September 03, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Building a successful botnet requires thinking about what the goal is, whether it's creating a sustainable business plan, a target audience (whose devices are going to be infected, and what lure would appeal to them?), and processes to ensure the distribution and internal processes are secure. Then, a prospective botnet herder needs to start with a VPN service which takes anonymous forms of payment (possibly several services to rotate between). These services need to be unlikely to quickly hand over customer records and logs to any law enforcement agencies (a 'bulletproof' service). The next step is getting access to 'bulletproof' hosting (either a somewhat legitimate business which is *inefficient* at processing legal complaints or one specifically aimed at malware operators). Then, the herder needs domains from a registrar which will be unlikely to hand over customer information to law enforcement and which accepts anonymous methods of payment. Optionally, a herder can further disguise their activity with a technique like fast flux. Fast flux can either be single or double flux.
Solution Architects’ ability to Re-Imagine solution design, business processes, and customer journey along with Business Acumen would be one of the most important differentiators. You need to be innovative enough to design & deliver business functions while keeping business constraints, like time, budget, quality, and available human resources, in mind. Solution Architects need to challenge the existing processes and assumptions of the industry and reimagine new processes and the flow for customer journeys. Additionally, they need to possess the ability to emphasize customer experience over technology. Solution Architects need to shift the mindset and ensure that the product/service that the business offers is focused on decoding the needs and demands of their stakeholders rather than boating a technology that is difficult to traverse through. ... In the past, the Solution Architect role was seen as a bridge between Infra Architect, Network Architect, Security Architect, Storage Architect, Application Architect, and Database Architect.?
Yes, there is a “but”. For instance, our system needs an existing database. The end application will also be database-centric, implying it’s typically for the most part only interesting for CRUD systems, where CRUD implies Create, Read, Update and Delete. However, the last figures I saw in regards to this was that there are 26 million software developers in the world. These numbers are a bit old, and are probably much larger today than a decade ago when I saw these figures. Regardless, the ratio is probably still the same, and the ratio tells us that 80% of these software developers work as “enterprise software developers.” An enterprise software developer is a developer working for a non-software company, where software is a secondary function. ... This implies that if you adopt Low-Code and Open Source as a strategy for your enterprise, you can optimize the way your software developers work by (at least) 5x, probably much more. Simply because at least 80% of the work they need to do manually is as simple as clicking a button, and waiting for one second for the automation process to deliver its result.
领英推荐
As a leader, one of the most important actions you can take is being fully engaged in your company. All too often, leaders lose touch with the nuts and bolts of their businesses. Many millenials tend to be over-delegators, and they delegate almost every component of their business to the point they are not able to make the right high-level decisions for their business. This is because they lack a clear understanding of what is happening at the ground level. The front-line workers of an organization tend to be the ones who are directly interacting with customers. When leaders rely on their executive team to find out front-line information, there is much that can get lost in translation. A fully engaged leader knows exactly what is happening on the front line of his or her company and doesn’t hide in an ivory tower and rely on others to get a pulse for the business. Full engagment in your company requires discipline as well as humility. A fully engaged CEO is one that regularly communicates directly to the front-line workers and listens carefully.?
One of the DoS bugs (CVE-2021-34147) exists because of a failure in the SoC to free resources upon receiving an invalid LMP_timing_accuracy_response from a connected BT device (i.e., a “slave,” according to the paper: “The attacker can exhaust the SoC by (a) paging, (b) sending the malformed packet, and (c) disconnecting without sending LMP_detach,” researchers wrote. “These steps are repeated with a different BT address (i.e., BDAddress) until the SoC is exhausted from accepting new connections. On exhaustion, the SoC fails to recover itself and disrupts current active connections, triggering firmware crashes sporadically.” The researchers were able to forcibly disconnect slave BT devices from Windows and Linux laptops, and cause BT headset disruptions on Pocophone F1 and Oppo Reno 5G smartphones. Another DoS bug (CVE pending) affects only devices using the Intel AX200 SoC. It’s triggered when an oversized LMP_timing_accuracy_request (i.e., bigger than 17 bytes) is sent to an AX200 slave.
In January, the US Department of Defense (DoD) released the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC reviews and combines various cybersecurity standards and best practices, mapping controls and processes across several maturity levels that range from basic to advanced cyber hygiene. “For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats,” reads the Office of the Under Secretary of Defense for Acquisition & Sustainment website. “The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.” The CMMC is designed to be cost-effective and affordable for all organizations, with authorized and accredited CMMC third parties conducting assessments and issuing CMMC certificates to DIB companies at the appropriate level.
Read more here ...