Work Processing: Coming soon to a ‘Doc’ near you fifianahutapea.blogspot.com

Easy Way to Download

Book review: Silicon Collar: an optimistic perspective on humans, machines and jobs fifianahutapea.blogspot.com

A dilemma lurks in the pages of Vinnie Mirchandani’s book on the future of work. “The interviews I conducted show practitioners in a wide array of industries using technology to improve productivity and product quality. They were pragmatic and generally optimistic,” he says. “I also found a contrasting sense of pessimism in the academic and analyst world about ‘jobless futures.’ ”

As one in the “academic and analyst” community who finds himself in an apparent minority, I jumped at the opportunity to read what optimism Mirchandani had to offer. Truth be told, there’s plenty of it for a relatively simple, yet profound reason: that humanity across the globe sees little reason to give up some of the things that it sees as valuable.

A salutary tale comes from the world of sport — basketball, specifically, where teams such as California’s Golden State Warriors are using every technology they can get their hands on to monitor performance in training and during games, to detect and pre-empt injuries, to plan seasons and indeed, careers for players.

Of course, technology can only take things so far: as comments Kirk Lacob, Assistant General Manager for the Warriors, “The reality is that we can’t influence results completely—and we are a results business. But if we can push and pull the probabilities, we can hope to have a better outcome.” So, yes, technology can augment our capabilities without detracting from them.

But beyond this is a broader picture, about humanity’s relationship with sport. We can argue that it ain’t what it used to be, when kids with sneakers would throw hoops in some godforsaken, dusty back lot. Equally however, however augmented and scientific it becomes, it remains a bunch of people with a ball. For reasons beyond anyone’s ken, that remains interesting.

The same principle can be applied to so many domains, from wine growing to white collar areas such accountancy. Yes, of course many jobs can be automated — not least the 3 D’s of dull, dirty, and dangerous such as in garbage collection or construction. And it is an open goal of a debating point to say that people in these positions might require some kind of retraining.

But are we, as suggests Vivek Wadhwa, Fellow at the Rock Center for Corporate Governance at Stanford University, heading towards a catastrophe? “We won’t be able to retrain the workers who lose today’s jobs. They will experience the same unemployment and despair that their forefathers did,” he suggests, arguing against the notion of a luddite fallacy.

Such ’despair’ is inevitable, a consequence of the technology-driven income and value disparity that looms in the near distance argue many. Others suggest that such dystopian views are cyclic: “About every 50 years, almost like clockwork, we have the collective experience that the sky is falling. Nothing could be further from the truth,” says analyst Denis Pombriant.

Building on this theme, Mirchandani chooses to look to the past to help understand the future. Citing the Law of Unintended consequences, he makes the point that while we do not know what the jobs will be, there will be plenty of them — “Review FastCompany’s projection of jobs in the next decade to include Urban Farmers, Neuro-Implant Technicians and Virtual Reality Experience Designer,” he says.

There’s a deeper point in the book, that goes way beyond a pantomime “Oh yes there will, oh no there won’t” argument. Simply put (though it is explored in detail), it is that technology doesn’t cause inequality, but exploitation does. As new ways of working become possible, we owe it to ourselves to ensure that they are delivered to serve the many, not the few.

There’s enough in this thoroughly researched and readable book to back the view that automation can sit alongside artisanship, to coin a phrase, both are ‘better together’. Beyond this however, it is the exploitation argument which I found most compelling, and most needy to be addressed by policy and governance. We will only have a bright future for work if we choose to make it so, or, as the commenter Kirby suggests on one of my previous articles, “Humans will have much bigger problems on their hands than worry[ing] about having a job.”

P.S. In the course of reviewing this book, I discovered my article above was mentioned. Which was nice.

Easy Way to Download

Counteracting APTs with a Fine-tuned SIEM Solution fifianahutapea.blogspot.com

Even though not a prevailing type of cyber attacks, advanced persistent threats (APTs) are definitely the most devastating ones. Just like a sudden volcano eruption that’s been  slowly surging underneath, an ATP may stay invisible for many months but finally result in serious financial damage, ruining companies’ reputation and even lead to human victims as it happened after the scandalous Ashley Madison data breach.

The annual cyber threat report M-Trends 2016 by Mandiant stated that the average number of days in 2015 during which organizations were compromised before they discovered the breach (or were notified about the breach) was 146. To make things even worse, security specialists reveal the majority of APTs by accident, which means that APTs’ real lifecycle is limited only by the power of vigilance. So is the battle with APTs really a matter of luck? Or is there anything to detect them before they wreck an organization’s assets?

Why are traditional tools no good?

With APTs, you may think that organizations are too much negligent about their security and take inadequate security measures. In reality, targeted entities usually adopt the whole range of security tools from standard firewalls and antiviruses to sophisticated anti-malware products. The problem is that these traditional tools aren’t able to withstand an APT attack, leaving a great number of blind spots in an enterprise’s infrastructure.

For example, firewalls as an essential part of network security can close unnecessary ports and block unsolicited incoming network traffic. Their advanced versions can even partially protect against DDoS attacks. But they definitely can’t detect malicious users, analyze packets containing malware and obviously they cannot deal with attacks that don’t go through them. Due to traditional firewalls’ limited functionality, most organizations supplement them with intrusion prevention systems (IPS) that allow to examine network traffic flows, detect and prevent vulnerability exploits. However, IPS also have their limitations as they are helpless against client-side application attacks. 

Moreover, managing an array of security tools is difficult and costly, as you need to acquire multiple software licenses and hire specialists to deal with each particular piece of software. It’s also impossible to manually correlate data from multiple systems in order to detect and respond to proliferating attacks. And, finally, scattered solutions cannot ensure a 360° view of a company’s IT environment, which finally results in loopholes that let hackers in.

At the same time, today’s security software market offers advanced security information and event management (SIEM) solutions that are able to replace multiple scattered solutions. Even if not considered as the ultimate remedy against APTs, SIEM systems might assist security officers at different stages of an attack.

Learning from life lessons: The case of Carbanak attacks

To get all armed for possible attacks, it’s useful to analyze previous mistakes. In the history of security breaches, APTs have a ’track record’ of calamitous intrusions. Among them there are a series of attacks by the Carbanak group that targeted more than 100 banks and other financial institutions in 30 nations (the US named the second biggest target), which made it one of the largest bank thefts ever.

Started out in August 2013, this sophisticated hacking gang was first publicly disclosed only in 2015 when the total gain already reached $1 billion. To stay unnoticed and learn every bank inside out, attackers used a whole range of tactics from spear phishing to latent watch, stealing money in modest batches. The theft was revealed accidentally, after examining one ATM’s strange behavior. However, disclosure didn’t stop the Carbanak hackers from their shady affairs: a new series of attacks were already registered in 2016. This time, the gang aims to double down the previous catch.
But what if victims had a fine-tuned SIEM solution?

As the banks were unprepared for these attacks and had no relevant solutions in place to detect the APTs, we decided to take this case as an example and illustrate how a fine-tuned SIEM solution, such as IBM QRadar, could help to reveal the Carbanak advanced persistent threats.

Malware Infection

According to the publicly available details of the attack, the hackers got access to bank employees’ computers through opportunistic malware. IBM Security QRadar QFlow Collector could pinpoint a malware infection by ensuring constant monitoring of the traffic going in and out of an organization. The tool processes sessions and flow information from external sources in such formats as QFlow, NetFlow, SFlow, JFlow and sessions from Packeteer, which allows to baseline network traffic and implement anomaly rules, as well as to build up specific correlation rules to detect the following:

• communications with known botnet control centers and malicious IP addresses. This information can be subscribed (IBM X-Force) or integrated with SIEM from open sources.

• communications with unusual and potentially malicious countries and regions

• communications via unusual ports (e.g. 6667/IRC)

• communications containing specific payloads (e.g. bot control commands), which is possible with IBM Security QRadar QFlow Collector’s functionality.


Spear Phishing

Once the attackers gained access to employees’ computers, they started a massive spear phishing campaign that was very hard to identify. Indeed, a SIEM solution can hardly distinguish an infected email message originating from a legitimate email account (a workstation with malware) from a legitimate email. However, if the email server is connected to a SIEM solution as a log source, it’s possible to detect the following abnormalities:

• an enormous amount of messages sent from the same account within a short time 

• email messages sent in non-business hours from a corporate account

• a huge number of messages with the same subject to different mailboxes


The advanced correlation with physical security controls also allows detection of mailouts from users before their check-in through a physical security gate.

Privilege escalation and deeper reconnaissance

Systematic spare phishing coupled with malware infection allowed the gang to continue their attack through privilege escalation and deeper reconnaissance that are typical for all APTs.  

Privilege escalation could be monitored with a fine-tuned SIEM solution with the following:

• audit enabled and properly configured on workstations

• log data collected from workstations and sent to a SIEM

• user accounts and roles mapped in a SIEM solution using information from LDAP/AD


In such a scenario, any user with no Admin role logging in with administrative privileges would trigger an alert in a SIEM solution.
Moreover, most of SIEM solutions contain out-of-the-box reconnaissance detection correlation rules that can be fine-tuned to minimize false-positives. In our case, a deeper reconnaissance originating from an internal corporate network could be identified if firewalls were sending access logs to a SIEM solution.

Latent watch

To better understand the internal systems, the hackers assigned operators to work with video- and screen-capture feeds grabbed and transmitted to the attackers with the previously injected malware.

The unusual traffic analysis based on anomaly rules would detect video and screen capturing activities since video translation produces a lot of traffic that could be caught by IBM Security QRadar QFlow Collector.

Infection of computers attached to ATMs

The Carbanak gang successfully infected computers attached to ATMs in order to make the machines dispense cash. In case if compromised administrative accounts were used to spread infection, a SIEM solution would be able to alert the security personnel about the following:

• a logged admin user account didn’t belong to the attacked server’s support team (mapping with LDAP/AD)

• a specific admin user account was logged in to many servers in a short time.

Additionally, an advanced correlation with Identity and Access Management solutions and Ticketing systems would allow to detect cases when an admin user was logging to the system with no appropriate ticket or IAM allowance.
Compromise of internal databases and creation of fraudulent accounts
During the attacks, hackers manipulated Oracle databases to open payment or debit card accounts at the same bank or to transfer money between accounts using the online banking system. Normally, all activity related to creating new accounts should pass through a validation procedure. Depending on such a procedure and tools used for validation, this information could be integrated with a SIEM solution to alert on unexpected account creation. If there’s no such validation in place, each new account creation could be alerted and investigated by a security analyst.

• A SIEM consultant could help a bank to get reports on business-critical data modification by doing the following:
• enabling Oracle Fine Grained Auditing (FGA) or a similar audit mechanism 

• compiling and integrating a list of approved database users. This would allow to detect data modification performed by unapproved accounts, which could be alerted to by a SIEM solution.


Abuse of the Society for Worldwide Interbank Financial Telecommunication system

To be able to move large amounts of money into controlled accounts, the attackers abused the Society for Worldwide Interbank Financial Telecommunication system. A well-configured SIEM solution could ensure a constant monitoring of all critical financial applications. If a particular application weren’t supported by QRadar out-of-the-box, appropriate parsing, mapping and categorization could be developed. Once custom data is properly normalized, a SIEM solution would be able to detect abnormal money transfers with anomaly correlation rules, if the following are true:

• a single account has transferred over the limit

• a single account has made many small transfers to one or several specific accounts

• a total amount of transfers from one account in a specific timeframe passed the limit

• 


• many accounts made transfers to the same target account in a specific period


You can thwart it

The case we’ve just analyzed proves that companies are not helpless in their battle against APTs. It may sound strange, but even as sophisticated as they are, APTs have their weakness hiding in the letter “P.” Persistence, which is the most difficult to deal with, actually means that attackers leave a lot of traces in the course of their attacks. Thus security administrators well-armed with a relevant SIEM solution have multiple touchpoints to detect intruders and stop them before their illegal activities lead to dramatic data and money losses.

Easy Way to Download

Gigaom Change Leaders Summit Will Decode Key Technologies Changing The Business World fifianahutapea.blogspot.com

For immediate release:

GIGAOM CHANGE EMPOWERING BUSINESS LEADERS OF TODAY TO THRIVE IN A WORLD OF TOMORROW.

SUMMIT BRINGS TOGETHER LEADERS FROM AI, NANOTECH, CYBERSECURITY, ROBOTICS, VIRTUAL REALITY AND OTHER HOT TECHNOLOGIES THAT WILL IMPACT INDUSTRY.

Austin, TX — August 29, 2016 — Gigaom returns to the event stage in Austin with Gigaom Change, September 21 through September 23 in Austin, TX. This enterprise leader’s summit will bring together a growing community of exponential leaders, technology experts, entrepreneurs and keynote panelists to decode how seven key enterprise technologies are changing the business world, and how to level-up to the vast potential that exists within this rapidly advancing technological future.

Helping bridge the gap between today’s business operations and tomorrow’s demanding expectations, Gigaom Change will answer the questions that every business leader is pondering: what’s the state-of-the-art, what’s coming next and as we look to the future what do we need to know to begin confidently applying these ideas.

“Topics that were the mainstay of science fiction just decades ago are literally happening right now. The impact of these technologies cannot be overstated,” said Gigaom publisher and author, Byron Reese. “But in today’s busy world, it’s hard to know more than just a few general concepts. Gigaom Change was created to solve that.”

This event will take place over two and a half days of keynote panels with a lineup of speakers that are visionaries making R&D and proof of concept strategic investments to bring concept to reality. Three top industry experts in each of the following industries will highlight the current impact these innovations are having, then pivot toward what will be possible in the future: Robotics, AR/VR/MR, Nanotechnology, Human-Machine Interface, 3D+ Printing, AI and Cybersecurity.

The current speaker lists includes leading theorists and visionaries like Robert Metcalfe, Professor of Innovation, Murchison Fellow of Free Enterprise at the University of Texas; Rob High, IBM Fellow, Vice President and CTO, IBM Watson. It also includes practitioners who are actively implementing these technologies within companies; like Shane Wall, CTO and Global Head HP Labs; Melonee Wise, CEO Retch Robotics; Stan Deans, President of UPS Global Logistics and Distribution; and Rohit Prasad, Vice President and Head Scientist, Amazon Alexa. We will hear from Sapient about AI, IBM about nanotech, Softbank about robots and a wide range of other innovators creating solutions for visionary enterprises.

Topics will be enlivened by the amazing set of attendees coming from Amazon, Bain, Best Buy, Disney, Deloitte, Intel, Nokia, Roku and Xerox, plus many, many more companies who are all managing the enormous amount of technical change that is sweeping our world.

Early registration for the conference has been strong and while ticket numbers are strictly limited, there are still a few available for purchase at Gigaom Change.

---

ABOUT GIGAOM
As the leading global voice on emerging technologies, Gigaom provides deep insight on the disruptive companies, people and technologies shaping the future for all of us. With an expanding set of assets encompassing research, peer-to-peer leader councils and conferences, we are focused on helping business leaders navigate a rapidly advancing technological future that’s set to impact everything from business through to economies. Giggaom reaches over 6.5 million monthly unique readers, with a mobile reach of over 2 million monthly visitors.

---

CONTACTS

Nancy Giordano – Executive Producer + Strategic Futurist
nancy@playbiginc.com
M: +1 (310) 890-0408

Byron Reese – Gigaom Publisher, CEO + Author
byron@gigaom.com

---

SOCIAL
Twitter | Facebook | Linkedin

#whygigaomchange #GigaomChange2016

Easy Way to Download

Book Review: The Start-up J Curve fifianahutapea.blogspot.com

There are all kinds of books about startups. How to come up with an idea, how to structure a company, how to attract investors, and how to know whom to hire. There are books about rapid development, offshoring, pricing strategy, how to get good press, how to create a roll-out plans, how to manage social media, how to build a board… and on and on and on.

The Start-up J Curve, by Howard Love, doesn’t cover any of that ground. Rather Love has taken on an entirely different mission. But before I get into that, a little background will go a long way to understanding what he is doing with this book.

Love is a prolific angel investor in Silicon Valley. Over the course of three decades, he has heard thousands of pitches, invested in nearly sixty companies, and has had a couple of dozen good exits. Additionally, he has been through the wringer himself a few times with his own startups. Again, with success.

And a few years back he was talking with his business partner David Hehman about how virtually all startups go through the same basic steps in their lifecycles. Over and over again, throughout the many years he has been doing what he does, Love saw history repeated again and again in almost every one.

And the interesting thing to Love was that how startups actually unfolded and grew was nothing like how people expected them to do so.

So Love has spent the better part of the last year documenting what he calls the J Curve. The curve has that name because of its general shape. The J Curve is comprised of the six distinct stages that, Love maintains, virtually all startups go through. The ones that are able to make it to the end of the J Curve, well, those are the ones that have succeeded. It is like that kids’ game Candyland, only if you make it all the way through, you don’t get just get bragging rights, you get a nine-figure check.

The book is a roadmap designed to, I suspect, help the entrepreneur get through each of the steps and to reassure him or her that the craziness happening around them is all perfectly normal.

Startups are hard. I can personally attest to that. There is a part of the J Curve Love calls the “Long dark winter” where nothing really went as you planned, demand for your product didn’t crash the servers, and you feel like all may well be lost. You start rehearsing that phone call with your aunt explaining how you managed to lose the $10,000 she carefully but confidently entrusted in you. I’ve made that call more than once. I have spent many such winters, and had I had Love’s guidance, I would not have been able to avoid the winters, but I would have taken some reassurance that there was a path out of them.

What the book purports to offer, it does so masterfully. Love’s knowledge of the lifecycle of startups is encyclopedic and he seems to be able to effortlessly recall example after example to show the various steps along the curve. He writes breezily in an easy-to-read fashion. Although the book clocks in at 260 pages, it is fast read the first time through, but my copy already has a dozen Post-its sticking out of it to mark places I need to return to and contemplate.

In summary, this is not a book for everyone. It is certainly not the kind of book you would ever read for fun. It is a very specific guide to doing a very specific thing: Launching a startup and seeing it though to success. If that is not a journey you are contemplating in life, look elsewhere for reading material, as this would probably be far too dry for you. But if that start-up spark stirs somewhere in your soul, then Love’s book should be on your must-read list.

The Start-up J Curve is available at howardlove.com.

(Full disclosure: Howard Love is an investor in fifty or so technology companies. He happens to have a minority investment in Gigaom. This review, however, was prepared with no input from him.)

---

Howard Love is a life-long entrepreneur who has founded, co-founded, funded and managed startups for over 30 years. He has founded or co-founded over 15 businesses and invested in over 50 startups. including:

Love was born in Detroit in 1960, and attended Phillips Exeter Academy (1974-1978) and Colgate University (1978-1983). He completed his first Ironman competition at the age of 51 in Lake Placid, NY. His first book The Start-Up J Curve is published by Greenleaf Book Group. Love resides in Silicon Valley, CA.

Easy Way to Download

Dropbox proactively asking users to reset old passwords fifianahutapea.blogspot.com

Dropbox users that haven’t updated their passwords prior to mid-2012 will prompted to change it when they next sign in. The company made this announcement yesterday in a blog post by Patrick Heim, Head of Trust & Security for Dropbox. As Heim described their motivation,

Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.

Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.

 

The incident he mentioned was in 2012, and involved usernames and passwords that were stored in a file, and which recently have been used to access some accounts.

Users are also being asked to set up two-factor authentication, which many avoid because of increasing login time, but which is a wise security move.

Easy Way to Download

Picture this: Exploring the Internet of Visuals fifianahutapea.blogspot.com

As eagerly awaited as it is wide-ranging, Mary Meeker’s annual Internet Trends Report is a data goldmine for anyone who wants to better understand the current state and future direction of the Web.

Meeker, an analyst with Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers, has been presenting this report for over 20 years. Her 2016 presentation ran to 213 slides, delivered in a whistle-stop 24 minutes.

Given her typical breakneck speed of delivery, Meeker had little more than three minutes to devote to one of her most interesting observations, but it’s one that has huge implications for online and mobile marketing.

In short, the Internet is becoming a far more visual medium, as consumers and businesses increasingly opt for pictures and videos over text-based communications as a means of storytelling. It’s the younger generation (between the ages of 18 to 34) that shows the most marked preference for pictures over words.

The rise of images has a lot to do with users’ increasing use of smartphones for storytelling, sharing, messaging and creative expression, Meeker said. Worldwide smartphone users grew 21% to over 2.5 billion in 2015, with Android shipments continuing to gain share over iOS: 81% to 16%, respectively. The global mobile user now has, on average, around 33 apps installed on their device, 12 of which are used daily and spends around 4 hours per day on their smartphone.

Because these devices combine cameras, comms and social media access in one handy package, it’s never been easier to take and share images – and to view and comment on images taken and shared by other people.

Every day, almost 3 billion images are shared on Snapchat, Facebook, Facebook Messenger, Instagram and WhatsApp – all but one of which (Snapchat) are owned by Facebook. That’s up from just under 2 billion in 2014.

When it comes to video, meanwhile, daily video views on Facebook rose from 1 billion to 8 billion between 3Q2014 and 3Q2015. On Snapchat, they reached 10 billion in the first quarter of 2016.

User-generated content can result in surprise wins for brands. Take, for example, ‘Chewbacca Mom’ Candace Payne’s viral video, which saw her hooting with laughter, alone in her car, over a Star Wars mask she’d just bought from department store Kohl’s.

The video was viewed over 150 million times in one day – and also sent Kohl’s mobile app straight to the top of the rankings in the iOS app store. Demand for the mask, naturally, went through the roof. It’s the kind of result that not even the most carefully planned (and costly) marketing campaign could have orchestrated.

But at the same time, brands are working hard to get in on the act, by tuning into our passion for visuals and using them to help promote their brands in new and creative ways.

Pinterest, for example, is fast emerging as a potential goldmine for brands. According to Meeker’s data, around 55% of the site’s users (who passed the 100-million mark in September 2015) say they use the visual bookmarking site to find and shop for products. In response, Pinterest is ramping up its online shopping capabilities, announcing in June 2015 that it is introducing not only shopping carts to the site, but also visual search, which will allow users to upload a photo of a product they like and see images of similar, competing products.

Snapchat filters are another emerging use of Internet-based visuals by brands. These allow users of the site to superimpose masks on photos of themselves, friends, family or public figures. This year’s Cinco de Mayo festival, for example, saw Taco Bell release a branded Snapchat filter that turns the subject’s face into a giant taco. This won the fast-food brand 224 million views.

But creative thinking like this will be key, because traditional video ads simply do not pass muster with modern audiences. In fact, said Meeker, they are largely “ineffective” at engaging audiences: 62% of users say they’re annoyed by the ‘pre-roll’ ads that precede, for example, a YouTube clip; 81% say they mute them; and 92% say they’ve considered using ad-blocking software. A picture (or video) may be worth a thousand words – but not where it fails to delight, entertain or inspire.

 

Easy Way to Download