Tag Archives: speakers

Wanted – HP Microserver

Parisa Tabriz’s Black Hat 2018 keynote challenges infosec’s status quo

LAS VEGAS — Keynote speakers for infosec conferences often play to the crowd with flowery quotes about how the security community are the real leaders of change, but Parisa Tabriz, director of engineering at Google, took a slightly different approach with her Black Hat 2018 keynote by describing — in detail — the actual work required to enact that change.

Some of the themes Tabriz hit on were familiar to the Black Hat audience — focusing too much on flashy vulnerabilities and hacks rather than root causes and the broader impact that can be made by infosec — but the tone of her keynote felt different. Rather than an impassioned speech meant primarily to inspire, Tabriz set out to instruct the audience with specific yet simple actions.

According to Tabriz, the way to make things better breaks down into three broad steps: Tackling root causes, choosing milestones and celebrating achievements, and building a coalition outside of security.

“Often, we can’t tell the exact form of potential threats to come, but we have to still invest proactively in defensive projects that promote core security principle — isolation, containment, simplicity,” Tabriz said. “Now, when the benefits aren’t immediately clear, which is common in proactive defensive work, it’s important to communicate upwards and outwards and get people outside of your immediate security team to invest in the project.”

Tabriz, who manages both the Chrome security and Project Zero teams at Google, used examples from each to teach the audience at Black Hat about how much work it takes, and how many ways a project can fall apart, regardless of if it is a major security change or something seemingly much smaller.

“Defense happens over the long arc. It’s very hard to measure progress because it happens over time. We don’t have great objective ways to measure it and some metrics are bad. It takes a long time, positive signals are very rare, and I think that’s why it’s harder to celebrate and recognize and talk about defenders,” Tabriz told reporters after the keynote. “But I think it’s really important to do and I hope that we can take some attention because

at
the end of the day, that’s what actually makes things better.”

Tabriz was also careful to note the wider impact one vendor can have even when faced with criticism. She talked about how the Project Zero team faced a lot of pushback from the industry when first implementing its strict 90-day disclosure policy because historically, vendor response to fixing security issues varied widely across the industry and often involved negotiations between researchers and vendors.

“Project Zero’s strategy is to build a practical offensive security research pipeline to advance the broader understanding of exploitation amongst vendors. That ultimately leads to structural improvements and better

end user
security for the world,” Tabriz said. “In

total
the vast majority [95%] of the issues reported by Project Zero are now fixed within the 90-day disclosure period. That’s up from 25% that the researchers experienced prior to deadlines being made standard. That’s a huge, huge change.

“Making

fundamental
change to the status quo is hard, but necessary. It absolutely leads to upsetting people. If you’re not upsetting people, you’re not changing the status quo.”

Proactive defense of root issues

Tabriz offered real-world examples of changing the status quo in her own organization with the massive effort to add site isolation to Chrome. She said the Chrome team at Google identified potential threats based on the fundamental architecture of the browser in the form of cross-site attacks.

“We didn’t know exactly when the wave of attacks would come and when they would move from render compromise to install malware, to render compromise to steal cross-site data, but we knew the incentives were there for a shift to be inevitable,” Tabriz said. “With that realization, our security team started a second solution effort in 2012. This was an effort to rearchitect the browser and mitigate this risk.”

Tabriz described how the work of developing site isolation in Chrome took six years — far more than the one year originally estimated — and ended with a not-so-flashy demo showing that the browser “didn’t crash.” But all of that work gave Google “a huge head start” when the Spectre attacks were identified, and even

more
granular site isolation was needed to protect users

“Chrome already had a huge amount of the

ground work
laid to protect users from a whole class of new bugs. No one would have predicted that something as big as Spectre would come along. But we did know where the assets were and were attacking that root problem for a number of years,” Tabriz said. “We all need to continue investing in ambitious proactive defensive projects.”

Celebrating goals and avoiding failure

Part of the key to success was setting goals and celebrating achieving those goals, Tabriz said. Being mindful to celebrate milestones was a good practice to keep the teams motivated during long-term projects, but those milestones also acted as a beacon to other teams outside of security and even with other vendors that changes were in the works.

“Part of my job is to make sure my team believes change is possible and stays optimistic over the long run,” Tabriz said and described the process of changing the HTTPS badges in Chrome. “We celebrated a lot of the transitions in public. The milestones, each one of them, resulted in pushback and also the occasional hate mail. But it served a really important purpose: they were a reminder to the world that this was coming and they put a very clear deadline for people to work towards.”

Of course, in spite of hard work and clear deadlines, there are many ways a project can fail, Tabriz said, including management killing the project because unexpected delays aren’t explained properly or a lack of support from the wider team or outside vendors. She described how the Chrome site isolation team was able to build a coalition during its efforts through communication, positive attitudes and generally “being good citizens.”

“The insight for the core work stemmed from that 10-person site isolation team, but the ability to kill progress came from outside of that team. To make a project like this work at scale, you have to build a coalition of experts in many different roles and champions for your project,” Tabriz said. “Our community may be able to find the right problems and technical solutions, but we rely on everyone working in technology to clear the path to a safer future.”

Alexa for Hospitality brings AI voice assistant to hotel rooms

Amazon has released a line of Echo smart speakers custom-built for hotel rooms. Alexa for Hospitality is the company’s latest attempt to capitalize on the consumer success of its AI voice assistant to penetrate the enterprise market.

Alexa for Hospitality lets hotel guests place calls, set alarms, play music, order room service, summon housekeeping and control in-room smart devices. In the future, Amazon will allow guests to sign into their personal Alexa accounts on the hotel room devices.

The platform comes with a centralized console, so hotel administrators can remotely control the Echo devices in every room, managing default settings and resetting devices between guests.

Amazon’s platform is a logical first step for bringing AI to the enterprise market, said Zeus Kerravala, founder and principal analyst at ZK Research in Westminster, Mass. But Amazon will eventually need to build a business-grade platform with a more specific set of capabilities.

“Don’t just connect me to the spa, but know that the last four times I stayed there, this is the type of massage I got,” Kerravala said. “That level of personalization comes with having much deeper domain knowledge, and that’s what the consumer products aren’t meant for. They are meant to be broad platforms.”

Consumer smart speakers grow in the enterprise market

AI voice assistants such as Amazon Alexa and Google Home have grown in popularity among consumers in recent years. The worldwide market for smart speakers is projected to increase at an annual rate of 23.7% per year between now and 2022, according to research released this week by IDC.

As more and more consumers become accustomed to AI voice assistants, tech giants like Amazon are stepping up efforts to sell those devices in the enterprise market. By 2022, for example, London-based research firm IHS Markit forecasts hotels will have installed more than 1.2 million smart speakers in rooms. 

Amazon has already netted one big customer, Marriott International, which will deploy Alexa for Hospitality in a select number of hotels starting this summer. Amazon has invited other hotel chains to apply for an invitation to use the product.

Alexa for Hospitality should complement the software and services provided by traditional networking and telephony providers. But it could make it harder for those vendors to sell some of their newer technologies.

In March, for example, Avaya released a version of its Avaya Vantage desk phone designed for the hospitality industry. Hotels can use the Avaya Breeze Client SDK to customize the capabilities of the Vantage touchscreen device, which also runs an AI voice assistant.

“Alexa for Hospitality and competitors like Avaya’s Vantage … offer identical features to hotel guests,” said Bryan Montany, an analyst at IHS Markit. “As Marriott is the largest hotel chain in the world, Amazon’s partnership with Marriott will definitely put some pressure on these competitors.”

Security concerns a hurdle for Amazon

Alexa for Hospitality customers will have to educate hotel guests about how AI voice assistant devices work, said Irwin Lazar, an analyst at Nemertes Research, based in Mokena, Ill.

Many people may fear that the Alexa app is recording everything it hears in the room. In reality, the Echo devices only begin transmitting information to the Amazon cloud when activated by a wake word, such as “Alexa.”

Amazon faced similar concerns from enterprise IT buyers when it rolled out Alexa for Business last year. That platform connects to enterprise messaging and meeting software, letting users place calls and pull information with voice commands. 

Businesses have expressed trepidation about the fact that Amazon processes the data from its devices in the cloud. In contrast, the IBM Watson Assistant — a toolkit for building AI virtual assistants for the enterprise — gives business more control over their data.

“I’m not sure that the general population, at this point, is going to be excited about having an Amazon device potentially listening to them while they are in hotel rooms,” Lazar said.

For Sale – Creative Gigaworks T40 Series II PC Speakers

I’ve got a pair of Gigaworks T40 PC speakers for sale, fully boxed with all cables etc. Everything is in Mint condition, can’t see a mark anywhere on the speakers and only selling due to an upgrade.

Ideally would like these collecting but happy to post if buyer pays postage. These speakers are still selling for £90+ but am happy to take £50

Price and currency: £50
Delivery: Delivery cost is not included
Payment method: Cash on Collection or BT
Location: Lincoln
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Creative Gigaworks T40 Series II PC Speakers

I’ve got a pair of Gigaworks T40 PC speakers for sale, fully boxed with all cables etc. Everything is in Mint condition, can’t see a mark anywhere on the speakers and only selling due to an upgrade.

Ideally would like these collecting but happy to post if buyer pays postage. These speakers are still selling for £90+ but am happy to take £50

Price and currency: £50
Delivery: Delivery cost is not included
Payment method: Cash on Collection or BT
Location: Lincoln
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

B&W MM1 speakers and AOC 18” Monitor

Hi,

I am selling my superb MM1 speakers, unfortunately they don’t really get used so would like someone else to benefit from them.

They come boxed with remote etc and are in excellent condition. £200 Ono

I am selling my surplus to requirements AOC monitor, I only bought it for trouble shooting PC problems as my iMac cant be used as an external screen, it has very little use and is in excellent condition.

The resolution is quite low at 1366 x 768 but would make a great second screen for…

B&W MM1 speakers and AOC 18” Monitor

B&W MM1 speakers and AOC 18” Monitor

Hi,

I am selling my superb MM1 speakers, unfortunately they don’t really get used so would like someone else to benefit from them.

They come boxed with remote etc and are in excellent condition. £200 Ono

I am selling my surplus to requirements AOC monitor, I only bought it for trouble shooting PC problems as my iMac cant be used as an external screen, it has very little use and is in excellent condition.

The resolution is quite low at 1366 x 768 but would make a great second screen for…

B&W MM1 speakers and AOC 18” Monitor

B&W MM1 speakers and AOC 18” Monitor

Hi,

I am selling my superb MM1 speakers, unfortunately they don’t really get used so would like someone else to benefit from them.

They come boxed with remote etc and are in excellent condition. £200 Ono

I am selling my surplus to requirements AOC monitor, I only bought it for trouble shooting PC problems as my iMac cant be used as an external screen, it has very little use and is in excellent condition.

The resolution is quite low at 1366 x 768 but would make a great second screen for…

B&W MM1 speakers and AOC 18” Monitor

B&W MM1 speakers and AOC 18” Monitor

Hi,

I am selling my superb MM1 speakers, unfortunately they don’t really get used so would like someone else to benefit from them.

They come boxed with remote etc and are in excellent condition. £200 Ono

I am selling my surplus to requirements AOC monitor, I only bought it for trouble shooting PC problems as my iMac cant be used as an external screen, it has very little use and is in excellent condition.

The resolution is quite low at 1366 x 768 but would make a great second screen for…

B&W MM1 speakers and AOC 18” Monitor

B&W MM1 speakers and AOC 18” Monitor

Hi,

I am selling my superb MM1 speakers, unfortunately they don’t really get used so would like someone else to benefit from them.

They come boxed with remote etc and are in excellent condition. £200 Ono

I am selling my surplus to requirements AOC monitor, I only bought it for trouble shooting PC problems as my iMac cant be used as an external screen, it has very little use and is in excellent condition.

The resolution is quite low at 1366 x 768 but would make a great second screen for…

B&W MM1 speakers and AOC 18” Monitor