fbpx
Logan Hochstetler

Logan Hochstetler

ere are generally two paths for dealing with someone in power when disagreements arise. One is to confront, and the other is to understand and influence. What is interesting is the most common path taken is the former while the most successful is the latter. I think the reason is that the former path is both the natural path for disagreement and the most visible. Confrontation is always more newsworthy than influence.

When done right, exerting influence has the odd result of not conveying credit while actually making far more progress. This suggests that one of the ways to determine whether someone is doing something because they believe in the outcome vs. doing it for fame and status is whether they move to influence or to confront.

The vast majority of tech executives and politicians confronted Trump, which had little impact on him, while Peter Thiel moved to influence. As a result, he now may be the most powerful person in tech, even though that didn't appear to be his goal.

I'll share some thoughts about that this week and close with my last product of the week, which has to be Varonis. It is the one product that could have prevented virtually all of the high-profile breaches that crippled both Yahoo and Hillary Clinton's campaign.

Confrontation and Backstabbing

One of the most common ways decisions are made in the tech industry is that the most outspoken and disagreeable person at the table wins, and the person who is better founded but isn't as focused on the status of winning often loses. I call this the "biggest assh*le at the table method," but there is a more technical term for this: argumentative theory. I've reviewed a lot of failed companies, and at the heart of most failures seems to be this process.

 

There is a second process that is equally common, in tech firms in particular, and it has a common name that I'll paraphrase because I can't use the actual name in mixed company. It is "kiss you screw you." This occurs after everyone at the table agrees, and then a bunch go out and do everything they can to cause the idea to fail in order to screw the poor person who is trying to execute.

If you've ever wondered why a lot of good ideas fail, it is largely because some group of folks inside companies secretly move to cause them to fail. Personally, I think people should be fired for doing that, but they often are rewarded instead, which suggests there are a lot of managers on the wrong side of this practice.

I personally think the Obama administration was defined by both practices. The Republicans largely practiced the "biggest assh*le at the table" method and were obstructionist, while the Democrats seemed to agree but acted against the president behind the scenes, which is why efforts like Obamacare were such a train wreck.

Collaboration and Influence

Compare the way much of the tech industry supported Clinton vs. how Peter Thiel supported Trump. Clinton got money and vocal support, and Thiel provided technical advice and focus. He advised and kept tightly to tech topics like cybersecurity, which are critical to the well being of the country. Clinton's massive support from the industry largely consisted of money, because most thought she was an idiot. That was thanks largely to the email thing, but I've seen notes going back years, suggesting that was hardly a new perception.

The right path for Clinton's supporters would have been to fix the "idiot" thing. Yet there is no evidence it was even attempted. Thiel, in contrast, worked to make Trump smarter, and the result was not only better execution in the final days of the campaign, but also last week's tech meeting, which focused on making tech companies more profitable.

 

Contrast this with Eric Schmidt's relationship with President Obama, which became an embarrassment for the president and didn't seem to result in anything but an unusual protection against antitrust charges for Google. As a result, it's arguable that tech actually appears weaker at the end of Obama's term than it did at the beginning. If the current trend holds, that shouldn't be the case with Trump, but that outcome will depend largely on Thiel's relationship with Trump.

Thiel vs. Gawker

Peter Thiel spent $10M taking out Gawker, which scared a lot of folks because it silenced a voice in media. Personally, I thought Gawker was an abomination -- largely because it focused on disclosing personal information about powerful people or celebrities, doing them harm for money.

Gawker had its roots in tech, and a tech service that monetizes hurting people tarnishes the entire industry and is counter to efforts that are working to eliminate bad behavior, like bullying, by making it appear like you can bully anyone. By the way, this doesn't mean that I agree with some of the behavior that Gawker called out -- I just don't think it is in the tech industry's best interest to validate the hostile use of personal information, given the critical need to protect everyone's individual privacy.

I'm kind of surprised more tech CEOs haven't backed Thiel's efforts, largely because having a "secret mistress" is an extremely common perk of the job. My guess is that most believe they are careful and that their clandestine relationships won't be reported. Sadly, many aren't as good at keeping this stuff secret as they think. Had Gawker not been killed, many of those delusional executives likely would have had some explaining to do to their wives, kids, employees, stockholders and boards. Such things rarely go well, so Thiel did them one hell of a favor that most may never appreciate fully.

Wrapping Up: Thiel vs. Whitman

Perhaps the biggest contrast was between Thiel and Whitman. Thiel focused on collaboration, while Whitman took the confrontational path to extremes, seemingly switching parties. Thiel will have a great deal of influence on the Trump administration, while Whitman will have zero influence on it and may find that HPE is blacklisted both by Trump's companies and the federal government -- or worse, be prioritized for contract audits.

One final thought: Because Thiel focused on talking about technology, he could have made the cut to influence Clinton. He didn't make the conflict personal, and he clearly had a strong grasp of what needed to be done by either administration. Whitman could have influenced only Clinton, because her contribution was personal and political.

Even with Clinton, her influence likely would have been insignificant, perhaps limited to getting a largely ceremonial cabinet post. Here is the important part: Given that she is the CEO of HPE, neither outcome would have benefited HPE significantly, and the Trump outcome may have hurt it materially.

I think this showcases a best practice that the tech industry should adapt broadly: Collaboration and focusing on what the industry knows -- tech -- is a far better way both to influence an administration and to make a real difference.

I think it also showcases a far better personal practice as well, because constant confrontation, particularly when it is only to appear superior, or backstabbing for any reason is counterproductive to the overall effort and makes a firm less successful.

So, for those of you who have made being an assh*le or backstabbing a defining skill, if you care about making a difference, then you should change your behavior. For those of you who like being assh*les and backstabbing, be aware that the identification and elimination of folks like you has become a major feature of the coming artificial intelligence-based human resources systems, so eventually you'll be fired. All I can say is, it will be about fricking time.

My last thought is this: Thiel suddenly has become the most powerful person in tech, not through the more typical process of backstabbing and self-aggrandizement, but because he focused like a laser on how to use tech to help the nation and Trump. I should point out something about Jobs, who clearly was the most powerful person in tech last decade. While certainly an assh*le interpersonally, he focused on making Apple great. He became famous not because he focused on gaining fame but largely because of Apple's success. In both cases, it is that focus we should remember as a best practice.

Rob Enderle's Product of the Week

Yahoo last week disclosed that it had experienced a breach that occurred prior to its previously disclosed mega breach and that it was much bigger, impacting 1 billion people -- that is billion with a B. It means that the odds favor the fact that you have been compromised and harmed, and that it clearly wasn't reported in a timely way so you could have protected yourself.

This is on top of indications that both the Democrats and Republicans were hacked, and that those hacks likely did have a material impact on the election, even if it was just the uneven release of compromising emails.

In virtually all cases, the hacks were not discovered until well after they had occurred, and many only when what was stolen was disclosed. Claims that emails were not hacked -- like Clinton's emails or the RNC's emails -- largely coincide with no tracking in place. That is like saying no trees fall in areas where there are no people to observe them falling. Just because you didn't see something doesn't mean it didn't occur.

What makes products like Varonis different is that they monitor behavior and activity. If someone either inside the company or outside has gained access to something they either don't have rights to or that they've never been interested in before, then Varonis sends an alert. These hacks can range from people pulling information to share illicitly to hacking individuals to get access in order to misuse it to download sensitive information.

Varonis logo

What concerns me is that this class of solution seems to be avoided, because people would rather not know they have been hacked so they can claim they are secure. For some, that's preferable to finding out they aren't -- and let's be clear, no one is absolutely secure. Pretending otherwise is just stupid.

Some nimrod earlier this month boasted on Twitter of having my personal information, along with a password I was using back in 2013, suggesting I'm one of the folks who was hacked. Because Varonis could have prevented this, it is my product of the week, and it is a contender for my product of the year, which I'll announce next week.

Author: Rob Enderle
Source: http://www.technewsworld.com/story/Is-Peter-Thiel-the-Most-Powerful-Person-in-Tech-84183.html

Monday, 02 January 2017 13:51

The Biggest Security Threats Coming in 2017

WHETHER IT WAS a billion compromised Yahoo accounts or state-sponsored Russian hackers muscling in on the US election, this past year saw hacks of unprecedented scale and temerity. And if history is any guide, next year should yield more of the same.

It’s hard to know for certain what lies ahead, but some themes began to present themselves toward the end of 2016 that will almost certainly continue well into next year. And the more we can anticipate them, the better we can prepare. Here’s what we think 2017 will hold.

Consumer Drones Get Weaponized

Given how frequently the US has used massive flying robots to kill people, perhaps it’s no surprise that smaller drones are now turning deadly, too—this time in the hands of America’s enemies. In October the New York Times reportedthat in the first known case, US-allied Kurdish soldiers were killed by a small drone the size of a model airplane, rigged with explosives. As drones become smaller, cheaper, and more powerful, the next year will see that experiment widened into a full-blown tactic for guerrilla warfare and terrorism. What better way to deliver deadly ordnance across enemy lines or into secure zones of cities than with remote-controlled accuracy and off-the-shelf hardware that offers no easy way to trace the perpetrator? The US government is already buying drone-jamming hardware. But as with all IEDs, the arms race between flying consumer grade bombs and the defenses against them will likely be a violent game of cat-and-mouse.

 

Another iPhone Encryption Clash

When the FBI earlier this year demanded that Apple write new software to help crack its own device—the iPhone 5c of dead San Bernadino terrorist Rizwan Farook—it fired the first shots in a new chapter of the decades-long war between law enforcement and encryption. And when it backed off that request, saying it had found its own technique to crack the phone, it only delayed any resolution. It’s only a matter of time until the FBI or other cops make another legal demand that an encryption-maker assist in cracking its protections for users, setting the conflict in motion again. In fact, in October the FBI revealed in October that another ISIS-linked terrorist, the man who stabbed ten people in a Minnesota mall, used an iPhone. Depending on what model iPhone it is, that locked device could spark Apple vs. FBI, round two, if the bureau is determined enough to access the terrorist’s data. (It took three months after the San Bernadino attack for the FBI’s conflict with Apple to become public, and that window hasn’t passed in the Minnesota case.) Sooner or later, expect another crypto clash.

Russian Hackers Run Amok

Two months have passed since the Office of the Director of National Intelligence and the Department of Homeland Security stated what most of the private sector cybersecurity world already believed: That the Kremlin hacked the American election, breaching the Democratic National Committee and Democratic Congressional Campaign Committee and spilling their guts to WikiLeaks. Since then, the White House has promised a response to put Russia back in check, but none has surfaced. And with less than a month until the inauguration of Putin’s preferred candidate—one who has buddied up to the Russian government at every opportunity and promised to weaken America’s NATO commitments—any deterrent effect of a retaliation would be temporary at best. In fact, the apparent success of Russia’s efforts—if, as CIA and FBI officials have now both told the Washington Post, Trump’s election was the hackers’ goal—will only embolden Russia’s digital intruders to try new targets and techniques. Expect them to replicate their influence operations ahead of elections next year in Germany, the Netherlands, and France, and potentially to even try new tricks like data sabotage or attacks on physical infrastructure.

A Growing Rift Between the President and the Intelligence Community

Though the US intelligence community—including the FBI, NSA, and CIA—has unanimously attributed multiple incidents of political hacking to Russian government-sponsored attackers, President-elect Donald Trump has remained skeptical. Furthermore, he has repeatedly cast doubt on digital forensics as an intelligence discipline, saying things like, “Once they hack, if you don’t catch them in the act you’re not going to catch them. They have no idea if it’s Russia or China or somebody.” Trump has also caused a stir by declining daily intelligence briefings. Beyond just the current situation with Russia, Trump’s casual dismissal of intelligence agency findings is creating an unprecedented dissonance between the Office of the President and the groups that bring it vital information about the world. Current and former members of the intelligence community told WIRED in mid-December that they find Trump’s attitude disturbing and deeply concerning. If the President-elect permanently adopts this posture, it could irrevocably hinder the role of intelligence agencies in government. President Obama, for one, says he is hopeful that the situation is temporary, since Trump has not yet felt the full responsibility of the presidency. “I think there is a sobering process when you walk into the Oval Office,” Obama said recently in a press conference. “There is just a whole different attitude and vibe when you’re not in power as when you are in power.” If Trump does eventually embrace the intelligence community more fully, the next question will be whether it can move on from what has already transpired.

DDoS Attacks Will Crash the Internet Again (And Again, And Again)

This was the year of Internet of Things botnets, in which malware infects inconspicuous devices like routers and DVRs and then coordinates them to overwhelm an online target with a glut of internet traffic, in what’s known as a disrupted denial of service attack (DDoS). Botnets have traditionally been built with compromised PCs, but poor IoT security has made embedded devices an appealing next frontier for hackers, who have been building massive IoT botnets. The most well-known example in 2016, called Mirai, was used this fall to attack and temporarily bring down individual websites, but was also turned on Internet Service Providers and internet-backbone companies, causing connectivity interruptions around the world. DDoS attacks are used by script kiddies and nation states alike, and as long as the pool of unsecured computing devices endlessly grows, a diverse array of attackers will have no disincentive from turning their DDoS cannons on internet infrastructure. And it’s not just internet connectivity itself. Hackers already used a DDoS attack to knock out central heating in some buildings in Finland in November. The versatility of DDoS attacks is precisely what makes them so dangerous. In 2017, they’ll be more prevalent than ever.

Ransomware Expands Its Targets

Ransomware attacks have become a billion-dollar business for cybercriminals and are on the rise for individuals and institutions alike. Attackers already use ransomware to extort money from hospitals and corporations that need to regain control of their systems quickly, and the more success attackers have, the more they are willing to invest in development of new techniques. A recent ransomware version called Popcorn Time, for example, was experimenting with offering victims an alternative to paying up—if they could successfully infect two other devices with the ransomware. And more innovation, plus more disruption, will come in 2017. Ransomware attacks on financial firms have already been rising, and attackers may be emboldened to take on large banks and central financial institutions. And IoT ransomware could crop up in 2017, too. It may not make sense for a surveillance camera, which might not even have an interface for users to pay the ransom, but could be effective for devices that sync with smartphones or tie in to a corporate network. Attackers could also demand money in exchange for ceasing an IoT botnet-driven DDoS attack. In other words, ransomware attacks are going to get bigger in every possible sense of the word.

Author: WIRED STAFF
Source: https://www.wired.com/2017/01/biggest-security-threats-coming-2017

Have a login form on an HTTP URL? You will need to switch it to an HTTPS URL if you want to avoid security warnings in Chrome in January.

This morning, Google began sending out notices through the Google Search Console to websites that have login and password fields on pages that are not over HTTPS. The notification says nonsecure Collection of Passwords will trigger warnings in Chrome 56 for domain.com.

Chrome 56 in January will issue a security warning for web pages that have these login fields without serving them on a page that is over HTTPS. The message reads:

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.

 

Google also posted about this on Google+ and wrote:

From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked

nohacked2016_post2_g-1

Google has been pushing sites to go HTTPS for some time now, including giving a ranking boost to pages with HTTPS URLs.

Here is a copy of the notification:

google-nonsecure-collection-passwords-chrome-1482846162

Author: Barry Schwartz
Source: http://searchengineland.com/google-search-console-warns-nonsecure-collection-passwords-upcoming-chrome-browser-release-266486

The amount of sexism on the internet is depressingly self-evident. Women in particular who speak their minds online are frequently attacked on the basis on their gender, and often in horrifyingly graphic ways. But what about the internet itself? There could be inherent characteristics in its very structure that could be considered sexist or gender biased.

It would seem so. To give you an idea, type ‘engineer’ or ‘managing director’ into a search engine and look at the images. You’ll find that the vast majority are of men. The stereotypes work both ways, of course. Type in ‘nurse’ and most of the images will be of women. Although this may simply reflect society as it stands, there is an argument to be made that, intentionally or otherwise, it also reinforces gender stereotyping. Given how influential the internet is on people’s perception of the world – a fact laid bare recently in both Brexit and the US Elections – isn’t there a responsibility among tech giants like Google, Yahoo, Microsoft and Facebook to fight the kind of prejudices that too often see internet users inhabit echo chambers where their own biases are reflected back at them?

 

It’s a question fraught with moral issues. On the one hand, search engines are automated and simply display the most common searches. It’s also clear that attempts to censor these facts of internet life is equally dubious, not only because it amounts to a denial of the issue, but because it sets a scary precedent, potentially providing a gateway into all kinds of Orwellian thought control.

Nevertheless, the issue is not about to go away, and making people more socially aware of gender bias on the internet is the first step in trying to find a solution. The problem was highlighted brilliantly in a UN campaign in 2013 concerned with women’s rights. It showed women’s faces with their mouths covered by the Google search bar and various auto-complete options, such as ‘women need’ transforming into ‘knowing their place’. It was also effectively publicised up by TED.com editor Emily McManus who, when attempting an internet search to find an English student who taught herself calculus, was asked by Google, ‘Do you mean a student who taught himself calculus?’ McManus’s subsequent screenshot was retweeted thousands of times and became a worldwide news story.

Part of the issue stems from a lack of gender balance in the tech industry itself. Office for National statistics figures from 2014 reveal that in the UK there are 723,000 male compared to 124,000 female professionals in the IT industry. In 2015, according to the companies’ own figures, only 17% of Microsoft’s technical staff were women, while men made up 83% of Google’s engineering staff and 80% of Apple’s technical staff. It’s true that these industries have put various initiatives in place to try to redress this balance, like Google’s ‘Made with Code’ or Microsoft’s ‘Women in tech’, spearheaded by Melinda Gates, but there’s clearly still a long way to go.

Although women are unquestionably the most disadvantaged when it comes to gender bias on the internet, men don’t escape stereotyping either. For example, with women making inroads into high-powered, well-paid jobs there are consequently more men taking on domestic roles or becoming stay-at-home dads. Trying to find this reflected on the internet is just as hard as trying to find female engineers. The attitude is still very much that if a man isn’t the ‘breadwinner’ he’s not really a man – type ‘homemaker’ in and see what comes up. Likewise, even as men’s involvement in child-rearing is transforming, the internet still fails to accurately represent such a significant social shift.

So what’s to be done, besides simply switching off the predictive function in settings? It seems some new approaches are being experimented with, ones that strike a balance between using the predictive function – which is otherwise a useful tool – and maintaining an element of choice. For example, global Swedish tech company Semcon has come up with a browser extension called Re-Search. This doesn’t stop the predictive function acting in its usual fashion, but it does provide an alternative search result that aims to give men and women more equal space in the search results.

Says Project Manager, Anna Funke, “If engineers are portrayed as men in yellow helmets, how can women feel that the job might be of interest to them? Role models are important when young people are thinking about their career choices and the internet is the first place many people look for information.” Semcon are making the software available free of charge, and its also open source in the hope it will encourage individuals and companies to develop the product further and find their own ways to spur on greater gender equality across the internet.

It’s worth remembering though, that when the internet first appeared back in the 1990s, it was hailed as a great democratic technology. Despite the ways in which states, corporations or individuals attempt to manipulate it, it remains just that, reflecting what we are, even when that’s pretty unpalatable. Ultimately then, if we’re going to have an internet that better reflects equality, openness and decency, it’s down to all of us who use it.

Author:  Robert Bright

Source:  http://www.huffingtonpost.co.uk/entry/the-great-gender-gap-debate-is-the-internet-bias-to-either-sex_uk_583d99d1e4b090a702a650c9

ON THE WEST coast of Australia, Amanda Hodgson is launching drones out towards the Indian Ocean so that they can photograph the water from above. The photos are a way of locating dugongs, or sea cows, in the bay near Perth—part of an effort to prevent the extinction of these endangered marine mammals. The trouble is that Hodgson and her team don’t have the time needed to examine all those aerial photos. There are too many of them—about 45,000—and spotting the dugongs is far too difficult for the untrained eye. So she’s giving the job to a deep neural network.

Deep learning is remaking Google, Facebook, Microsoft, and Amazon.

Neural networks are the machine learning models that identify faces in the photos posted to your Facebook news feed. They also recognize the questions you ask your Android phone, and they help run the Google search engine. Modeled loosely on the network of neurons in the human brain, these sweeping mathematical models learn all these things by analyzing vast troves of digital data. Now, Hodgson, a marine biologist at Murdoch University in Perth, is using this same technique to find dugongs in thousands of photos of open water, running her neural network on the same open-source software, TensorFlow, that underpins the machine learning services inside Google.

 

As Hodgson explains, detecting these sea cows is a task that requires a particular kind of pinpoint accuracy, mainly because these animals feed below the surface of the ocean. “They can look like whitecaps or glare on the water,” she says. But that neural network can now identify about 80 percent of dugongs spread across the bay.

The project is still in the early stages, but it hints at the widespread impact of deep learning over past year. In 2016, this very old but newly powerful technology helped a Google machine beat one of the world’s top players at the ancient game of Go—a feat that didn’t seem possible just a few months before. But that was merely the most conspicuous example. As the year comes to a close, deep learning isn’t a party trick. It’s not niche research. It’s remaking companies like Google, Facebook, Microsoft, and Amazon from the inside out, and it’s rapidly spreading to the rest of the world, thanks in large part to the open source software and cloud computing services offered by these giants of the internet.

The New Translation

In previous years, neural nets reinvented image recognition through apps like Google Photos, and they took speech recognition to new levels via digital assistants like Google Now and Microsoft Cortana. This year, they delivered the big leap in machine translation, the ability to automatically translate speech from one language to another. In September, Google rolled out a new service it calls Google Neural Machine Translation, which operates entirely through neural networks. According to the company, this new engine has reduced error rates between 55 and 85 percent when translating between certain languages.

Google trains these neural networks by feeding them massive collections of existing translations. Some of this training data is flawed, including lower quality translations from previous versions of the Google Translate app. But it also includes translations from human experts, and this buoys the quality of the training data as a whole. That ability to overcome imperfection is part of deep learning’s apparent magic: given enough data, even if some is flawed, it can train to a level well beyond those flaws.

Mike Schuster, a lead engineer on Google’s service, is happy to admit that his creation is far from perfect. But it still represents a breakthrough. Because the service runs entirely on deep learning, it’s easier for Google to continue improving the service. It can concentrate on refining the system as a whole, rather than juggling the many small parts that characterized machine translation services in the past.

Meanwhile, Microsoft is moving in the same direction. This month, it released a version of its Microsoft Translator app that can drive instant conversations between people speaking as many as nine different languages. This new system also runs almost entirely on neural nets, says Microsoft vice president Harry Shum, who oversees the company’s AI and research group. That’s important, because it means Microsoft’s machine translation is likely to improve more quickly as well.

The New Chat

In 2016, deep learning also worked its way into chatbots, most notably the new Google Allo. Released this fall, Allo will analyze the texts and photos you receive and instantly suggest potential replies. It’s based on an earlier Google technology called Smart Reply that does much the same with email messages. The technology works remarkably well, in large part because it respects the limitations of today’s machine learning techniques. The suggested replies are wonderfully brief, and the app always suggests more than one, because, well, today’s AI doesn’t always get things right.

Inside Allo, neural nets also help respond to the questions you ask of the Google search engine. They help the company’s search assistant understand what you’re asking, and they help formulate an answer. According to Google research product manager David Orr, the app’s ability to zero in on an answer wouldn’t be possible without deep learning. “You need to use neural networks—or at least that is the only way we have found to do it,” he says. “We have to use all of the most advanced technology we have.”

What neural nets can’t do is actually carry on a real conversation. That sort of chatbot is still a long way off, whatever tech CEOs have promised from their keynote stages. But researchers at Google, Facebook, and elsewhere are exploring deep learning techniques that help reach that lofty goal. The promise is that these efforts will provide the same sort of progress we’ve seen with speech recognition, image recognition, and machine translation. Conversation is the next frontier.

The New Data Center

This summer, after building an AI that cracked the game of Go, Demis Hassabis and his Google DeepMind lab revealed they had also built an AI that helps operate Google’s worldwide network of computer data centers. Using a technique called deep reinforcement learning, which underpins both their Go-playing machine and earlier DeepMind services that learned to master old Atari games, this AI decides when to turn on cooling fans inside the thousands of computer servers that fill these data centers, when to open the data center windows for additional cooling, and when to fall back on expensive air conditioners. All told, it controls over 120 functions inside each data center

As Bloomberg reported, this AI is so effective, it saves Google hundreds of millions of dollars. In other words, it pays for the cost of acquiring DeepMind, which Google bought for about $650 million in 2014. Now, Deepmind plans on installing additional sensors in these computing facilities, so it can collect additional data and train this AI to even higher levels.

The New Cloud

As they push this technology into their own products as services, the giants of the internet are also pushing it into the hands of others. At the end of 2015, Google open sourced TensorFlow, and over the past year, this once-proprietary software spread well beyond the company’s walls, all the way to people like Amanda Hodgson. At the same time, Google, Microsoft, and Amazon began offering their deep learning tech via cloud computing services that any coder or company can use to build their own apps. Artificial intelligence-as-a-service may wind up as the biggest business for all three of these online giants.

As AI evolves, the role of the computer scientist is changing.

Over the last twelve months, this burgeoning market spurred another AI talent grab. Google hired Stanford professor Fei-Fei Li, one of the biggest names in the world of AI research, to oversee a new cloud computing group dedicated to AI, and Amazon nabbed Carnegie Mellon professor Alex Smolna to play much the same role inside its cloud empire. The big players are grabbing the world’s top AI talent as quickly as they can, leaving little for others. The good news is that this talent is working to share at least some of the resulting tech they develop with anyone who wants it.

As AI evolves, the role of the computer scientist is changing. Sure, the world still needs people who can code software. But increasingly, it also needs people who can train neural networks, a very different skill that’s more about coaxing a result from the data than building something on your own. Companies like Google and Facebook are not only hiring a new kind of talent, but also reeducating their existing employees for this new future—a future where AI will come to define technology in the lives of just about everyone.

 

Source : https://www.wired.com/2016/12/2016-year-deep-learning-took-internet/

2016 was the banner year for cyber security – and not in a good way. But what does 2017 have in store?

There is no denying that 2016 was a big year for cybercrime. From the Bank of Bangladesh/SWIFT heist in February to the Dyn DDoS attack a few weeks ago, there was plenty of proof that hackers are getting smarter and their innovation is on a growth trajectory.

If there is one good thing derived from these hacks, it is that they have made alarm bells ring loud and true for consumers and organisations alike. This is the starting point for five cyber security predictions for the year ahead.

1. Consumers will prioritise security when deciding which companies to do business with

Following high-profile data breaches in 2016, including Yahoo and Three Mobile, consumers are more anxious than ever about the downstream financial crime that follows a cyber attack.

As the realisation of what a criminal can achieve once they have taken our data sinks in, consumers are beginning to demand guarantees that their services providers are safe.

In 2017, a trend will emerge around customers wanting to understand more about the security of the organisations they do business with.

Just as companies promote ‘seals of approval’ for accomplishments like being ‘green’, promoting gender equality or having accident-free workplaces, customers will look for some sort of seal of assurance that the companies they do business with have a strong cybersecurity posture.

In fact, Ofcom has recently highlighted that broadband providers such as BT are worse at customer service than financial services providers and must do more to deliver a reliable internet connection.

 

2. Consumers will take ownership of their own cybersecurity

The great doorbell hack of 2016 kicked off the year with a loud ding-dong. Hackers have figured out that smart home devices, such as doorbells and refrigerators, are gateways to home Wi-Fi networks and email logins.

Similarly, to how they developed new and more inventive scams to get hold of consumers’ data in the ‘90s, this is just the beginning of consumer-targeted cybercrime.

As people add more Internet of Things (IoT) devices to their smart homes and take more of their daily affairs online, the security of their online environment will become even more important.

In 2017, new services will emerge that allow consumers to evaluate their own cyber security as they work to protect their data and savings from criminals, and strive to take ownership of our cybersecurity.

3. Consumers and businesses will acknowledge the threat potential of IoT devices

Beyond hacked doorbells and refrigerators, certain IoT devices, like self-driving cars, can present serious security threats. Expect more attacks to follow, especially as it is currently easier for a hacker to create an IoT botnet to compromise a device than it is to phish for data in traditional ways. There is a serious lack of security features in the code developed for IoT devices which needs to be addressed.

Due to the risk some of these devices pose to human life, it should be no surprise to hear that the security of IoT coding will come under stricter scrutiny than ever before.

As IoT devices become widely used by businesses and individuals alike, people and organisations will make security considerations a priority in their decisions to use smart devices, not an afterthought.

4. Businesses will assess the cyber security of their own and partners’ networks

Led by the Office of the Comptroller of the Currency (OCC) directive requiring banks to manage risks – including cybersecurity risk – in their third-party relationships, companies in all industries will start paying a lot more attention to their business partners’ cybersecurity posture in 2017.

 

Most businesses have large and complex networks of partners, suppliers, vendors and other stakeholders with whom they exchange information on a regular basis. This means that the web of risk is incredibly wide, and a security breach in any link of the chain can expose the entire network.

Boardrooms across all industries have brought concerns about partner network security to the top of their agenda, so in 2017 we will see growth in the adoption of tools that assess risk across the entire network and bring a company’s security status to the forefront for partners, enterprises, and insurers.

5. Biometric security data may become the biggest security vulnerability of all

It started with the innovative Apple TouchID, developed to make it easier for consumers to unlock their phones. But, in 2016, we have seen biometric identification go mainstream – even three year old kids’ fingerprints are being captured when they visit Disney World.

Many believe that biometric security data is safer than digit-based passwords and, if used correctly, it may be so. However, in the wrong hands, biometric security data also has explosive potential.

In the aftermath of the compromise of 5.6 million US government military, civilian and contractor personnel fingerprints, Eva Velasquez, CEO of the Identity Theft Resource Center, explained that stolen fingerprints may be a big problem in the future.

This is especially the case if biometric technology is used to verify bank accounts, home security systems and even travel verifications.

Author:  Ben Rossi

Source:  http://www.information-age.com/5-cyber-security-predictions-2017-123463528

Samsung may be the first to release a foldable phone next year, according to some reports, but it won’t be the only top company looking to launch such devices. A new report says that foldable smartphones are in the works from several tech giants, Apple included, and they may become more and more popular by 2019. But could Apple release its first foldable iPhone as soon as 2018?

To make a foldable phone, you need a flexible display, and a flexible type of glass. OLED is flexible, whereas LCD isn’t, and Apple is already expected to launch its first OLED iPhone with a curved display next year.

 

According to The Korea Herald, there’s just one company in the world that can mass produce colorless polyimide, the glass that would protect the foldable OLED screen, and that’s Kolon Industries.

“Around three to five tech companies are expected to mass produce foldable phones in 2018 globally. The devices will then grab around 20 percent of the total smartphone market here,” Kolon Industries’ colorless polyimide division head Kang Chung-seok told The Herald.

The company is apparently supplying materials to Samsung, LG, and BOE. Apple may also be one of the companies looking at such components.

The Kolon exec said the first foldable devices could have a bend radius of 5 millimeters rather than the 1-millimeter radius that would allow a wallet-like smartphone fold, where the glass on the face of the handset would actually touch itself.

“The bend radius of 1 millimeter is the most ideal, but that may cause a safety issue. So, tech companies are likely to unveil the bend radius of 5 millimeters first and then gradually unveil devices with less bend radius,” Kang added.

Kolon finished the development of its flexible colorless polyimide glass in August and expects to mass produce films for around 100 million units of foldable devices in 2018.

Apple has traditionally been very cautious about adopting certain technologies, choosing to only bring some of them to market in the iPhone when they have met its performance and quality standards. It’ll be interesting to see how fast the company will release a foldable iPhone — or iPad, for that matter — especially considering that the iPhone will receive it’s first major redesign in four iPhone generations next year.

That said, Apple already has various patents describing foldable devices, including the kind fold just like a wallet.

Source: This article was published on yahoo.com by Chris Smith

The USTR dropped its annual blacklist calling out marketplaces that are rife with counterfeit and pirated goods this week.

Many of the shopping centers and sites listed in this “Special 301” report were absolutely predictable, like Beijing’s Silk Market, St. Petersburg-based social network VK.com, or The Pirate Bay, which was formed by an anti-copyright group in the first place.

One entrant proved controversial, however, Taobao Marketplace, the e-commerce behemoth owned by Alibaba Group.

Today, Alibaba Group CEO Daniel Zhang hit back at the US government office, chalking up the USTR’s decision to list Taobao as a “notorious marketplace” to rising American protectionism.

President elect Donald Trump ran a protectionist campaign. He frequently rails against free trade agreements, outsourcing, and other facets of global trade that he claims have killed jobs in the US.

Alibaba Group CEO Zhang cautioned in an email sent to all employees and published online:

“…Protectionism is ever present around the world and influences that are not free market-oriented come into play. As we accelerate our pace of globalization, certain countries will deploy all sorts of ways to fence themselves off…

We are committed to protecting intellectual property, but will not be bullied by those who exploit the issue for unfair advantage.”

The USTR publishes the Special 301 report each year, in part, to caution consumers who don’t want to buy knockoffs, or pirated apps and content which all too frequently carry malware.

But the report is also used to pressure companies, and governments, to enforce the internationally recognized intellectual property rules that help American businesses compete fairly in global markets.

Alibaba and Taobao had been absent from the list for four years until this week, even though they’d been clashing with French, American and other luxury goods brands earlier this year.

 

In the spring of 2016, the company was denied a special membership to the International Anti-Counterfeiting Coalition, after protests from fashion industry insiders and IP firms.

shutterstock alibaba

According to Alibaba’s own statements to investors, Taobao’s  mobile app alone boasts150 million daily users, and the marketplace see 20 million product reviews posted daily. Across all of its businesses, Alibaba sold $500 billion worth of goods in 2015, from 10 million merchants who use their platforms.

In his public statement on Thursday, Zhang recounted efforts the company has taken to thwart pirates and counterfeiters. For example, it has used big data analytics to identify and block problematic sellers, and worked closely with law enforcement to shut down factories and send counterfeiters to prison.

Alibaba Group claims it removed 16 times more links than the number that brands, or their IP attorneys, have reported as infringing on their intellectual property rights this year. That could be because Alibaba’s sites don’t make it easy for brands to file complaints about IP infringements, however.

The USTR, in its report, specifically recommended that Alibaba Group could improve its standing by:

“Simplifying processes for right holders to register and request enforcement action; making good faith takedown procedures generally available; and reducing Taobao’s timelines for takedowns and issuing penalties for counterfeit sellers.”

Besides Taobao, twenty-one different digital platforms and twelve different physical malls were labeled “notorious marketplaces” by the USTR, selling everything from pirated music, videos, games, and software to counterfeit hardware and luxury goods.

The report also identified an emerging trend around intellectual property theft called “stream ripping,” that’s plaguing the music industry. This is when a site lets users convert a licensed streaming music or other file into an unauthorized copy for download and distribution.

The first site to make the list for this offense was Youtube-mp3.org, which is based in Germany but popular among users in Turkey and Mexico. Youtube-mp3.org saw 4.8 billion visits in 2016, the report says.

Author : Lora Kolodny

Source : https://techcrunch.com/2016/12/22/alibaba-is-back-on-u-s-blacklist-of-notorious-marketplaces/

No security posture is absolute. Rather than attempting to prevent a security breach, organisations should implementing strong plans for what to do when one takes place

These days, data breaches are an all too common occurrence. Barely a week goes by without another high-profile attack taking place. With increasing legislation and regulatory requirements coming into play, these announcements are likely to become more prominent.

There’s much advice given about how to reduce the risk of an attack and the different preventative measures that organisations can put in place. However, with new technologies and routes of entry for attackers, preventive measures alone are not enough.

In order to ensure all bases are covered, organisations need to be prepared with a solid security incident response plan. When an incident occurs, it will ensure everyone knows exactly what to do to minimise the impact to their organisation.

Many organisations lack incident response plans for the same reason most people don’t get travel insurance before going on holiday, or check their tyre pressure before driving long distances.

Most people don’t think about these things until it’s too late. Developing and implementing a security incident response plan can be time consuming and often costly – two things most organisations do not have.

Without a response plan, incidents can escalate quickly and the impact can be severe. An incident response plan gives organisations a much better chance of isolating and controlling an incident in a timely and cost effective manner.

A recent incident response survey uncovered concerns by IT professionals about their organisation’s security incident response plans. A quarter of respondents were not confident in their organisation’s security response plan.

Despite this continued lack of confidence, respondents understood the significant impact of a breach upon their organisations, with reputational damage topping the list at 56%.

When asked why they thought an organisation would not have a response plan in place, lack of awareness within organisations came out on top with 38% of respondents highlighting this as an issue.

This was followed by a lack of resources (23%), lack of skills or expertise (18%), lack of budget (12%), other (nine%) and lack of time (five%). Coming from IT professionals, the perceived lack of awareness when it comes to incident response plans is worrying.

So, the worst has happened and your organisation has suffered a security breach. What are the first things you need to do to ensure that your risk is minimised?

1. Triage

Don’t panic – it may be a natural reaction, but it doesn’t solve anything. Avoid the temptation to simply pull the plug or turn the machines off. Directly after a breach, things often seem worse than they are. Your main goal should be business continuity.

To do this, it’s important to establish the nature and extent of the incident. Is it something that has been seen before, such as a common ant-virus incident? If so what steps need to be taken to control the impact of the incident?

It’s crucial to closely manage any communication about the security breach to customers and beyond. Many security breaches are broken by news outlets watching social media feeds.

 

Make sure you have a dedicated team in place for crisis communications and keep track of all customer interactions. This will help you better manage public relations following the incident.

2. Data analysis

Carefully analysing the data involved in the incident is crucial to understanding what actually happened. It may sound simple too many security breaches are misdiagnosed early on, resulting in incorrect remedial actions. For example, diagnosing a DDOS attack when a completely different failure has occurred or prepping for a data corruption incident when it’s actually ransomware.

Understand what happened and how. If this is something that you don’t have the time or resources to manage in your organisation, call in cyber security experts to help you figure out what happened.

By assigning an expert to handle the incident, you can be sure the responsibility of incident management and coordination is taken care of, so that you can focus on getting your organisation back to its normal state of operation.

3. Communication

One of the biggest issues we see with incident response is a lack of internal communication – from board level down. Depending on the type of incident, it may be that communication with the rest of the organisation and external bodies such as third-party agencies, customers and regulatory authorities is necessary.

If that is the case, it’s important to ensure communication only occurs through the pre-planned and established channels.

 

Communication cannot just take place after the incident. It needs to be an on-going process throughout the organisation.

Regardless of their job function, when a security incident occurs, everyone needs to be fully trained and aware of their role and responsibilities.

Putting security incident playbooks in place for each department can be one way to keep staff aware of what they are and are not allowed to do in the wake of a breach.

As outlined in step one, taking charge of your communication channels is crucial. You should be the one to decide when and how news of the breach is disseminated to various parties. This will help minimise the impact of the incident and fan any flames.

4. Resolve and recover

Assuming the incident handler and the technical team assigned to the incident has control, you should be on the way to resolving the issue and heading towards recovery.

The road to recovery may involve rolling back disaster recovery (DR) applications, beginning to restore data from backups or simply closing the incident. Whatever the situation, the incident will not be properly resolved until all recovery actions are complete.

5. Lessons learned

Following an incident, organisations can be quick to fall back into routine. It’s important that you learn from every security incident to minimise the risk of it taking place in the future.

Ask yourself; what can we implement to better protect ourselves? If this happens again, have we done enough to minimise the risk and disruption? Does everyone know their role and are they aware of the role they play in keeping the organisation secure?

Source : http://www.information-age.com/7-ways-cyber-attacks-will-evolve-2017-123463538/

The 2013 hack affecting a billion Yahoo users shows how seemingly innocuous bits of data gleaned from cyber-attacks can be exploited for espionage and information warfare, as well as for profit.

The breach, disclosed Wednesday, is the largest on record and comes just months after Yahoo disclosed a separate attack in 2014 affecting data from 500 million users.

On the surface, the trove of data is "a bunch of junk," said John Dickson of the security consultancy Denim Group.

But the ability to create a searchable database with data tidbits such as birth dates and phone numbers makes it enormously valuable to hackers seeking to make a profit or engage in industrial or state espionage, he said.

"If you're trying to research and get information about a target, you're going to use everything you can find," said Dickson, a former officer in the Air Force Information Warfare Center.

The Yahoo hack did not collect credit card or Social Security numbers, according to the company, leading some analysts to speculate that the goals were not financial.

"For someone using data as a weapon, this is of tremendous value," said Steve Grobman, chief technical officer at Intel Security.

Information warfare?

James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cyber-security think tank, said that while details are still unknown, the attack could fuel disinformation campaigns by governments.

 

Scott noted that the data had not appeared for sale on Deep Web markets - that is, in murky corners of the web that cannot be reached by standard search engines.

"And since a significant number of victims (if any) have not reported identity theft resulting from the incident, there is a strong likelihood that the breach was not conducted for monetary gain," Scott said.

"This could indicate that the breach was an espionage stage of an information warfare effort."

The disclosure of the breach comes amid intense scrutiny of cyber-security in the US election campaign and of the potential impact of hacked email accounts from people close to Democratic presidential candidate Hillary Clinton.

US officials have claimed Russia was behind the attack aimed at disrupting the election.

One of the hacks was a Gmail account of Clinton campaign chairman John Podesta. Media reports say he or an assistant was fooled by a fake email that prompted him to reveal his password.

Security analysts say such attacks are often preceded by lengthy data-gathering campaigns that might look for personal information such as a birth date or former school or university.

Signs of a state actor

Yahoo said it was not clear who was behind the billion-user hack but that some evidence pointed to "the same state-sponsored actor" believed responsible for the previously disclosed cyber-attack.

The security firm InfoArmor said in September that its analysis of the first breach indicated "professional" hackers stole the Yahoo data, and only later sold it to a state entity.

InfoArmor said at the time that the breach "opens the door to significant opportunities for cyber espionage and targeted attacks to occur."

Grobman said some attackers may mix real data with manipulated information to distort facts, creating further confusion and mistrust.

"One of the things we are concerned about is that the public is conditioned to see leaked data as legitimate, and this data can be manipulated," Grobman said.

Some analysts argue that the hackers' goals may be more financial than political.

Security researcher Graham Cluley said certain bits of information such as phone numbers could be of value to criminals.

"If a hacker or scammer has your telephone number, they can ring you up and trick you into believing they are an organization you already have a relationship with, which means that you might be tempted to hand over more personal information," Cluley said in a YouTube posting.

'A lot of money'

James Lewis, a senior fellow specializing in cyber-security at the Center for Strategic and International Studies, said new analytics tools can sift through databases for political espionage purposes, but that it is not clear if Russia has those capabilities.

"If you're a criminal, you would think you could monetize a billion accounts," Lewis said. "Even if you got a penny or a dime for each, you would still be making a lot of money."

The attacks also pose a threat to the future of Yahoo, the former internet star which has seen its fortunes decline and is in the process of selling its main assets to telecom group Verizon.

Dickson said that it's likely that "Verizon is doing a double take" on the $4.8 billion deal.

"If this kills that deal, I think it will increase the focus on cyber-security hygiene across the board," he said.

Author:  Agence France-Presse

Source:  http://gadgets.ndtv.com/internet/features/yahoo-1-billion-user-hack-shows-datas-use-for-information-warfare-1638536

AOFIRS

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media