July 05, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
APIs, in particular, are hot targets as they are widely used today and often carry vulnerabilities. Broken object level authorization (BOLA), for instance, is among the top API security threats identified by Open Worldwide Application Security Project. In BOLA incidents, attackers exploit weaknesses in how users are authenticated and succeed in gaining API requests to access data objects. Such oversights underscore the need for organizations to understand the data that flows over each API, Ray said, adding that this area is a common challenge for businesses. Most do not even know where or how many APIs they have running across the organization, he noted. There is likely an API for every application that is brought into the business, and the number further increases amid mandates for organizations to share data, such as healthcare and financial information. Some governments are recognizing such risks and have introduced regulations to ensure APIs are deployed with the necessary security safeguards, he said. And where data security is concerned, organizations need to get the fundamentals right.?
By focusing on legislation for the dramatic-sounding but faraway potential apocalyptic risks posed by AI, Altman wants Congress to pass important-sounding, but toothless, rules. They largely ignore the very real dangers the technology presents: the theft of intellectual property, the spread of misinformation in all directions, job destruction on a massive scale, ever-growing tech monopolies, loss of privacy and worse. If Congress goes along, Altman, Microsoft and others in Big Tech will reap billions, the public will remain largely unprotected, and elected leaders can brag about how they’re fighting the tech industry by reining in AI.?At the same hearing where Altman was hailed, New York University professor emeritus Gary Marcus issued a cutting critique of AI, Altman, and Microsoft. He told Congress that it faces a “perfect storm of corporate irresponsibility, widespread deployment, lack of regulation and inherent unreliability.” He charged that OpenAI is “beholden” to Microsoft, and said Congress shouldn’t follow his recommendations.
The problem came about because Ghostscript’s handling of filenames for output made it possible to send the output into what’s known in the jargon as a pipe rather than a regular file. Pipes, as you will know if you’ve ever done any programming or script writing, are system objects that pretend to be files, in that you can write to them as you would to disk, or read data in from them, using regular system functions such as read() and write() on Unix-type systems, or ReadFile() and WriteFile() on Windows… …but the data doesn’t actually end up on disk at all. Instead, the “write” end of a pipe simply shovels the output data into a temporary block of memory, and the “read” end of it sucks in any data that’s already sitting in the memory pipeline, as though it had come from a permanent file on disk. This is super-useful for sending data from one program to another. When you want to take the output from program ONE.EXE and use it as the input for TWO.EXE, you don’t need to save the output to a temporary file first, and then read it back in using the > and < characters for file redirection
领英推荐
It is essential to begin with the fact that Island policies are straightforward to configure. By the nature of the Application Boundary concept mentioned above, there is usually little need to focus on the painful granular efforts of traditional data protection approaches. Leveraging such facilities will ensure that organizational data remains within the corporate application footprint, allowing data to move freely when desired across that footprint, but can prevent the spillage of corporate data into undesirable places. ... Island has very flexible logging and audit features. Because the browser is a natural termination point for SSL traffic, Island does not have to leverage complex break-and-inspect mechanics required by countless security tools to gain visibility and control. The result is that Island has unimpeded, very natural visibility over application usage. Most importantly, the ability to have dexterity in audit logging delivers complete privacy for the user at the proper times, anonymized but audited logging at other times, and even deep audit over any application engagement at other times.
Crafting a seamless data governance plan is crucial for any organization that wants to move from data anarchy to order. A well-designed data governance plan can help ensure that data is accurate, consistent, and secure. It can also help organizations comply with regulatory requirements and avoid costly data breaches. To create a seamless data governance plan, it is important to start by identifying the key stakeholders and their roles in the data governance process. This includes identifying who will be responsible for data management, who will be responsible for data quality, and who will be responsible for data security. Once the key stakeholders have been identified, it is important to establish clear policies and procedures for data governance. This includes defining data standards, establishing data quality metrics, and creating data security protocols. It is also important to establish a system for monitoring and enforcing these policies and procedures. By following these steps, organizations can create a seamless data governance plan that will help them move from data anarchy to order.
Imagine Red Hat succeeds in eliminating all vendors it calls “rebuilders” from Enterprise Linux. Congratulations, Red Hat! You’re now king of the hill, and all users who want a “true” Enterprise Linux will be purchasing Red Hat subscriptions! What will this do for the Enterprise Linux ecosystem According to Mike McGrath, Red Hat’s Vice President of Core Platforms, this will allow Red Hat to invest all that extra subscription money into creating new and innovative open source software and employing lots of new open source developers. Maybe. But having been in the industry for a long time, my suspicions are that IBM shareholders might have other uses for that money. More likely, in my opinion, is that users, who value freedom and control over their own computing destiny more than anything else, will swiftly migrate off the RHEL platform. Where will they go? That’s where my crystal ball isn’t so good. Maybe some will go to Debian and derivatives. Some will go to SuSE Enterprise Linux. The short-sighted ones will migrate workloads back to the welcoming arms of Microsoft Windows, or, being more charitable about Microsoft, an Enterprise Linux distribution running on top of Microsoft Azure.?
Sales Associate at American Airlines
1 年Thanks for posting
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Thanks for posting.