October 05, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
One of the more important coding disciplines in object-oriented programming and SOA is code refactoring. The techniques allow developers to restructure code as they better understand usage considerations, performance factors, or technical debt issues. Refactoring is a key technique for transforming monolithic applications into microservices. Refactoring strategies include separating the presentation layer, extracting business services, and refactoring databases. Robin Yeman, strategic advisory board member at Project and Team, has spent most of her career working on large-scale government and defense systems. Robin concedes, “The largest technology barriers to utilizing agile in building or updating complex legacy systems are the many dependencies in the software architecture, forcing multiple handoffs between teams and delays in delivery.” Robin suggests that refactoring should focus on reducing dependencies. She recommends, “Refactoring the software architecture of large legacy systems to utilize cloud-native applications and microservices reduces dependencies between the systems and the teams supporting them.”
According to Kasireddy, backend programming for a dapp is entirely different than for a traditional web application. In Web3, she writes, “you can write smart contracts that define the logic of your applications and deploy them onto the decentralized state machine [i.e. the Ethereum blockchain].” Web servers and traditional databases, in this paradigm, are no longer needed — since everything is done on, or around, the blockchain. She notes a bit later in the post that “Smart contracts are written in high-level languages, such as Solidity or Vyper.” Solidity was partly inspired by ECMAScript syntax, so it has some similarities to JavaScript (but is very different in other ways). As for the frontend, that “pretty much stays the same, with some exceptions,” writes Kasireddy. ... There are also complications when it comes to “signing” transactions, which is the cryptographic process that keeps blockchains secure. You need a tool like MetaMask to handle this.
Even though Secure Boot stands in the way of executing untrusted UEFI binaries from the ESP, over the last few years we have been witness to various UEFI firmware vulnerabilities affecting thousands of devices that allow disabling or bypassing Secure Boot. This shows that securing UEFI firmware is a challenging task and that the way various vendors apply security policies and use UEFI services is not always ideal. Previously, we have reported multiple malicious EFI samples in the form of simple, single-purpose UEFI applications without extensive functionality. These observations, along with the concurrent discovery of the ESPecter and FinFisher bootkits, both fully functional UEFI bootkits, show that threat actors are not relying only on UEFI firmware implants when it comes to pre-OS persistence, but also are trying to take advantage of disabled Secure Boot to execute their own ESP implants. We were not able to attribute ESPecter to any known threat actor, but the Chinese debug messages in the associated user-mode client component leads us to believe with a low confidence that an unknown Chinese-speaking threat actor is behind ESPecter.
Strategic plans are important to achieving your vision, but they can't be set in stone either. The pandemic was an unforeseen situation that took all companies in the world by surprise. Consequently, it is important to be ready to turn, change course quickly, and try to affect the entire organization as little as possible. ... People are inherently social creatures. It should come as no surprise then that we long to feel connected to the people we spend most of our time with. So how can we, as business leaders, help these connections occur between employees? Gregg Lederman is a bestselling author focused on employee interaction. After a long investigation he discovered 3 things that people need at work to feel completely fulfilled:?The Need for Recognition: People have a need to be recognized for the skill and perspective they bring and for the challenges they have accomplished;?The need for respect: People want to be respected for who they are as individuals and professionals and how they contribute to the team;?The need for relationships: People want satisfying relationships with the people they work with.
“This malware family uses PowerShell tools to exploit various vulnerabilities in Windows,” according to the firm. “But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected.” ... In just the first six months of 2021, malware detections originating from scripting engines like PowerShell had already reached 80 percent of last year’s total script-initiated attack volume. At its current rate, 2021 fileless malware detections are on track to double in volume year over year. “Malicious PowerShell scripts have been known to hide in the memory of the computer and already use legitimate tools, binaries and libraries that come installed on most Windows systems,” explained the report. “That is why attackers have increased their use of this technique, called living off the land (LotL) attacks. Using these methods, a vaporworm might make its script invisible to many antivirus systems that don’t inspect the scripts or systems’ memory.”
Earlier this year Chrome developers decided that the browser should no longer support JavaScript dialogs and alert windows when they're called by third-party iframes. That means that if something is embedded from another website, let's say a YouTube video, Chrome wants to stop allowing that embedded content to call the JavaScript alert function, which opens a small alert window. Eventually Chrome aims to get rid of alert windows altogether. So what happens when Chrome does this? At first nothing because it's an obscure entry in a bug tracker – CC'd to the Web Hypertext Application Technology Working Group (WHATWG) – that Chromium and other browser engineers read. ...?You know what isn't happening here? No substantial public discussion happens, certainly not with builders of websites. Google puts its idea forward as bug reports, some folks at Apple working on WebKit and at Mozilla working on Firefox are invited to agree with it in a WHATWG GitHub thread and Bugzilla discussion, and they do. Google gets what it wants and the web breaks.