Home Tags By the Way

Tag: By the Way

BrandPost: Crowdsourcing Solutions to Cancer: Thank You, Kaggle, Intel, and MobileODT

“Competition platformsrdquo; offer interesting ways to pull together communities to focus on solving a problem.

There are several out there.

For example, Kaggle provides access to development tools and thenbsp;computenbsp;cycles to run algorithms.

They also have some well-written tutorials and training that I highly encourage you to try. (My wife got lost in the analysis of survival rates for passengers of the Titanic – annbsp;excellent introduction to machine learningnbsp;to do at your own pace.) There is currently a Kaggle competition to develop an algorithm that will help health care workers in rural parts of the world prevent cervical cancer by applying the right treatment in high-risk pre-cancerous situations.
Seenbsp;the Intel and MobileODT Cervical Cancer Screening Competitionnbsp;for a more detailed explanation. (The competition offers $100,000 in prize money, by the way.)To read this article in full or to leave a comment, please click here

What you should really expect from Samsung’s facial recognition

Biometrics like fingerprint readers, iris scanners, and facial recognition are either the solution to passwords’ unmanageability or a fool’s-gold technology that will compromise us all.

Both and neither are true.The forthcoming Samsung Galaxy S8 introduces facial recognition to unlock the smartphone, becoming the fourth unlock option for Samsung’s flagship device, in addition to fingerprint reading, iris scanning, and good ol’ manually entered passwords.

And mere days after its introduction, someone has already fooled the Galaxy S8’s facial recognition by showing the device a picture of the person.

That would be an easy way to unlock someone else’s phone without their permission. (An earlier Google facial-recognition technology in 2011’s Android 4.0 Ice Cream Sandwich had the same flaw, by the way.)To read this article in full or to leave a comment, please click here

Roam free: A history of open-world gaming

You know the violence, but there were text-adventures, skiing, space, and ants(!) too.

Google pulls virtual assistant ad after user outcry

Google Home users got a surprise on Thursday when their virtual assistants cheerily mentioned that the live-action remake of “Beauty and the Beast” is opening in theaters this weekend.The ad seems to pop up when users ask for a rundown of their day, which kicks off the Home’s “My Day” feature.

That feature is supposed to offer users information about the weather, their calendars and relevant news.

But at the end of the rundown, the Google Assistant offered the following unsolicited tidbit, according to a video posted to Twitter by Bryson Meunier :[ Review: Microsoft Teams fails in its debut. | Modern meetings: How to share your screen to your conference TV. ]“By the way, Disney’s live action ‘Beauty and The Beast’ opens today,” it says. “In this version of the story, Belle is the inventor instead of Maurice.

That rings truer, if you ask me.

For some more movie fun, ask me something about Belle.”To read this article in full or to leave a comment, please click here

Apple’s Swift soars into Tiobe’s top 10 programming languages

The Swift language was introduced to much fanfare by Apple in June 2014, positioned as a modern successor to the Objective-C language that has driven iOS and MacOS application development. Now, Swift has cracked the top 10 in Tiobe's language popul...

Nearby system has 7 Earth-sized planets, several in the habitable zone

Less than 40 light years away, TRAPPIST-1 hosts a plethora of planets.

Now there’s a better way to prevent Facebook account takeovers

Site enhances two-factor authentication with crypto keys that plug into USB slots.

It’s now 2017, and your Windows PC can still be pwned...

Also: Edge is foiled by hyperlinks, Windows Server fails at authentication requests, and Microsoft is a $486bn company Microsoft has begun its 2017 with the release of four updates to address security holes in Windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader. Microsoft's January patch load includes: MS17-001, a fix for the Edge browser to address a flaw that would let a malicious page gain elevated access privileges when the user clicks on a link. "An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain," Microsoft says of CVE-2017-0002. The update will only be pushed out to Windows 10 and Server 2016. MS17-002 addresses a memory corruption issue in Office that allows for remote code execution in Office 2016 and SharePoint Enterprise Server 2016. The flaw, designated CVE-2017-0003, allows a specially crafted Word file to take control of the target system with the current user's access privileges.

The vulnerability was spotted by Tony Loi of FortiGuard Labs. MS17-003 is Microsoft's edition of the January Flash Player update to remedy 12 security flaws.

The patch will be automatically pushed to Windows users running Microsoft Edge or Internet Explorer 11. MS17-004 addresses a denial of service vulnerability in Local Security Authority Subsystem Service for older versions of Windows and Windows Server. Microsoft says that an attacker who sent a specially crafted authentication request to the targeted Windows (Vista through 7) or Windows Server (2008 to 2008 R2) box could trigger an automatic reset.

Discovery of the flaw, CVE-2017-0004, was credited to Nicolás Economou and Laurent Gaffie from Core Security. Meanwhile, Adobe is updating both Flash Player and Acrobat/Reader for Windows, macOS, and Linux desktops. The Flash Player update covers 13 vulnerabilities, none of which have been actively targeted in the wild yet.

Adobe is rating the fix as a critical priority for both Windows and macOS systems, as a successful exploit could allow for remote code execution. Linux systems are thought to be at lower risk for attack, but should still install the update as needed. The Adobe Acrobat and Reader update patches up 29 CVE-listed problems, including a number of remote code execution flaws in both Windows and macOS.

Adobe says it has not yet received reports of active exploits in the wild. By the way, if you update Reader, bear in mind it comes with a little surprise: a Chrome extension that sends Adobe telemetry. ® Sponsored: Customer Identity and Access Management

'Molecular' Cybersecurity Vs. Information Cybersecurity

When it comes to industrial processes, security begins at the molecular level. Not all cybersecurity risk is created equal.

Case in point: when Sony was hacked, information was stolen, systems were wiped, and society was temporarily deprived of a Seth Rogan movie.

These were mostly bad outcomes, and Sony certainly suffered a significant financial loss. Now, imagine a similar attack on an oil refinery where compromised systems include the proprietary industrial control systems that manage volatile processes. When I say volatile, I'm referring to processes where a boiler is heating oil by hundreds of degrees separating molecules to produce gasoline and other products. With appropriate access, a bad actor can change how hot that boiler is configured to run.
If you combine that with disabled safety systems, production, environments —  even lives —  can be severely affected.

A German steel mill experienced this in 2014 when a boiler exploded after an industrial control system attack; and 225,000 Ukrainians lost power in December 2015 when a hacker group shut down substation systems. I don't want to diminish the impact that malicious attacks have on our financial industry and others. However, chemical, oil and gas, and power generation attacks can have much graver outcomes — yet, surprisingly, these industries are in some ways the most vulnerable.
If you examine cybersecurity within a typical industrial process company, you find many of the same protections you find in any other company — antivirus software, firewalls, application whitelisting, and more.

These security controls are focused on protecting workstations, servers, routers, and other IT-based technology.
In other words, they protect the flow of information. But systems that move and manipulate molecules (for example, oil separating into constituent parts) are not nearly as secure. Why? Because many of these systems were built and deployed before cybersecurity was even a thing.
Industrial facilities rely primarily on layered defenses in front of industrial control systems, security by obscurity (think complex systems on which it takes years to become an expert), and air gapping (physical isolation from other networks). The reality is that layered defenses and air gapping can be bypassed.
Industrial facilities, for instance, periodically have turnarounds where they perform maintenance or switch production output.

This requires hundreds of engineers — many of them third-party ones — working multiple shifts to get production back online.

They are authorized users who could accidentally (or intentionally) introduce malicious code or configuration changes into a control system. Relying on obscurity as a strategy only has limited effect. With the rise of nation-sponsored cyber warfare, the capability of manipulating complex control systems is also on the rise.

The Ukrainian power attack, for instance, included malicious firmware updates that were believed to have been developed and tested on the hacking group's own industrial control equipment. Heck, you can even buy a programmable logic controller (a type of industrial control system) on eBay. Potential ImpactThe Obama administration's Commission on Enhancing National Cybersecurity report was released in early December.

There were some good recommendations in the report, particularly around having a security rating system for Internet of Things devices. What I found disturbing was that the report stated the distinction between critical infrastructure systems (found in the industries highlighted in this post plus others, such as transportation, that also rely on industrial control systems) and other devices is becoming impractical.

The point is that in a connected world, everything is vulnerable and attacks can come from any quarter.
It's a fair point, but this idea diminishes the importance of impact, which is essential to driving priority, policy, and investment decisions. Protecting the systems that manipulate molecules must have priority and, in some cases, have precedence over the ones that maintain information. So, where do you start? Where should investment flow? Most companies need to start at the beginning and simply begin to track the cyber assets they have in an industrial facility.

Another fun fact: many don't track that data today, or do so in a highly manual way, which means there are data gaps and errors. Without visibility into the cyber assets in a plant, you can't effectively secure them. And when we talk about cyber assets, any credible inventory plan must include the controllers, smart field instruments, and other systems that manage the volatile processes we've discussed (these systems, by the way, make up 80% of the cyber assets you find in an industrial facility).

This can't happen in a spreadsheet, but it must happen through automation software that can pull data from the many disparate, proprietary systems that can exist in a single facility. With an automated, detailed inventory that is updated regularly, companies can begin to do the things they know are important for securing any system — they can monitor for unauthorized changes, set security policies, and more.

Doing so allows companies not only to secure information, but also secure the molecules — the lifeblood of an industrial process company. Related Content: As General Manager of the Cybersecurity Business Unit at PAS, David Zahn leads corporate marketing and strategic development of the PAS Integrity Software Suite.

David has held numerous leadership positions in the oil and gas, information technology, and outsourcing ...
View Full Bio More Insights

2016's 7 Worst DDoS Attacks So Far

Rise of booter and stresser services, mostly run on IoT botnets, is fueling DDoS excitement (but the pros aren't impressed). 1 of 9 (Image source: by Roman Sigaev, via Shutterstock) It takes a lot to surprise people who spend their time preventing DDoSes.

Even the attack on DNS service provider Dyn last month "didn't shock ... by any means" Imperva's security group research manager Ben Herzberg and was "just another day at the office" to Arbor Networks' principal engineer Roland Dobbins. "You don't look at [attackers'] intentions, you look at capabilities," Dobbins says. "Folks that do this for a living, we tend to be very cynical."   If it seems that DDoSes had gone out of style for years, only to come raging back in a retro cybercrime fashion craze, that's not entirely accurate.

According to the experts, DDoS attacks have been a constant, like Levi's 501 jeans.

The recent headline-grabbing DDoSes are just glitzier, bedazzled versions of the same thing.   Attacks fueled by Internet of Things botnets created with malware like BASHLITE or Mirai seemed rather exciting, but after all, Dobbins says, there were IoT botnets years ago - composed of Linux home routers instead of DVRs and CCTV cameras.

They're not exactly new, they're just "the new hotness," as Akamai's senior security advocate Martin McKeay describes. Nevertheless, Herzberg says "I do think 2016 was a transition year." Why? The volume of large attacks increased.

Akamai reported recently that there was a 138% year-over-year increase in DDoS attacks over 100 Gbps, and 19 of these "mega-attacks" in Q3 alone. The cause: the rise of DDoSing-as-a-service and the proliferation of booter and stresser tools. Where once sophisticated DDoS attacks required sophisticated skills, these attacks can now be done by or at the behest of people with low to no hacking ability.

There are more players in the game now with better tools at their disposal. And, by the way, most of those direct DDoS-for-hire services are run on IoT botnets. If it seems that the attacks must change the way every defender does everything, that's not entirely true either.

Dobbins says the best practices for making DNS architecture and organizations' network infrastructure resilient to DDoS attacks are essentially the same as they were 20 years ago or more; the trouble is getting those best practices deployed. "If could make everything as resilient as it possibly could be, we would still have DDoS attacks, but their impact would be many magnitudes lower," Dobbins says. Many organizations do not even take into account DDoS in their business continuity planning, he says.  Experts concede that even if a DDoS is unsurprising and uninventive, it can also be quite disruptive if the target isn't prepared to respond. In that spirit, here are the worst, most definitive DDoS attacks of 2016 so far. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio 1 of 9 More Insights

Castle Raises $2 Million for Account Takeover Technology

Castle aims to make it easier to detect online fraud.

The funding will be used to help the company grow its engineering and go-to-market efforts. Security vendor Castle announced on Nov. 9 that it raised a $2 million seed round of funding from First Round Capital with participation from F-Prime Capital and FundersClub.Castle graduated from the Y Combinator cyber accelerator six months ago, bringing its account takeover technology to market.

The seed funding will be used to help grow the early stage company's engineering as well as go-to-market efforts. The idea behind Castle is to make security capabilities easy to deploy and use, explained Johan Brissmyr, CEO and co-founder. "Organizations just need to take a JavaScript snippet and put it on their website," Brissmyr told eWEEK. "Once the JavaScript is deployed, we build a behavioral profile for each individual user."The Castle technology learns usage and activity patterns from the user behavior, including how users interact with a given site. Once the user behavior profile has been built, Castle looks for outliers and deviations to help identify potential risks. Identifying potential malicious behavior is one thing, but actually blocking users is another.

Castle has three basic levels of risk categorization: unusual, suspicious and malicious, Brissmyr explained.

Based on the level of risk (with unusual being the lowest level), Castle will provide an appropriate response.

At the lowest risk level, the response is typically some form of email. "I think the magic is not to actually freak out end users," Brissmyr said.The outbound email needs to be worded and presented in a non-threatening way that won't scare users, Brissmyr said, adding that a non-threatening email tells users that everything is fine, but "oh, by the way" there was something that occurred with the user account that hadn't been seen before.

The email will tell the user that the unknown action was probably generated by the user, but if it wasn't, it can be reported, he said.Additionally, for the higher risk incidents, user interaction can be restricted to require users to provide an additional layer of authentication, such as responding to a Short Message Service (SMS) text, before full capabilities are restored, Brissmyr explained.Castle runs on the Amazon Web Services (AWS) cloud infrastructure and makes use of a big data backend that includes Apache Kafka, Spark and DynamoDB.

Castle is now also moving to use a Docker container approach along with Kubernetes for orchestration and container management, Brissmyr explained.Castle isn't Brissmyr's first attempt at building a security company.
In 2014, he co-founded security startup Userbin, which was an authentication service for consumer-facing applications.  The initial promise of Userbin was to provide an easy way for end users to secure online accounts.

Brissmyr noted that the consumer authentication space is a difficult market to break into as there are many choices, including open-source options, and that Userbin did not succeed as a company.Brissmyr is looking to further improve Castle's technology.

Among the capacities he's looking to add are self-service features as well as directly integrated two-factor authentication options."Our mission is to build a full platform for customer security," Brissmyr said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter
@TechJournalist.

Clinton, Trump do agree on one thing—the right to use marijuana

Aurich Lawsonreader comments 37 Share this story Campaign 2016 State of the biggest, best union: Trump nightly webcast debuts tonight The next President will take power with significant space decisions looming Hillary Clinton vs Donald Trump on science, energy, and the climate Clinton blasts Russian cyber-attacks as bid to install Trump as a “puppet” If elected, Clinton would support an “Encryption Commission” to help feds View more storiesIt's no secret that presidential candidates Hillary Clinton and Donald Trump cannot stomach one another; they seemingly disagree on most everything.

Before the last two presidential debates, they didn't even shake hands.

But even in this contentious election cycle, there's one thing these two (or four, if we're including the major third-parties) agree on... You have a right to marijuana for medical or recreational purposes. Where a president stands on marijuana means a lot, at least for those partaking in or profiting from the marijuana industry.

Today, the federal government still classifies marijuana as a controlled substance, the same category as heroin. Yet four states—Alaska Colorado, Oregon, Washington—allow recreational marijuana, a status directly in conflict with federal law. Luckily for those states, President Barack Obama's administration has mostly turned a blind eye.

The nation's next president, however, isn't obligated to follow suit. With the snap of presidential fingers, the new elect theoretically could demand federal authorities raid growers and dispensaries. In addition to the federal situation, citizens in California, Arizona, Maine, Massachusetts, and Nevada will go to the polls come Nov. 8 to choose whether to legalize recreational marijuana in those states.

And voters in Arkansas, Florida, Montana, and North Dakota are being asked to permit medical marijuana with a doctor's recommendation.

Altogether, 25 states already permit the medical use of marijuana. (Here are the texts of all the measures.) So for those invested in marijuana, this a particularly important vote. Marijuana support and opposition Current polls show that a majority of Americans support ending marijuana prohibition.

A Gallup poll released Oct. 21 showed that 58 percent of those surveyed supported legalizing marijuana in some degree.

That's up from 48 percent between 2010-2012. However, neither major party candidate—Trump and Clinton—has highlighted marijuana as a key component of their campaigns. Enlarge Justin Sullivan/Getty Images To be sure, marijuana is a multi-billion-dollar business with an estimated worth of $7.1 billion, so naturally big companies want in.

Thus far, Microsoft is one of the marquee names to enter the arena, marketing software to track marijuana from "seed to sale." There are also lesser known companies like Hound Labs in Oakland, California.

That organization wants to offer a so-called roadside breathylizer for marijuana. To summarize the general arguments swirling around marijuana, looking to the individual state battles can be illuminating.

California is the nation's biggest marijuana market to already legalize medical use.

This election season, more than a dozen police associations in the state are urging voters to go against Proposition 64, a proposal for legalizing recreational use. On the flip side, the top financial backer of the measure is Sean Parker, the Napster founder and a former president of Facebook. He's helped raise $8.5 million for the cause. Those in favor argue Prop 64 would reduce California's overcrowded prisons and jails, give Californians freedom of choice, and provide tax money for, in the words of California Lt.

Gov.

Gavin Newsom, "important programs such as public safety." In contrast, the California Association of Highway Patrolmen, representing some 7,900 CHP officers, says legalizing marijuana will cause more traffic deaths.

They point to things like a recent Colorado study suggesting the same conclusion: Recent numbers out of Colorado show that marijuana related traffic deaths have increased almost 50 percent since 2013 which is exactly why we strongly oppose Prop 64.

For the proponents of Prop 64 to say that they worked with law enforcement to craft this measure is misleading and when you see Colorado law enforcement asking for a timeout to deal with the problems they are facing it should give us all pause on this important issue. We will continue to educate media, local and state leaders, but most importantly we tell California voters that Prop 64 did NOT get it right. Organizations on both sides of these fights nationwide have talking points spanning health, addiction, intoxicated driving, crime, blight, justice, taxation—you name it.

Despite the interest, the two main party candidates haven't said very much on the topic no matter how it's presented. Clinton The Democratic candidate said in August she supports reclassifying marijuana from a Schedule 1 to a Schedule 2 drug, which would remove research barriers for medical use.
She said it was up to the states to decide their own marijuana laws without federal intervention. "I think what the states are doing right now needs to be supported, and I absolutely support all the states that are moving toward medical marijuana, moving toward—absolutely—legalizing it for recreational use," Clinton said on Jimmy Kimmel Live in March. "What I’ve said is let’s take it off the what’s called Schedule I and put it on a lower schedule so that we can actually do research about it.

There’s some great evidence about what marijuana can do for people who are in cancer treatment, who have other kind of chronic diseases, who are suffering from intense pain.

There’s great, great anecdotal evidence but I want us to start doing the research." Clinton's campaign website backs up those words. Trump The Republican candidate said in 1990 that he favored legalization of all drugs.
Speaking of the war on drugs at the time, he said, "You have to legalize drugs to win that war." Over time, Trump's thinking has apparently changed.
In October 2015, he was quoted in the Washington Post as saying: "In terms of marijuana and legalization, I think that should be a state issue, state-by-state." But he told the O'Reilly Factor last February that "dealers" were going to "load up" on marijuana and sell it around the country if marijuana was legalized in Colorado. He told O'Reilly that he favored medical marijuana but not the recreational use of it. "I would really want to think about that one, Bill.

Because in some ways I think it’s good and in other ways it’s bad.
I do want to see what the medical effects are," he said. "I have to see what the medical effects are and, by the way—medical marijuana, medical? I’m in favor of it a 100 percent.

But what you are talking about, perhaps not.
It’s causing a lot of problems out there." Trump's campaign website is silent on the issue. Third-parties Given the need to make waves in order to increase the odds of election success, both third-party candidates have been happy to discuss the subject of marijuana.

Green Party candidate Jill Stein even supports nationwide medical and recreational use as part of her platform. "Make no mistake, ending marijuana prohibition would be a huge win for freedom and social justice, and a major step towards the just, Green future we deserve," she said in her campaign literature. "As President, one of my first actions would be to order the DEA and the Justice Department to cease and desist all attempts to harass or prosecute medical marijuana clinics or other legitimate marijuana-related businesses that are operating under state laws." Libertarian Party candidate Gary Johnson, the former Republican governor of New Mexico, was once the CEO of Cannabis Sativa, a marijuana firm.
So naturally, he favors the legalization of marijuana for both recreational and medical uses and would support federal research. His campaign website said that the Founding Fathers would be shocked "to learn that the government has decided it is appropriate to tell adults what they can put in their bodies—and even put them in jail for using marijuana, while allowing those same adults to consume alcohol and encouraging the medical profession to pump out addictive, deadly painkillers at will." As with all aspects of the coming election, marijuana usage has become a passionate debate.

The only certainty at the moment is that more is coming, and future presidential candidates likely won't have the option to remain mum.