April 07, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
In the absence of proofs, cryptographers simply hope that the functions that have survived attacks really are secure. Researchers don’t have a unified approach to studying the security of these functions because each function “comes from a different domain, from a different set of experts,” Ishai said. Cryptographers have long wondered whether there is a less ad hoc approach. “Does there exist some problem, just one master problem, that tells us whether cryptography is possible?” Pass asked. Now he and Yanyi Liu, a graduate student at Cornell, have shown that the answer is yes. The existence of true one-way functions, they proved, depends on one of the oldest and most central problems in another area of computer science called complexity theory, or computational complexity. This problem, known as Kolmogorov complexity, concerns how hard it is to tell the difference between random strings of numbers and strings that contain some information. ... The finding suggests that instead of looking far and wide for candidate one-way functions, cryptographers could just concentrate their efforts on understanding Kolmogorov complexity. “It all hinges on this problem,” Ishai said.?
Organizations face employee churn all the time, whether due to a lack of challenging work or dissatisfaction with the company's overall direction. Both of these reasons are interconnected. An inflexible organizational hierarchy leaves employees fighting to impress their managers instead of creating revenue-generating assets. With power consolidated in the hands of a few, leadership skills are scarce. Thus, when top-level executives move on, the company faces a tough time replacing those who departed and must engage resources to locate and vet suitable leadership. Promoting from within is ideal because long-term employees understand the company and its products well. They've witnessed the company's processes from the ground up, which makes them ideal leaders. However, centralized organizations don't provide low-level employees with the opportunity to ascend to leadership roles. A decentralized organization forces employees to act as leaders. Thanks to greater autonomy and priority on responsiveness, employees must act decisively. Intrapreneurship increases, promoting creativity, and the organization is energized.
Tokenization of commodities enables blockchain-based ownership of a physical asset, which is essentially just a decentralized version of an already-existing practice in traditional finance. Tokenized precious metals are somewhat similar conceptually to a share in a gold exchange-traded fund (ETF), as they represent the investor’s stake in physical gold stored elsewhere and largely work toward the same purpose. Projects like VNX offer digital ownership of tokenized commodities that are backed by physical assets including gold, giving the investor the same benefits as investing in physical gold but have the versatility of a crypto asset on top of that. Stablecoins are also a viable option, allowing investors to reap the benefits of decentralization while maintaining the security of traditional finance. Backing from fiat and other real-world assets removes the common fear that crypto has no basis. Stablecoins like TrustToken (TUSD) grant investors more certainty and flexibility, lowering the stakes for any user by enabling easy redeeming of their funds at any given moment.
领英推荐
The campaign, which began in October 2019, targeted Japanese firms and their subsidiaries in 17 locations across the world, Symantec said in its report. The focus of the campaign was to exfiltrate data, particularly from automotive organizations, as part of an industrial cyberespionage effort.?The APT group was then using a custom malware variant called Backdoor.Hartup as well as "living off the land" tools to target its victims. Once the victim's network was compromised, the hackers remained active for up to a year to exfiltrate data. Cicada then used a Dynamic Link Library side-loading technique to compromise the victims' domain controllers and file servers. "Various tools (were) deployed in this campaign, and Cicada’s past activity indicates that the most likely goal of this campaign is espionage. Cicada activity was linked by U.S. government officials to the Chinese government in 2018," the latest report says. Upon successfully gaining access to victim machines, the Symantec researchers observed APT actors deploying a custom loader and the SodaMaster backdoor.?
The researchers have dubbed the malware “Denonia” — the name of the domain that the attackers communicated with — and say that it was utilized to enable cryptocurrency mining. But the arrival of malware targeting AWS Lambda suggests that cyberattacks against the service that bring greater damage are inevitable, as well. Cado Security said it has reported its findings to AWS. In a statement in response to an inquiry about the reported malware discovery, AWS said that “Lambda is secure by default, and AWS continues to operate as designed.” ... Cado Security cofounder and CTO Chris Doman said that businesses should expect that serverless environments will follow a similar threat trajectory to that of container environments, which he noted are now commonly impacted by malware attacks. Among other things, that means that threat detection in serverless environments will need to catch up, Doman said. “The new way of running code in serverless environments requires new security tools, because the existing ones simply don’t have that visibility. They won’t see what’s going on,” Doman said. “It’s just so different.”
Similar to the way Python relies on modules compiled in C to make other modules less unbearably slow faster, our CQL drivers could benefit from a Rust core. A lightweight API layer would ensure that the drivers are still backward compatible with their previous versions, but the new ones will delegate as much work as possible straight to the Rust driver, trusting that it’s going to perform the job faster and safer. Rust’s asynchronous model is a great fit for implementing high-performance, low-latency database drivers because it’s scalable and allows high concurrency in your applications. Contrary to what other languages implement, Rust abstracts away the layer responsible for running asynchronous tasks. This layer is called runtime. Being able to select, or even implement, your own runtime is a powerful tool for developers. After careful research, we picked Tokio as our runtime due to its active open source community, focus on performance; rich feature set, including complete implementation for network streams, timers, etc., and lots of fantastic utilities like tokio-console.