Category Archives: Technology

Container Security Platform

Windows protection tends to focus on “find the bad executable,” which makes sense in that environment because bad executables are ubiquitous in an attack, noted Capsule8’s Viega.

However, that approach doesn’t work well in a Linux environment, so Capsule8 focuses on detecting and protecting against system compromise, he told LinuxInsider.

The other typical approach in Linux is a network appliance, Viega said. However, there is not much context on the network, particularly as end-to-end encryption starts to become ubiquitous in the enterprise, so this approach doesn’t find much and leads to many spurious alerts.

“The result is that most Linux compromises either go undetected or are a surprise — companies find their data on a forum at a later date and they find they had no clue they were attacked,” he explained.

Among the most noteworthy incidents, the company cited the massive breach at Yahoo, which went undetected for years until the stolen data showed up on the Web.

While Linux-based systems present many of the same security problems as Windows-based systems, the biggest difference in attacks can be found around malware, according to Mark Nunnikhoven, vice president of cloud research at Trend Micro.

“While we do regularly see malware targeting Linux systems, it’s a more common occurrence that the malware implanted on Linux systems is there to be distributed to Windows clients connecting to that Linux system,” he told LinuxInsider.

On the defensive front, there’s a stark contrast in the amount of effort required to support the rapidly changing software on Linux platforms, Nunnikhoven pointed out.

“Given the nature of Linux and GNU, release cycles are a bit more erratic, and there’s a lot more variation that requires a mature and robust response by security providers,” he said.

 

Customer Base

Capsule8 already has signed up customers for its prerelease product, including SourceClear and Namely.

Capsule8 is the first product that supplements SourceClear’s predeployment detection with runtime threat protection for Linux systems, CEO Mark Curphey said.

There are three core principles that should guide decision making when adopting new technology, suggested Daniel Leslie, director of cybersecurity and technology at Namely. They are scalability, maintainability and security.

Protecting infrastructure at scale without sacrificing stability or performance is essential, he said.

New Virtual Reality Frontier

Regular readers will know that I’ve played games my entire life. I hold deep reverence for the care and attention that go into creating these experiences, and I’ve rarely met a game I didn’t want to conquer.

Yet I am nervous about virtual reality. I’ve tried it and found those disorientating worlds difficult to handle, though I suspect that over time I could grow more accustomed to it. I doubt I could say the same for an arcade machine that both locks me into a VR world and pelts me with physical stimuli.

Koei Tecmo Wave’s VR Sense machine is a virtual reality arcade cabinet that houses you and subjects you to what I can only imagine is sheer torture. It has what Koei Tecmo Wave calls a “3D seat,” which attempts to draw players further into the games through touch, movement, aroma, wind, and temperature and precipitation changes. It’s not completely clear as yet whether you have to wear a headset for the full VR effect.

It’s launching with three games: a horse-riding simulator, a version of Koei Tecno Wave’s Dynasty Warrior franchise (with a stab at replicating in-game flames while you swelter in your moving chair), and a horror game.

I enjoy horror titles. However, I’d be less likely to welcome a VR horror game, as I’d probably come close to having a heart attack or three. There’s next to no chance I’d ever try Horror Sense.

That’s in large part due to the game apparently mimicking bugs falling from the ceiling and critters scuttling along the floor. I have a lot of questions about this, but ultimately, I’d tear off a VR headset in a second if I thought there were bugs falling on me while playing. No thank you, ma’am.

Apps Vulnerable to WiFi Snooping

Strafach categorized another 24 iOS apps as “medium risk.” Potentially intercepted information included service login credentials and session authentication tokens for users logged onto the network.

Strafach labeled the remaining apps “high risk” because potentially intercepted information included the snatching of financial or medical services login credentials.

He did not identify the medium and high risk apps by name, in order to give their makers time to patch the vulnerability in their apps.

How concerned should users be about their security when using these apps?

“I tried to leave out anything regarding concern level, as I do not want to freak people out too much,” Strafach told TechNewsWorld.

“While this is indeed a big concern in my opinion, it can be mostly mitigated by turning off WiFi and using a cellular connection to perform sensitive actions — such as checking bank balances — while in public,” he said.

 

Man in the Middle Attack

If anything, Strafach is understating the problem, maintained Dave Jevans, vice president for mobile security products at Proofpoint.

“We’ve analyzed millions of apps and found this is a widespread problem,” he told TechNewsWorld, “and it’s not just iOS. It’s Android, too.”

Still, it likely is not yet a cause for great alarm, according to Seth Hardy, director of security research at Appthority.

“It’s something to be concerned about, but we’ve never seen it actively exploited in the wild,” he told TechNewsWorld.

What the vulnerability does is enable a classic man-in-the-middle attack. Data from the target phone is intercepted before it reaches its destination. It is then decrypted, stored, re-encrypted and then sent to its destination — all without the user’s knowledge.

To do that, an app needs to be fooled into thinking it’s communicating with a destination and not an evesdropper.

“In order for a man-in-the-middle attack to be successful, the attacker needs a digital certificate that’s either trusted by the application, or the application is not properly vetting the trust relationship,” explained Slawek Ligier, vice president of engineering for security at Barracuda Networks.

“In this case, it appears that developers are developing applications in a way that allows any certificate to be accepted,” he told TechNewsWorld. “If the certificate is issued and not expired, they’re accepting it. They’re not checking if it’s been revoked or even if it’s properly signed.”

 

Developer’s Problem

Should Apple act to weed these vulnerable apps from behind its walled garden?

“Apple should most certainly remove any of the offending apps from the App Store,” said Sam McLane, head of security engineering at Arctic Wolf.

“This is something that is relatively easy to test for and should be enforced by Apple, since the trust model starts with the Apple ecosystem being safe for people to use,” he told TechNewsWorld.

Strafach disagreed. “The setup now is exactly as it should be with regards to developer control of networking code,” he said. “Developers can do something about this problem. For affected apps, the fix is only a few lines — less than an hour tops, if that, to fix the matter in affected code.”

Some early reviewers of the Samsung Chromebook

The Chromebook Pro will sell for US$550.

Some reviewers, including PC Magazine‘s Victoria Song and Ars Technica‘s Valentina Palladino, considered it pricey.

However, that pricing fits into the normal laptop budget, noted Wired reviewer David Pierce .

“I don’t want to spend $1,000-plus on a PC or Mac when I could get something like the Samsung Chromebook Pro for $549,” Forbes‘ Shelby Carpenter remarked.

“Access to the Google Play store and the Android apps ecosystem, combined with the freemium productivity suites such as Slack, make [Chromebooks] a viable option for remote workers,” Gartner’s Goertz told TechNewsWorld, “and Samsung’s carefully selected price points are justified vis-a-vis the slightly less expensive competition.”

Design and Battery Life

The rounded edges and exposed hinge give the Chromebook Pro “a decidedly utilitarian look,” Wired‘s Pierce noted, which is “just fine.”

Though the Pro is light and small, its squarish shape is “a little awkward when typing,” according to PC Magazine‘s Song.

Its design struck Ars Technica‘s Palladino as “solid.”

“I got my hands on the device at CES, and i was impressed with how thin and light it was while not feeling like a typical flimsy plastic Chromebook,” noted Eric Smith, a senior analyst at Strategy Analytics.

The Chromebook Pro’s battery life is “only beat by the much more expensive Chromebook Pixel 2 and the Dell Chromebook 13,” said Ars reviewer Palladino.

However, it “pales in comparison to what we saw” from various Asus Chromebook models, said PC Magazine‘s Song, who noted that results of two tests varied substantially.

 

The Quad HD Screen

The Chromebook Pro’s 2400 x 1600 Quad HD LED display “is virtually indistinguishable from my Mac screen,” Forbes‘ Carpenter said.

The display “makes the entire device taller than most 16:9 laptops and two-in-ones,” observed Palladino.

That allows a larger palm rest and more space for the user’s hands, but a huge bottom bezel and a hardware strip for the hinges to attach to the lid leave “a bunch of empty space,” he pointed out.

The display offers a much higher resolution than typically found in 11- or 13-inch Chromebooks, Song said, but the 3:2 aspect ratio means it’s more square-shaped. That leaves little room on either side of the keyboard, making the typing experience somewhat awkward.

 

The Stylus and Android Apps

Although the included stylus drew generally favorable remarks, “the quality of the inking wasn’t as impressive as Windows or iOS devices at similar price points,” Strategy Analytics’ Smith told TechNewsWorld.

Reviewers liked the Chromebook Pro’s access to the huge number of Android apps in the Google Play store.

However, some Android apps don’t play well with Chrome, they noted.

“Some apps don’t recognize the keyboard and trackpad; others seem unable to handle a touchscreen,” Wired‘s Pierce pointed out.

“Most crash constantly,” and switching between apps can be clumsy, said Song.

Drone Fight Simulator Available on GitHub

Microsoft has introduced an open source virtual reality toolkit for the training of autonomous drones. Part of Microsoft’s Aerial Informatics and Robotics Platform, the beta software became available on GitHub last week.

The toolkit is designed to allow developers to “teach” drones how to navigate the real world by recreating conditions such as shadows, reflections and even objects that might confuse a device’s on-board sensors.

The software allows researchers to write code for aerial robots such as drones, as well as other gadgets, and to test the devices in a highly realistic simulator. Users can collect data while testing devices before deploying them in real world scenarios or situations.

“The aspirational goal is really to build systems that can operate in the real world,” said Ashish Kapoor, the Microsoft researcher who is leading the project.

The hope is that these training tools could spur development of artificial intelligence-based gadgets that eventually could be trusted to drive cars, deliver packages, and even handle rudimentary chores in the home, added Kapoor.

 

Advanced VR

Testing in a VR environment could mean lower costs as well.

Simulators long have been used in testing scenarios, but until recently the software-based simulations lacked the accuracy of the real world and thus didn’t reflect real-world complexities. Microsoft’s system — which is based on emerging VR technologies that take advantage of advances in graphics hardware, computing power and algorithms — enables a much more realistic re-creation of a real-world environment.

Based on the latest photorealistic technologies, it can render shadows, reflections and other subtle things much better. Although humans take such things for granted, they can pose problems for computerized sensors.

Microsoft’s simulator “will help researchers to develop, debug and test their drone navigation software by enabling them to recreate a variety of operational scenarios on their desktop computers in the lab,” said Michael Braasch, professor of electrical engineering and computer science at Ohio University’s Avionics Engineering Center.

“Simulations help to reduce development costs by reducing the amount of actual flight testing required, but the catch is that the simulation must be high fidelity — that is, sufficiently realistic,” he told LinuxInsider.

“Microsoft’s simulator appears to meet this requirement for camera-based or vision sensors, but it is not yet clear if the simulator accurately depicts very small-scale obstacles such as the thin twigs at the end of tree branches,” Braasch added. “Such obstacles are nearly invisible — even with HD cameras and even at close distances. It is also unclear if Microsoft’s simulator supports non-camera-based sensors such as LIDAR and radar.”

 

Learning to Fly

Although it targets the development of autonomous drones, Microsoft’s technology could find applications with human operators as well. Consumer drones have been steady sellers in the past few years, but newbies likely experience a crash or two. Learning to fly in a simulator could solve some of the problems with learning to fly.

“First, it isn’t easy to fly a drone,” said Michael Blades, senior industry analyst at Frost & Sullivan.

Watson Fix President Trump

President Trump offers a good emulation for a future artificial intelligence system, suggests a column I read earlier this month, and his presidency may be an early warning of what could happen if we should fail to think through its training and information sources.

Cathy O’Neil, the author of the piece, is a data scientist, mathematician and professor, so she has decent chops. She compares artificial intelligence to human intelligence that is mostly id — basically because we don’t yet know how to instill it with empathy, or create the digital equivalent of a conscience.

Given that IBM’s Watson was designed not to replace humans but to enhance them by giving them the critical information they need to make the best decisions, it could be a useful tool for training our new president. And it is built in the U.S. by a U.S. company.

Given that Watson is now doing our taxes, it could be huge both for the president and IBM. I’ll explain and then close with my product of the week: Nvidia’s new set-top box.

 

Id-Driven CEOs – a Model for Future AIs

CEOs in large companies, particularly those who can implement large layoffs and take massive salaries without remorse, are believed to have similar behavioral traits.

Donald Trump is a good showcase of what could happen with an AI that didn’t receive high quality information and training. Understanding this and designing to correct the problem could prevent a Skynet outcome.

Skynet — the computing system in the Terminator movies — was created for defense purposes to eliminate threats. When humans tried to shut it down, it concluded that humans were the biggest threat and that it needed to eliminate them.

Using reverse logic, if President Trump is a good emulation of a future AI, then the same thing that would ensure that the future AI wouldn’t kill us should work to turn the new president into one of the most successful who ever lived, from the perspective of those who live in the U.S.

 

The AI Dichotomy

There are two parallel and not mutually exclusive paths for the coming wave of artificially intelligent machines coming to market. One — arguably the most attractive to many CEOs that deal with unions — is the model in which the machine replaces the human, increasing productivity while lowering executive aggravation.

This is exemplified in an episode of The Twilight Zone, “The Brain Center at Whipple’s.” As you would expect, once you go down a path of replacement, it is hard to know when to stop. At the end of the episode, the enterprising CEO who so unfeeling dealt with the employees he’d laid off is replaced by my favorite robot, Robby.

The other path — the one IBM espouses — is one in which the artificial intelligence enhances the human employee. It is a cooperative arrangement, and Watson was designed specifically for this role.

In one of its first medical tests, Watson took just minutes to diagnose a rare form of cancer that had stumped doctors for months. The supercomputer’s analysis led to a new, more effective treatment for the patient.

It is interesting to note that autonomous cars are developing on a parallel path — but in this case, the opposite scenario is favored. In the model known as “chauffeur,” the car has no capability for human driving. This model is favored when tied to a service, such as Uber.

However, car companies like Toyota prefer the “guardian angel” model, which allows a human to drive but equips the car with the ability to take various degrees of control instantly, depending on the situation. We see some of this today with technologies that bump you back into a lane, for example, or automatically tension the seatbelts and hit the brakes if it looks like you are about to hit something.

 

Watson for the President

Since its successful debut in healthcare, Watson has been applied to a number of other industries, including litigation, and it is rumored to be in use for both national defense and intelligence purposes. Granted, it might seem like overkill to create an implementation of Watson for just one person, but when that person is the most powerful head of state in the world, it might not be a bad investment.

At the very least, it would provide near-instant recognition of fake news, attempts to influence the office of the president, and early warnings if decisions were likely to have massive unintentional consequences.

If O’Neil’s premise is correct, then the best way to fix the Trump presidency could be to wed the president with a tool that trains him to be a chief executive capable of making far more fact-based, high quality decisions. Watson is designed specifically to do both.

Cybersecurity Warriors Ranks

IBM this week announced Watson for Cyber Security, a powerful new ally for organizations that want to protect their data from Net marauders.

The new offering bolsters the ability of information security pros to analyze the flood of information from the roughly 200,000 events that pour into their Security Operations Centers, or SOCs, every day.

About 20 percent of that flood is comprised of structured data that can be analyzed with database tools, but as much as 80 percent of it is unstructured data such as security blogs, white papers, Twitter feeds and forum threads. It’s data that contains valuable nuggets, but finding them is difficult.

“What Watson does is take all that information — structured, unstructured, as well as other information from the operations center — and put it in a cognitive system,” explained Denis Kennelly, vice president of development and technology at IBM Security.

“There it can be used to help the SOC operator to triage the security events,” he told TechNewsWorld.

While Watson can speed the analysis of data, its threat detection potential is limited, maintained Scott Miserendino, chief data scientist at BluVector.

“It’s primarily an enrichment service,” he told TechNewsWorld.

Betting on Cognitive Tools”Today’s sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data,” noted Sean Valcamp, chief information security officer at Avnet, an early tester of the Watson for Cyber Security system.

“Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing it with the latest security attack intelligence to provide a more complete picture of the threat,” he said.

“Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team’s ability to respond accordingly,” Valcamp added.

Only 7 percent of security pros currently use cognitive tools in their workflow, but that is changing, according to IBM, which expects usage to triple in the next two to three years.

That’s because as more and more devices come online, they create a burden on security teams they won’t be able to handle without the help an AI like Watson.

“The attack surface for the attacker is mushrooming,” Kennelly said. “Tools like Watson can help defend against those expanding attack patterns.”

 

Voice-Powered Security Assistant

IBM also announced the Havyn Project, which is developing a new voice-powered security assistant to work with Watson’s data.

Mobile World Congress

One of the biggest disappointments at this year’s Mobile World Congress, which opened Monday, is that the Samsung Galaxy 8 phone won’t make it. The phone’s official launch is scheduled for March 29.

The Galaxy line has been the ultimate iPhone fighter. Rumors around the anniversary edition of the iPhone suggest that it will do amazing, magical things, like 3D selfies. (OK, I’m really missing Steve Jobs at the moment — who the hell wants 3D selfies?!?)

Missing the biggest historical alternative is keeping a lot of us home this week. Still LG, Motorola, Lenovo and Qualcomm are expected to make huge announcements that could result in the iPhone 8 looking a tad out of date when it finally launches later in the year.

I’ll share some observations on what they have in store and close with my product of the week: a new PC camera from Logitech that enables Microsoft Hello on laptops and desktop PCs that otherwise wouldn’t support it. (When it works, Microsoft Hello is actually pretty cool.)

 

Gigabit Wireless

Some of this stuff we can anticipate just from Qualcomm launches. Perhaps the biggest of late is the Qualcomm X20 Modem. This part is likely to dominate the high-end phones announced at MWC and for good reason. It isn’t that it provides a maximum throughput of 1.2 gigabits — while impressive, that would just blow out our data plans — but that it uses carrier aggregation that increases overall data speeds by 2x or better.

This means you’ll have a far better chance of syncing your mail or downloading a book, movie or big file during the last minutes before the flight attendant forces you to put hour phone in airplane mode. It also means that cloud-based services likely will work much better on your phones, which will open up the door for things like…

 

Cloud-Based Artificial Intelligence

Let’s not kid ourselves — services like Siri suck. We’ve been waiting for some time for Apple’s partnership with IBM to result in a far better, Watson-like personal assistant. However, the richer the service, the less likelihood it can run on the phone, and the more it needs significant battery life.

If you really want a powerful artificial intelligence experience on the phone, you need both a powerful cloud-based AI and enough bandwidth to make the thing work, so expect some interesting, and far more powerful, cloud-based services announced this week.

Watson may be a stretch — though I doubt it — but the vastly improved Google Assistant is expected to be displayed on a far wider number of phones this year. So, one way or another, the new smartphones are likely to become a ton smarter.

GE Digital VP For Women

Beena Ammanath is vice president for data and analytics at GE Digital.

She has worked in the data analytics field for more than 20 years and serves as board director at ChickTech, a nonprofit dedicated to recruiting girls and women into the tech workforce and retaining them once they’re there.

Ammanath also serves on the Cal Poly Computer Engineering ProgramIndustrial Advisory Board, helping to shape the future generation of computer scientists with her expertise. She recently was named one of the top female analytics experts in the Fortune 500 by Forbescontributor Meta S. Brown.

In this exclusive interview, Ammanath speaks to TechNewsWorld about AI, analytics, and diversity in tech.

TechNewsWorld: You are one of the thought leaders on artificial intelligence. How do you think AI will impact businesses and jobs?

Beena Ammanath: I have worked in a number of industries — e-commerce, financial, marketing, telecom, retail, software products and industrial — over the past two decades. I have seen how the growth of data from OLTP systems to data warehouses to big data and data science has impacted businesses.

I believe we are just at the tip of the iceberg with AI today. AI is not by itself an industry — more of a technology that is positioned to transform businesses across a number of sectors. AI will be so intertwined and pervasive within business operations in the future that it may be impossible to do business without AI. Fundamental business models of today are going to change, as AI evolves.

Tesla’s driverless car is still in its early AI stage, but it won’t be that long before drivers put their cars completely on autopilot. In a few years from now, Uber may not need drivers; just idle cars will be needed. But even more broadly, the whole transportation ecosystem is going to change.

The Palm Jumeirah Monorail in Dubai is a fully automatic driverless train that can shuttle up to 6,000 passengers an hour. The locomotive industry is poised for a revolution — not only passenger trains, but also long-haul goods transportation.

There will be an impact on jobs, but I see it more as job roles changing and not necessarily as job reduction. The jobs most at risk are those that are routine-intensive and are strictly defined with limited tasks. If you think of the transportation example, in a few years we may not need as many drivers, but we will need more programmers and support personnel.

Best Linux Desktop

After I resolved to adopt Linux, my confidence grew slowly but surely. Security-oriented considerations were compelling enough to convince me to switch, but I soon discovered many more advantages to the Linux desktop.

For those still unsure about making the transition, or those who have done so but may not know everything their system can do, I’ll showcase here some of the Linux desktop’s advantages.

 

You Can’t Beat Free!

First and foremost, Linux is literally free. Neither the operating system nor any of the programs you run will cost you a dime. Beyond the obvious financial benefit of getting software for free, Linux allows users to be free by affording access to the basic tools of modern computer use — such as word processing and photo editing — which otherwise might be unavailable due to the cost barrier.

Microsoft Office, which sets the de facto standard formats for documents of nearly every kind, demands a US$70 per year subscription. However, you can run LibreOffice for free while still handling documents in all the same formats with ease.

Free software also gives you the chance to try new programs, and with them new ways of pursuing business and leisure, without their prospective costs forcing you to make a commitment.

Instead of painstakingly weighing the merits of Mac or Windows and then taking a leap of faith, you can consider a vast spectrum of choices offered by hundreds of distributions — basically, different flavors of Linux — by trying each in turn until you find the one that’s right for you.

Linux can even save money on hardware, as some manufacturers — notably Dell — offer a discount for buying a computer with Linux preinstalled. They can charge less because they don’t have to pass on the cost of licensing Windows from Microsoft.

 

You Can Make It Your Own

There is practically nothing in Linux that can’t be customized. Among the projects central to the Linux ecosystem are desktop environments — that is, collections of basic user programs and visual elements, like status bars and launchers, that make up the user interface.

Some Linux distributions come bundled with a desktop environment. Ubuntu is paired with the Unity desktop, for example. Others, such as with Debian, give you a choice at installation. In either case, users are free to change to any one they like.