters. ... It's lightweight enough to tote around, at 1.21 pounds, but it's meant to just sit on your desk, keeping cords tucked away and waiting for you to connect. The Macbook Pro isn't as limited in ports as the Macbook, which made a statement at its release by only including one USB-Type C port on the entire device, but the Pro still doesn't offer the same flexibility as the Surface Book for business users. On the 2016 Macbook Pro, you'll find four Thunderbolt 3 ports that also act as a USB-Type C port -- they use different connection standards but the port is the same shape and size.


Data Virtualization and Sandboxes: Filling the DevOps Data Gap

The Data Gap is the fact that provisioning production-like data effectively for developers and testers is one of the most challenging aspects of standing up the environments that are so critical to enabling DevOps. Let's back up a bit to understand the context of this. DevOps is all about building, testing, and releasing software at speeds that are orders of magnitude faster than traditional methods. Enterprises used to release software (or products) on yearly or quarterly basis. Today's application based economy is forcing them to move to monthly, weekly, or daily releases. DevOps aims to transform companies' cultures, processes, and tools to enable high velocity, continuous deployments of software. In speaking about this goal, DevOps guru and Phoenix Project author Gene Kim says,


Skills to look for in a threat hunter

Security analysts need a solid understanding of networking devices and computer operating systems. Hunt analysts constantly review raw system & network logs as well as packet captures. Analysts should have a deep understanding of the technology and software producing the logs to provide context to abnormalities. ... Endpoint analysis provides greater context in security threats and activity. This type of analysis can include memory dumps, I/O activity, user activity, etc. This stage of the hunt can provide more conclusive evidence on what is happening at the host and user level. Hunt analysts should be able to navigate OS logs and explore local endpoints with relative ease.


Companies Are in Short Supply of Cybersecurity Talent

“The deficit of cyber security talent is a challenge for every industry sector. The lack of trained personnel exacerbates the already difficult task of managing cyber security risks,” according to the CSIS report. The current shortage of cyber security skills is concerning for companies in all industries. One in four of the IT professionals surveyed said their organizations had been victims of cyber theft because of their lack of qualified workers. It is estimated that by 2019, between one to two million cyber security positions will be left unfilled. In the United States alone, 209,000 cyber security positions in 2015 sat vacant because of the shortage of cyber security skills. Hackers are taking notice of this gap. Worryingly, 33% of respondents to the Intel Security-CSIS survey said their organization was a target for hackers who knew their cyber security was not strong enough.


FCC Looks To Increase Security Regulations On Internet Of Things

FCC Chairman Tom Wheeler acknowledged the governing body’s interest in beefing up the security protocols for connected devices in a letter to Virginia Senator Mark Warner. “We cannot rely solely on the market incentives of ISP to fully address the risk of malevolent cyber activities," Wheeler wrote, arguing that a combination of market-based incentives and regulatory oversight are necessary to establish basic cybersecurity protections for internet-connected consumer devices. The message from Wheeler, published on Monday, was prompted by a letter from Senator Warner dated Oct. 25 of this year. Warner’s initial correspondence was prompted by the Mirai botnet attack that managed to take down a number of major websites. The attackers primarily utilized unsecured IoT devices to perform massive distributed denial of service (DDoS) attack.


Automated phishing campaigns increase profits for hackers

This is alarming given that phishing is the starting point for most network and data breaches. With this in mind, Imperva researchers deconstructed a phishing campaign initiated in mid-June, 2016. Among the most surprising findings was the low cost of launching a phishing campaign and the high projected return on investment for cyber-criminals. Imperva researchers browsed the darknet marketplace to estimate the cost of phishing campaigns and to get a clear picture of the business model. They observed the ease of purchase and low cost of Phishing-as-a-Service (PhaaS) campaigns. In addition, they saw that hackers were easily able to hijack compromised web servers for their campaign, which further lowered the investment needed.


Navigating the Five Stages of Threat Hunting

Hunting for the unknown requires patience, persistence and more effort. This is because unknown threats often tend to be more sophisticated, well-hidden and harder to detect. However, these adversaries leave indicators of their movement around your network. They will try to mimic the normal activity of authorized users to stay under the radar. If you are vigilant, eventually they will reveal themselves as an outlier – primarily by taking actions that reveal their precise targeting and IT savvy ... There’s a wealth of information in your logs! You’d be surprised what can be revealed simply by correlating information. By baselining a particular activity within your environment, and noting how often it occurs, you will start to see things pop up that are worthy of closer scrutiny. Patterns of suspicious behavior will emerge over the course of 30 days or even a couple of weeks.


Building a Secure, Fast Microservices Architecture From NGINX

With the transition from having all of the functional components of your application running in memory and being managed by the VM, to working over a network and talking to each other, you’ve essentially introduced a series of problems that you need to address in order for the application to work efficiently. One, you need to do service discovery. Two, you need to do load balancing between all the different instances in your architecture. And three, you need to worry about performance and security. For better or worse, these issues go hand in hand and you have to balance them together. Hopefully, we’ll have a solution that addresses all of them.


Microsoft Office, Google Docs beware: This open-source startup is after your users

Bannov contrasts those points with OnlyOffice having cloud and server versions and desktop and mobile apps on the same code base. "Our editors also show the highest compatibility with Microsoft Office formats," he says. As of now, OnlyOffice has more than two million users worldwide, with most of them using the free products. However, it is being used by one Oracle department in UK, and also by Unisys. The office suite also has a foot in the door of many educational institutions. Clients include the University of Brunswick, Karlsruhe Institute of Technology, University of Paris-Sud, and the Luxembourg Institute of Science and Technology. Public organizations use OnlyOffice as well. For example, the French Red Cross and Germany's Social Democratic Party.


How to merge IT and product development into one department

Why bring product and technology together? "Take our device protection product: when your device is stolen or lost, we can replace it typically in less than 24 hours," Vandevier says. "That product involves consumer websites, agent tools, mobile apps, supply chain, and repair operations — a whole host of systems, applications and products. The product has to roll up to one team that supports device protection end-to-end rather than to a bunch of people in different departments.” If Vandevier and his colleagues hadn't pulled those teams together, the device protection product would have suffered from a lack of clarity and unhappy customers. "When you have product and technology in separate groups, you wind up leaving out critical requirements and scrambling to squeeze in features late in the delivery cycle," he says.



Quote for the day:


"You always believe in other people. But that's easy. Sooner or later you have to believe in yourself." -- Gary, The Muppets


Daily Tech Digest - December 05, 2016

Should you go with Google's Go? 7 pros and cons

Go’s rise coincides with a rapid collapse of interest in C. Yes, C remains second on Tiobe’s list, but it has lost about 40 percent of programmer investment as computed by Tiobe’s complex metric. Built to be a stripped-down, efficient language for writing low-level code, Go shares many features with C, including much of the syntax. It’s hard not to conclude that a good part of Go’s newfound support is likely made up of former C programmers migrating to a new home. The Tiobe list isn’t about lines of code or job advertisements; instead, it tries to capture the pulse of the programming world by counting web searches and other behavioral metrics. It’s clear from Go’s large leap that people are starting to talk about Go for real-world projects, not merely fringe one-offs from startups.


Reality Check: Getting Serious About IoT Security

To determine the severity of the problem, I wanted to see how quickly an IoT device would be attacked once it was connected to the Internet. Would a user who bought an IoT webcam or printer have enough time to set up and securely configure the device before an attacker would compromise the device? ... The vast majority of the devices targeted by Mirai are running a stripped-down version of the Linux operating system, developed for multiple architectures (MIPS, ARM, x86, etc.). These machines generally run a tool called BusyBox — "The Swiss Army knife of embedded Linux," as developers refer to it. This single binary allows for the execution of more than 300 commands, cutting down on the space required of an operating system on an embedded device.


Respect and the Agile Workplace (a.k.a. 5 Failings of Your Humble Agile Architect)

It's quite common for me to be in a discussion when my mind races ahead to a solution for a problem that we're still spit-balling. And once I arrive at my solution, I'm anxious to get the conversation caught up to that point so we can just get on with it, dammit! But, of course, that doesn't work. Knowing this, I take a deep breath to calm myself, a technique I learned and have used since the sixth grade, and patiently help move the conversation forward at a more reasonable pace. And, of course, at this point I've made two mistakes. The first one, waiting patiently to get to my solution rather than helping the group get to some solution or a range of possible solutions, and the second one being the deep breath that's misinterpreted by others as a sigh of disinterest or impatience with them rather than my own frustration with myself.


What's Hot in Hiring: Data Security Consulting!

Information security can be broken down into two main areas. These areas are hardware, and software. A data security consultant may be expected to have a wider understanding of their industry, but in reality they will only specialize in some key areas. This means that employers need to be specific about who they’re looking for and the technologies that they use. It also means that jobseekers need to be upfront about their expertise, or they may risk finding themselves in a position that is beyond their current skillset, which could lead to career impacting underperformance. As a consultant, the role is to advise, develop, and implement change. This change is usually to address a problem that already exists. In the case of data security, this could mean that a security threat has already been identified, or it could be to mitigate possible threats with new technologies.


Why cybersecurity companies fail at selling to CISOs... and what to do about it

Why is Hayslip, who is also author of the book 'CISO Desk Reference Guide: A practical guide for CISOs', ranting on vendors? He likes them, he wants to help them do a better job at selling to CISOs, and he decided to offer them some hard-core advice. Cybersecurity software companies and solution providers ought to listen up on what this CISO has to say in his manifesto, even if some of it may be hard to swallow. Hayslip tells it like it is. He isn't singling out particular vendors or sales reps. He has no vendetta against them. To be clear, Hayslip is heavily engaged in the cyber vendor community and he's an Advisory Board Member at the San Diego Cyber Center of Excellence (CCOE), a non-profit founded by local cybersecurity companies dedicated to accelerating the region's cyber economy.


Intel is Winning Over Blockchain Critics By Reimagining Bitcoin's DNA

The main critique to emerge is that participants would need to use Intel hardware like SGX to execute code in a protected area that can't be inspected or tampered with. That's how you "know" — in theory — that the blocks filled with transactions will be dispensed at a certain interval, and that those transactions are correct. And you know that it can't be tampered because of cryptography involved. "PoET uses this special processor capability to regulate block frequency rather than computation," Sawtooth Lake project manager Dan Middleton said, explaining that by using the protected area of the chip, the code is executed as designed. "This is what enables the return to one-cpu-one-vote," he continued, echoing an idea invoked in Satoshi Nakamoto's bitcoin white paper.


Alexa and Google Home Record What You Say. But What Happens to That Data?

Google users can find everything they’ve asked for by visiting myactivity.google.com while they’re logged into their account. This query museum doesn’t just include voice requests. It also includes any Google searches, YouTube videos, and apps you’ve launched on Android, among other things. It’s all presented in a neat, searchable chronological stack. There are user benefits to these personal audio catalogs. For cases where spoken-word answers aren’t very useful—recipes and search results, for example—Amazon and Google provide links to written content in the Alexa and Home apps. Both companies say these audio databases help each system serve up personalized content and learn the intricacies of your Maine accent.


CNN’s Quest Discusses Cyber Breaches, an “Existential Threat”

No institution, however big or grand, is safe. The global payments system SWIFT has embarrassingly admitted $100 million was stolen from one of its members who had been careless with authentication details. Even the US government has admitted data on millions of employees has been compromised. What makes cyber security breaches most worrying for companies is the existential threat that comes with them. Rob a bank branch and you only get the money inside the vault. Compromise a bank’s trading or transfer systems and, as the SWIFT CEO admitted recently, you create a threat to the very existence of the institution itself. Cyber attackers frequently squat in compromised systems for months before launching their attacks. It creates a huge challenge for companies.


The digital opportunity for CIOs

Left to their own devices, functional leaders will likely tackle each of the three opportunities in independent ways. For example, the chief marketing officer might just concentrate on the customer, the chief financial officer might just concentrate on the use of analytics for management insight or financial reporting, and the chief operating officer might just look at digitising parts of the supply chain. But while digital might help that leader’s particular function, overall, it can add to poor investments and jeopardise broader adoption patterns more widely for the business. But all these areas share a strong technology underpinning. The CIO is therefore positioned to visualise the digital “big picture”, and help guide investments that build the right mix of technology skills, architectures and delivery models.


Ramsomware as a Service Fuels Explosive Growth

Orla Cox, director of security intelligence delivery at Symantec, said not only has the number of attacks increased, but the demanded ransom has as well. “The average ransom demand has more than doubled, and is now $679 (US dollars), up from $294 at the end of 2015,” she said. She added that 2016, "has also seen a new record in terms of ransom demands, with a threat known as 7ev3n-HONE$T (Trojan.Cryptolocker.AD),” which demands a ransom of 13 Bitcoin per computer, or $5,083 at the time of discovery in January. One reason for that explosive growth is probably because, even with headlines and continuous warnings about it, most individuals and organizations remain woefully vulnerable. Even if protection is available, they don’t always use it.



Quote for the day:


"Fear causes hesitation and hesitation will cause your worst fears to come true." -- Patrick Swayze


Daily Tech Digest - December 04, 2016

Dive Deep Into Deep Learning

The most remarkable thing about deep learning is that we don't program them to perform any of the acts described above. Rather, we feed the deep learning algorithm with tons of data such as images or speeches to train it, and the algorithm figures out for itself how to recognize the desired targets. The ability of Deep Learning methods to learn complex nonlinear relations by churning high amount of data, creating features by themselves makes it stand out from the other traditional Machine Learning techniques. To know how a standard Deep Learning algorithm works, we have to follow its predecessors, neural networks. Well, some practitioners also refer Deep learning as Deep Neural Networks, which is also a choice.


Machine learning: A new cyber security weapon, for good and ill

Darktrace claims its self-learning approach has been “inspired by the biological principles of the human immune system, identifying never-seen-before anomalies in real time, including insider threats and sophisticated attackers - without using rules, signatures or assumptions.” Modesty is not the company’s strong point. It claims to be “the only technology capable of detecting and responding to emerging cyber-threats, from within the network,” and that its self-learning software has been “recognised as the de factostandard for defending organisations of all sizes from constantly-evolving threats.” Darktrace announced Telstra as a customer in February, saying that the telco had decided to deploy the Darktrace Enterprise Immune System across its enterprise network “because of its unique capability to spot emerging abnormal behaviours in real time within the organisation.”


What is the Blockchain – part 5 – ICOs and DAOs

An ICO is increasingly being used by cryptocurrency and Blockchain startups to raise money by distributing a percentage of the initial coin supply. ... The tokens, or cryptocoins, which are sold during the crowdsale will be used on the platform to pay for transactions. ‘Investors’ that purchase these coins during the ICO do not get a share in the startup, but they hope that the price of the coin will rise and as such they can get a (substantial) return on their investment. ... A DAO is a grouping of smart contracts connected together, possibly in combination with IoT devices, AI/Machine Learning and big data analytics. It is run by irreversible computer code, only under control of a set of, irrevocable, business rules. As a result, a DAO does not have any governance by management or people, but is governed by code.


Growth Drivers, Trends, and Developments in UK Fintech Market

There is a move away from free float revenue models or paid subscriptions to alternative models that are based on monitoring and advertising or reselling of data to 3rd-party firms. This is due to data richness in financial services and development of a liquid and sophisticated market for digital leads. Identity and fraud protection are another development in UK fintech market. A connected world is complicated and makes protection of personal financial details challenging. As start-ups come up with untested and new business models, security is often viewed as a secondary focus. Infrastructure replacement is also a development in UK fintech market. Emergent fintech players are unsatisfied with current infrastructures and are side-stepping it. Infrastructures that have been developed to replace the old ones include cryptographic currencies like Bitcoin and peer-to-peer networks.


Trump presidency could sound death knell for offshore outsourcing

“Any Trump-inspired reform of the U.S. immigration laws will likely make it harder to move employees into the U.S. market,” says Peter Bendor-Samuel, CEO of outsourcing research firm Everest Group. “This will likely take the form of fewer H-1Bs, higher costs for visas, and caps on the number of visas the firms can utilize. That would likely result in IT services firms having to hire more U.S.-based resources, raising operating costs and reducing the labor cost advantages of offshore outsourcing. ... Industry observers expect the corporate lobby to push back on populist proposals. “Politics is still very much a money sport,” says Bendor-Samuel. “Trump is likely to quickly find that campaigning and governing are far different, with members of congress being much more concerned about corporate welfare than the average voter.”


Enterprise architecture model helps to maximize mobile empowerment

The biggest problem with mobile empowerment is that typical strategies don't account for mobility; they account for mobile devices only. A worker, who is supported by a mobile device, doesn't need to get the same information again, which is simply formatted for mobile display. They need to get different information, because the availability of IT support at their activity points changes how they work. Ideally, an enterprise architecture model could step back to business processes and then define its implementation in a mobility-optimized way. ... The challenge many enterprise architects value in driving mobility empowerment will be reduced because pure business requirements are lost or confused. In every enterprise architecture model, there is an implicit or explicit boundary between abstract business process requirements and explicit methods dictated by available IT tools.


How today’s tech tools take marketing automation to the next level

It’s no longer sufficient to send the same message to thousands of people at once. Businesses realize they must reach out to customers on an individual basis for them to pay attention. This starts with creating a subject line that will connect with them as they’re casually scrolling through their overstuffed inboxes, but it continues to the message itself. When an email contains information that specifically speaks to a customer’s preferences, that customer is more likely to take action. Many of today’s top email marketing tools offer the opportunity to direct email messages to certain audience segments. You can deploy one set of emails to customers who have purchased from you before, for instance, and another for customers who have shown an interest but never bought anything.


16 high-tech features you need in your next car

Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication is basically exactly what it sounds like. It's a type of communication technology that lets cars talk to other vehicles, as well as surrounding infrastructure like traffic lights.  Why is this important? Because as cars become more autonomous they will need to be able to communicate with other cars on the road in order to operate more safely. ... More automakers are beginning to offer WiFi and LTE 4G connectivity in their newer vehicles. However, you'll still have to pay for whatever data plan you opt for.  WiFi and LTE 4G basically turns your car into a hotspot, allowing for you to connect several devices to the network. This means passengers can easily stream music, video, and surf the web without having to worry about killing the battery of your mobile device.


Internet Archive Seeks Emergency Backup - in Canada

Presumably, the Internet Archive has backups in place. But war and natural disasters aside, Kahle says deeper, intentional actions have previously affected libraries, citing in particular "legal regimes" and "institutional failure." "Throughout history, libraries have fought against terrible violations of privacy - where people have been rounded up simply for what they read," he writes. "At the Internet Archive, we are fighting to protect our readers' privacy in the digital world." Never before have humans had so much access to information than through the capabilities of the internet. And never before have governments, spies, cybercriminals and others been able to exploit it for profit, surveillance and influence.


Best practices for lowering cyber insurance costs and cyber risk

With cybersecurity threats on the rise, companies are increasingly taking advantage of cybersecurity insurance. And while cyber insurance can be worth it, it’ll cost you. Last year, U.S. insurers earned $1B in cyber premiums. You can minimize your premiums by showing your insurance company you’re actively mitigating cyber risks, which is a win-win: lower your risk and secure a more cost-effective insurance plan. Purchasing cyber insurance for the first time can be intimidating because every insurance vendor has unique offerings, but here are two best practices on how to approach cyber insurance to ensure it’s a good fit and cost-effective for your company



Quote for the day:


"Men who are in earnest are not afraid of consequences." -- Marcus Garvey