February 27, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The first problem was the snap daemon snapd didn’t properly validate the snap-confine binary’s location. Because of this, a hostile user could hard-link the binary to another location. This, in turn, meant a local attacker might be able to use this issue to execute other arbitrary binaries and escalate privileges. The researchers also discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. With this, a local attacker could gain root privileges by bind-mounting their own contents inside the snap’s private mount namespace. With that, they could make snap-confine execute arbitrary code. From there, it’s easy to start privilege escalation for an attacker to try to make it all the way to root. There’s no remote way to directly exploit this. But, if an attacker can log in as an unprivileged user, the attacker could quickly use this vulnerability to gain root privileges. Canonical has released a patch that fixes both security holes. The patch is available in the following supported Ubuntu releases: 21.10; 20.04, and 18.04. A simple system update will fix this nicely.
It is not yet clear where these disruptive technologies will lead us, but we are sure that there will be much value up for grabs. At the convergence of Web3 and NFTs lie many platforms looking to leverage technology and infrastructure to make the NFT ecosystem more decentralized, structured and community-driven. Using both social building and governance, the decentralized autonomous organization disruption is a notch higher. The DAO is one major invention that is challenging current systems of governance. Utilizing NFTs, DAOs are changing our perspective of how organizations and systems should be run, and they put further credence to the idea that the optimal form of governance does not have to do with hierarchical structures. With the principal-agent problem limiting the growth of organizations and preventing agents from feeling like part of a team, you can see why the need for decentralized organizations fostering community-inclusion is paramount. Is there something you would change about your current organization if given the chance? Leadership??
What’s interesting about this process is that it does not entail executives in the C-suites pulling all-nighters to come up with these innovative solutions. It’s 100% automated using huge amounts of data and machine learning and embedding these things directly within business processes so the fix happens seconds after the supply chain problem is found. These aspects of intelligent supply chain automation are not new. For years, there has been some deep thinking in terms of how to automate supply chains more effectively. Those of you who specialize in supply chains understand this far too well. How many companies are willing to invest in the innovation—and even the risk—of leveraging these new systems? Most are not, and they are seeing the downsides from the markets tossing them curveballs that they try to deal with using traditional approaches. We’re seeing companies that have been in 10th place in a specific market move to second or third place by differentiating themselves with these intelligent cloud-based systems.
领英推荐
When it comes to testing the resilience of your open source environment with tools, static code analysis is a good first step. Still, organizations must remember that this is only the first layer of testing. Static analysis refers to analyzing the source code before the actual software application or program goes live and addressing any discovered vulnerabilities. However, static analysis cannot detect all malicious threats that could be embedded in open source code. Additional testing in a sandbox environment should be the next step. Stringent code reviews, dynamic code analysis, and unit testing are other methods that can be leveraged. After scanning is complete, organizations must have a clear process to address any discovered vulnerabilities. Developers may be finding themselves against a release deadline, or the software patch may require refactoring the entire program and put a strain on timelines. This process should help developers address tough choices to protect the organization's security by giving clear next steps for addressing vulnerabilities and mitigating issues.
Beyond practising when things come to the real-world applications of NLP, machines are required to understand what is the context behind the text which surely is longer than just a single word. For example, we want to find cricket-related tweets from Twitter. We can start by making a list of all the words that are related to cricket and then we will try to find tweets that have any word from the list. This approach can work to an extent but what if any tweet related to cricket does not contain words from the list. Let’s take an example of any tweet that contains the name of an Indian cricketer without mentioning that he is an Indian cricketer. In our daily life, we may find many applications and websites like Facebook, twitter, stack overflow, etc which use this approach and fail to obtain the right results for us. To cope with such difficulties we may use document embeddings that basically learn a vector representation of each document from the whole world embeddings. This can also be considered as learning the vector representation in a paragraph setting instead of learning vector representation from the whole corpus.
All this Great Resignation talk has many panicking and being reactive. We definitely shouldn’t ignore it, but we should seek to understand what is happening and why. And what the implications are for the future. The truly historical event is the revolution in how people conceive of work and its relationship to other life priorities. Even within that, there are distinctively different categories. We know service workers in leisure and hospitality got hit disproportionately hard by the pandemic. These people unexpectedly found themselves jobless, unsure how they would pay their bills and survive. Being resilient and hard-working, many — like my Uber driver — found gigs doing delivery, rideshare or other jobs giving greater flexibility and autonomy. These jobs also provided better pay than traditional service roles. Now, with their former jobs calling for their return, this group of workers has the ability to choose for themselves what they want. When Covid displaced office workers to their homes, they were bound to realize it was nice to not have that commute or the road warrior travel.