July 09, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Well, this can go one of two ways. Either this brain/cloud situation will be an incredibly beneficial superpower, or it could be just another farming device for data mining and ad sales. My take: If it’s a beneficial superpower then it won’t be given to the general public. Superpower for the rich. Farming device for the regular people. And thank you very much but I am farmed enough. My Hinge updates don’t need to be sent to my cerebellum. I can’t talk about taking a trip to Costa Rica without flights popping up on my phone. I’m grateful for the ways technology has touched my life but let me remind people about the Flo app. This is a period and fertility tracking app that settled with the FTC in May for selling its users’ personal health data without their knowledge. While there are definitely huge potential advances that could be made from brain/cloud merges, I can only think of social media companies that are designed to addict us, with at least one of these apps in the recent past tracking our eye movements to see what we liked so we could be coaxed to spend more time using it. It’s not all bad but I am not looking to plug in forever. And I don’t trust these companies to do good.
To understand the risk, we need to distinguish between the three cryptographic primitives that are used to protect your connection when browsing on the Internet: Symmetric encryption - With a symmetric cipher there is one key to encrypt and decrypt a message. They’re the workhorse of cryptography: they’re fast, well understood and luckily, as far as known, secure against quantum attacks. ... Symmetric encryption alone is not enough: which key do we use when visiting a website for the first time? We can’t just pick a random key and send it along in the clear, as then anyone surveilling that session would know that key as well. You’d think it’s impossible to communicate securely without ever having met, but there is some clever math to solve this. Key agreement - also called a key exchange, allows two parties that never met to agree on a shared key. Even if someone is snooping, they are not able to figure out the agreed key. Examples include Diffie–Hellman over elliptic curves, such as X25519. The key agreement prevents a passive observer from reading the contents of a session, but it doesn’t help defend against an attacker who sits in the middle and does two separate key agreements: one with you and one with the website you want to visit.
The first bug involved the common feature found in mobile apps that allow users to log in using an external service, like Apple ID, Google, Facebook, or Twitter. In this case, the researchers examined the "log in with Google" option — and found that the authentication token mechanism could be manipulated to accept a rogue Google ID as being that of the legitimate user. The second bug allowed researchers to get around two-factor authentication. A PIN-reset mechanism was found to lack rate-limiting, allowing them to mount an automated attack to uncover the code sent to a user's mobile number or email. "This endpoint does not contain any sort of rate limiting, user blocking, or temporary account disabling functionality. Basically, we can now run the entire 999,999 PIN options and get the correct PIN within less than 1 minute," according to the researchers. Each security issue on its own provided limited abilities to the attacker, according to the report. "However, an attacker could chain these issues together to propagate a highly impactful attack, such as transferring the entire account balance to his wallet or private bank account."
Recommended by LinkedIn
The Blockchain developer must provide original solutions to complex issues, such as those involving high integrity and command and control. A complicated analysis, design, development, test, and debugging of computer software are also performed by the developer, particularly for particular product hardware or for technical service lines of companies. Develops carry out computer system selection, operating architecture integration, and program design. Finally, they use their understanding of one or more platforms and programming languages while operating on a variety of systems. There will undoubtedly be challenges for the Blockchain developer. For instance, the developer must fulfill the criteria of a Blockchain development project despite using old technology and its restrictions. A Blockchain developer needs specialized skills due to the difficulties in understanding the technological realities of developing decentralized cryptosystems, processes that are beyond the normal IT development skill-set.
While human gut microbiome research has a long way to go before it can offer this kind of intervention, the approach developed by the team could help get there faster. Machine learning algorithms often are produced with a two step process: accumulate the training data, and then train the algorithm. But the feedback step added by Hero and Venturelli's team provides a template for rapidly improving future models. Hero's team initially trained the machine learning algorithm on an existing data set from the Venturelli lab. The team then used the algorithm to predict the evolution and metabolite profiles of new communities that Venturelli's team constructed and tested in the lab. While the model performed very well overall, some of the predictions identified weaknesses in the model performance, which Venturelli's team shored up with a second round of experiments, closing the feedback loop. "This new modeling approach, coupled with the speed at which we could test new communities in the Venturelli lab, could enable the design of useful microbial communities," said Ryan Clark, co-first author of the study, who was a postdoctoral researcher in Venturelli's lab when he ran the microbial experiments.
It is the only thing that blockchain could contribute: the absence of a central authority. But that only creates problems. Because to have a decentralized database you have to pay a very high price. You must ensure that all miners do “proof of work.” It takes longer, and it is not even secure because in the past there have been occasions where they have had to rewind several hours worth of blocks to remove a bad transaction, in 2010 and 2013. The conditions that made that possible are still there and that’s why blockchain technology is a fraud: it promises to do something that people already know how to do. ... It is the only digital system that does not follow customary money laundering laws. That’s why criminals use it. Once you have paid a ransom, there is no way for the victim to cancel the payment and get the money back, not even the government can do it easily. It is anonymous and when a hacker encrypts your data, they do not have to enter your system directly, where they would leave a trace. He has botnets, computers that he has already hacked, so tracking him down is difficult.