August 15, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
OT data is foundational to critical areas of operations – a breach to OT systems can risk core business process operations and expose critical data. There is still some maturity required among organisations in prioritising backup and data protection as part of their organisation’s security posture and planned response to a cyber attack. Based on research we did in April 2022 across the UK, US and Australia of over 2,000 IT decision-makers and SecOps professionals, only 54% of IT decision-makers said backup and data protection was a top priority and a crucial capability, while only 38% of SecOps respondents said the same. Many organisations focus on “protect controls” to reduce the likelihood of a breach, but they also need to look at security controls that limit the impact of a breach. This means ensuring your recovery capabilities can meet aggressive recovery time and point objectives, so that you can resume business operations while minimising the impact of a ransomware attack.
Spark is shuffling data on local machines by default. It causes challenges while the scale is getting very large (about 10,000 nodes on Uber Scale). At this scale of operation, major reliability and scalability problems happen. One main challenging area in using Spark at Uber scale is system reliability. Machines are generating terabytes of data to shuffle every day. This causes disk SSDs to wear out faster while they are not designed and optimized for high IO workloads. SSDs are designed to work generally for 3 years but in heavy Spark shuffling operations, they are working for about 6 months. Also, lots of failures happen for shuffling operations which decreases system reliability. The other challenge in this area is scalability. Applications could produce lots of data that could not be fitted on a single machine. It causes a full disk exception problem. ...?To resolve the mentioned issues, engineers at Uber architected and designed Remote Shuffle Service (RSS) as shown in the following diagrams. It solves the mentioned reliability and scalability problems in the common Spark shuffling operation.
“We call it smishmash because it’s a mashup of techniques,” explains Olofsson. “SMS for two-factor authentication [2FA] is broken. This is not news; it’s been broken since the inception. It was never intended for this use. We’ve been spoofing text messages since as long as we’ve been hacking. It’s just that now we’re seeing weaponization.” Text messages have a higher implicit trust than email scams, and hence a higher success rate, he notes. Olofsson reviewed several newsworthy breaches involving smishing and 2FA, including a major theft of NFTs from OpenSea. “We see a huge increase in the number of smishing attacks,” he says. “How many of you have got an unsolicited text in the last week? Your phone numbers are increasingly being leaked.” "What we have done [is combine] a search of the clear-net and darknet to create a huge database," says Bystr?m. "Doing this research, we got so much spam,” adds Olofsson. "Even ‘do you want to buy the Black Hat attendee list?’ We got the price down below $100."
领英推荐
Kapoor and Narayanan warn that AI’s impact on scientific research has been less than stellar in many instances. When the pair surveyed areas of science where machine learning was applied, they found that other researchers had identified errors in 329 studies that relied on machine learning, across a range of fields. Kapoor says that many researchers are rushing to use machine learning without a comprehensive understanding of its techniques and their limitations. Dabbling with the technology has become much easier, in part because the tech industry has rushed to offer AI tools and tutorials designed to lure newcomers, often with the goal of promoting cloud platforms and services. “The idea that you can take a four-hour online course and then use machine learning in your scientific research has become so overblown,” Kapoor says. “People have not stopped to think about where things can potentially go wrong.” Excitement around AI’s potential has prompted some scientists to bet heavily on its use in research. Tonio Buonassisi, a professor at MIT who researches novel solar cells, uses AI extensively to explore novel materials.?
The edge is a distributed system. And when dealing with data in a distributed system, the laws of the CAP theorem apply. The idea is that you will need to make tradeoffs if you want your data to be strongly consistent. In other words, when new data is written, you never want to see older data anymore. Such a strong consistency in a global setup is only possible if the different parts of the distributed system are joined in consensus on what just happened, at least once. That means that if you have a globally distributed database, it will still need at least one message sent to all other data centers around the world, which introduces inevitable latency. Even FaunaDB, a brilliant new SQL database, can’t get around this fact. Honestly, there’s no such thing as a free lunch: if you want strong consistency, you’ll need to accept that it includes a certain latency overhead. Now you might ask, “But do we always need strong consistency?” The answer is: it depends. There are many applications for which strong consistency is not necessary to function. One of them is, for example, this petite online shop you might have heard of: Amazon.
According to the Cybersecurity and Infrastructure Security Agency, “Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login.” When we log into an online account, we’re often aiming to thwart an attacker or hacker using extra layers of verification — or locks. ... First, let’s talk about the marketing of MFA. If your MFA provider touts itself as unhackable or 99% unhackable, they are spouting multi-factor B.S. and you should find another provider. All MFA is hackable. The goal is to have a less hackable, more phishing resistant, more resilient MFA. Registering a phone number leaves the MFA vulnerable to SIM-swapping. If your MFA does not have a good backup mechanism, then that MFA option is vulnerable to loss. ... Multi-factor authentication is more securely accomplished with an authenticator app, smart card or hardware key, like a Yubikey. So if you have an app-based or hardware MFA, you’re good, right? Well, no.?