Today's Tech Digest - Apr 08, 2020

‘Fake Fingerprints’ Bypass Scanners with 3D Printing

The fake fingerprints achieved an 80 percent success rate on average, where the sensors were bypassed at least once. Researchers did not have success in defeating biometrics systems in place on Microsoft Windows 10 devices (though they said that this does not mean they are not necessarily safer; just that this particular approach did not work). However, the bigger takeaway is the sheer amount of time and budget that it still takes when creating threat models to bypass fingerprint sensors. At the end of the day, researchers said they had to create more than 50 molds and test them manually, which took months – and, they struggled to stay under a self-imposed budget of $2,000. These challenges point to the fact that a scalable, easy type of attack is not yet possible for bypassing biometrics. “Biometrics are not an Achilles heel,” Craig Williams, director of Cisco Talos Outreach, told Threatpost. “Biometrics are something that makes it very, very easy to use. You don’t have to remember a password. You don’t have to enter a password, which makes it very fast and easy. You don’t have to carry anything around with you. And so I think for most users, it’s still perfectly fine.”

Robotic Process Automation (RPA): 6 open source tools

Open source might sound intimidating to non-developers, but there’s good news on this front: While some open source projects are particularly developer-focused, multiple options stress ease of use and no- or low-code tools, like their commercial counterparts. One reason for this: RPA use cases abound across various business functions, from finance to sales to HR and more. Tool adoption will depend considerably on the ability of these departments to manage their RPA development and ongoing management themselves, ideally in a collaborative manner with IT but not wholly dependent on IT. ... TagUI is a command-line interface for RPA that can run on any of the major OSes. TagUI uses the term and associated concept of “flows” to represent running an automated computer-based process, which can be done on demand or on a fixed schedule. ... Robocorp might have our favorite name of the lot – it kind of conjures up some of the darker, Terminator-esque images of RPA – but that’s a bit beside the point. This is a relatively new entry into the field, and somewhat unique in that it’s a venture-backed startup promising to deliver cloud-based, open source RPA tools for developers.

How to Invert a Machine Learning Matrix Using C#

Inverting a matrix is one of the most common tasks in data science and machine learning. In this article I explain why inverting a matrix is very difficult and present code that you can use as-is, or as a starting point for custom matrix inversion scenarios. Specifically, this article presents an implementation of matrix inversion using Crout's decomposition. There are many different techniques to invert a matrix. The Wikipedia article on matrix inversion lists 10 categories of techniques, and each category has many variations. The fact that there are so many different ways to invert a matrix is an indirect indication of how difficult the problem is. Briefly, relatively simple matrix inversion techniques such as using cofactors and adjugates only work well for small matrices (roughly 10 x 10 or smaller). For larger matrices you should write code that involves a complex technique called matrix decomposition. The code presented in this article will run as a .NET Core console application or as a .NET Framework application. Many of the newer Microsoft technologies, such as the ML.NET code library, specifically target .NET Core so it makes sense to develop most new C# machine learning code in that environment.

PMI offers free project management courses during COVID-19 quarantines

This is the first time that the group has offered these online training and consulting resources at no charge, said DePrisco. The Project Management for Beginners course introduces participants to the foundational knowledge necessary to join a project team and provides insights into taking steps on the path to a project management career. The Agile in the Project Management course walks participants through their role as a project management office director and introduces a series of scenarios designed to improve their project management office's performance using agile principles and processes. The Business Continuity course offers information and lessons on rethinking work processes, which may be particularly helpful today as companies and their leaders and workers seek ways to cope with continuing their operations during the pandemic. ... Project management skills can be extremely beneficial during times of emergency such as the pandemic, he said. "Project management initiatives play an important role in preparing for these types of disruptions. All work is accomplished through programs and projects, and project managers are used to changing methods and approaches."

These hackers have been quietly targeting Linux servers for years

Linux is not typically a user-facing technology, so security companies tend to focus on it less, he explained. As a result, these hacking groups have zeroed in on that gap in security and leveraged it for their strategic advantage to steal intellectual property from targeted sectors for years without anyone noticing, he said. "It's critical for these servers to be up all the time; so what better place to put a root kit or a pervasive active tool than on a machine that's going to be turned on all time?" said Cornelius. The attackers scan for Red Hat Enterprise, CentOS, and Ubuntu Linux environments across a wide range of industries, attempting to identify unpatched servers. From there it's simply a case of establishing persistence on the network with malware. Not only can this provide the attackers the access they need to sensitive information and data, but with the infection on the servers themselves, they can create a persistent back door into the network that provides them with a way back in whenever they like – so long as the compromise isn't uncovered. The attackers are careful to do as little damage as possible to the networks so as to avoid detection – and therefore keep campaigns up and running for as long as possible, which might be years.

Read more here ...