CyberOSINT banner

AI: Outputs Become Inputs, No Humans Necessary in Some Situations

January 13, 2015

Here’s the thing. The time between an an actionable item and taking action is a big deal. For example, you hear about buying shares of X at the gym. Two days later you call your financial advisor and say, “Should we buy shares of X?”

He says, “Well, the stock has jumped 25 percent yesterday.”

The point: You heard about an actionable item—buying shares. When you cranked up to buy the stock, the big jump was history.

The train left the station, and you are standing on the platform watching the riders head to the bank.

How does one get less “wait” between the actionable item and taking action? The answer is automation. The slow down is usually human. Humans want to deliberate, think about stuff, and procrastinate.

A system that takes actionable outputs and does something about them reduces the “wait.” The idea is to assign a probability to reflect your confidence in the actionable item. The system computes that probability, looks at your number, and then either does or does not take an action.

This happens in milliseconds. Financial institutions pay hundreds of millions to shave milliseconds off their financial transactions. The objective is to use probability and automation to make sure these wizards do not miss the financial train.

Now read “Artificial Intelligence Experts Sign Open Letter to Protect Mankind from Machines.” The write up asserts:

AI experts around the globe are signing an open letter issued Sunday by the Future of Life Institute that pledges to safely and carefully coordinate progress in the field to ensure it does not grow beyond humanity’s control. Signees include co-founders of Deep Mind, the British AI company purchased by Google in January 2014; MIT professors; and experts at some of technology’s biggest corporations, including IBM’s Watson supercomputer team and Microsoft Research.

Sounds great. Won’t compute in the real world. The reason is that time means money to some, security to others, and opportunity for 20 somethings.

The reality is that outputs of smart systems will be piped directly into other smart systems. These systems will act based on probability and other considerations. Why burn out a human when you can disintermediate the human, save money, and give the person an opportunity to study Zen or pursue a hobby? Why wait to discover a security breach when a smart system can take proactive action?

Who resists accepting a recommendation from Amazon or Google “suggest”? I am not sure users of smart systems realize that automation and smart software—crude as it is—is not getting bogged down in the “humanity’s control” thing.

Need an example? Check out weapon systems. Need another? Read the CyberOSINT report available here.

Stephen E Arnold, January 13, 2015

Security, Data Analytics Make List of Predicted Trends in 2015

January 9, 2015

The article on ZyLab titled Looking Ahead to 2015 sums up the latest areas of focus at the end of one year and the beginning of the next. Obviously security is at the top of the list. According to the article, incidents of breaches in security grew 43% in 2014. We assume Sony would be the first to agree that security is of the utmost importance to most companies. The article goes on to predict audio data being increasingly important as evidence,

“Audio evidence brings many challenges. For example, the review of audio evidence can be more labor intensive than other types of electronically stored information because of the need to listen not only to the words but also take into consideration tone, expression and other subtle nuances of speech and intonation…As a result, the cost of reviewing audio evidence can quickly become prohibitive and with only a proportional of the data relevant in most cases.”

The article also briefly discusses various data sources, data analytics and information governance in their prediction of the trends for 2015. The article makes a point of focusing on the growth of data and types of data sources, which will hopefully coincide with an improved ability to discover the sort of insights that companies desire.

Chelsea Kerwin, January 09, 2014

Sponsored by, developer of Augmentext

Need Some Emails?

January 1, 2015

I read “Why Deleting Sensitive Information from Github Does Save You.” The write up is intended for developers. The information in the article makes it easy to suck up Github content and extract several million live emails. Here’s an example from the write up:

GHTorrent advertises itself as an “offline mirror of data”. In a nutshell, it keeps track of a ton of data that flows through Github’s Events API stream, and recursively resolves dependencies to relate, say, a commit object to an event object. Currently, they suggest they have accumulated the data from 2012-2014. This database has incredible potential for researchers, but also allows for hackers to pull previously deleted or changed data en masse. Granted, from what I can tell they don’t store the actual file content (so your accidentally committed password won’t be stored), but that doesn’t mean that there isn’t sensitive data to be had.

Want to know how? Just navigate to the original story.

Stephen E Arnold, January 1, 2015

German Data Protection Authority Challenges Google

November 5, 2014

Well, this is interesting. The Inquirer reports that the Germans are taking a stand against Google’s practice of consolidating users’ Web-wide data in, “Germany Tells Google to Pause for Permission Before Profiling People.” The Hamburg Data Protection Authority has a particular problem with Google’s one-privacy-policy-fits-all-countries stance. For its part, Google continues to assert that the “simpler, more effective services” it can provide by pulling the threads of our online presences are worth the privacy tradeoff. I’m sure the increased ad revenue is just a nice side-effect.

Reporter Dave Neal quotes Johannes Caspar, the Hamburg commissioner of data protection and freedom:

“On the substantial issue of combining user data across services, Google has not been willing to abide to the legally binding rules and refused to substantially improve the user’s controls. So we had to compel Google to do so by an administrative order. Our requirements aim at a fair balance between the concerns of the company and its users. The issue is up to Google now. The company must treat the data of its millions of users in a way that respects their privacy adequately while they use the various services of the company.”

I suppose we’ll see about that. What will be the next step in the struggle between Google and the world’s privacy advocates?

Cynthia Murrell, November 05, 2014

Sponsored by, developer of Augmentext

Context Relevant Security Software Sought After By Banks

November 3, 2014

The article on Owler titled Context Relevant CEO Is Too Busy For Ballmer— He’s Protecting The Global Financial Market delves into the behind-the-scenes of big data company CEO Stephen Purpora. His startup, Context Relevant, a machine learning and predictive analytics company, is inking big deals with Bank of America Merrill Lynch and Goldman Sachs. The article explains,

“Context Relevant makes predictive analytics software that is currently being used by banks to predict how portfolios will be affected by changes. The technology also helps banks root out what Purpura calls “bad actors,” or those who would attack or steal from the financial system. “Banks sometimes have to find bad actors quickly because the bad actors threaten all of us,” he said. The system learns normal behavior so it can sense and isolate bad behavior when it occurs.”

According to the article, Purpora had no intention of getting into the bank security business only three years into the company’s life. But, when “a situation” arose with a bank and Context Relevant was called in for emergency help finding a bad actor. When the company’s software worked, and fast, other banks started lining up to work with Purpora. So far, the company has raised $42 million.

Chelsea Kerwin, November 03, 2014

Sponsored by, developer of Augmentext

Security Breaches of SharePoint Users Frequent

April 29, 2014

Security is an obvious concern among any enterprise content management system; but with an implementation as big as SharePoint, it is hard to believe all users would be following the rules. CMS Wire relays the latest research and proves suspicions correct in their article, “SharePoint Users Routinely Breach Security Policies.”

The story begins:

“Research by Cryptzone shows at least 36 percent of SharePoint users are breaching security policies — and another 9 percent admit they have no idea how to prevent sensitive information from being uploaded. The study, conducted among attendees at Microsoft’s SharePoint Conference in Las Vegas in March, is a warning to organizations that it is essential to develop adequate information security policies.”

Stephen E. Arnold is a longtime leader in search and a frequent reporter on all things SharePoint. His Web service,, often gives attention to the issues surrounding SharePoint security. In this case, abidance by SharePoint rules and regulations can often be improved if users are comfortable with the platform and feel that it suits their needs. Arnold finds that an implementation plan and a good deal of customization go a long way.

Emily Rae Aldridge, April 29, 2014

Survey Reveals SharePoint Users Breach Security

April 21, 2014

Security is central to any SharePoint installation, but a new study shows that security breaches may be more widespread and more severe than previously thought. At the SharePoint Conference in Las Vegas, CryptZone conducted an anonymous survey of SharePoint users. Read the full report in’s article, “Cryptzone Survey Reveals SharePoint Users are Breaching Security Policies.”

The article begins:

“A study, conducted amongst attendees at last month’s Microsoft’s SharePoint Conference in Las Vegas (USA), has found that at least 36% of SharePoint users are breaching security policies, and gaining access to sensitive and confidential information to which they are not entitled. It also found that . . . nearly a quarter of them later confessed they knew of individuals who had accessed content that they were not entitled to, demonstrating that users were ignoring this directive. Most alarmingly of all, the majority of administrators perceive their ‘permission’ to be unrestricted.”

Stephen E. Arnold is a longtime leader in search and a follower of all things SharePoint. He reports his finding on his Web site He has found that security is among the top concerns of all SharePoint managers. Although users don’t typically want to share about their security weaknesses, greater transparency about security concerns can lead to more secure practices and implementations.

Emily Rae Aldridge, April 21, 2014

New Managers, Products from Centrifuge Systems

February 19, 2014

The announcement from Centrifuge titled Centrifuge Systems Strengthens Big Data Discovery and Security promotes the release of Centrifuge 2.10. The new features of the link analysis and visualization software include the ability to block access as well as grant access to specific individuals, a more flexible method of login validation and the ability to “define hidden data sources, data connections and connection parameters.” Stan Dushko, Chief Product Officer at Centrifuge, explains the upgrades and the reasoning behind them,

“With organizations steadily gathering vast amounts of data and much of it proprietary or sensitive in nature, exposing it within visualization tools without proper security controls in place may have unforeseen consequence…Can we really take the chance of providing open access to data we haven’t previously reviewed? Not knowing what’s in the data, is all the more reason to enforce proper security controls especially when the data itself is used to grant access or discover its existence altogether.”

The Big Data business intelligence software provider promises customers peace of mind and total confidence in their technology. They believe their system to be above and beyond the dashboard management systems of “traditional business intelligence solutions” due to their displays possibility of being reorganized in a more interactive way. Speaking of organization, you may notice that finding Centrifuge Systems in Google is an interesting exercise.

Chelsea Kerwin, February 19, 2014

Sponsored by, developer of Augmentext

Intellectual Property Protection Program Announced by ZyLAB

January 15, 2014

The article ZyLAB Launches Intellectual Property Protection Program For Big Data on MetroCorpCounsel discusses the announcement by software developer ZyLAB only a few months after their thirtieth anniversary. The new program contains components of eDiscovery and Information Risk Management along with libraries that users can customize to protect and localize intellectual property. It is intended for use mainly by commercial enterprises in safeguarding their often-unprotected IP.

The article explains:

“The ZyLAB Intellectual Property Protection Program has been developed to support commercial organizations in protecting these important assets.

With ZyLAB’s eDiscovery and Information Risk Management System companies can locate Intellectual Property on their computer systems and actively prevent leakage or theft of this sensitive and valuable information. A user-installable library containing best practice methodology for eDiscovery enables the automatic identification of files that may contain IP. The library is available as an add-on to the ZyLAB platform.”

This process makes it much easier to notice those employees storing large amounts of IP in their emails or other personal locations, because it recognizes information that includes IP automatically. The prevention of data leakage ensures that companies will not have to face the loss of revenue, but also helps them to avoid lawsuits. As in so many areas, prevention beats cleanup when it comes to IP, according to chief strategist at ZyLAB Johannes Scholtes.

Chelsea Kerwin, January 15, 2014

Sponsored by, developer of Augmentext

Another Security Breach this Time Connected to Metadata

January 10, 2014

When Netflix first launched I read an article about how everyone’s individual movie tastes are different. There are not any two alike and Netflix created an algorithm that managed to track each user’s queue down to the individual. It was scary and amazing at the same time. Netflix eventually decided to can the algorithm (or at least they told us), but it still leaves a thought that small traces of metadata can lead to you. The Threat Post, a Web site that tracks Internet security threats, reported on how “Stanford Researchers Find Connecting Metadata With User Names Is Simple.”

A claim has been made that user phone data anonymously generated cannot be tracked back to an individual. Stanford Researchers proved otherwise. The team started the Metaphone program that collects data from volunteers with Android phones. The project’s main point was to collect calls, text messages, and social network information for the Stanford Security Lab to connect metadata and surveillance. They selected 5,000 random numbers and were able to match 27% of the them using Web sites people user everyday.

The article states:

“ ‘What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, and then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73,’ said Jonathan Mayer and Patrick Mutchler in a blog post explaining the results.”

The article also points out that if money was not a problem, then the results would be even more accurate. The Stanford Researchers users a cheap data aggregator instead and accurately matched 91 out of 100 numbers. Data is not as protected or as anonymous as we thought. People are willing to share their whole lives on social media, but when security is mentioned they go bonkers over an issue like this? It is still a scary thought, but where is the line drawn over willing shared information and privacy?

Whitney Grace, January 10, 2014

Sponsored by, developer of Augmentext

Next Page »