Tuesday, April 10, 2018

Preparing my Computer Security students for their future…
Business-Critical Systems Increasingly Hit by Ransomware: Verizon 2018 DBIR
Ransomware has become the most prevalent type of malware and it has increasingly targeted business-critical systems, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The 11th edition of the DBIR is based on data provided to Verizon by 67 organizations, and it covers more than 53,000 incidents and over 2,200 breaches across 65 countries.
According to Verizon, ransomware was found in 39% of cases involving malware. Experts believe ransomware has become so prevalent due to the fact that it’s easy to deploy — even for less skilled cybercriminals — and the risks and costs associated with conducting an operation are relatively small for the attacker.
Cybercriminals have increasingly started using ransomware to target mission-critical systems, such as file servers and databases, which causes more damage to the targeted organization compared to only desktop systems getting compromised.
Both an executive summary and the full report are available directly from Verizon in PDF format — no registration is required.

Critical Infrastructure Threat Is Much Worse Than We Thought
Adversaries Most Likely Want to Acquire a “Red Button” Capability That Can be Used to Shut Down the Power Grid
Last October the United States Computer Emergency Readiness Team (US-CERT) published a technical alert on advanced persistent threat (APT) activity targeting energy and other critical infrastructure sectors. Recently, it was updated with new information uncovered since the original report, and there are some interesting revelations this time around.
The boldest revelation is the decisive manner in which the unspecified “threat actors” are explicitly identified. There is no equivocation; what was once believed to be an amorphous “threat actor” has now been identified as the “Russian Government”.

A question for my students: Is the nominal increase in ‘ease of use’ worth the potential cost of reduced security?
You won't have to sign for credit card purchases much longer
For all of the progress the US has made in payment technology, it still clings to the past when it comes to credit card payments. You still have to sign for many in-person purchases, which is downright backwards in an era of chip-based cards and digital tokens. And the financial industry is finally ready to kiss them goodbye. As of later in April, four of the biggest credit card networks (AmEx, Discover, Mastercard and Visa) will no longer require signatures for these credit card transactions. It's up to retailers to decide whether or not to ditch handwritten approvals. As the New York Times noted, though, it's doubtful many retailers will keep up the tradition.

Should the watch have called an ambulance? ...the cops? Sounded an alarm? Tip for evil doers: Always take the watch!
Smart watch data helps Australian police close murder case
Australian police determined time of death in a murder case and other relevant information by carefully analyzing data collected by the victim’s Apple smartwatch.

Lets me discuss ‘standing’ and the future of self-driving cars?
Philip Yannella of Ballard Spahr writes:
Plaintiff lawyers’ continued search for damage theories to assert in claims arising from a data breach – or fear of a breach – received a potential setback this week when Chief Judge Michael Reagan of the United States District Court for the Southern District of Illinois permitted Fiat Chrysler and Harmon International to seek an interlocutory appeal of the court’s earlier ruling in Flynn v. Fiat Chrysler US that class plaintiffs had standing to bring their “car hacking” claims in federal court. The ruling comes just one month before the scheduled start of trial. Fiat Chrysler and Harmon moved for an appeal after the Ninth Circuit ruled in a similar case, Cahen v. Toyota Motor Corp, that plaintiffs did not have standing to pursue diminution in value damages against Toyota based on a fear that the vehicles were susceptible to hacking.
Read more on JDSupra.

More Analytics than Architecture.
Model-Based Structure: Key to Success in a Data-Driven World
… Modeling involves predictive and prescriptive analytics, also known as "advanced analytics," said Doug Henschen, principal analyst at Constellation Research.
"You're creating models to predict out into the future what's likely to happen," he told the E-Commerce Times, "and with business context, how you might react to that prediction to get to a better outcome."
Companies have been adding third-party data such as demographic, psychographic, weather and industry data, to account for outside influences and get to more accurate models, Henschen said.
They've begun using machine learning and deep learning approaches that create models based on the data itself as data stockpiles have grown.

Consider it a playground for geeks.
IBM lures developers with AI and machine learning projects
IBM recently launched a series of projects for developers to access open source code and services to build AI and machine learning applications. The vendor wants to democratize these technologies, so they can be easily accessed and consumed by developers in open source communities and within the enterprises, said Angel Diaz, IBM's vice president of developer advocacy and technology, who oversees the vendor's developer outreach.
IBM has expanded the focus of its Center for Open-Source Data and AI Technologies in San Francisco – formerly the Spark Technology Center – to cover the enterprise AI lifecycle, which examines the gamut of AI and machine learning technologies with an initial focus on deep learning, Diaz said at the IBM Think 2018 conference last month.
… MAX is an open source ecosystem for data scientists and AI developers to share and consume models that use machine learning engines, such as TensorFlow, PyTorch and Caffe2, Diaz said. It also provides a standard approach to classify, annotate, and deploy these models for prediction and inferencing. Developers can customize the models in IBM's new Watson Studio AI application development platform. Additionally, developers can train and deploy MAX models for production workloads that use Watson Studio, such as internet-of-things applications, said Guido Jouret, chief digital officer at ABB.

Turning Social Media From a Problem Into a Solution
… Darwin Ecosystem is one of a new class of companies that is artificial intelligence-centric. In this case, it uses the IBM Watson platform to analyze handwriting to determine personality types and changes in personality.
One of the interesting things it did during the last election was to analyze the candidates. It even created a dynamic graph so you could look at each key personality trait individually.
One of the interesting findings was that, over time, the personality differences between Clinton and Trump seemed to converge, while Sanders remained largely the same.

Perspective. Good bots vs. bad bots?
Bots in the Twittersphere
An estimated two-thirds of tweeted links to popular websites are posted by automated accounts – not human beings

Perspective. Does this ensure that no one will ever catch them?
Amazon spent nearly $23 billion on R&D last year — more than any other U.S. company

Just in case this doesn’t make the news today.
Congress releases Mark Zuckerberg's prepared testimony ahead of Wednesday's hearing

(Related) Look! We’re already doing something! (Since it isn’t costing us anything.)
Facebook Launches New Initiative to Help Scholars Assess Social Media’s Impact on Elections
Today, Facebook is announcing a new initiative to help provide independent, credible research about the role of social media in elections, as well as democracy more generally. It will be funded by the Laura and John Arnold Foundation, Democracy Fund, the William and Flora Hewlett Foundation, the John S. and James L. Knight Foundation, the Charles Koch Foundation, the Omidyar Network, and the Alfred P. Sloan Foundation.
At the heart of this initiative will be a group of scholars who will:
  • Define the research agenda;

For my know-it-all students.

Something for my website builders?
JuxtaposeJS - Create Side-by-Side Comparison Frames
JuxtaposeJS is a free tool for making and hosting side-by-side comparisons of images. The tool was designed to help people see before and after views of a location, a building, a person, or anything else that changes appearance over time. JuxtaposeJS will let you put the images into a slider frame that you can embed into a webpage where viewers can use the slider to reveal more or less of one of the images.
JuxtaposeJS is relatively easy to use. You don't need to register on the site in order to use the tool. Go to the site and click "Make a Juxtapose." That link will direct you to fill in the template with links to the two images that you want to compare (the images must be hosted online and publicly viewable). After adding your images you can add labels and credits where necessary. Click the publish button to get the embed code for your JuxtaposeJS interactive frame.
[I saw this story and knew I had to track down this technique:

No comments: