Tag Archives: after

For Sale – 4U Silenced Custom Server

Here I have for sale my old lab ESXi host, which after a house move is now surplus to requirements.

The host itself is comprised of the following components:

– X-Case 4u Case
– Supermicro X9SRL-F Motherboard
– E5-2670 Xeon Processor (8 Core @ 2.60Ghz)
– 16GB (2 x 8GB Dimm) 1333Mhz Registered ECC Memory
– Noctua NH-U9DX i4 Xeon Cooler
– Corsair G650M Power Supply

Not latest tech by any stretch of the imagination, but certainly more than enough for the majority of home use cases.

Price and currency: £200
Delivery: Delivery cost is not included
Payment method: BACS / PPG
Location: Newbury
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

DerbyCon attendees and co-founder reflect on the end

After nine years running, DerbyCon held its ninth and final show, and attendees and a co-founder looked back on the conference and discussed plans to continue the community with smaller groups around the world.

DerbyCon was one of the more popular small-scale hacker conferences held in the U.S., but organizers surprised the infosec community in January by announcing DerbyCon 9 would be the last one. The news came after multiple attendee allegations of mistreatment by the volunteer security staff and inaction regarding the safety of attendees.

Dave Kennedy, co-founder of DerbyCon, founder of TrustedSec LLC and co-founder of Binary Defense Systems, did not comment on specific allegations at the time and said the reason for the conference coming to an end was that the conference had gotten too big and there was a growing “toxic environment” created by a small group of people “creating negativity, polarization and disruption.”

Kennedy claimed in a recent interview that DerbyCon “never really had any major security incidents where we weren’t able to handle the situation quickly and de-escalate at the conference with our security staff.”

Roxy Dee, a vulnerability management specialist, who has been outspoken about the safety for women at DerbyCon, told SearchSecurity that “it’s highly irresponsible to paint it as a great conference” given the past allegations and what she described as a lack of response from conference organizers.  

Despite these past controversies, attendees praised DerbyCon 9, held in Louisville, Ky from Sept. 6 to 8 this year, there have been no major complaints, and Kennedy told SearchSecurity it was everything the team wanted for the last year and “went better than any other year I can remember.”

“When we started this conference we had no idea what we were doing or how to run a conference. We went from that to one of the most impactful family conferences in the world,” Kennedy said. “It’s been a lot of work, a lot of time and effort, but at the end of the day we accomplished everything we wanted to get out of the conference and then some. Family, community and friendship. It was an incredible experience and one that I’ll miss for sure.”

As a joke, someone handed Kennedy a paper during the conference reading “DerbyCon 10” and the image quickly circled the conference via Twitter. Kennedy admitted he and all of the organizers “struggled with ending DerbyCon this year or not, but we were all really burned out.”

“When we decided, it was from all of us that it was the right direction and the right time to go on a high note. We didn’t have any doubts at all this year that there would ever be another DerbyCon. This is it for us and we ended on a high note that was both memorable and magical to us,” Kennedy said. “The attendees, staff, speakers and everyone were just absolutely incredible. Thank you all to who made DerbyCon possibly and for growing an amazing community.”

The legacy of DerbyCon

Kennedy told SearchSecurity that his inspiration for fostering the DerbyCon community initially was David Logan’s Tribal Leadership, “which talks about growing a tribe based on a specific culture.

“A culture for a conference can be developed if we try hard enough and I think our success was we really focused on that family and community culture with DerbyCon,” Kennedy said. “A conference is a direct representation of the people that put it on, and we luckily were able to establish a culture early on that was sorely needed in the INFOSEC space.”

April C. Wright, security consultant at ArchitectSecurity.org, said in her years attending, DerbyCon provided a “wonderful environment with tons of positivity and personality.”

“I met my best friend there. I can’t describe how much good there was going on, from raising money for charity to knowledge sharing to welcoming first-time attendees,” Wright said. “The quality of content and villages were world class. The volunteers and staff have always been friendly and kind. It was in my top list of cons worldwide.”

Eric Beck, a pen-tester and web app security specialist, said the special part about DerbyCon was a genuine effort to run contrary to the traditional infosec community view that “you can pwn or you can’t.”

“We all start somewhere, we all have different strengths and weaknesses and everyone has a seat at the table. Dave [Kennedy], set a welcoming tone and it meant that people that might otherwise hesitate took that first step. And that first step is always the hardest,” Beck said. “DerbCon was my infosec home base and where I recharged my batteries and I don’t know who or what can fill its shoes. I have a kiddo I thought I’d share this conference with and met people I assumed I’d see annually. I’m personally determined to contribute more in infosec and make the effort to reach out, but I have a difficult time imaging being part of something that brought in the caliber of talent and the sense of welcoming that this conference did.”

Danny Akacki, senior technical account manager with Gigamon Insight, said his first time attending was DerbyCon 6 and the moment he walked in to the venue he “fell in love with the vibe of that place and those people.”

“I still didn’t know too many people but I swear to god it didn’t matter. I made so many friends that weekend and I had the hardest bout of post-con blues I’ve ever experienced, which is a testament to just how profound an effect that year had on me,” Akacki said. “I had to skip 7, but made it to 8 and 9. Every year I went back, it felt like only a day had passed since the last visit because that experience and those people stay with you every day.” 

For Alethe Denis, founder of Dragonfly Security, DerbyCon 9 was her first time attending and she said the experience was everything she expected and more.

“The atmosphere was like a sleepover, compared to the giant summer camp that is DEF CON, and I really enjoyed that aspect of it. It felt like it was a weekend getaway with friends and the lack of casinos was appreciated. But I don’t feel that the quality of the talks and availability of villages was sacrificed in the least,” Denis said. “Even as small as Derby is, it was really tough to do everything I wanted to do because there were so many interesting options available. I feel like it brought only the best elements of the DEF CON type community and DEF CON conference to the Midwest.”

Micah Brown, security engineer at American Modern Insurance Group and vice president of the Greater Cincinnati ISSA chapter, echoed the sentiments of brother/sisterhood at DerbyCon and the cheerfulness of the conference and added another key tenet: Charity.

“One of the key tenets of DerbyCon has always been giving back. During the closing ceremonies, it was revealed that over the past 9 years, DerbyCon and the attendees have given over $700,000 to charity. That does not count the hours of people’s lives that go into making the presentations, the tools, the training that are freely distributed each year. Nor does it factor in the personal relationships and mentorships that are established and progress our community,” Brown said. “It was after my first DerbyCon I volunteered to be the Director of Education for the Greater Cincinnati ISSA Chapter and after my second DerbyCon I volunteered to be the Vice President of the Chapter. DerbyCon has also inspired me to give back by sharing my knowledge through giving my own presentations, including the honor to give back to the DerbyCon community with my own talk this year.”

Beyond DerbyCon

Xena Olsen, cyberthreat intelligence analyst in the financial services industry, attended the last two years of DerbyCon and credited the “community and sense of belonging” there with encouraging her to continue learning and leading her to now being a cybersecurity PhD student at Marymount University.

“The DerbyCon Communities initiative will hopefully serve as a means for people to experience the DerbyCon culture around the world,” Olsen said. “As far as a conference taking the place of DerbyCon, I’m not sure that’s possible. But other conferences can adopt similar values of community and inclusiveness, knowledge sharing and charity.” 

Wright said she has seen other conferences with similar personality and passion, “but none have really captured the heart of DerbyCon.”

“There are a lot of great regional cons in the U.S. that I think more people will start going to. They are affordable and easily accessed, with the small-con feel — as opposed to the mega-con vibe of ‘Hacker Summer camp’,” Wright said, referencing the week in Las Vegas that includes Black Hat, DEF CON, BSides Las Vegas, Diana Con and QueerCon plus other events, meetups and parties. “I don’t think anyone can fill the space left by DerbyCon, but I do think each will continue with its own set of ways and personality.”

Akacki was adamant that “no other con will ever take Derby’s place.”

“It burned fast and it burned bright. It was lighting in a bottle, never to be seen again. However, I’m not sad,” Akacki said. “I can’t even say that its vibe is rising from the ashes, because it would have to have burned down for that to happen. The fire that is the spirit of DerbyCon still burns and, I’d argue, it burns brighter than ever.”

I’m not sure any other con will be able to truly capture that magic and fill the space left by Derby.
Alethe DenisFounder, Dragonfly Security

Denis said it will be difficult for any conference to truly replace DerbyCon.

“I feel like the people who organized and were passionate about DerbyCon are what made Derby unique. I’m not sure any other con will be able to truly capture that magic and fill the space left by Derby,” Denis said. “But I guess that remains to be seen and hope that more cons, such as Blue Team Con in June 2020 in Chicago bring high quality content and engaging talks to the Midwest in the future.”

Wright noted that some of her favorite smaller security conferences included GRRcon, NOLAcon, CircleCityCon, CypherCon, Showmecon, Toorcon and [Wild West Hackin’ Fest], and she expressed hope that the proposed “DerbyCon Communities” project “will help with the void left by the end of the era of the original DerbyCon.”

The DerbyCon Communities initiative

The organizers saw DerbyCon growing fast, but “didn’t want to turn the conference into such a large production like DEF CON,” Kennedy told SearchSecurity.

“We wanted to go back to why DerbyCon was so successful and that was due to three core principles: Posivitiy and Inclusiveness, Knowledge Sharing and Charity. There is a direct need for a community to help new people in the industry and help charity at the same time,” Kennedy said. “The goal for the Communities initiative is to bring people together the same way DerbyCon did for one common goal.”

Kennedy also confirmed that there will be some involvement with the Communities initiative from the “core group” of organizers, including his wife Erin, Martin Bos and others.

Akacki said that with the local Derby Communities initiative, “the spirit of Derby has exploded into stardust, covering our universe.”

“You can’t kill what we’ve built, you can’t contain it and you can’t stop it,” Akacki said. “I’m not crying because it ended, I’m smiling and laughing … because it just became bigger than ever.”

On Sept. 11, Kennedy pitched the full idea of DerbyCon Communities to the team and said there should be four main areas of focus:

  • Chapter Groups
    • Independently run with chapter heads
    • Geographically placed
    • Volunteer network
  • Established Groups
    • Partner with similar groups that meet criteria and approval process to join DerbyCon network.
  • Conferences
    • Established or new. Allow for new conferences to be created.
  • Kids
    • Programs geared towards teaching next-gen children.

Ultimately, Kennedy told SearchSecurity he wants new groups to “be welcoming and accepting of new people and making a difference and impact in their local communities or worldwide.”

“Our hope is that not only do DerbyCon Chapters spawn up, but other conferences and chapter groups will join forces to create a DerbyCon network of sorts to grow this community in a positive way.”

Go to Original Article
Author:

For Sale – Synology DS215J

I’m selling my synology DS215J after having upgraded to a higher spec model.

It’s a solid little NAS – had been using it as a media server (Kodi/PLEX), fowl storage and download box and it’s been faultless.

I’ve got the box but none of the instructions. It’s about 18 ish months old so there’s no warranty.

Looking for £100 (delivery included)

Price and currency: £100
Delivery: Delivery cost is included within my country
Payment method: BT / PPG
Location: Cheltenham / Medway
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Oracle BI platform on the comeback trail

The Oracle BI platform remains a relevant, vibrant suite of analytics products after all these years.

Oracle is one of the legacy business intelligence vendors — one of the companies that began producing tools for data analysis long before terms like augmented intelligence, machine learning and natural language processing were born. But while many of its long-ago competitors have disappeared and some that remain struggle to keep up with the pace of innovation, the Oracle BI platform is going strong.

“They’ve generally been followers, but they’re keeping up,” said Rick Sherman, founder and managing partner of Athena IT Solutions. “They’ve done an extremely good job.”

The company was in danger of becoming one of the legacy vendors that time passed by.

The vendor reacted. It met with customers and heard their complaints. It invested in innovation to include more AI and machine learning. It simplified its product suite. And it changed its management team to help take the Oracle BI platform forward.

“They had a leading traditional semantic-based platform, but when the industry transitioned to user-based visualizations, Oracle didn’t respond quickly,” said Rita Sallam, data and analytics analyst at Gartner. “Over the last three to four years, they’ve invested heavily in new capabilities … and their new products are well-positioned to compete with the rest of the market.”

They had a leading traditional semantic-based platform, but when the industry transitioned to user-based visualizations Oracle didn’t respond quickly. Over the last three to four years they’ve invested heavily in new capabilities … and their new products are well-positioned to compete with the rest of the market.
Rita SallamData and analytics analyst, Gartner

From 18 BI products to three

The Oracle BI platform, operating in the umbrella name Oracle Analytics, currently consists of Oracle Analytics Cloud (OAC), Oracle Analytics Server (OAS) and Oracle Analytics for Applications.

OAC is a platform delivered as a cloud service; OAS is an option that can be deployed on premises or through a third-party cloud vendor and allows users the option of migrating to Oracle’s cloud at their own pace; and Oracle Analytics for Applications is aimed at SaaS users.

“They’ve done a nice job of weaving augmented analytics capabilities into OAC, with its natural language generation and natural language query and interaction options being particularly strong,” said Doug Henschen, principal analyst at Constellation Research.

He added, however, that it remains to be seen just how actively Oracle will facilitate multi-cloud deployment and the extent to which AI capabilities will be featured in OAS.

Before being pared down to three products, the Oracle BI platform consisted of a mind-boggling 18.

“The first thing we heard from customers was, ‘Make it easier for me to deploy Oracle Analytics,'” said Bruno Aziza, vice president of Oracle Analytics. “The first aspect of that was to simplify our product lineup. It’s a lot easier for customers to understand how to consume the value from Oracle.”

Despite being pared down from 18 to three products, capabilities that users relied on weren’t eliminated. The Oracle BI platform still supports the first-generation tools that IT departments and data developers used to make semantic models and reports, along with the data visualizations popularized in the second-generation products, as well as the machine learning, natural language processing and AI features that make up the next generation.

“We believe that these three waves of analytics are net additive,” said T.K. Anand, senior vice president of Oracle Analytics. “They do not replace previous waves — they build on top of the other. … We don’t believe that IT reports and dashboards are going to go away in the future. At the same time, we believe that analytics can reach an order of magnitude made available through mobile devices, through natural language, automatic insights that are revealed through AI algorithms.

“Our strategy is to provide all of these capabilities in a single integrated platform.”

Daily traffic volume for the Washington, D.C., area is displayed on an Oracle Analytics dashboard.
An Oracle Analytics dashboard shows the traffic volume per day for the Washington, D.C., area.

Beyond the complexity of 18 products, according to Aziza, customers complained about the complicated nature of Oracle’s pricing. The response was to change it to two plans — payment on a per-user basis or on a per-server basis.

Finally, he said, customers wanted more transparency. As a result, in June, Oracle held an Oracle Analytics Summit at which it unveiled the pared-down product lineup and even went so far as to publish its roadmap.

Beyond the three products that make up the current Oracle BI platform, an addition will be unveiled next week at Oracle’s OpenWorld conference in San Francisco.

“Their technological prowess is much brighter than [other legacy vendors],” Sherman said. “They’ve spawned off adept entrepreneurs, and they’ve impressed with their survival capabilities.”

Despite all Oracle has done to respond to customer concerns and improve the Oracle BI platform, according to Sallam, there are challenges that remain. In particular, while Oracle has taken steps to appease its existing customer base, attracting new clients could be a challenge.

“Will they attract new customers who are looking at Tableau, ThoughtSpot, Qlik, Power BI?” she asked. “They’re doing everything they can, but it’s easier to change a product than it is to change hearts and minds. … The pieces are in place, but the market just has to believe them and give them a chance.”

Go to Original Article
Author:

VMware vSAN HCI: Complete stack or ‘vaporware’?

Days after VMware’s CEO proclaimed his vSAN product the winner in the hyper-converged infrastructure space, the CEO of VMWare rival Nutanix countered that VMware “sells a lot of vaporware.”

“We’re crushing Nu … I mean we’re winning in the marketplace,” VMware CEO Pat Gelsinger said during his opening VMworld keynote last week. “We’re separating from No. 2. We’re winning in the space.”

Two days later on Nutanix’s earnings call, CEO Dheeraj Pandey took a shot at VMware without mentioning the company by name. “We don’t sell vaporware,” he said, when referring to why Nutanix wins in competitive deals.

In an exclusive interview after the call, Pandey admitted the vaporware charge was aimed mostly at VMware’s vSAN HCI software.

Pat Gelsinger, VMware CEOPat Gelsinger

“VMware sells a lot of vaporware,” Pandey said. “A lot of that vaporware becomes evident to customers who buy that stuff. When bundled products don’t deliver on their promise, they call us. What we sell is not shelfware.”

Whatever VMware is selling with its vSAN HCI software, it is working. VMware reported license bookings of its vSAN HCI software grew 45% year-over-year last quarter, while Nutanix revenue and bookings slipped from last year. VMware’s parent Dell also claimed a 77% increase in orders of its Dell EMC VxRail HCI appliances that run vSAN software. Those numbers suggest Dell increased market share against Nutanix, even if Nutanix did better than expected last quarter following a disappointing period. IDC listed VMware as the HCI software market leader and Dell as the hardware HCI leader in the first quarter of 2019, with Nutanix second in both categories. Gartner lists Nutanix as the HCI software leader, but No. 2 VMware made up ground in Gartner’s first-quarter numbers.

Nutanix’s Pandey attributed at least some of VMware’s HCI success to bundling its vSAN software with its overall virtualization stack. Like VMware, Nutanix has its own hypervisor (AHV) and its share of hardware partners — including Dell — but VMware has a huge vSphere installed base to sell vSAN into.

Dheeraj Pandey, Nutanix CEODheeraj Pandey

Pandey said he was unimpressed by VMware’s Kubernetes and open source plans laid out at VMworld, which included Tanzu and Project Pacific. Both are still roadmap items but reflect a commitment from VMware to containers and open source software.

“That’s worse than vaporware, that’s slideware,” Pandey said of VMware’s announcements. “Everything works in slides. We’re based on Linux; we get a lot of leverage out of open source. AHV was based on Linux, and we’ve made it enterprise grade.”

Making vSAN part of its vSphere virtualization platform has paid off for VMware. Customers at VMworld pointed to their familiarity with VMware and vSAN’s integration with vSphere, and its NSX software-defined networking as reasons for going with vSAN HCI.

 “What really end up selling it for us was, we were already using VMware for our base product and the vast majority of the deliverables that our customers request is in vSphere,” said Lester Shisler, senior IT systems engineer at Harmony Healthcare IT, based in South Bend, Ind. “So whatever pain points we learned along the way with vSAN, we were going to have to learn [with a competing HCI product] as well, along with new software and new management and everything else.”

Matthew Douglas, chief enterprise architect at Sentara Healthcare in Norfolk, Va., said Nutanix was among the HCI options he looked at before picking vSAN.

“VMware was ultimately the choice,” he said. “All the others were missing some components. VMWare was a consistent platform for hyper-converged infrastructure. Plus, there was NSX and all these things that fit together in a nice, uniform fashion. And as an enterprise, I couldn’t make a choice of all these independent different tools. Having one consistent tool was the differentiator.”

Despite losing share, Nutanix’s last-quarter results were mixed. Its revenue of $300 million and billings of $372 million were both down from last year but better than expected following the disappointing previous quarter. Nutanix’s software and support revenue of $287 million increased 7%, a good sign for the HCI pioneer’s move to a software-centric business model. Nutanix also reported a 16% growth in deals over $1 million from the previous quarter.

However, operating expenses also increased. Sales and marketing spend jumped to $254 million from $183 million the previous year. Nutanix, which has never recorded a profit, lost $194 million in the quarter — more than double its losses from a year ago. It finished the quarter with $909 million in cash, down from $943 million last year.

Pandey said he is more concerned about growth and customer acquisition than profitability.

“Profitability is a nuanced word,” Pandey said. “We defer so much in our balance sheet. Right now we care about doing right by the customer when we sell them subscriptions.”

Go to Original Article
Author:

For Sale – 4U Silenced Custom Server

Here I have for sale my old lab ESXi host, which after a house move is now surplus to requirements.

The host itself is comprised of the following components:

– X-Case 4u Case
– Supermicro X9SRL-F Motherboard
– E5-2670 Xeon Processor (8 Core @ 2.60Ghz)
– 16GB (2 x 8GB Dimm) 1333Mhz Registered ECC Memory
– Noctua NH-U9DX i4 Xeon Cooler
– Corsair G650M Power Supply

Not latest tech by any stretch of the imagination, but certainly more than enough for the majority of home use cases.

Price and currency: £200
Delivery: Delivery cost is not included
Payment method: BACS / PPG
Location: Newbury
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

For Sale – 4U Silenced Custom Server

Here I have for sale my old lab ESXi host, which after a house move is now surplus to requirements.

The host itself is comprised of the following components:

– X-Case 4u Case
– Supermicro X9SRL-F Motherboard
– E5-2670 Xeon Processor (8 Core @ 2.60Ghz)
– 16GB (2 x 8GB Dimm) 1333Mhz Registered ECC Memory
– Noctua NH-U9DX i4 Xeon Cooler
– Corsair G650M Power Supply

Not latest tech by any stretch of the imagination, but certainly more than enough for the majority of home use cases.

Price and currency: £200
Delivery: Delivery cost is not included
Payment method: BACS / PPG
Location: Newbury
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Diversity and cybercrime: Solving puzzles and stopping bad guys – Asia News Center

Diana Kelley bristles at suggestions that cybersecurity is a dry or dull career choice – after all, she’s dedicated most of her working life to protecting data and blocking digital wrongdoers.

“I think it is the most interesting part of IT. It can be a fascinating puzzle to solve. It can be like a murder mystery on that show, ‘Law & Order,’ except that when they find a dead body, we find a network breach,” she says.

“As we investigate, we go back through all these twists and turns. And, sometimes we discover that the real culprit isn’t the one we had suspected at the beginning.”

As Microsoft’s global Cybersecurity Field Chief Technology Officer, she wants to erase misconceptions that might be stopping people from more walks of life from entering her profession – which, she argues,  needs new ways of thinking and innovating.

Successful companies know that by building diversity and inclusion within their ranks, they can better understand and serve their many and varied customers. Cybersecurity teams need to read from the same playbook so they can better anticipate and block attacks launched by all kinds of people from all sorts of places.

“Cybercriminals come from different backgrounds and geo-locations and have different mindsets,” Kelley says. “They collaborate and use very diverse attack techniques to come after individuals, companies, and countries. So, it helps us also to have a very diverse set of protection and controls to stop them.”

Knowing how attackers might think and act can be difficult for any cybersecurity team, particularly if it is made up of people from similar backgrounds with similar viewpoints. It is the kind of conformity that can even lead to a sort of “groupthink,” which results in blind spots and unintended bias.

The power of different viewpoints

“If people think in the same ways again and again, they are going to come up with the same answers. This only stops when different viewpoints are raised, and different questions are heard.”

Kelley says attackers come from, and operate in, many different environments, and cybersecurity teams need to match this diversity as much as they can. However, the make-up of today’s international cybersecurity community remains surprisingly homogenous.

“About 90 percent are men and, depending on where you are in the world, they are often white men,” she says. “In Asia, it tends to be a little worse. Only about nine percent are women.”

The need for change comes amid unprecedented demand for cybersecurity and a chronic shortage of skilled specialists across the world. Kelley sees this an opportunity.

“We’ve got this big gap in hiring, so why not create a more diverse and inclusive community of people working on the problem?” she said in an interview on her recent visit to Singapore, one of many global cities vying for talent in the sector.

One major concern is gender imbalance. Even though many well-paying jobs are up for grabs, relatively few women are taking up, and staying in, cybersecurity roles.

Fixing the gender imbalance

“When I got into the field almost 30 years ago, women had very low representation in computer science in general,” Kelley says. “Back then, I just assumed it would change over time. But it hasn’t.”

Studies show that girls often drop out of STEM (science, technology, engineering, and math) subjects in middle or high school. Some women university graduates do enter the profession. But a lot end up leaving – many for cultural reasons in the workplace.

“There is a high attrition rate. We need to promote the value of studying STEM. And, we also need to work for the people who are in the field now by creating inclusive work environments.”

Kelley joined Microsoft about two years ago. Since then, she has been struck by its strong culture of respecting diverse viewpoints and encouraging inclusion – things she hasn’t seen stressed in some other companies.

“Not every idea is a great idea. But that doesn’t mean it should be mocked or dismissed. It should be respected as an idea. I have spoken to some women elsewhere who say because they didn’t feel heard or respected, they didn’t want to stay in IT.”

Bringing in all sorts of people

Kelley says more can be done to build up diversity and inclusion beyond fixing the gender mix. Again, she is impressed by Microsoft’s efforts. “Yes, we need to engage more women. But we also need to bring in all sorts of people from different social and career backgrounds.

“For instance, our team – the Cybersecurity Solution Group at Microsoft – is looking for people who may not have worked in cybersecurity in the past, but have a great interest (in technology) as well as other talents. So we are creating diversity that way too.”

Kelley recounts her own sideways entry into the field. She fell in love with computers and software during her teens when she discovered for herself how vulnerable networks at the time could be.

Later she graduated from university with a very non-techie qualification: a degree in English. Her first few jobs were editorial roles, but being tech-savvy soon meant she became the “go-to IT guy” in her office.

“Finally someone said to me, ‘Hey, you know what? IT is your calling, and we are hiring.’ So, what had been a hobby for me then became a career.”

She eventually moved into cybersecurity after an intruder broke into a network she had just built. “I pivoted from being a network and software person to someone very much focused on creating secure and resilient architectures and networks to thwart the bad guys.”

We need diverse thinkers

Looking to the future, she wants a broader pool of job seekers to consider careers in cybersecurity, even if they did not like STEM at school.

“We need diverse thinkers … people who understand psychology, for example, who can help understand the mindsets behind these attacks. We need great legal minds to help with ethics and privacy. And, political minds who understand lobbying.”

The cybersecurity world needs individuals who are altruistic and have a little more. “We go into this field because we want to do the right thing and protect people and protect data. That is a critical part. And, it also really helps to have a sort of a ‘tinkering mindset.’”

She explains that when cybersecurity professionals create systems, they also have to produce threat models. To do that, they need to think about, ‘What if I was a bad guy? What if I was trying to take this apart? How could it be taken apart?’ That is the point where they can start to work out how to make their system more attack resistant.

Meanwhile, she is eager to debunk a few myths swirling around the subject of cybercrime.

For starters, the days of the smart lone wolf kid in a hoodie hacking for fun from his bedroom are more or less over. Nowadays, only a tiny minority of perpetrators cause digital mischief and embarrassment just for the bragging rights or are “hacktivists” who want to advance social or environmental causes.

Ominously, there are sophisticated state-sponsored actors targeting the vulnerabilities of rival powers. Governments around the world are rightly worried about their citizens’ data. But they also fear for the security of vital infrastructure, like power grids and transport systems. Accordingly, military strategists now rate cyber as a field of warfare alongside land, sea, and air.

That said, most of the bad guys are simply in it for the money and do not deserve the glory and headlines they sometimes get.

“They are not glamorous. Many are in big criminal syndicates that just want to grab our data – hurting us and hurting our loved ones.”

Go to Original Article
Author: Microsoft News Center

Adobe Experience Platform adds features for data scientists

After almost a year in beta, Adobe has introduced Query Service and Data Science Workspace to the Adobe Experience Platform to enable brands to deliver tailored digital experiences to their customers, with real-time data analytics and understanding of customer behavior.

Powered by Adobe Sensei, the vendor’s AI and machine learning technology, Query Service and Data Science Workspace intend to automate tedious, manual processes and enable real-time data personalization for large organizations.

The Adobe Experience Platform — previously the Adobe Cloud Platform — is an open platform for customer experience management that synthesizes and breaks down silos for customer data in one unified customer profile.

According to Adobe, the volume of data organizations must manage has exploded. IDC predicted the Global DataSphere will grow from 33 zettabytes in 2018 to 175 zettabytes by 2025. And while more data is better, it makes it difficult for businesses and analysts to sort, digest and analyze all of it to find answers. Query Service intends to simplify this process, according to the vendor.

Query Service enables analysts and data scientists to perform queries across all data sets in the platform instead of manually combing through siloed data sets to find answers for data-related questions. Query Service supports cross-channel and cross-platform queries, including behavioral, point-of-sale and customer relationship management data. Query Service enables users to do the following:

  • run queries manually with interactive jobs or automatically with batch jobs;
  • subgroup records based on time and generate session numbers and page numbers;
  • use tools that support complex joins, nested queries, window functions and time-partitioned queries;
  • break down data to evaluate key customer events; and
  • view and understand how customers flow across all channels.

While Query Service simplifies the data identification process, Data Science Workspace helps to digest data and enables data scientists to draw insights and take action. Using Adobe Sensei’s AI technology, Data Science Workspace automates repetitive tasks and understands and predicts customer data to provide real-time intelligence.

Also within Data Science Workspace, users can take advantage of tools to develop, train and tune machine learning models to solve business challenges, such as calculating customer predisposition to buy certain products. Data scientists can also develop custom models to pull particular insights and predictions to personalize customer experiences across all touchpoints.

Additional capabilities of Data Science Workstation enable users to perform the following tasks:

  • explore all data stored in Adobe Experience Platform, as well as deep learning libraries like Spark ML and TensorFlow;
  • use prebuilt or custom machine learning recipes for common business needs;
  • experiment with recipes to create and train tracked unlimited instances;
  • publish intelligent services recipes without IT to Adobe I/O; and
  • continuously evaluate intelligent service accuracy and retrain recipes as needed.

Adobe data analytics features Query Service and Data Science Workspace were first introduced as part of the Adobe Experience Platform in beta in September 2018. Adobe intends these tools to improve how data scientists handle data on the Adobe Experience Platform and create meaningful models off of which developers can work. 

Go to Original Article
Author:

Zoom vulnerability reveals privacy issues for users

Zoom faced privacy concerns after the disclosure of a vulnerability that could allow threat actors to use the video conferencing software to spy on users.

The Zoom vulnerability, originally reported to only affect the Mac version of the software, has been found to partially affect Windows and Linux as well. Jonathan Leitschuh, software engineer at open source project Gradle, disclosed the Zoom vulnerability in a blog post earlier this week and said it “allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.”

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call,” Leitschuh added. “Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

According to Leitschuh, it took Zoom 10 days to confirm the vulnerability and in a meeting on June 11, he told Zoom there was a way to bypass the planned fix, but Zoom did not address these concerns when Zoom reported the vulnerability fixed close to two weeks later. The Zoom vulnerability resurfaced on July 7, Leitschuh disclosed on July 8 and Zoom patched the Mac client on July 9. Zoom also worked with Apple on a silent background update for Mac users, released July 10, which removed the Zoom localhost from systems.

“Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner,” Leitschuh wrote. “An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack.” 

Zoom — whose video conferencing software is used by more than 4 million users in approximately 750,000 companies around the world — downplayed the severity of the issue and refuted Leitschuh’s characterization of the company.

This trust tradeoff, between making it easy and making it secure, is something that every consumer should consider.
Tom PattersonChief trust officer, Unisys

“Once the issue was brought to our Security team’s attention, we responded within ten minutes, gathering additional details, and proceeded to perform a risk assessment,” Richard Farley, CISO at Zoom, wrote in the company’s response. “Our determination was that both the DOS issue and meeting join with camera on concern were both low risk because, in the case of DOS, no user information was at risk, and in the case of meeting join, users have the ability to choose their camera settings.”

“To be clear, the host or any other participant cannot override a user’s video and audio settings to, for example, turn their camera on,” Farley added. 

Both the disclosure and response from Zoom portrayed the issue as only affecting the Mac client, but Alex Willmer, Python developer for CGI, wrote on Twitter that the Zoom vulnerability affected Windows and Linux as well.

“In particular, if zoommtg:// is registered as a protocol handler with Firefox then [Zoom] joins me to the call without any clicks,” Willmer tweeted. “To be clear, a colleague and I saw the auto-join/auto-webcam/auto-microphone behavior with Firefox, and Chromium/Chrome; on Linux, and Windows. We did not find any webserver on port 19421 on Linux. We didn’t check Windows for the webserver.”

Leitschuh confirmed Willmer’s discovery, but it is unclear if Zoom is working to fix these platform clients. Leitschuh also noted in his disclosure that the issue affects a whitehite label version of Zoom licensed to VoIP provider RingCentral. It is unclear if RingCentral has been patched.

Leitschuh told SearchSecurity via Twitter DM that “Zoom believes the Windows/Linux vulnerabilities are the browser vendors’ to fix,” but he disagrees.

Zoom did not respond to requests for comment at the time of this post.

Tom Patterson, chief trust officer at Unisys, said the tradeoff between security and ease of use is “not always a fair trade.”

“The fact that uninstalling any app doesn’t completely uninstall all components runs counter to engendering trust. In this case, it’s an architectural decision made by the manufacturers which appears to be designed to make operations much easier for users,” Patterson told SearchSecurity. “This trust tradeoff, between making it easy and making it secure, is something that every consumer should consider.”

Go to Original Article
Author: