A Resource for IT Professionals

Study finds cybersecurity pros are hiding breaches, bypassing protocols, and paying ransoms - TechRepublic
▻http://www.techrepublic.com/article/study-finds-cybersecurity-pros-are-hiding-breaches-bypassing-protocols

Cybersecurity company Bromium has found that an average of 10% of security professionals have quietly paid ransomware demands, and that 35% have admitted to circumventing, disabling, or otherwise bypassing their organization’s security.

The startling numbers come from research that began at RSAC 2017 and continued afterward due to the numbers above, which startled Bromium’s research team.

“While we expect employees to find workarounds to corporate security, we don’t expect it from the very people overseeing the operation,” said Bromium co-founder and CTO Simon Crosby. “To find from their own admission that security pros have actually paid ransoms or hidden breaches speaks to the human-factor in cyber security.”

The study also suggests something else that should alarm anyone with a network to secure: Those numbers only account for security professionals who admit their mistakes.
[…]
Another, more troubling, possibility is something we’ve written about at TechRepublic before: Those who consider themselves tech-savvy are more likely to get hacked. Professionals may have an attitude of “it won’t happen to me” due to their knowledge and training, but one moment of complacency is all a dedicated hacker needs to find an exploit.

“[Highly privileged users are] inclined to believe that they are highly vigilant and therefore more secure, when in fact they have become blasé about the operational security needs,” Crosby said. “Just as you cannot train users not to click on plausible looking links, attachments and files, you cannot train IT Pros to remain vigilant.”

#selon_une_étude_récente menée par un vendeur de solutions, mais bon… il y a aussi des recommandations qui ne passent pas par cette solution.

Bromium’s solution comes in the form of its own micro-VM product, but if you don’t have the budget or desire to completely overhaul your system that isn’t a feasible option. That doesn’t mean that you can’t improve security, however.
• Minimize security fatigue by using a single sign-on system like Okta, Shibboleth, or OneLogin. Users can store all their credentials behind one secure system, saving time and headaches.
• Do a better job of filtering security alerts and notifications to your IT team. It may take more time to set up a system that minimizes notices and only sends them to the necessary people, but it will make alerts seem more important when they are received.
• If necessary, create an extra level of administrative privileges that lives between regular users and true admins. Restrict privileges a bit to force your line IT staff to conform to security standards.
• Train, train, train, then keep training. Make sure your team knows you’ll hold them accountable when something happens (and be sure to say when, not if).

The truth about MooCs and bootcamps: Their biggest benefit isn’t creating more coders - TechRepublic
▻http://www.techrepublic.com/article/the-truth-about-moocs-and-bootcamps-their-biggest-benefit-isnt-creatin

While MooCs might be democratizing education, offering courses that in some cases rival the best available at universities, and for free or a fraction of the price, the evidence that these MooCs help their graduates onto a career ladder is shaky—at least when it comes to programming.

Can AI and big data improve how you get news? Cheetah Mobile is making a $57M bet that it can - TechRepublic
▻http://www.techrepublic.com/article/can-ai-and-big-data-improve-how-you-get-news-cheetah-mobile-is-making-

On Friday, one of China’s leading tech companies, Cheetah Mobile, announced the $57 million acquisition of New Republic—a move that signals its “journey of a transformation,” according to CTO Charles Fan, highlighting its investment in AI and transition into a mobile content company.

Founded in 2010, Cheetah Mobile began as a mobile tools provider. Over the last six years, it has become a major player in China’s tech scene—and made a big impact, globally. It’s the second largest internet and mobile security company in China, and the third global non-gaming developer on the Google Play Store, providing the popular apps Piano Tiles 2, Clean Master, CM Security, and Battery Doctor. Fan told TechRepublic that the company has over 650,000,000 monthly active users, internationally, in Q1.

Fan said he sees the company as a “bridge between China and the world.” What makes Cheetah Mobile different, he said, is that 80% of their mobile users are outside of China. “Even though we are headquartered in Beijing, our target audience is mostly overseas,” he said. While most companies are based solely in China, Cheetah Mobile recently set up a second headquarters in Silicon Valley, expanding its global footprint and assisting in the development of its machine learning algorithms.
[…]
“Our goal is to grow News Republic into being the smartest news app,” Fan said, “so that users can get the content they want to consume, plus help content producers, game developers, and influencers.”

And, for the huge amount of data Cheetah Mobile is collecting on the phones? It’s helping the algorithms become even smarter.

How #Tesla #Autopilot drove a man with a blood clot to the hospital, and expanded the autonomous car debate - TechRepublic
▻http://www.techrepublic.com/article/how-tesla-autopilot-drove-a-man-with-a-blood-clot-to-the-hospital-and-

Neally, who reportedly pays close attention while driving Autopilot, following Tesla’s guidelines for use, may have expected the advanced driving feature to kick in, braking if a vehicle crossed its path or alerting him if a nearby car slid too close into his lane.

But, when Neally began experiencing tightness in his chest and, after calling his wife, realized he needed to get to the hospital, he used Autopilot in a way he probably never expected: To rush him straight to the hospital.

The tightness in his chest turned out to be caused by a pulmonary embolism, and Neally was able to make a full recovery.

“I don’t really think I could have [made the drive without Autopilot],” Neally told CBS.

#belle_histoire

Inside Kansas City’s goal to become ’the smartest city on planet earth’ - TechRepublic
▻http://www.techrepublic.com/article/inside-kansas-citys-goal-to-become-the-smartest-city-on-planet-earth

There’s more to #Kansas_City than barbecue and baseball, as the metro area digs in even deeper to become a smart city.

In May, the Missouri city heralded the first phase of its plan to become a smart, connected city by creating a 2.2 mile smart district with 20,000 residents in the heart of downtown. The core area includes a streetcar line, free public Wi-Fi, smart LED streetlights, and 25 digital kiosks as part of an infrastructure overhaul. The first phase has been limited to the area covered, as it’s served as a living lab for smart city Internet of Things (IoT) technology.
[…]
The free public Wi-Fi is the core component of the project, in that it touches the most people’s lives by improving their connectivity. The city initially thought that residents in the area would get the most impact from the free Wi-Fi. But it turns out that visitors are using it, and using it repeatedly. This means that the city can collect data about the visitors, such as their area codes and, through sensors in kiosks stationed throughout the smart city district, the pattern of where they are going while they are in the area, Bennett [Kansas City’s chief innovation officer] said.

For instance, “There are 48 people who walk past the corner of 9th and Broadway between 9 and 10 am each day. There is not a single restaurant in that entire two-block area. Once I figured that out, I talked to our economic development council. We talked to two people who bid, and they put a new deli in,” Bennett said.
[…]
Kim Majerus, local and education vice president for #Cisco, worked with the city on the project. “The amount of data and information they’re collecting from that street car and the usership and the opportunities, I think that itself has paid for the project in gold from the city’s perspective.”
[…]
Cities are realizing the value in IoT, and putting the technology into practice, and it has accelerated in the last year, Majerus said.

“It’s no longer telling people why they should be smart and connected, but it’s telling the city leaders that you have an asset that you can monetize to the benefit of your citizens. Once you get that piece done, the rest is easy. Once you show them the value of the assets they have, it makes it a little easier for the city leadership to get behind it,” she said.

Le futur âge d’or de la #smart_city …

Charged EVs | #Elon_Musk: When it comes to autonomous driving, #data_is_everything
▻https://chargedevs.com/newswire/elon-musk-when-it-comes-to-autonomous-driving-data-is-everything

As Musk explained during Tesla’s Q1 2016 earnings call, “Data is everything,” not only for improving the Autopilot technology, but also to convince regulators, and the public, that autonomous features make automobiles safer.

“Regulators are going to want to see a very large amount of data – maybe billions of miles – showing that the car is unequivocally safer in autonomous mode…in a wide range of circumstances, in countries all around the world,” said Musk.

100 Gbps DDoS on ProtonMail

http://traditores.org/wp-content/uploads/2014/06/protonemaillogo.jpg

Then they paid the 15 BTC (5.380 EUR) ransom but the attacks didn’t stop. Instead, it moved upstream and attacked the ISP’s infrastructure.
This is a fairly recent and new approach which may have an interesting outcome not in the advantage of the attackers.

On top of the 15 BTC ransom, ProtonMail also had to pay the ISP and the datacenter for the collateral damage incurred.

Because ProtonMail was unreachable it had to set up a communication channel via Wordpress:

▻https://protonmaildotcom.wordpress.com

You can find there details about the attack

This threat was followed by a DDOS attack which took us offline for approximately 15 minutes. We did not receive the next attack until approximately 11AM the next morning. At this point, our datacenter and their upstream provider began to take steps to mitigate the attack. However, within the span of a few hours, the attacks began to take on an unprecedented level of sophistication.

At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just #ProtonMail.

[...]

The attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated.

It is believed that the ProtonMail attack is likely to have been operated by two separate groups. The first one calls themselves the Armada Collective, and the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors,, ProtonMail said.

#DDoS
#ransom #bitcoin
#Armada_Collective

Google may be declaring war against Microsoft and Office 365 - TechRepublic
▻http://www.techrepublic.com/article/google-is-declaring-war-against-microsoft-and-office-365

According to an August 2015 report, Microsoft Office 365 has surpassed Google Apps and now controls more than 25% of the enterprise market—triple the enterprise market share the company held just a year ago. That is some serious growth and it hasn’t gone unnoticed by the folks at Alphabet (aka Google).

On October 19, 2015, Rich Rao, head of global sales for Google Apps for Work announced a new program specifically designed to turn the tide against Microsoft Office 365’s advance.

In a nutshell, enterprises with preexisting contracts for a competitor’s office suite (read Office 365) looking to switch to Google Apps can do so and not pay any additional fees until the competitor’s contract has run its course. In essence, switching enterprises will pay Microsoft’s contract while they use Google Apps.

When the preexisting contract is over, enterprises sign a new contract with Google Apps. The announcement also suggests that Google will pay some of the transition costs through a special program offered by its Google for Work Partners service.

This is a bold move by Google and it signals that the company is reeling from the sudden surge of Microsoft Office 365. I don’t think Google was expecting this level of competition for its Google Apps suite.
[…]
The real battleground lies in cloud and collaboration services, including collaboration tools, storage, video communication, and document sharing. The cloud is where Microsoft and Google are going to fight their battle for productivity suite superiority.

And cloud is where Microsoft has been winning handily for the past year or so. I believe the new cloud and collaboration emphasis of Office 365 has taken Google by surprise. I think Google has realized that Microsoft has upped its game and that it can’t coast into increased enterprise market share by merely offering a lower-price, simpler productivity suite.

Five #tools for working with #text files - TechRepublic
▻http://www.techrepublic.com/blog/five-apps/five-tools-for-working-with-text-files/#ftag=RSS56d97e7

Tags : text tools

You’re never going to find a data scientist with that ad - TechRepublic
▻http://www.techrepublic.com/article/youre-never-going-to-find-a-data-scientist-with-that-ad

“Admit it,” [Christi Eubanks, Gartner analyst] writes, “You and/or the recruiter took a bunch of LinkedIn posts and genetically engineered your perfect, beautiful quant baby with skills you didn’t even know you needed.”

And so the job spec asks for an MS or PhD (with an MBA, preferred!) that knows every business intelligence program ever invented, hacks NoSQL databases in her spare time, and also loves PowerPoint.

This leads Eubanks to conclude: “Data scientists are related to, but not the same as statisticians, who are not all versed in web analytics, which is not SEM, though all of the above can probably handle some SQL, and none would pick .ppt as their favorite medium. There are three or four different experts rolled into this one position, but none of them are going to apply for this job.”

Far better, she argues, following her colleague Svetlana Sicular, to stop searching for unicorns and instead let someone with potential grow into the job. According to Sicular, the best data scientists will be those that know the right questions to ask. Learning the tools (like Hadoop) that help answer the questions is a secondary problem.

Data breaches may cost less than the security to prevent them - TechRepublic
▻http://www.techrepublic.com/article/data-breaches-may-cost-less-than-the-security-to-prevent-them

When it comes to data breaches, 2014 was a banner year. However, if Benjamin Dean, Fellow for Internet Governance and Cyber-security, School of International and Public Affairs at Columbia University, did his math right, 2015 will be more of the same.

In a March 2015 column on The Conversation, Dean provided a hard to disagree with defense of why things security-wise “ain’t gonna change” soon. “When we examine the evidence, though, the actual expenses from the recent breaches at Sony, Target and Home Depot amount to less than 1% of each company’s annual revenues,” wrote Dean. “After reimbursement from insurance and minus tax deductions, the losses are even less.”

Dean then administered the knockout punch: “This indicates that the financial incentives for companies to invest in greater information security are low and suggests that government intervention might be needed.”

Benjamin Dean évalue le coût du vol de données à moins de 0,1% du chiffre d’affaires pour Target et encore 10 fois moins pour Home Depot.

D’où son invocation de l’#aléa_moral #moral_hazard.

Et que propose-t-il ? Ben, eueueuh… on fait un groupe de travail…

What is the answer?
Removing the moral hazard seems to be the logical answer. But how would that come about — government intervention? “It’s important to make sure the intervention doesn’t make the problem of moral hazard worse,” cautioned Dean. “This is a huge problem because as we plough billions of dollars into intelligence agencies, supposedly to keep us all safe from ’cyber-attacks’, it has the effect of further weakening the already low incentives for companies to invest in information security themselves.”

“Unintended consequences of policies, even in instances where the case for government intervention is strong, can be worse than the consequences of doing nothing at all,” further cautions Dean. “I’m not saying that we do nothing at all — just that we need verifiable and reliable data on which to begin making these complex policy decisions.”

Tech and data converge to create better maps about our shared worlds - TechRepublic

▻http://www.techrepublic.com/article/tech-and-data-converge-to-create-better-maps-about-our-shared-worlds

http://tr1.cbsistatic.com/hub/i/2015/02/17/95f281f3-1586-46b1-8bb2-98d6089552db/mapbox-nyc.jpg

Learn how open source, open data, and agile development is driving innovation in mapping software, particularly from startups CartoDB and Mapbox.

It’s impossible to overstate the importance of maps to humanity, from our ancestors sketching the heavens on cave walls to ancient civilizations creating invaluable records of the known world, from trade routes to coastlines. For millennia, maps were painstakingly created through first-hand observation. As the instruments used to create cartography became more sophisticated, enabling measurements relative to the sun and stars, so did the accuracy of our maps, leading to commerce, warfare, and exploration of the oceans and skies on a scale that our ancestors never anticipated.

Today, hundreds of millions of people have near-magical maps in our pockets and palms and on our dashboards that are dynamically built upon data and show our position on the face of the Earth with extraordinary accuracy using the Global Positioning System (GPS). We also sometimes blindly trust those GPS systems too much, unfortunately: truck crashes into bridges have been sourced to consumer-grade GPS systems, and far too many drivers have followed GPS directions into danger.

#cartographie #mapbox

How an algorithm detected the #Ebola outbreak a week early, and what it could do next - TechRepublic
▻http://www.techrepublic.com/article/how-an-algorithm-detected-the-ebola-outbreak-a-week-early-and-what-it-

An algorithm on HealthMap, an international mapping tool that detects and tracks diseases, found Ebola, called a “mystery hemorrhagic fever,” just over a week before it spread, though the founders didn’t initially realize the importance of what they discovered.

Eight people reported the mysterious disease in March. It caught the HealthMap team’s attention, but they didn’t call out a massive issue until it was confirmed as Ebola on March 22.

L’#algorithme avait trouvé mais on ne s’en était pas aperçu.
On a compris que c’était ça une fois que d’autres l’ont confirmé.

On peut appeler ça détection précoce…

Word Lens, un nouveau produit dans l’escarcelle de Google

▻http://www.youtube.com/watch?v=h2OfQdYrHRs

▻http://www.techrepublic.com/article/google-picks-up-incredible-visual-translation-app-word-lens-and-makes-

Google has purchased Word Lens, an impressive app that translates foreign languages in real time using the iPhone and Android smartphone built-in camera. It’s now free for a limited time.

Open data + Hackatons = l’arme suprême du gouvernement états-unien contre le changement climatique.

White House attacks climate change with hackathons, crowdsourcing, and big data - TechRepublic
▻http://www.techrepublic.com/article/white-house-attacks-climate-change-with-hackathons-crowdsourcing-and-b

Those scientists can’t create the technological tools that will assist our modern society in coping with climate change, but there are plenty of other people who can: activists, next generation thinkers, technologists, and entrepreneurs in Silicon Valley and beyond. For the first time, tech savvy innovators have access to an open database of climate data and research through the federal government and many are preparing to take advantage of it.
(…)
The Climate CoLab is a project by the Center for Collective Intelligence at Massachusetts Institute for Technology (MIT). The goal is to harness the collective intelligence of people around the world to address climate change. More than 10,000 people have registered and more than 400 proposals have been submitted. People are encouraged to submit proposals at any time outlining possible ways to fight climate change, but Climate CoLab’s most popular projects are its contests.

The two most recent contests, which are in line with the government initiative and its data sets, ask participants to address what can be done to adapt to the impacts of climate change and how crowdsourcing can provide more efficient disaster risk management.
(…)
“It can be really empowering for people who care about environment and the reality of climate change, as sometimes you feel like you can’t do anything about it,” Kraft said. “But if you feel like you have some measure of influence or something you can do and take action through the use of technology, it seems a little bit less scary.”

These types of projects, as well as the availability of open climate data, lead to a more informed population, he added.

“If you get people understanding they can make changes, and crack open data, that might help improve public policy around climate change,” Kraft said.

Les petits secrets des wearables : la plupart des gens s’en désintéressent - TechRepublic
►http://www.techrepublic.com/article/wearables-have-a-dirty-little-secret-most-people-lose-interest

Pour Teena Hammond de TechRepublic, alors qu’on ne cesse de nous vanter le prochain succès de l’informatique portée sur soi (wearable computing), le constat pour l’instant montre surtout que les utilisateurs s’en désintéresse au bout de quelques mois. Une récente enquête sur 6000 américains adultes utilisateurs de traqueurs de santé ou de sport montre qu’un1/3 d’entre eux ont cessé d’utiliser l’appareil au bout de 6 mois : ▻http://endeavourpartners.net/white-papers En fait, beaucoup d’utilisateurs les abandonnent très rapidement parce qu’ils se cassent, sont faciles à perdre, ne sont pas étanches, sont difficile à synchroniser avec votre smartphone, n’ont pas de bonnes batteries, sont laids, voir ne présentent parfois aucun avantage matériel à l’usage (notamment quand une application de votre (...)

#bodyware #quantifiedself

Santé : le boom des gadgets connectés
Le Monde, 10 février 2014
►http://www.lemonde.fr/sciences/article/2014/02/10/gadgets-connectes-tous-mesures_4363671_1650684.html

L’essentiel du chiffre d’affaires des fabricants de bracelets, balances et autres accessoires repose sur la vente de leurs produits (souvent supérieur à 100 euros).

Le business model est plus complexe pour les applications, dont le développement coûte entre 10 000 et 50 000 euros. Seules 28 % sont payantes, entre 0,79 euro et 8,99 euros, avec une moyenne à 2,56 euros. Les possesseurs d’iPhone sont les plus dépensiers, au point que des applications gratuites sur Android (le système d’exploitation de Google) sont payantes sur iOS (celui d’Apple) !

#santé #internet_des_objets #capteurs #wearable

ADD — Complicating Memory Forensics Through Memory Disarray — ShmooCon 2014
▻https://www.shmoocon.org/speakers#add

Le Trouble du Déficit de l’Attention désorganise la gestion de la mémoire (de l’ordi…) pour perturber l’analyse de son contenu.

In this presentation, we’ll present ADD (attention deficit disorder), a tool that litters Windows physical memory with (configurable amounts and types of) garbage to disrupt memory forensics. Memory forensics has become so mainstream that it’s catching too many malware authors during routine investigations (making Jake a sad panda). If memory forensics were much harder to perform, then attackers would retain an upper hand. ADD increases the cost of memory forensics by allocating new structures in memory that serve only to disrupt an investigation.

We’ll present some basic memory forensics techniques (just to set the stage for those who aren’t familiar with the concepts). We’ll explain how volatility, a core memory forensics tool, actually performs its analysis. In particular, we’ll show how it locates hidden processes, drivers, and modules.

Next, we’ll show how running ADD on a machine under investigation completely changes the memory forensics landscape. We’ll show how an investigator must weed through astounding numbers of false positives before identifying the investigation targets.

Via TechRepublic, avec une interview des créateurs.
Researchers describe tool that manipulates RAM, misleads cybercrime investigators - TechRepublic
▻http://www.techrepublic.com/blog/it-security/researchers-describe-tool-that-manipulates-ram-misleads-cybercrime-inv

Williams: A memory dump is a snapshot of everything running on a computer. A forensic analyst will use tools to parse through a memory dump looking for evidence or artifacts of a crime, compromise, employee misconduct, etc. Forensic analysts like memory dumps for the same reason Target’s malware authors do: data encrypted on the hard drive is unencrypted for processing in memory. Memory also offers an analyst a much smaller search space. If you think about your average computer today, it might have a 1TB hard drive, but only 4GB of RAM. An analyst would look for artifacts like the following:
• Evidence of private browsing sessions that are never written to disk
• Malware that only operates in memory without ever touching the disk
• Unsaved files
• Passwords typed into forms and applications
• Encryption keys for mounted encrypted drives

À ressortir quand on nous bassine avec l’analyse prédictive…

The big data canary in the coal mine - TechRepublic
▻http://www.techrepublic.com/article/the-big-data-canary-in-the-coal-mine/#ftag=RSS56d97e7

At its very best, any analytical tool is the proverbial canary in the coal mine. The singing stops when the danger is already real, with the hope that you have enough time to react. The canary can’t preemptively predict the future — it merely warns of an active gas leak so you can seek shelter.

http://3.bp.blogspot.com/-sYPhI9xt3fI/UA6GGDAHkUI/AAAAAAAABLs/09f5rpN1BLo/s640/GB_By+courtesy+of+Zed+Nelson.jpg

La suite, c’est, évidemment,

leveraging the canary…

http://3.bp.blogspot.com/-VEiKWuOMp1w/UA6I83JevUI/AAAAAAAABL4/STw6iYsY6uA/s400/canary-in-coal-mine1.jpg

Illustrations issues de À la merci du canari mineur ▻http://sylvain-post.blogspot.fr/2012/01/face-au-monoxyde-de-carbone-la-merci-du.html

For data scientists, the big money is in open source - TechRepublic
▻http://www.techrepublic.com/blog/big-data-analytics/data-scientists-can-find-big-money-in-open-source/#ftag=RSS56d97e7

As O’Reilly’s 2013 Data Science Salary Survey suggests, “ the field of big data has ushered in the arrival of new, complex tools that relatively few people understand or have even heard of. ” Knowing those tools is what yields such outsized salaries.

But which tools a data scientist masters turns out to have a large, material impact on her earning power.

The top data tool by far is SQL, which isn’t surprising: data analysis has been around long before we gave it a sexy “data science” label, and accessing data through SQL has long been the standard for data analysis. This isn’t changing overnight.

http://tr1.cbsistatic.com/hub/i/r/2014/01/21/222504a7-17c3-407a-9f55-0769874e055b/resize/620x485/oreilly%201.jpg

But once we move beyond SQL, it’s telling just how much of the most widely used Big Data tools are open source: R, Python, Hadoop and more. More interestingly, however, is the bifurcation between what O’Reilly calls “the Hadoop group”(orange) and the “SQL/Excel group” (blue):

http://tr1.cbsistatic.com/hub/i/r/2014/01/21/691b4c15-86f9-4d29-b785-786ab20b577b/resize/620x485/oreilly%202.jpg

Et dans le bloc Hadoop, les data scientists ont tendance à connaître plus d’outils, donc à être mieux payés. En plus, avec Hadoop, ils peuvent évoluer vers des données vraiment grosses.