October 10, 2020
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Internet of Things Applications
IoT applications can transform reactive medical-based systems into active wellness-based systems. Resources that are used in current medical research lack important real-world information. It uses controlled environments, leftover data, and volunteers for clinical trials. The Internet of Things improves the device's power, precision and availability. IoT focuses on building systems rather than just tools. Here's how the IoT-enabled care device works. ... Most of you have heard about the term smart city. Smart city uses technology to provide services. The smart city includes improving transportation and social services, promoting stability and giving voice to their citizens. The problems faced by Mumbai are very different from Delhi. Even global issues, such as clean drinking water, declining air quality, and increasing urban density, occur in varying intensity cities. Therefore, they affect every city. Governments and engineers use the Internet of Things to analyze the complex factors of town and each city. IoT applications help in the area of water management, waste control and emergencies. ... By the year 2050, the world's growing population is estimated to have reached about 10 billion. To feed such a large population, agriculture needs to marry technology and get the best results.
Learning from Bugs and Testers: Testing Boeing 777 Full Flight Simulators
Every failure is an opportunity to learn something. Finding and fixing a bug is great, but understanding why the bug is there is where you learn even more. It might be a requirement that wasn’t properly formulated, implemented, tested, or anything else. As a software tester, imagine that a bug you have reported was caused by an untrapped exception in a division by zero. If you saw that bug several times or if your software is mission-critical then it is worth asking every team to check if they have encapsulated all code where they perform a division with a “try catch” statement. The Ariane 5 Rocket blew up because of untrapped exceptions: There go half-a-billion dollars and a dent in reputation. The US Air Force almost lost an F-22 squadron (state-of-the-art fighter jets valued $350 million a pop) when they flew over the International Date Line (IDL) leaving the pilots with only flight controls (dedicated and separated computers). When you cross the IDL the “time” skips by one day depending on your direction of travel. A space probe crashed on Mars because the software testers forgot to test what would occur when sensors are sending erroneous data to the mission computer.
55 New Security Flaws Reported in Apple Software and Services
A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources." The flaws meant a bad actor could easily hijack a user's iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts. The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September. After they were responsibly disclosed to Apple, the iPhone maker took steps to patch the flaws within 1-2 business days, with a few others fixed within a short span of 4-6 hours.
An introduction to Windows 10’s new PowerToys
Over the past few months, PowerToys has really cleaned up its installation and update capabilities. Versions 0.18.2 and earlier would require users to jump into Task Manager and terminate various processes and applications before its installation could complete. Via Twitter, one of team leader Clint Rutkas’ associates informed me this was because of the program’s inclusion of the Core .NET DLLs into PowerToys. But as of release v0.20.1, PowerToys handles all open applications without issue. Now, it simply asks for permission to restart the Windows Explorer (process name: explorer.exe) as it finishes up updating or installing itself. Speaking of updates, Rutkas and his programmers are working hard to push frequent updates to PowerToys. A look at the Releases page shows eight releases since early June, or about two per month. ... Pressing and holding the Windows key causes an overlay showing a list of Windows-key shortcuts to appear on the primary Windows display. Once shown, that menu — a.k.a. the Shortcut Guide — persists as long as the winkey remains depressed. These shortcuts, or key combos, require that the Windows key and the named key be depressed together.
3 ways criminals use artificial intelligence in cybersecurity attacks
Generative Adversarial Networks (GANs) are basically two AI systems pitted against each other—one that simulates original content and one that spots its mistakes. By competing against each other, they jointly create content convincing enough to pass for the original. Nvidia researchers trained a unique AI model to recreate PAC-MAN simply by observing hours of gameplay, without a game engine, as Stephanie Condon explained on ZDNet. Bandos said that attackers are using GANs to mimic normal traffic patterns, to divert attention away from attacks, and to find and exfiltrate sensitive data quickly. "They're in and out within 30-40 minutes thanks to these capabilities," he said. "Once attackers start to leverage artificial intelligence and machine learning, they can automate these tasks." GANs also can be used for password cracking, evading malware detection, and fooling facial recognition, as Thomas Klimek described in the paper, "Generative Adversarial Networks: What Are They and Why We Should Be Afraid." A PassGAN system built by machine learning researchers was trained on an industry standard password list and was eventually able to guess more passwords than several other tools trained on the same dataset.
Serverless Horror Stories
One of the well-known challenges of event-driven serverless architectures is the difficulty in tracing requests end-to-end, in order to investigate performance issues. A case in point is when the Segment company encountered a problem with a popular serverless service, DynamoDB. Segment was experiencing a serious performance issue with their DynamoDB instances that was slowing down their entire system. To mitigate this, the company had to increase the provisioned throughput of DB instances, but this in turn vastly increased their AWS bill. When Segment’s own troubleshooting efforts failed to uncover the problem, they asked AWS support for help. Using internal tools, AWS generated a partition heatmap of DynamoDB instances. Although the heatmap was not very readable, they were able to spot a single DB partition that was having performance issues, clearly indicating that their workload was not distributed evenly across partitions. It was still, however, not clear which records or keys were problematic. So Segment continued to investigate the issue and found a relatively trivial bug that was very hard to spot but which, when fixed, reduced their DynamoDB capacity by a factor of four and saved them $300,000 annually.
Read more here ...