Interview with an Ethical Hacker
July 20, 2016
We’ve checked out a write-up on one of the white-hats working for IBM at Business Insider— “Here’s What It’s Really Like to Be a Hacker at One of the World’s Biggest Tech Companies.” We wonder, does this wizard use Watson? The article profiles Charles Henderson. After summarizing the “ethical hacker’s” background, the article describes some of his process:
“The first thing I do every morning is catch up on what happened when I was sleeping. The cool thing is, since I run a global team, when I’m sleeping there are teams conducting research and working engagements with customers. So in the morning I start by asking, ‘Did we find any critical flaws?’ ‘Do I need to tell a client we found a vulnerability and begin working to fix it?’ From there, I am working with my team to plan penetration tests and make sure we have the resources we need to address the issues we have found. There isn’t an hour that goes by that I don’t find a cool, new way of doing something, which means my days are both unpredictable and exciting.
“I also do a lot of research myself. I like to look at consumer electronic devices, anything from planes to trains to automobiles to mobile devices. I try to find ways to break into or break apart these devices, to find new flaws and vulnerabilities.”
Henderson also mentions meeting with clients around the world to consult on security issues, and lists some projects his team has tackled. For example, a “physical penetration test” which involved stealing a corporate vehicle, and sending “tiger teams” to burgle client buildings. His favorite moments, though, are those when he is able to fix a vulnerability before it is exploited. Henderson closes with this bit of advice for aspiring hackers: “Always be curious. Never take anything at face value.”
Cynthia Murrell, July 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
Hewlett Packard Makes Haven Commercially Available
July 19, 2016
The article InformationWeek titled HPE’s Machine Learning APIs, MIT’s Sports Analytics Trends: Big Data Roundup analyzes Haven OnDemand, a large part of Hewlett Packard Enterprise’s big data strategy. For a look at the smart software coming out of HP Enterprise, check out this video. The article states,
“HPE’s announcement this week brings HPE Haven OnDemand as a service on the Microsoft Azure platform and provides more than 60 APIs and services that deliver deep learning analytics on a wide range of data, including text, audio, image, social, Web, and video. Customers can start with a freemium service that enables development and testing for free, and grow into a usage and SLA-based commercial model for enterprises.”
You may notice from the video that the visualizations look a great deal like Autonomy IDOL’s visualizations from the early 2000s. That is, dated, especially when compared to visualizations from other firms. But Idol may have a new name: Haven. According to the article, that name is actually a relaxed acronym for Hadoop, Autonomy IDOL, HP Vertica, Enterprise Security Products, and “n” or infinite applications. HPE promises that this cloud platform with machine learning APIs will assist companies in growing mobile and enterprise applications. The question is, “Can 1990s technology provide what 2016 managers expects?”
Chelsea Kerwin, July 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
The Machine Learning Textbook
July 19, 2016
Deep learning is another bit of technical jargon floating around and it is tied to artificial intelligence. We know that artificial intelligence is the process of replicating human thought patterns and actions through computer software. Deep learning is…well, what specifically? To get a primer on what deep learning is as well as it’s many applications check out “Deep Learning: An MIT Press Book” by Ian Goodfellow, Yoshua Bengio, and Aaron Courville.
Here is how the Deeping Learning book is described:
“The Deep Learning textbook is a resource intended to help students and practitioners enter the field of machine learning in general and deep learning in particular. The online version of the book is now complete and will remain available online for free. The print version will be available for sale soon.”
This is a fantastic resource to take advantage of. MIT is one of the leading technical schools in the nation, if not the world, and the information that is sponsored by them is more than guaranteed to round out your deep learning foundation. Also it is free, which cannot be beaten. Here is how the book explains the goal of machine learning:
“This book is about a solution to these more intuitive problems. This solution is to allow computers to learn from experience and understand the world in terms of a hierarchy of concepts, with each concept de?ned in terms of its relation to simpler concepts. By gathering knowledge from experience, this approach avoids the need for human operators to formally specify all of the knowledge that the computer needs.”
If you have time take a detour and read the book, or if you want to save time there is always Wikipedia.
Whitney Grace, July 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
Machine Learning: Learn Now
July 18, 2016
If you want the basics taught in most universities, you can start with the papers listed at this link. If you come away from these write ups with some questions, you can refresh your knowledge of Bayesian machine learning in a paper of the same name. To get a sense of some limitations of the much-hyped “new” approach to smart software, check out this sort of slideshow, sort of lecture called “What’s Wrong with Deep Learning?” Balanced views are difficult to track down. There are the cheerleaders, and then there are some implementers. A representative example of cheerleaders are the ad hoc team of Google, Microsoft, and some startups, research computing outfits, and lots of academics. The doubters are old people like myself who have had to deal with the interesting “drift” which can creep into deep learning systems. What’s drift, you may ask? Well, you expect one thing and get another. No human knows why. That’s drift.
Stephen E Arnold, July 18, 2016
Attivio Targets Profitability by the End of 2016 Through $31M Financing Round
July 18, 2016
The article on VentureBeat titled Attivio Raises $31 Million to Help Companies Make Sense of Big Data discusses the promises of profitability that Attivio has made since its inception in 2007. According to Crunchbase, the search vendor has raised over $100 million from four investors. In March 2016, the company closed a financing round at $31M with the expectation of becoming profitable within 2016. The article explains,
“Our increased investment underscores our belief that Attivio has game-changing capabilities for enterprises that have yet to unlock the full value of Big Data,” said Oak Investment Partners’ managing partner, Edward F. Glassmeyer. Attivio also highlighted such recent business victories as landing lab equipment maker Thermo Fisher Scientific as a client and partnering with medical informatics shop PerkinElmer. Oak Investment Partners, General Electric Pension Trust, and Tenth Avenue Holdings participated in the investment, which pushed Attivio’s funding to at least $102 million.”
In the VentureBeat Profile about the deal, Stephen Baker, CEO of Attivio makes it clear that 2015 was a turning point for the company, or in his words, “a watershed year.” Attivio prides itself on both speeding up the data preparation process and empowering their customers to “achieve true Data Dexterity.” And hopefully they will also be profitable, soon.
Chelsea Kerwin, July 18, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
==
The Watson Update
July 15, 2016
IBM invested a lot of resources, time, and finances into developing the powerful artificial intelligence computer Watson. The company has been trying for years to justify the expense as well as make money off their invention, mostly by having Watson try every conceivable industry that could benefit from big data-from cooking to medicine. We finally have an update on Watson says ZDNet in the article, “IBM Talks About Progress On Watson, OpenPower.”
Watson is a cognitive computer system that learns, supports natural user interfaces, values user expertise, and evolves with new information. Evolving is the most important step, because that will allow Watson to keep gaining experience and learn. When Watson was first developed, IBM fed it general domain knowledge, then made the Watson Discovery to find answers to specific questions. This has been used in the medical field to digest all the information created and applying it to practice.
IBM also did this:
“Most recently IBM has been focused on making Watson available as a set of services for customers that want to build their own applications with natural question-and-answer capabilities. Today it has 32 services available on the Watson Developer Cloud hosted on its Bluemix platform-as-a-service… Now IBM is working on making Watson more human. This includes a Tone Analyzer (think of this as a sort spellchecker for tone before you send that e-mail to the boss), Emotion Analysis of text, and Personality Insights, which uses things you’ve written to assess your personality traits.”
Cognitive computing has come very far since Watson won Jeopardy. Pretty soon the technology will be more integrated into our lives. The bigger question is how will change society and how we live?
Whitney Grace, July 15, 2016
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016. Information is at this link: http://bit.ly/29tVKpx.
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Try the Amazon Brand Computer Chip
July 14, 2016
Amazon offers its clients cloud storage, software development help, and more services via their Amazon Service Works. The global retailer is also taking on electronics and cable TV with the Kindle and Amazon Fire TV, but now, according to Trusted Reviews, “Amazon Now Selling Own-Brand Computer Chips.” Amazon wants to diversify its offerings even more with its own brand of computer chips.
The Amazon brand computer chips are made by Annapurna Labs that the company purchased last year. Amazon recently announced these chips are now available to the open market and the ARM-based processors can be used in home gateways, WiFi routers, and networked attached storage devices. They are meant to be used as cheap alternatives for home smart devices and data centers, nothing that can compete on the scale of Qualcomm.
The purpose of a capitalistic society is to drive competition and Intel has the computer chip marker monopoly:
“However, it does mark a notable challenge to another major chip manufacturer. As Bloomberg points out, Intel currently has the data-centre infrastructure field pretty much to itself, with a whopping 99% share of the server chip market. Amazon’s entry to this one-sided market could start to change that, although it won’t initially be targeting the kind of high-end servers that represent Intel’s stronghold. Amazon appears to be attacking the low-power edges of the market, which could see it powering (or at least helping to power) that hottest of networks, the Internet of Things.”
Great, Amazon is still working on developing other products, but we want to know when they are going to deploy image search.
Whitney Grace, July 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Dark Web Drug Merchant Shiny Flakes Fesses Up
July 14, 2016
Authorities know a bit more about how criminals buy and sell drugs on the dark web, thanks to the cooperation of a captured dealer. DarknetPages’ article, “Dark Web and Clearnet Drug Vendor ‘Shiny Flakes’ Confessed his Crimes,” reveals that the 20-year-old Shiny Flakes, aka Maximilian S., was found with a bevy of illegal drugs, cash, and packaging equipment in his German home. Somehow, the police eventually convinced him to divulge his methods. We learn:
“[Maximilian] actually tried to make money on the internet legally in 2013 by copying fee-based pornographic websites. The thing is that the competition was pretty strong and because of that, he abandoned his idea soon after. So instead of spending the 2 thousand EUR he had at the time on porn, he thought it would be a better idea to spend it on drugs. So he went on to purchase 30 g of cocaine and shrooms from a popular German darknet market dealer and then sold them for a higher price on the dark web….
“Shiny Flakes was really worried about the quality of the drugs he was selling and that is why he always kept an eye on forum posts and read everything that his buyers posted about them. In fact, he took things beyond the opinions on the dark web and actually sent the drugs for testing. The tests conducted were both legally and illegally, with the legal tests taking place at Spain’s Energy Control or at Switzerland’s Safer Party. However, it seems that Maximilian also got in touch with the University of Munich where his products were tested by researchers who were paid in cocaine.”
Sounds efficient. Not only was Mr. Flakes conscientious about product quality, he was also apparently a hard worker, putting in up to 16 hours a day on his business. If only he had stayed on the right side of the law when that porn thing didn’t work out. To give him credit, Flakes had every reason to think he would not be caught; he was careful to follow best practices for staying anonymous on the dark web. Perhaps it was his booming success, and subsequent hiring of associates, that led to Shiny Flakes’ downfall. Whatever the case, authorities are sure to follow up on this information.
Cynthia Murrell, July 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
What Could Possibly Go Wrong?
July 13, 2016
After reading The Atlantic’s article, “Technology, The Faux Equalizer” about how technology is limited to the very wealthy and does not level the playing field. It some ways new technology can be a nuisance to the average person trying to scratch out a living in an unfriendly economy. Self-driving cars are one fear, but did you ever think bankers and financial advisors would have to compete with algorithms? The International Business Times shares, “Will Financial Analysts Lose Their Jobs To Intelligent Trading Machines?”
Machine learning software can crunch numbers faster and can extrapolate more patterns than a human. Hedge fund companies have hired data scientists, physicists, and astronomers to remove noise from data and help program the artificial intelligence software. The article used UK-based Bridgewater Associates as an example of a financial institute making strides in automizing banking:
“Using Bridgewater as an example, Sutton told IBTimes UK: ‘If you look at their historic trading strategies, it’s been very much long-term bets around what’s happening at a macro level. They have built their entire business on having some of the best research and analytics in the industry and some of the smartest minds thinking on that. When you combine those two things, I would definitely expect artificial intelligence to be applied to identify large-scale trades that might not be evident to an individual researcher.’”
Developing artificial intelligence for the financial sector has already drawn the attention of private companies and could lead to a 30% lose of jobs due to digitization. It would allow financial companies a greater range of information to advise their clients on wise financial choices, but it could also mean these institutes lose talent as the analysts role was to groom more talent.
These will probably be more potential clients for IBM’s Watson. We should all just give up now and hail our robot overlords.
Whitney Grace, July 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Defending Against Java Deserialization Ransomware
July 13, 2016
What is different about the recent rash of ransomware attacks against hospitals (besides the level of callousness it takes to hold the well-being of hospital patients for ransom)? CyberWatch brings us up to date in, “My Layman’’s Terms: The Java Deserialization Vulnerability in Current Ransomware.” Writer Cheryl Biswas begins by assuring us it is practicality, not sheer cruelty, that has hackers aiming at hospitals. Other entities, like law enforcement agencies, which rely on uninterrupted access to their systems to keep people safe are also being attacked. Oh, goody.
The problem begins with a vulnerability at the very heart of any Java-based system, the server. And here we thought open source was more secure than proprietary software. Biswas informs us:
“This [ransomware] goes after servers, so it can bring down entire networks, and doesn’t rely on the social engineering tactics to gain access. It’s so bad US-CERT has issued this recent advisory. I’ve laid out what’s been made available on just how this new strain of ransomware works. And I’ve done it in terms to help anybody take a closer look at the middleware running in their systems currently. Because a little knowledge could be dangerous thing used to our advantage this time.”
The article goes on to cover what this strain of ransomware can do, who could be affected, and how. One key point—anything that accepts serialized Java objects could be a target, and many Java-based middleware products do not validate untrusted objects before deserialization. See the article for more technical details, and for Biswas’ list of sources. She concludes with these recommendations:
“Needs to Happen:
“Enterprises must find all the places they use deserialized or untrusted data. Searching code alone will not be enough. Frameworks and libraries can also be exposed.
“Need to harden it against the threat.
“Removing commons collections from app servers will not be enough. Other libraries can be affected.
“Contrast Sec has a free tool for addressing issue. Runtime Application Self-Protection RASP. Adds code to deserialization engine to prevent exploitation.”
Organizations the world over must not put off addressing these vulnerabilities, especially ones in charge of health and safety.
Cynthia Murrell, July 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
