Daily Tech Digest - December 24, 2016

Smart Homes: Are the Security Risks Worth It?

Early smart home systems have some serious security flaws that have come to light within the last few years. Trailblazing smart home manufacturers have been more concerned with innovation and getting their products to market than in keeping up with the latest developments in cyber security. These companies often neglect even the basics of keeping their smart home systems safe, making them ridiculously easy to hack. One Synack security analyst who tested the cyber security of some of these products was able to hack into 15 of 16 smart home devices within 20 minutes. When you consider that those devices could include home security cameras, garage doors, and water pumps, it’s easy to see that these vulnerabilities pose a physical threat to the home’s inhabitants.


The State of Autonomous Vehicles: A "Who's Who" of Industry Drivers

Forward-thinking car manufacturers, in Detroit and abroad, are taking advantage of these disruptive technologies, focusing on building partnerships, acquiring startups, and beefing up internal R&D departments to avoid extinction. These partnerships and acquisitions also signal a maturing market, with further maturity reached as new revenue streams emerge in both automotive and also tangential industries that focus on providing services that complement or depend on the self-driving car experience.  Autonomous vehicles are about more than a "new" iterative feature sets, faster 0-60 speeds, or any other typical measurement of automotive innovation. They enable an entirely unprecedented consumer lifestyle, much like the internet itself, that surpasses traditional industry boundaries and will serve as the foundation for entirely new business models for the corporations that fuel its evolution


Want to know how to choose Machine Learning algorithm?

Machine Learning is the foundation for today’s insights on customer, products, costs and revenues which learns from the data provided to its algorithms. Some of the most common examples of machine learning are Netflix’s algorithms to give movie suggestions based on movies you have watched in the past or Amazon’s algorithms that recommend products based on other customers bought before. Typical algorithm model selection can be decided broadly on following questions: How much data do you have & is it continuous?; Is it classification or regression problem?; Predefined variables (Labeled), unlabeled or mix?; Data class skewed?; What is the goal? – predict or rank?; Result interpretation easy or hard? Here are the most used algorithms for various business problems


5 trends in open source documentation

People are increasingly choosing lightweight markup languages for a number of reasons. They are usually easier to write, at least for simple things. They tend to play better with version control systems, because they're generally line oriented. And they can help lower the barrier to entry for new contributors, although you should be careful not to expect a change in source format alone to drive lots of contributors to your project. ... Another reason static sites are more popular is that source hosting sites are easier to use, and a growing number of technical people use them. One of the draws of a wiki was that somebody could contribute without downloading anything or installing special tools. If your source files are stored in a hosting service like GitHub, anybody with a GitHub account can edit them right in their web browser and ask you to merge their changes.


EHR Data, Machine Learning Create Cost-Based Clinical Pathways

“With medical cost being such an opaque subject, providers may not have the best guidance strategy for the treatments that they offer to their patients,” wrote authors Yiye Zhang, PhD, and Rema Padman, PhD. Value-based care and innovative payment models for chronic disease management are prompting providers to take a more patient-centered approach to treatment, Zhang and Padman said, and require more patient involvement in their own care.  By creating step-by-step clinical pathways based on a patient’s anticipated disease development, big data analytics techniques could help providers “achieve accurate predictions of anticipated future events and costs following different clinical and cost pathways for improved shared decision making, and, subsequently, identify appropriate ranges of cost for targeted clinical pathways within a patient population,” says the article.


The 5 Most Worrying Technology Trends For 2017 And Beyond

Combining AI with advances in robotics, medicine and gene-technology means that people could stop dying or at least live a lot longer. That sounds great at first, but more people living well past 100 years would have massive implications for the economy and society at large. The population would continue to grow at an even faster rate, putting more pressure on resources around the world. ... As technology advances, we run the risk of entering a world of digital feudalism, in which a few technology elites — whether they are individuals or corporations — control our lives and our fate by controlling our data and our world. So far, people can still choose to opt-out, but it’s already inconvenient and uncomfortable. What happens when all transactions are handled digitally, when you can’t do something as simple as buy food, drive a car, or read a book without a digital signature.


5 game-changers coming to cloud in 2017

According to the same IDG survey, 21 percent are worried about vendor lock-in, which is understandable. The big public cloud providers offer one-size-fits-all cloud models that can orphan back-end systems or even require complete rewriting of critical business applications. Once you’re on their proprietary systems, it can be expensive — if not completely cost prohibitive — to move your workloads and data off their cloud. Take a look at this ZDNET story detailing how American Airlines is migrating to the cloud and using IBM Bluemix to develop new services and business models. IBM and American are partnering to build cloud-based applications that solve specific problems unique to their business, workloads and data. It’s a cloud strategy shaped around American’s unique business model, not its public cloud provider’s.


What the 4th Industrial Revolution Means for Future Jobs

Putting a little extra “elbow grease” into your work isn’t necessarily a good thing anymore (and with that, all couch potatoes rejoice). Mundane tasks are being replaced by more significant and engaging work for employees as Smart Technology is allowing for increased worker productivity by having computers do the tedious and time consuming work (sorry lazy people, you still have to actually do some work). Smart Technology is empowering the workforce. With IIoT solutions, employees develop working relationships with intelligent machines to achieve production results that neither human nor machine could accomplish independently. As IIoT innovations continue to develop, it is expected that the number of connected devices will multiply into the tens of billions! Many industrial organizations already see considerable value in IIoT technology as a complementary service to Big Data analytics.


8 Content Marketing Trends To Watch Out For In 2017

Regardless of your expertise in the growing realm of content marketing, one of the most important factors that goes into successfully marketing your brand is knowing how to use your time and budget to effectively relate to an evolving marketplace. ... One of the best ways for brands to capture attention is by creating interactive content. According to a recent study done by The Content Marketing Institute, 81% of the marketers surveyed said, “Interactive content grabs attention more effectively than static content.” Users today like to feel involved in the content they consume. Some of the popular ways brands are implementing interactive content is though quizzes, polls, or assessments.


Conquering the Challenges of Cloud Migration

If you haven't already, you're going to move something to the cloud at some point in the future. Even if you are not sure that a cloud service is right for you, you still need to investigate the cloud migration process to be able to make an informed decision -- even if you ultimately decide not to go that route. If you are not an expert in cloud migration -- I assume most of you are not -- there are services that can help you be successful. Once you decide to migrate some functions to the cloud, you will discover that this is only the beginning. Likely, more functions will be moved spanning years of IT and UC operation. Along this journey, many challenges will surface. Among the most common difficulties is the task of properly maintaining existing application services during the migration. Other challenges will be not disrupting the user experience or weakening the security you already have.



Quote for the day:


"The function of leadership is to produce more leaders, not more followers.” -- Ralph Nader


Daily Tech Digest - December 23, 2016

Data quality for developers

Just like code testing, Data Quality is one of things that we generally don't pay attention to until it comes and bites us, and when it does, its usually a customer that notices it and as always, we poor beleaguered developers get to pay the price. I'm starting into a Data Quality project, so I thought it might be good to have a talk about what it is, and how we can put some simple checks and balances in place to help us manage our data, and improve its quality. ... To bring your system to the next level, and make it really robust, you could consider building these kinds of checks into your system whenever data is changed or ingested. While you can get very detailed and domain specific with the following, in general, its possible to be quite generic about data at this level and combine these rules and checks to dramatically improve the quality of your data. The bottom line is we are seeking to ensure our data is in a clean state before allowing it to proceed into production or analysis.


Are You a Modern Software Engineer?

Another lane on our highway is related to architecture and non-functional requirements. One day, you may decide to invest your time into common practices of solving scalability issues of any kind, have a look how high availability is being achieved in some modern and popular products, what helps one solution survive high load, etc. If you are a fan of patterns, then you could have a look at classic patterns first, and then switch to modern ones, recall old school enterprise patterns, or read a book about integration patterns.  If you like the web, then the hype is about monolith vs. SOA vs. microservices, so you can invest time into that area. If you are in a big data world, then and kappa architectures might be interesting to you, too.  Another valuable effort might be to spend time reviewing architectures of successful products.


Leaked files reveal scope of Israeli firm's phone cracking tech

The forensics company claims it can download almost every shred of data from almost any device in a matter of seconds -- on behalf of police intelligence agencies in over a hundred countries -- to help solve crimes. It does that by taking a seized phone from the police, then plugging it in, and extracting messages, phone calls, voicemails, images, and more from the device using its own proprietary technology. It then generates an extraction report, allowing investigators to see at a glance where a person was, who they were talking to, and when. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. Here's everything that was stored on that iPhone 5, including some deleted content.


Executive Ritalin: 3 steps that prevent leadership from killing your project

In rare cases, big problems are quickly solved. More often, large-scale problems require time to fix. And time is something many executives believe is in short supply. As Bob Richards, a vice president for a global manufacturer headquartered in Switzerland notes, “True change -- from a problem-solving standpoint -- takes a lot longer than is usually allowed in companies. You need to get folks involved in identifying the problem, how the problem was created, and then get their input on how to solve the problem.” Richards has devised a simple three-step process for staving off executive impatience that leads to killing off promising projects. He acknowledges an executive’s difficult position, saying, “When you’re in a leadership role, it is one problem after the next and your role is to get problems resolved—and quickly.”


In virtualized networking, availability tracking is key

The ability to track packets through the network is necessary, but it's not enough. With virtualization, network and application management have become tightly interdependent. When an application starts up, virtualized networking management requires creation of virtual components and allocates network paths among application virtual machines (VMs). These VMs may execute on different servers, and may move from server to server in response to shifting loads. When a VM moves, network traffic must be redirected to support the new configuration. In the meantime, performance monitors must report whether applications are meeting service-level agreements and track server and network utilization rates. They collect statistics that show use over time so managers can spot components that are nearing limits.


Refactoring to Reactive - Anatomy of a JDBC migration

Reactive programming is the new kid on the block, offering built-in solutions for some of the most difficult concepts in programming including concurrency management and flow control. But if you work on an application development team there's a good chance you are not using reactive and so you might have questions - how do I get there, how do I test it, can I introduce it in phases? ... In the reactive world we aim to bring a blocking application to a non-blocking state. (A blocking application is one that blocks when performing I/O operations such as opening TCP connections.) Most of the legacy Java APIs for opening sockets, talking to databases (JDBC), file/inputStream/outputStream, are all blocking APIs. The same is true about the early implementations of the Servlet API and many other Java constructs.


Programming Robotics using the Intel® XDK, Node.js, and MRAA library

There are many different platforms, programming languages, and tools that you can learn. Dfrobot* created a tank robot platform called Devastator that contains the Romeo* controller board. This board was modified for use with the Intel® Edison compute module to bring more capability to the kit with an increased number of I/O’s, integrated WiFi, USB Host, servo control, and increased processing power. The kit can be programmed using the Arduino* IDE and a USB connection out of the box. This article describes another method of programming the robot using the Intel® XDK to program the robot over WiFi, Node.js*, and the MRAA library. In particular, the article will discuss about the tools used, the Romeo controller board, mapping peripheral pins, creating an Intel XDK project, and the implementation of the sensor & actuator components for the robot.


New Accounting Standards Change The Rules Of IT Leasing

It’s just the latest shakeup in the IT equipment leasing industry which has also been reeling from reductions in the cost of IT equipment and increased adoption of cloud computing. “The profits of the companies that lease IT equipment are under pressure,” Kirz says. “At the same time, cloud adoption is shifting lessor relationships from the end-client to the cloud provider, and many cloud providers are building their own data centers with commodity equipment, thus shrinking the lessors’ market size.” ... In the face of these trends, a number of large independent leasing companies have recently sold themselves to large banks resulting in market consolidation. Crestmark Bank bought equipment-leasing company TIP Capital in late 2014. Huntington Bank acquired Macquarie Equipment Finance last April. And Wells Fargo purchased GE Capital Vendor Finance in March.


How Big Data and the Internet of Things are Saving and Making Millions

With Big Data processing power and IOT insights, repairs and maintenance can be optimized to avoid delays, stoppages, and safety risks. These technologies are used to pinpoint precisely what leads up to an issue. Often, the issues can be resolved instantly and remotely, before they escalate. In this instance, Big Data and IOT sensor input simplify the process of obtaining appropriate data, which gives companies the chance to react effectively and avoid crisis situations. Manufacturing companies are reaping huge benefits by deploying Big Data technologies. Automakers worldwide use data analytics to monitor the cost of steel and other raw materials, helping them identify when they can purchase at the best price point. How can this be done? A database of several suppliers is built on a Hadoop framework; this tracks which supplier offers the most competitive price and can deliver at the optimal time. The result? Car manufacturing costs are reduced significantly.


How artificial intelligence can eliminate bias in hiring

"AI/machine learning can help close the diversity gap, as long as it is not susceptible to human bias. For example, recruiting contact center employees could provide AI/machine learning models with the historical application forms of hired contact center employees with high customer satisfaction scores. This allows the model to pick up on the subtle application attributes/traits and not be impacted by on-the-job, human biases," Alexander says. By simply using an automated, objective process like this, it's possible to drastically reduce the scope for human bias. If, for example, fairly trained AI/machine learning tools are used to whittle an applicant pool down from 100 applicants to the final 10 interviewees, that means that 90 percent of the pool reduction would be done in a process immune to any human biases, Alexander explains.



Quote for the day:


"Motivation is what gets you started. Habit is what keeps you going." -- Jim Ryun


Daily Tech Digest - December 22, 2016

Magisto: The machine-generated creativity you're looking for?

There is an attitude in the technology space that startups should look to automate every time-consuming or mundane process. Sick of doing laundry? A web service will do it for you. Not keen on vacuuming? The Roomba solves your issues. These examples, while telling a sad tale of humanity's laziness, at least remove an arguably low-level and mundane task. But what of automating creativity -- can you, and should you? That is exactly what Magisto is setting out to do. The company has what it calls a "smart video storytelling application." What that means in English is that using Magisto, customers can upload video and imagery, choose a theme and a soundtrack and, only a few minutes later, have a complete video to use.


Big Banks Are Stocking Up on Blockchain Patents

Until now, many blockchain startups have downplayed the importance of patents and pinned their hopes on wider adoption through open source. Hyperledger, a venture led by companies including IBM, Accenture and Intel, makes its code free for others to use and enhance. Chain, which lets companies use the blockchain to issue and transfer assets, released its code in late October. Even R3 -- a consortium of some of the largest banks -- made its Corda blockchain available last month. As such projects have multiplied, some blockchain supporters have suggested open-source makes patents irrelevant. It doesn’t, according to Vitalik Buterin, co-creator of the popular Ethereum blockchain. Companies could find themselves being sued by one-time collaborators. Large firms could wield patents to muscle into promising businesses developed by today’s startups.


How to manage the top 4 tech culture challenges

Leading a tech team in the current culture of competition and globalization comes with a unique set of challenges, and requires a distinct set of leaderships skills to mitigate them. A recent report from corporate training and leadership development firm VitalSmarts lays out the particular competencies tech leaders need to build successful organizations and products. "Everybody who's ever worked in tech feels like there's something quite different and unique about that culture and the whole industry," said VitalSmarts vice president of research David Maxfield. "The questions we were asking were: 'Are these differences real, do they matter, and if so, how?'" The researchers first interviewed more than a dozen leaders from tech firms asking about the unique challenges of the field.


VMs prove most popular Docker infrastructure -- for now

"Capacity wasn't important. Stability was the primary driver," said Stephen Eaton, infrastructure technical lead at Dealertrack Technologies, a holding of Atlanta-based Cox Enterprises. Encapsulating applications in containers that float over infrastructure made the workflow easier for the entire IT group. However, as he ramps up containerization -- the goal is 80% of the group's apps on Docker containers within a year -- Eaton will be closely watching network-attached storage performance. With five times as many apps using the storage resources, will there be latency with logs or scaling that necessitates changes to the underlying Docker infrastructure? ... Containers also change the equations for dynamic and static load balancing. While container-monitoring capabilities are not yet close to those available for virtualization, log-monitoring tools such as Sysdig and Splunk are working on the visibility issue with admin-friendly dashboards.


Digital Transformation and Bimodal IT

As we all know, the Traditional IT team in each enterprise is entrusted with the responsibilities of maintaining functionality, safety, and predictability. Generally speaking, these are the teams that ensure that the show is running without any interruptions. The Exploratory IT team, however, are the specialists, specifically employed to implement the latest, futuristic version of IT. They work on systems and processes that will increase the ability of the company today and optimize its capabilities for the future. They are the guys who, for example, are implementing the new move to the cloud, creating the proof of concepts for the latest IoT offering, demonstrating to the world your connected car expertise, or training the new team created to work on the latest systems. They train the “would-be” employees and make all the necessary plans and strategies for the future migrations.


Alice: A Lightweight, Compact, No-Nonsense ATM Malware

Trend Micro first discovered the Alice ATM malware family in November 2016 as result of our joint research project on ATM malware with Europol EC3. We collected a list of hashes and the files corresponding to those hashes were then retrieved from VirusTotal for further analysis. One of those binaries was initially thought to be a new variant of the Padpin ATM malware family. However, after reverse analysis, we found that it to be part of a brand new family, which we called Alice. ATM malware has been around since 2007, but over the past nine years we have only learned of eight unique ATM malware families, including Alice. This new discovery is remarkable because it shows a clear tendency for malware writers to attack an ever-increasing variety of platforms. This is especially acute against ATMs, due to the high monetary value they represent.


Multi Modal Delivery with SAFe 4.0

To create an integrated system that actually creates value for customer and business takes capabilities that take trips piercing multiple layers, touching multiple systems, each with their own ingest and delivery model for new functionalities. In the example above, generated from a real customer situation, the process layer comprises a team of teams that in itself operates as an Agile Release Train. However, this needs to be timing orchestrated and technically integrated with deliveries from other groups. The customer facing front ends are delivered by an external supplier who is running traditional Scrum on a 2 week iteration cadence, while the back end Mainframe Services delivery has not yet transformed, and is operating on a traditionally planned project basis.


Here are the biggest IoT security threats facing the enterprise in 2017

In 2017, the IoT device security debate will escalate, putting pressure on manufacturers to architect fundamental security principles into the designs of internet-connected products. We may even see governments around the world take an active role in IoT safety legislation. Everyday appliances (e.g., the iron, washing machine and dryer) are subjected to rigorous testing, both by the manufacturer as well as independent testing labs, but a similar approach is not being taken with respect to cybersecurity for IoT devices. As a result, most are unsecure by design, and many vendors choose convenience (e.g., using default credentials in their appliances) over implementing proper security measures—a flagrant violation of best practices in product development.


Nokia and Apple trade accusations in patent lawsuits

The eight patents covered in one of Nokia's Texas lawsuits, filed Wednesday, are related to the H.264 Advanced Video Coding standard approved by the International Telecommunication Union, according to Nokia's complaint. A second Texas lawsuit covers 10 patents for a range of other technologies. Apple products using the H.264 video codec include the iPhone, iPad, iPod, Apple Watch, Macs, and Apple TV, Nokia said in its complaint. "Despite all the advantages that have been enjoyed by Apple, Apple has steadfastly refused to agree to license Nokia's H.264 patents on reasonable terms," Nokia's lawyers wrote. "Dozens of companies have licensed Nokia’s patents for use in their products ... Apple, however, refuses to pay Nokia's established royalty rates."


Cybersecurity Confidence Report Card

For the second year, practitioners cited the “overwhelming cyber threat environment” as the single biggest challenge facing IT security professionals today, followed closely by “low security awareness among employees” and “lack of network visibility” due to BYOD and shadow IT. No doubt, the dangers are real. Just last week Yahoo disclosed that over a billion user accounts had been stolen – back in 2013. Quest Diagnostics says that the hack of an internet application on its network exposed the personal health information of about 34,000 people. Venafi CISO Tammy Moskites doesn’t like assigning scores, but she does acknowledge that she’s constantly challenged with “making sure that we’re doing the right things right.” “We’re going to be more challenged with making sure that we’re able to be quick and agile when and if an attacks occurs,” Moskites says.



Quote for the day:


"Be sure you put your feet in the right place, then stand firm." -- Abraham Lincoln


Daily Tech Digest - December 21, 2016

Why every CIO needs to be a hands-on leader to succeed

If you looked at the job descriptions and expectations for CIOs of the past, almost all of them required the incumbent to be a master builder. A person had to know how build and manage data centers, buy hardware – large and small, and be a virtuoso of disaster and business continuity plans. Today, the cost savings, let alone the flexibility, of utilizing cloud resources for almost everything is just too hard to ignore. While vexing to consider for veteran CIOs, the epic of building physical empires within IT has passed. But this change represents a tremendous opportunity for even the most strategic IT leader to get into the trenches in a meaningful way. By going through data centers, CIOs can be on the frontlines of shutting them down.


10 Cybersecurity challenges from IoT, DDoS, autos and more

We recently saw some of the largest DDoS attacks on record, in some instances topping 1 terabit per second. That’s absolutely massive and it shows no sign of slowing. Through 2015, the largest attacks on record were in the 65 gigabit per second range. Going into 2017, we can expect to see DDoS attacks grow in size, further fueling the need for solutions tailored to protect against and mitigate these colossal attacks. Math, machine learning and artificial intelligence will be baked more into security solutions. Security solutions will learn from the past, and essentially predict attack vectors and behavior based on that historical data. This means security solutions will be able to more accurately and intelligently identify and predict attacks by using event data and marrying it to real-world attacks.


NICE Robotic Automation Improves Interaction Experience

NICE, a longtime contact center systems vendor, has offered real-time process automation since 2001, and it recently launched a new product in this market. It now has three products in this space – desktop analytics, desktop automation and its latest, robotic process automation. NICE Desktop Analytics captures information about what agents, or other designated users, do on their desktop, including systems they access, information they look up, data they enter, information they give callers, and systems they update after finishing calls. The analytics enables organizations to track the four basic components of a call – identifying the caller, identifying the caller’s issue, providing a response and completing any required after call work. The analytics component thus can identify best practices for interaction handling and agent performance, and recommend changes to processes or coaching and training.


Tech companies like Privacy Shield but worry about legal challenges

While U.S. companies are embracing Privacy Shield, many European businesses are "still concerned that Privacy Shield will not hold up under court scrutiny, and they will find themselves in the same scenario as they were in October 2015, when the Safe Harbor agreement was struck down," said Deema Frei, ... Some European companies see Privacy Shield certification as a "tick box" compliance exercise, she added. With some doubts about its long-term viability, companies should also consider other data transfer agreements, such as EU model clauses or binding corporate rules, she recommended. However, if companies can get certainty about Privacy Shield's future, and if it won't be "attacked in the long term by data privacy activists trying to discredit it and challenge its validity, I believe it will work in the long run," Frei added.


Never Fear, Vulnerability Disclosure is Here

There is no excuse for organizations letting fear of working with hackers prevent them from doing so for defense. There is no excuse for lacking a vulnerability disclosure policy, in any organization, private or public sector. The only barrier is building capabilities to handle what can be daunting in terms of facing the world of hackers. Big companies like Google, Apple, and Microsoft have had to deal with this issue for a very long time, and have worked out systems that work for them. But what about smaller organizations? What about other industries outside of the tech sector? What about IoT? And what about governments, who must walk the line between getting the help they need from the hacker community without accidentally giving free license to nation-states to hack them with an overly permissive policy?


Contactless Payments: Addressing the Security Issues

In a contactless environment, on mobile devices in particular, biometrics authentication can replace the need to use PIN entry as an additional authentication layer, King says in this interview conducted at Information Security Media Group's recent Fraud & Breach Prevention Summit in London. "The challenge there is, 'How do you ensure the security and the authenticity of the biometrics?'" he says. "Biometrics have been around for a while, in terms of authentication. ... They are static information. My fingerprints don't change. Now, if I lose my PIN, I can go into the bank and say, 'Can I have a new PIN?' If I lose my fingerprint, if that is compromised, then there's not much I can do." As contactless mobile payments become more commonplace in Europe and elsewhere, card networks and issuers are rethinking how they secure payments, turning to biometrics and, in some cases, transaction and behavioral analytics, he adds.


Google releases Project Wycheproof: Security tests to check cryptographic libraries for known attacks

Project Wycheproof includes over 80 test cases, and Google says they have already uncovered more than 40 security bugs. The list of bugs is available here, though Google notes not all are currently listed as some are still being fixed by vendors. The same goes for some of the tests — they will be released once the affected cryptographic libraries have been patched. The tests encompass the most popular crypto algorithms, including AES-EAX, AES-GCM, DH DHIES, DSA, ECDH, ECDSA, ECIES, and RSA. The tests detect whether a library is vulnerable to many attacks, including invalid curve attacks, biased nonces in digital signature schemes, and all of Bleichenbacher’s attacks. In short, Project Wycheproof allows developers and users to check libraries against a large number of known attacks without having to “sift through hundreds of academic papers or become cryptographers themselves.”


Mobile banking trojans adopt ransomware features

Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time. One such trojan is called Faketoken and its primary functionality is to generate fake login screens for more than 2,000 financial applications in order to steal login credentials. The malicious app also displays phishing pages to steal credit card information, and it can read and send text messages. ... File encryption is not as popular as screen blocking techniques in mobile ransomware because many of the files stored on mobile devices are backed up to cloud services and can be easily restored, according to Unuchek. That doesn't seem to stop developers from experimenting with such techniques, though. Researchers from security company Comodo have recently analyzed another mobile banking trojan called Tordow 2.0 that has the ability to encrypt files.


Raspberry Pi in 2017: New boards, new OSes and more

Expect to see the Raspberry Pi powering far more appliances in 2017, following the release of the Compute Module 3 (CM3). Due to be launched "very early next year", the CM3 will pack the same quad-core Broadcom BCM2837 processor and 1GB memory used on the Pi 3 onto a slimmer and smaller board. The compact design of the Compute Module, which comes with 4GB eMMC Flash storage, makes it better suited to being built into electronic products. The CM3 marks a significant leap forward in processing power, since the previous Compute Module was based on the first-generation, single-core Raspberry Pi, which is up to ten times slower than the third-generation board. When released, it will also be the first Compute Module to run Windows 10 IoT Core, a cut-down version of Windows 10 designed to support Internet of Things appliances.


Automating the Database: A Win-Win for DBAs and DevOps

In most cases, the DBA invests a lot of time and effort in manually reviewing code from the developers and preparing the deployment script. At times, this goes beyond fine-tuning and actually involves rewriting entire code segments, simply because the DBA has a better understanding and overview of the database. Similarly, when database problems arise during deployment or production, DBAs may be called upon to resolve them by fixing unfamiliar code without access to the original developers. No matter the number of development teams and their potentially overlapping needs, the DBA is tasked with protecting the integrity of the data and ensuring availability. In order to perform this behind-the-scenes “traffic duty”, the DBA must balance the requirements of the various development teams with daily database maintenance routines and administrative responsibilities.



Quote for the day:


"Don't judge me by my past. I don't live there anymore." -- Petteri Tarkkonen


Daily Tech Digest - December 20, 2016

Privacy groups complain to FTC over Google’s 'deceptive' policy change

“Google is a serial offender, and the action that the FTC has taken to date has done nothing to slow Google’s intrusive violations of its users’ privacy,” according to the groups. Google could not be immediately reached for comment. Describing the June move as highly deceptive, the groups said the announcement “intentionally misled users,” who had no way to figure from the wording that Google was in fact asking users for permission to link their personal information to data reflecting their behavior on as many as 80 percent of the Internet’s leading websites. The groups have asked the FTC to investigate the changes to Google’s data collection policies as a result of the June policy shift, stop the combination of data from DoubleClick without proper user consent


IP Reputation and Mitigation API

Knowing that your network is under attack or may come under attack by certain hosts doesn’t do a lot of good if your network can’t use that information. When a host or connection is known to be a bad actor, your network must mitigate the situation. This is where Mitigation Cybersecurity comes into play. The basic concept is that there is some intelligence gathering application or service (either internal or external) is providing information about current threats. Cybersecurity intelligence can then be used in a variety of places to help protect your hosts. This information should be used wherever it can to protect your network. Ideally, the mitigation of attacks and threats should be layered from your Internet routers and firewalls right down to the hosts with each providing protection using their greatest strengths.


Privacy in the digital age: honouring the customer

Using customer data in the right way but also to the benefit of the organisation is achievable. Personalising offers or customising promotions is not an abuse if a company is transparent about how it will use a person’s data. It shouldn’t be moving in the shadows. The ICO highlights the necessity of transparency in complying with both the Data Protection Act 1998 (DPA) and, even more so, the impending GDPR. The most common way to provide this information to a customer is via a privacy notice. Under the current law of the DPA, an organisation must detail who they are, what they are going to do with a person’s information and who the information will be shared with. These are the basic foundations on which all privacy notices should be built. Post-GDPR, however, these basic moral principles, like the more stringent financial consequences, will be expanded and enhanced.


Digital marketing's biggest wins and losses in 2016

“The biggest advancement [in digital marketing is] the shift to and adoption of video and particularly live streaming,” Jake Schneider , Director of Digital Strategy and Innovation at The Marketing Arm told Marketing Dive. “Brands and marketers can no longer rely on static content to make an impact with audiences,” he said. “Live streaming provides an authentic and immersive experience that resonates with audiences, giving brands an opportunity to connect in a more intimate way.” ... “[The biggest surprise was] the perfect storm — i.e. the summer season, the power of brand nostalgia, etc. — that helped propel Pokémon Go to the top of mind and home screen of consumers and brands,” said Fishman Zember. “...it was a powerful moment for augmented reality and a chance for consumers to engage with technology, even if they didn't know they were, that has incredible potential to add new layers, dimensions to their everyday realities and very real world.”


Shedding Light on Dark Data: How to Get Started

We have at our disposal all manner of unstructured data for which text analytics are uniquely suited to organize and understand, including images and video—without any enrichment or visual content analysis. ... Dark data can be Big Data. And very Big Dark Data can prove daunting (that’s partly why it stays dark in the first place). But dark data can also be quite small we’ve found. And just as Big Data isn’t necessarily valuable just because it’s big, dark data certainly isn’t valuable just because it’s dark. Lastly, technology can’t make garbage data valuable and the complexities involved in analyzing some forms of dark data often require taking a sample or deciding exactly which parts of the data might prove most interesting to analyze. There are tons of ways to start putting dark data to work for your organization. Here are recent examples of how clients are using OdinText currently to shed light on their dark data.


A DevOps Approach To Digital Transformation Success

In this digital age, it has been estimated that 6 of the top 20 companies in every industry will face serious disruption. Now more than ever, organisations are measured by the speed at which they deliver new products and services. A failure to digitally transform the enterprise could be catastrophic. ... DevOps addresses the missing element that many Agile projects suffer at the execution stage, (when code is released into production) - by including operational teams early enough in the development cycle - thereby avoiding deployment bottlenecks. • Digital Transformation needs to be underpinned by a solid platform to deliver and support new applications, services and technologies. DevOps provides this, allowing organisations to release updates frequently, glean customer feedback, improve and iterate.


Why Technology Won't Displace Human Artists

It's possible to teach a machine Van Gogh's painting technique, but only if it already exists. An algorithm can write chorales like Bach because it can "study" Bach. Even when the work produced by AI is less specifically derivative than it is today -- say, when the algorithms learn to combine various techniques they learn in an intelligent manner -- they will never rise above previous work because the way they work is based on experience. They are constrained by Hume's piece of wisdom. The one way in which we're radically different from machines is in our ability to step into the unknown, to do things that have never been done before with paint, form, sound and the written word. Most of the rewards to creative professionals today accrue to that ability, not to skill or the extensive knowledge of predecessors' work.


Virtual reality is actually here

Virtual reality is an excellent tool when the task is dangerous or the equipment involved is expensive. The U.S. Army is piloting a fully immersive VR system to augment soldier training. The Army asserts that VR makes training more efficient and effective; the military scenario can be changed dynamically to provide different challenges. The actions of each participant can be tracked for later analysis. Moreover, after the initial scenario is developed, the system requires very little time to restart. Practicing the demolition of a building, for example, used to require days to rebuild the target structure before the next training exercise could occur. With VR, the scenario is just restarted, saving time and money and reinforcing trainees’ performance as they repeat the exercise.


Cyber Insurance Now Critical as Data Breaches Wreak Havoc

Nonetheless, insuring against data breaches and other attacks presents its own set of challenges and complications. In particular, the constantly changing range of perpetrators, targets and exposure values, a lack of historical actuarial data and the interconnected nature of cyberspace, combine to make it difficult for insurers to assess the likely severity of future cyberattacks. While most traditional commercial general liability policies do not cover cyber risks, standalone cyber insurance policies typically address a number of risks associated with data breaches or attacks. Chief among these is liability insurance to help companies cover costs, such as legal fees and court judgments, that may be incurred following the theft of enterprises data and the unintentional transmission of a computer virus that causes financial harm to a third party.


5 Data Governance Pitfalls to Avoid

Data Governance can be looked upon as building standard practices, processes and frameworks to facilitate the collection, identification, storage and usage of business information that an organization holds. The concept revolves around a simple objective – to make the right data available at the right time, to the right people, and in the right format. Data governance program is an important step to establish control over information flow by putting up rules, policies, and procedures to safeguard the access and usage of data. Lots of organizations have tried to implement enterprise data governance practices, but only a handful have succeeded in reaping the rewards. What’s the reason behind all these failures? In this article, we will take a look at the crucial mistakes that you must stay away from while implementing a data governance program for your organization.



Quote for the day:


"The hard part isn't making the decision. It's living with it." -- Jonas Cantrell