October 05, 2016

Github’s Phil Haack on Moving from Engineering to Management

It’s important to be able to take an evidential approach to identifying the practices and approaches that work for collaborative outcomes, however there is not a lot of research in these areas. Take what research we do have and try it out – does it really work or is it just “conventional wisdom” that may not actually apply in the development space?  ... Sane Development Practices: techniques like setting up a build environment that just works – download the project and hit F5 to have it build without having to configure many different things before you can even do the simplest activity. If you clone a repository there should only be a couple of steps needed to have it running on your machine. ... Having things like automated builds and continuous integration are about helping developers maintain their sanity.


Beyond Dashboards – Predictive Analytics and Decision Management

The first and most obvious benefit provided by the combination of decision management and predictive analytics is the collaboration inherently resulting from the former. No longer are we dependent on the mad data scientist in a white lab coat! Now every concerned group – business analyst, IT, business owner and the data scientists can all view, understand and work with the same information. This removes the ubiquitous black box and enables truly effective data governance. But let’s face it – what we really want most of all is to create something actionable from all that data. We know more and more of it will be coming in real time. By beginning to incorporate additional elements of decision management while collaborating across all stakeholders, we can create (or significantly enhance) the ability to:


Malaysia and Singapore face IT talent shortage

Randstad’s ranking of the most popular tech jobs in Singapore shows cyber security and technology risk professionals being in highest demand, with the potential to earn S$120,000 (£69,000) to S$240,000 a year. Project management and business analysts are ranked next highest. Their functional knowledge and in-depth technical know-how are in demand as organisations seek to become more lean and cost-effective. Randstad ranked application developers as third most in demand, due to Singapore being an attractive hub for companies setting up centres of excellence. Demand for experienced developers exceeds supply in the country due to a lack of experienced developers and an influx of startups.


The Data Science Hierarchy of Needs

The urgency to establish a big data strategy propels companies into the third step of diving into infrastructure without a clear directive. You start with installing Hadoop, maybe some Kerberos and SSO for security, even a NoSQL Database just for fun. However, if you start with the business problem, you may find that you don’t need any new infrastructure or complex machine learning at all. A good rule of thumb is to employ the YAGNI (You Ain’t Gonna Need It) principle from agile programming. Start by doing the simplest thing that could possibly work. A lot of problems can be solved by smart people armed with modest data and tools designed with the business in mind, before ever requiring a big data infrastructure.


7 ways DevOps benefits security programs

Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps. Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money and time along the way. Checkmarx explains why DevOps can end up being a major benefit to security.


2016 State of Digital Transformation

When everyone and everything is connected to the Internet, companies must leverage information and digital technologies including cloud computing, mobile, social, Internet of Things (IoT) and AI to transform how they connect with customers in a whole new way. Per Gartner, 89% of marketers expect to compete primarily on the basis of customer experience. Customer experience is a top priority and managed as a team sport. Digital business transformation will require an experimental and technology-led mindset that must be inclusive of the entire business - marketing, sales, services, IT, R&D and customer and partner communities. How can companies today leveraging technology to drive digital business transformation?


Google Home: What it does and when you can get one

Google Home has a built-in edge when it's time to ask the speaker a question...Google Assistant. Take the speaker's My Day feature. Tell Google Home "Good morning," and it will launch in with today's weather and information about your commute. It will also tell you about upcoming appointments you've got scheduled for the day and list any reminders...Google Assistant is pulling all this information from your Gmail, calendar and other Google Maps. ... Google Home...will go on sale Nov. 4 for $129...The purchase price also comes with a free six-month trial of YouTube Red, an ad-free version of the video sharing service. ... Google Home is coming to the U.S. only at first, and will be sold in the online Google Play Store...Target, Walmart and Best Buy; Google starts taking preorders Tuesday.


How today’s CIOs are getting sales cycles ‘Back in Black’

"The job of a CIO has changed," said Gainsight CEO Nick Mehta, whose company helps sales organizations deliver customer success through big data. "Server design has been replaced with service delivery." As CIOs are now accountable to business users, they demand results — not products — from their vendors. Modern CIOs are asking vendors about their business process — often called their "customer success" process — to ensure that they are achieving their desired outcomes from the business relationships. "It's all about the outcome," Mehta said. To accomplish this, vendors need to get business users and CIOs talking to one another to make sure it's a good fit for everyone.


Putting the pieces together: The intersection of strategy and agility

Generally speaking, strategic responsiveness increases with the frequency of corporate strategic-planning activities. Most of the survey respondents use an annual planning cycle. However, organizations that conduct either continuous or annual planning with quarterly rolling plans have the highest level of strategic responsiveness. Though ongoing corporate planning has the highest level of strategic responsiveness, there is negligible improvement between ongoing planning and using an annual planning with quarterly rolling plans. Organizations that use an annual planning cycle with quarterly rolling plans have the ability to balance long- and short-term goals and ensure a structured method to review changes in the external business environment and incorporate them in the strategy as needed


By 2020, your Wi-Fi-connected car will pay for parking, gas

"Connected vehicles will streamline many of the processes currently in use in the businesses. For example, a rental car could be provisioned remotely, allowing the customer to pick it up and drop it off without having to go to an office," said James Hines, a research director at Gartner and the report's author. "They will also enable new modes of operation; for example, when combined with autonomous driving capability, connected vehicle technology will allow a customer to request a ride and a vehicle could be automatically dispatched to the customer’s location." Connected vehicles will improve access to EV charging by locating available stations and paying for charging services; they'll also be able to monitor the state of charge of the battery in the vehicle, Hines said.


Quote for the day:


"A man must be big enough to admit his mistakes, smart enough to profit from them, and strong enough to correct them." -- John C. Maxwell

Posted by at No comments:
Labels: , , , , , , , , , , , ,

October 04, 2016

How Big Data Velocity Informs Population Health, Patient Safety

“You may have a patient surveillance system that requires really large datasets to monitor their vitals and maybe do some predictive analytics about how they’re trending, and that requires immediate, truly real-time insights for the patient while they are still in your care setting.” But population health management prioritizes different metrics and aims to achieve somewhat different results, he added. “Population health is about identifying groups of patients and figuring out a commonality around their needs. After you identify a common need, you redesign care around delivering that service or improving that outcome.” Population health programs also tend to generate large volumes of data that is often used to track improvements over time.


New alliances focus on open-source, data science empowerment

Continuum Analytics, the creator and driving force behind Anaconda — a leading open data science platform powered by Python — has allied with IBM to advance open-source analytics for the enterprise. Data scientists and data engineers in open-source communities can now embrace Python and R to develop analytic and machine learning models in the Spark environment through its integration with IBM’s DataWorks Project. ... This program empowers corporations to better understand, use and maximize the value of their data. The program will support IBM’s DataFirst Method, a methodology that IBM says provides the strategy, expertise and game plan to help ensure enterprise customers’ succeed on their journey to become a data-driven business.


Core systems should have built-in obsolescence

The issue is that this mentality of the “big deal” still pervades for many senior bank decision-makers, yet today it’s no big deal. If a startup can get a full suite of banking software up and running like Ant Financial, Solaris, Thought Machine, PrivatBank and more, then you know the answer today is all about speed and agility at low-cost. There’s no big deal here. In fact, as alluded to in an earlier blog, if you can build a developer-driven bank where a micro-services architecture allows very small teams to change little parts of the architecture continually, then you have a bank built for today – a bank that can provide updates for its apps and APIs every day (or even intraday), rather than every year or even biannually.


The Challenges Fintech Startup Companies Are Facing

Behind every successful fintech firm, there is an agile and well-diversified team of forward-thinkers. Since startup companies operate with limited resources, every employee counts. Therefore, it is imperative to have employees with a combination of experience and relevant skills for fintech companies. Even if you find skilled individuals, they will most likely ask higher wages because their opportunity cost is very high. ...  Unless one is speaking to a financially and technologically savvy investor, it’s often difficult for startups companies to describe the value proposition and more explanation is needed than in other industries. Therefore, fintech companies are required to know their products and to have efficient ways to tell their story for anyone to understand.


Yahoo hack spurs push for legislation

The Yahoo breach has drawn particular attention not only for its size — 500 million accounts were exposed by hackers Yahoo says were nation state actors — but for the time the company took to notify victims. The breach occurred in 2014, with Yahoo only announcing it this month. But reports indicate that the company may have been aware of the hack in July or August of this year. The timing of the disclosure drew swift criticism from lawmakers who suggested that the company might have sat on the breach to avoid disrupting a purchase deal with Verizon. “As law enforcement and regulators examine this incident, they should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon,” Sen. Richard Blumenthal


3 survival skills for reluctant IT managers

Systems programmers and database administrators in large shops earn six-figure incomes. They earned these incomes by polishing their skills in a particular technical specialty, and by mastering tools that have proven their worth over time and that they trust. Their career calling cards are their expertise and their ability to use these tools to solve difficult problems, so they are not always open to new tools and technologies that challenge the tools and approaches that they cut their teeth on. If you are considering a new approach or vendor toolset, it is really important to obtain staff buy-in before moving forward. If you can't get buy-in, and you and the company have determined that it's absolutely necessary to move forward, you should be prepared to lose people.


What CIOs Need To Know About Open Source

"At one extreme, forking is one of the fundamental rights you have with open source code and we talk about how great it is to have the freedom to fork — it can be a good way to revive a dying project," says Allison Randal, president of the Open Source Initiative. As an example, Randal points out that before the LibreOffice fork, OpenOffice.org was suffering from "human problems" that prevented the code from moving forward. The LibreOffice fork was successful and now has overshadowed OpenOffice.org. Unfortunately, forking doesn't always produce such a positive outcome. "I have seen cases when forking a project divides the community, introduces tensions, cuts resources and ultimately kills both projects," Randal says.


Attacks Are Advancing; Are Your Threat Detection and Response Capabilities?

Many organizations rely on traditional SIEMs to store data and run simple, real-time, rules-based analytics. This works for providing insights into activities at a point in time, but most attacks are more subtle and may unfold over weeks or even months. The ability to consider more and varied data types over a longer period of time offers richer insight as to who the attacker was, what malicious activities were performed, and how to remediate the threat. Newer big data platforms overcome the limitations of traditional SIEMs and provide the ability to keep up with the volume, velocity, and variety of data while conducting more sophisticated statistical and machine learning analytics.


Transactional Microservices Using Aggregates, Event Sourcing and CQRS

It is an approach to modularity that functionally decomposes an application into a set of services. It enables teams developing large, complex applications to deliver better software faster. They can adopt new technology more easily since they can implement each service with the latest and most appropriate technology stack. The microservices architecture also improves an application’s scalability by enabling each service to be deployed on the optimal hardware. Microservices are not, however, a silver bullet. In particular, domain models, transactions and queries are surprisingly resistant to functional decomposition. As a result, developing transactional business applications using the microservice architecture is challenging.


Mobile is part of e-commerce, not a rival

Mobile devices are at the heart of merged channel because those handheld computers — and, yes, mobile phones are computers — make any other compensation approach ridiculous. How, for example, is a Macy's in-store-versus-online mentality supposed to deal with someone scanning a barcode in-store with a mobile device and then purchasing it from Macys.com? No need to worry about which division gets what percentage of the sale. It's a Macy's purchase and that's that. The point is to look at purchases from the shopper's perspective. That is what retailers tell their shareholders, right? That they are so customer-centric? Shoppers see it as a Kohl's transaction or a Walmart purchase.


Quote for the day:


"Even if you are doing robust risk assessments, between that and human error, breaches will happen."
-- Pam Hepp

Posted by at No comments:
Labels: , , , , , , , , , , , , ,

October 03, 2016

Body-based transmission system keeps passwords secure

The system works by making use of the low-frequency signals generated by a smartphone's fingerprint sensor that locate the finger's position in space and read the grooves in a user's fingerprint using capacitive coupling. Registering between 2 and 10 MHz, these signals aren't strong enough to travel through the air, but do travel through the human body well. Usually read by the sensors as input, the UW team's technique turns these signals into output containing the authentication data, which is then transmitted through the body and picked up by a receiver, such as the electronic door handle. "Fingerprint sensors have so far been used as an input device," says senior author Shyam Gollakota. "What is cool is that we've shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body."


Evaluating customer engagement cloud solutions: Key questions to ask

It’s important to note that it’s not enough to move monolithic applications to public cloud infrastructures. To truly deliver on the promise of the cloud, applications must be developed from scratch (or re-written) to take full advantage of advanced infrastructure and platform-as-a-service capabilities—similar to writing a brand new operating system with unique characteristics. Thus, be careful not to get stuck with the old stuff in the new world. You’ll be left with more of the same. Whether you’re experiencing exponential growth like a hot new startup or are a more traditional business going digital, make sure you select a cloud customer engagement and business communications solution designed for the future.


Rise of the SPI: Atlassian spin or a better variation of the API?

SPI originated when Atlassian was a young company and had only a single product, JIRA. As a young company wanting to scale, the company released its source code for others to hack on and build their own features. Over time, some of these developments were included back up the chain and made part of the core product. Initially, this was achieved through the use of Java applets. Developers coded against a Java API that would modify the core application code without forking the source code. Over time, this approach was adopted into Atlassian’s other products, and, almost randomly, a partner ecosystem grew around it. From this ecosystem, the company then built the Atlasssian marketplace, which allowed third-party software vendors to build and market products.


The Biggest Risks of Big Data

Any project can fail for any number of reasons - bad management, under-budgeting or a lack of relevant skills. However Big Data projects, due to their nature, bring their own specific risks. Due to the advanced technology often needed, and the relative newness of the skillsets required to truly “think Big” (or as I prefer to say, “think Smart”) with data, care must be taken at every step to ensure you don’t stumble into pitfalls which could lead to wasted time and money, or even legal hot water! Business people are used to taking risks – assessing those risks and safeguarding against them comes naturally, or we don’t stay in business for long! So there’s no need to be scared of Big Data. But of course we always need to be aware of dangers that could potentially arise if we fail to cover all of the bases.


Consortium Forms Framework for Industrial Cybersecurity

"The Security Framework looks at IIoT security from three different perspectives," Hamed Soroush, the IIC's security working group chair, told EE Times in an interview. "Chip makers, equipment developers, and end users all have an important role in security for the IIoT, but often work without knowing one another's perspectives. The Framework will help them talk to each other." It also provides guidance to management on risk management when considering security, he added. Part of the motivation for creating the Framework is the difference between industrial IoT and consumer IoT security needs, Soroush noted, which calls for a discussion focused on industrial IoT system needs. Security in the industrial IoT should be more robust than for consumer IoT, for instance, to reduce the risks to critical infrastructure such as power generation.


How Microsoft Cortana will run your entire office by 2020

Cortana will take over for Tell Me someday. You’ll talk to the bot and tell her you want to create a presentation for the shareholder meeting or a brochure for your startup. Like MyAnalytics, she’ll know you have been working in Excel the past few days and offer to create some of the slides with your financial data. You’ll dictate the bullet points. She’ll know to use a color scheme that matches your company logo.  She’ll even know how to correct your wording, a capability that is already in Microsoft Word called the Editor. Cortana will know if you are talking in passive voice and correct your wording on the fly. She’ll fact check what you say, and offer to use stronger verbs.


Killer Keyboard Shortcuts To Help You Master Windows

Despite notable advancements in speech-recognition technology and voice input, and the popularity of tablets, the humble PC continues to be the workhorse device of choice for many workers around the world. And whether you're an office-bound professional slouched behind a desktop PC, or a globetrotting executives armed with the latest ultrabook, the "physical" hardware keyboard continues to play a crucial role in productivity. The last thing you want in the heat of the moment is to fumble around for a mouse or have to take multiple steps to complete a task that could be done with a quick keyboard shortcut. Of course, learning and remembering such shortcuts can be hard work, and you'll need to take some time to find the appropriate shortcuts for you.


What makes IoT ransomware a different and more dangerous threat?

“While traditional ransomware affects your computer and locks your files, IoT ransomware has the opportunity to control systems in the real world, beyond just the computer,” says Neil Cawse, CEO at Geotab, a manufacturer of IoT and telematics for vehicles. “In fact, due to the many practical applications of IoT technology, its ransomware can shut down vehicles, turn off power, or even stop production lines. This potential to cause far more damage means that the potential for hackers can charge much more, ultimately making it an appealing market for them to explore.” Some argue that in most cases, IoT hacks can be reversed with a simple device reset. However, the incentive to pay for IoT ransomware will not stem from irreversibility but rather from the timeliness of the attack and the criticality and potential losses of losing access to critical devices for any amount of time.


Largest DDoS attack ever delivered by botnet of hijacked IoT devices

Some of the attacking machines are running clients known to run on cameras, he says. “It’s possible they are faking it or it’s possible it’s a camera that was doing these attacks,” he says. “There are indicators that there are IoT devices here, at scale” The attack didn’t use reflection or amplification, so all the traffic consisted of legitimate http requests to overwhelm Krebs’s site, Ellis says. “It’s not junk traffic.” A lot of things about the attack are still unknown such as who’s behind it and what method the botmasters used to infect the individual bots. Ellis says some other providers Akamai had contacted report similar but smaller attacks likely from the same botnet. Many of them were aimed toward gaming sites, and Krebs has written about such attacks, so there may be a connection there, he says.


Conduct an honest IT performance evaluation in problem areas

A good first step for IT performance measurement is to at least somewhat follow either a DevOps methodology or ITIL; both have their merits and each team or business needs to decide what fits them best. Some measures to improve IT will line up with DevOps and others won't, but are best practices that solve these issues. When reviewing a failure, consider whether the fault occurred in the project, due to a change, or in the IT operation. Each need to be treated a bit differently, but will also have overlaps with how it is assessed and remediated during the IT performance evaluation.


Quote for the day:


"Opportunities don't happen. You create them." -- Chris Grosser

Posted by at No comments:
Labels: , , , , , , , , , , ,

October 02, 2016

Standardizing Requirements Descriptions on Scrum Projects for Better Quality

The direct impact of standardizing requirements descriptions on development can be seen in the example of a large social media company that owns several popular websites used by millions. A rapidly developing Agile project, with high reaching market goals set by stakeholders, existing documentation was narrowed down to information that served users and ongoing development purposes. The stakeholders were not interested in investing in the creation and support of hundreds of pages of documentation, which would have made sense and is common practice for most Agile projects. The client already had their own development team and many ambitious plans, but needed more resources to implement them. 


Will the coming robot nanny era turn us into technophiles?

Despite the thorniness of some of the issues between humans and robots, the reason we are entering this robot age is because of one simple fact: functionality. Robots will make our lives far easier. In fact, the robot nanny is a prime example: It will be adored by parents — and likely much more so than the human nannies who are known to call in sick, show up to work late and, on occasion, sue their employers when they hurt themselves on the job. Robot nannies will replace real nannies like the automobile replaced the horse and cart — allowing parents much new free time and opportunity to pursue careers. One major factor going for the development of robot nannies is their cost effectiveness. I’ve been either watching my kids or hiring nannies for the last five years.


Dear tech industry: Stop renaming stuff all the time. Just. Stop. It.

G Suite is the new name of Google Apps. Except Google Cloud is the new name for Google for Work (which is Google Apps, but for more people) and Google Apps, Enterprise, which had a comma in its name. Okay. Okay. Deep breath. Get off my lawn! No. wait. This isn't a get off my lawn moment. This isn't just whining on the part of a tech pundit who doesn't want to remember new names anymore. I got this. I read 50 tech news articles every morning. I can keep track of this because it's my job, and we have an editorial guide here at ZDNet. But regular users don't have the time for this crap. Renaming core products has serious repercussions beyond merely my desire to rant.


Retail cloud computing: The key benefits of moving to cloud-based SCM

The fact is, customers expect to be able to make purchases from whatever channel they choose in a fast, efficient manner. To make this happen, retailers are increasingly working to update traditional supply chain management (SCM) systems by embracing retail cloud computing. By using cloud-based SCM technologies and services, retailers can gain visibility and track inventory throughout the entire lifecycle, allowing them to ultimately become more agile, profitable and relevant to today’s tech-savvy and increasingly demanding consumers. Though traditional SCM platforms take a more siloed and transactional approach to the entire fulfillment lifecycle, this method no longer works in an omnichannel, hyperconnected world.


Banks like to talk about blockchain, but none wants to be the first to actually use it

If it becomes mainstream, proponents see many possibilities for blockchain. Instead of each party in a transaction keeping separate records and copies of contracts, blockchain is a bit like a Google document, where many people can look at the same record at once. The transaction takes place between two parties without an intermediary, and all changes are clear, unchangeable, and validated by everyone involved. Any additional transactions that take place get added to the chain and form part of a golden record of transactions. This opens up the possibility of what the industry calls "smart contracts." For example, let's say shoes are being manufactured in China for sale in the US. Every step of the process could be part of a blockchain.


Silicon Valley Selects Synereo Over Ethereum As Blockchain Platform

With this recent partnership Synereo is likely to catapult in the blockchain discussion and attract many of the top dApp developers. James Currier, Managing Partner at NFX, explained the Guild’s decision to choose Synereo’s technology for the project, stating: “If you do the analysis, Synereo comes out as the superior platform for developing decentralized apps. It runs fully distributed instead of massively replicated. It’s JVM top to bottom rather than Python. It’s forward compatible, vs other platforms anticipating multiple hard- forks. Synereo has the identity layer built in which provides distribution advantages and network effects. Lastly, fine-grained concurrency, vs other platforms’ linearity, provides greater speeds and scalability”


.Net application that works online and offline [Smart Client Concept]

In windows application, we are going to log in with same credentials which we have registered in web application and while we are logging for the first time in windows application we need an Internet connection to that you can also login into the application while the application is offline. After Successful login, a new form is shown in which User is going to add new product and while doing this process we do not require an internet connection. When an internet connection is available it will sync all data from windows application to web application [web server] and this process will run in background. Meanwhile it is transferring all data to the web server it will also delete that data from windows application database which is transferred.


Ways to Make Code Reviews More Effective

As with all architecture/design areas, the non-functional requirements for the performance of a system should have been set upfront. Whether you’re working on a low-latency trading system which has to respond in nanoseconds or you’re writing a phone app to manage a “To Do” list, you should have some idea of what’s considered “too slow.” Before deciding on whether we need to undertake code reviews based on performance, we should ask ourselves a few questions about what our requirements are. Although some applications really do need to consider how every millisecond is spent, for most applications there’s limited value spending hours agonizing over optimizations that will save you a few CPU cycles. But there are things a reviewer can check for in order to ensure that the code doesn’t suffer from common avoidable performance pitfalls.


Goldman Sachs: We're in the 'second wave' of fintech

Gido believes that we are currently in the second wave of fintech development, wherein "incumbents are using their brands and infrastructure to remain competitive with the startups." ... This third wave in fact, is already happening. An increasing number of fintech startups are focusing on B2B models, with the goal of selling to and partnering with traditional players. They want to take advantage of incumbents' vast and loyal customer base and offer up their own nimble, innovative technology.  And what are people most excited about in fintech? Insurance policies, he said. These seemingly unexciting two words hold a ton of possibility for innovation.


One proven way to boost software quality: Increase your QA team's diversity

Diversity is not just about hiring equal shares of male, female, black, white, Asian, and Hispanic professionals. Real, meaningful diversity requires a collection of individuals with unique perspectives based on their backgrounds, knowledge, past experiences. and environments. Diverse testers better understand diverse end users Your applications are supposed to work for a variety of users: young, old, new language learners, people with disabilities, etc. So who better to test them than people from a wide variety of backgrounds? What’s intuitive for a teenager may not be so easy for a person not as comfortable with today’s fast-changing digital realities. A recent college grad will look at her health care provider page differently than a parent researching ways to treat a child’s condition.


Quote for the day:


"Good leaders make people feel that they're at the very heart of things, not at the periphery." -- Warren Bennis

Posted by at No comments:
Labels: , , , , , , , , , ,

October 01, 2016

Too few women in cybersecurity: a gap in our protections that must be addressed

Diversity in cybersecurity matters for a very practical reason. Those seeking to breach cybersecurity are willing and able to exploit any flawed thinking, any inadvertent blind spot. Cybersecurity teams that fall into group-think or are blind to alternative ways of working through challenges are more likely to miss things and enable hostile actors. Teams that include people with different expertise, backgrounds, genders, ages, cultures are more likely to deliver robust cybersecurity outcomes; implicit assumptions can be more easily challenged and the fullest range of insights on what can go wrong (and hence what can be done) can be gathered.


How to steal the mind of an AI: Machine-learning models vulnerable to reverse engineering

Taking advantage of the fact that machine learning models allow input and may return predictions with percentages indicating confidence of correctness, the researchers demonstrate "simple, efficient attacks that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees." That's a polite way of saying such models can be reverse engineered. The researchers tested their attack successfully on BigML and Amazon Machine Learning, both of which were told of the findings in February. In an email, Cornell Tech computer science professor Ari Juels, a coauthor of the paper, suggested mitigating these attacks could prove challenging. "Effective countermeasures to model extraction could well be possible, but this remains an open research question," he said.


How Blockchain can bolster interoperability and information security at the same time

Blockchain has potential value due to its shared, fixed record of peer-to-peer transactions, built from linked transaction blocks and stored in a digital ledger, Deloitte said. The network is both secure and actionable by relying on established cryptographic techniques, and letting participants in a network interact (e.g. store, exchange, and view information), without pre-existing trust between the parties. “Interactions with the blockchain become known to all participants and require verification by the network before information is added, enabling trustless collaboration between network participants while recording an immutable audit trail of all interactions,” Deloitte explained.


Industrial IoT leaders work towards interoperability and open source collaboration

GE and Bosch are working together to shape the connected world through a collaboration between the software divisions of both organizations, GE Digital and Bosch Software Innovations. The organizations have signed a memorandum of understanding where GE Digital and Bosch Software Innovations will further facilitate openness and growth of the Industrial Internet of Things (IoT). The agreement focuses on technology interoperability and platform integration through GE’s Predix operating system and the Bosch IoT Suite. GE Digital and Bosch Software Innovations intend to make complementary software services available on the other company’s cloud platforms to enhance the overall value of each cloud offering and provide solutions to a wider customer base.


Shaw says NHS is under frequent cyber attack

“We are seeing more and more ransomware attacks,” he said. This included one big, but unsuccessful, national level attack early this month which “may or may not have been state sponsored”. “It was big and it was hard and it was sustained... before, we didn’t know this sort of thing was happening until we got the worst outcome, but now we are in detect mode, rather than defence mode.” Shaw revealed a wide range of attacks were being made on the NHS, with some of these using well-known techniques such as spear phishing, in which hackers target an individual to inadvertently reveal useful information or spread malware. He said NHS Digital itself was successfully targeted in a spear phishing attack by a hacker pretending to be an old friend of one of its staff, using information from social media.


Tech Giants Team Up To Devise An Ethics Of Artificial Intelligence

The Partnership on AI announcement lays out an ambitious agenda for research to be conducted or funded by members, in partnership with academics, user group advocates, and industry experts. Topics on the research agenda include ethics, fairness, inclusivity, transparency, privacy, and interoperability. A recent white paper from IBM called "Learning to Trust Artificial Intelligence Systems" provides some hints as to what the Partnership on AI might be tracking. Authored by Guruduth Banavar, IBM's chief science officer for cognitive computing, it basically expands the concept of garbage-in/garbage-out to now include garbage in-between.


What to do when hackers break into your cloud

There are two major types of public cloud computing attacks: single-tenant and cross-tenant. A cross-tenant attack is the stuff of IT nightmares, but it has not yet occurred. Single-tenant breaches are more likely to occur. In these attacks, the hacker has compromised one or more machine instance, but can't go beyond that. The most likely cause of a single-tenant breach is that user IDs and passwords have been compromised. That's typically due to malware or phishing attacks on client devices. In this case, it's all on you; the cloud provider has done its job, but you haven't done yours. When such breaches occur, hopefully you'll figure it out quickly. When you recognize the breach, the best response is to invoke a prebuilt set of processes that can do the following


Task Force Tackles Healthcare Cybersecurity Challenges

According to Theresa Meadows, co-chair of the Health Care Industry Cybersecurity Task Force and CIO of Cook Children’s Health Care System, the panel’s 20 subject matter experts are drawn from a wide variety of organizations including providers, payers, pharmaceutical companies, medical device manufacturers, IT vendors, and government agencies. “We have representation from all the segments within healthcare so that we can have well-rounded discussions,” said Meadows. “There’s also a patient advocate on the task force.” Meadows said the task force has held several public and private meetings to date and will be “wrapping up its charge” early next year, after which it will report to Congress on its findings and recommendations.


An Open API Initiative Update

WebHooks can be tricky, but with the support we’ve been planning, a server designer can tell the consumer exactly what sort of signature they need to implement for successful handling of a WebHook, and even how the consumer can send messages back to the event producer with different response codes, so you can potentially describe the subscription, unsubscription, and retry flows, making the connections 100% automatable. Also, looking at representations and schemas; it may be a JSON world right now, but remember when the XML world would rule forever? We do, and getting more support for different schema formats is essential for the next 5-10 years of API design. Expect to see new and flexible techniques in 3.0 for this topic. Again, we’ll ensure that the final solution is implementable and not just a modeling proof-of-concept.


DNS Security Extensions - Complexities To Be Aware Of

Interoperability amongst the DNS software is another issue that is adding to the problems. Above all, attackers can abuse improperly configured DNSSEC domains to launch denial-of-service attacks. The following are some such major complexities that one should be aware of. .. This is an attractive target for attackers since it allows them to ‘amplify’ their reflection attacks. If a small volume of spoofed UDP DNSSEC requests is sent to nameservers, the victim will receive a large volume of reflected traffic. Sometimes this is enough to overwhelm the victim’s server, and cause a denial of service. Specifically, an attacker sends a corrupted network packet to a certain server that then reflects it back to the victim.


Quote for the day:


"The underlying principles of strategy are enduring, regardless of technology or the pace of change." -- Michael Porter

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)