• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Is Your Fish Tank Spying on You?

The search for information never ends. We learned in the Darktrace Global Threat Report about a hacked fish tank. A smart fish tank was compromised. The fish tank was hacked. Darktrace’s technology speared the attempt. The bad guys have not yet been been converted to sushi.

Stephen E Arnold, August 17, 2017

TechnoSecurity & Digital Forensics Conference Info

I am giving two talks about the Dark Web at the September 2017 TechnoSecurity & Digital Forensics Conference. With the take down of AlphaBay and the attentions Dark Web sources of synthetic drugs are getting in the main stream media, the sessions will be of particular relevance to law enforcement, security, and intelligence professionals. My first talk is a quick start basics lecture. My second presentation focuses on free an and source tools and the commercial services which can flip on the lights in the Dark Web.

The conference has emerged as one of the most important resources for corporate network security professionals, federal, state and local law enforcement digital forensic specialists, and cybersecurity industry leaders from around the world. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. The event will feature more than 70 speakers, 60 sessions, 20 new product demonstrations, and 25 sponsors and exhibits. exhibits. For full details and to register, please visit www.TechnoSecurity.us.

As a reader of Beyond Search, you qualify for a 30 percent discount. Just use the promotional code DKWB17 when you sign up online.

Stephen E Arnold, July 20, 2017

Darktrace Delivers Two Summer Sizzlers

Darktrace offers an enterprise immune system called Antigena. Based on the information gathered in the writing of the “Dark Web Notebook,” the system has a number of quite useful functions. The company’s remarkable technology can perform real time, in depth analyses of an insider’s online activities. Despite the summer downturn which sucks in many organizations, Darktrace has been active. First, the company secured an additional round of investment. This one is in the $75 million range. This brings the funding of the company to the neighborhood of $170 million, according to Crunchbase.

Details about the deal appear in this Outlook Series write up. I noted this statement:

The cyber security firm has raised a $75 million Series D financing round led by Insight Venture Partners, with participation from existing investors Summit Partners, KKR and TenEleven Ventures.

On another front, Darktrace has entered into a partnership with CITIC. This outfit plans to bring “next-generation cyber defense to businesses across Asia Pacific.” Not familiar with CITIC? You might want to refresh your memory bank. Beyond Search believes that this tie up may open the China market for Darktrace. If it does, Darktrace is likely to emerge as one of the top two or three cyber security firms in the world before the autumn leaves begin to fall.

Here in Harrod’s Creek we think about the promise of Darktrace against a background of erratic financial performance from Hewlett Packard. As you may recall, one of the spark plugs for Darktrace is Dr. Michael Lynch, the founder of Autonomy. HP bought Autonomy and found that its management culture was an antigen to its $11 billion investment. It is possible to search far and wide for an HP initiative which has delivered the type of financial lift that Darktrace has experienced.

Information about Darktrace is at www.darktrace.com. A profile about this company appears in the Dark Web Notebook in the company of IBM Analyst’s Notebook, Google/In-Q-Tel Recorded Future, and Palantir Technologies Gotham. You can get these profile at this link: https://gum.co/darkweb.

Stephen E Arnold, July 17, 2107

Android VPN App Security Analyzed

Here’s an important warning for users of mobile devices—beware VPN apps in the Google Play store.  Thats the upshot of a white paper from Australian research organization CSIRO, “An Analysis of the Privacy and Security Risks of Android BPN Permission-Enabled Apps.” Researchers found, for example that 18% of VPN apps in the Google Play store do not actually encrypt anything, and 38% harbor malware of some sort.

The in-depth paper describes the investigation into four main areas of concern: third-party user tracking and permissions access; malware presence; traffic interception; and user awareness of potential risks. The researchers specify:

In this paper we provide a first comprehensive analysis of 283 Android apps that use the Android VPN permission, which we extracted from a corpus of more than 1.4 million apps on the Google Play store. We perform a number of passive and active measurements designed to investigate a wide range of security and privacy features and to study the behavior of each VPN-based app. Our analysis includes investigation of possible malware presence, third-party library embedding, and traffic manipulation, as well as gauging user perception of the security and privacy of such apps. Our experiments reveal several instances of VPN apps that expose users to serious privacy and security vulnerabilities, such as use of insecure VPN tunneling protocols, as well as IPv6 and DNS traffic leakage. We also report on a number of apps actively performing TLS interception. Of particular concern are instances of apps that inject JavaScript programs for tracking, advertising, and for redirecting e-commerce traffic to external partners.

The paper concludes by recommending Android revamp their VPN permission model. It also describes most users as “naïve” to the realities of mobile VPN security. For anyone wishing to educate themselves on the issue, this paper is a good place to turn.

Cynthia Murrell, July 12, 2017

Google and Indian Government Spar over Authenticity of Google Maps

The Indian government has rejected the authenticity of maps used by popular navigation app Google Maps terming them as technically inaccurate.

Neowin in an article titled Indian Government Calls Google Maps “Inauthentic”; Asks Citizens to Use Their Solution says:

In an attack against the service, Surveyor General of India, Swarna Subba Rao said that the maps used by Google weren’t “authentic” and were “unreliable” with limited accuracy. She also stressed on how Survey of India’s own mapping data was qualitatively more accurate.

The bone of the contention seems to be Google’s inaccurate mapping of Kashmir, the northern territory disputed by Pakistan. Google was also denied permissions to map the country at street levels for Street View citing security concerns.

Considering the fact that Google has the largest user base in India, this seems to be a setback for the company. An official of the Indian government is recommending the use of their own maps for better topographical accuracy. However, the government approved maps are buggy and do not have a great interface like Google Maps.

Vishal Ingole, July 12, 2017

Mistakes to Avoid to Implement Hadoop Successfully

Hadoop has been at the forefront of Big Data implementation methodologies. The journey so far has been filled with more failures than successes. An expert thus has put up a list of common mistakes to avoid while implementing Hadoop.

Wael Elrifai in a post titled How to Avoid Seven Common Hadoop Mistakes and posted on IT Pro Portal says:

Business needs specialized skills, data integration, and budget all need to factor into planning and implementation. Even when this happens, a large percentage of Hadoop implementations fail.

For instance, the author says that one of the most common mistakes that most consultants commit is treated Hadoop like any other database management system. The trick is to treat data lake like a box of Legos and start building the model with one brick at a time. Some other common mistakes include not migrating the data before implementation, not thinking about security issues at the outset and so on. Read the entire article here.

Vishol Ingole, July 7, 2017

Facebook to Tackle Terrorism with Increased Monitoring

Due to recent PR nightmares involving terrorism organizations, Facebook is revamping their policies and policing of terrorism content within the social media network. A recent article in Digital Trends, Facebook Fights Against Terrorist Content on Its Site Using A.I., Human Expertise, explains how Zuckerberg and his team of anti-terrorism experts are changing the game in monitoring Facebook for terrorism activity.

As explained in the article,

To prevent AI from flagging a photo related to terrorism in a post like a news story, human judgment is still required. In order to ensure constant monitoring, the community operations team works 24 hours a day and its members are also skilled in dozens of languages.” Recently Facebook was in the news for putting their human monitors at risk by accidentally revealing personal information to the terrorists they were investigating on the site. As Facebook increase the number of monitors, it seems the risk to those monitors also increases.

The efforts put forth by Facebook are admirable, yet we can’t help wonder how – even with their impressive AI/human team – the platform can monitor the sheer number of live-streaming videos as those numbers continue to increase. The threats, terrorist or otherwise, present in social media continue to grow with the technology and will require a much bigger fix than more manpower.

Catherine Lamsfuss, July 5, 2017

DoD and Textron Move Analytics to Cloud

Continuing in its efforts to become more cloud-based, the DOD has partnered with Textron to create a web-based intel program. This latest edition of intelligence gathering program has shifted the DOD away from software into cloud presence, one of the government’s goals for the future.

Defense Systems recently reported on this new collaboration:

Decreasing a hardware footprint by consolidating data-centers and servers is entirely consistent with the Pentagon’s push to move more services, applications, storage systems and functions to a cloud-based architecture; this is particularly relevant in light of DOD’s initiative to integrate more commercial IT systems and move more Joint Regional Security Stacks (JRSS) functions to the cloud.

The program itself streamlines data analysis and places it in the cloud for easier storage and access.  This latest move showcases how technology across the board is shifting from traditional software and hardware driven data analytics and moving toward cloud-based.

Catherine Lamsfuss, July 3, 2017

Booz Boo Boo: Blue Chip? Maybe Not

I read “Booz Allen, NGA Probe Intel Leak.” Let’s assume that the information in the write up is “sort of” accurate. I suggest this because the article invokes the name of “Edward Snowden” and the name of “Hal Martin.” Both of these individuals allegedly behaved with a bit of professional “looseness.”

But the write up does more than remind me that the once highly regarded blue chip management consulting firm has become an example of how not to manage its own employees and contractors.

Too bad. I worked at Booz, Allen & Hamilton when the firm’s reputation was reasonably well regarded. Today I am not so sure I would place the Booz Allen outfit identified in the FCW article in my “I want to work their” Top 10.

The main point of the write up seems to me to be:

Edward Snowden, Hal Martin and now another Booz Allen Hamilton employee could be involved in the leak of sensitive intelligence data — though in the latest case, it appears it could be accidental.

The information, according the FCW, was sensitive. The error was a result of a misconfiguration error.

Nevertheless, a company charged with working within the constraints set forth by the client should have management procedures in place to prevent alleged security issues.

Booz, Allen & Hamilton once kept a low profile. Now the firm finds itself making headlines.

FCW is not the grocery store tabloid-type of “real news” outfit, of course. However, I ask myself, “Management or mismanagement?”

And from an outfit which once provided management consulting services to the world’s leading organizations.

Interesting.

Stephen E Arnold, June 1, 2017

Dark Web Monitoring

As criminals have flocked to the Dark Web, the need for companies to protect themselves from hackers has escalated quickly. But are Dark Web Monitoring services worth the price tag, or is this today’s snake oil? Motherboard examines that issue in, “The Booming, and Opaque, Business of Dark Web Monitoring.”

There are two basic approaches to Dark Web Monitoring, explains contributor Joseph Cox. The first relies on algorithms to flag stolen data, while the second sends humans on fishing expeditions to Dark Web forums. Either way, though, the complexity and underground nature of the Dark Web make wild-goose chases inevitable. Cox writes:

Fundamental problems with the very idea of some of these services, such as the issue of verifying information gleaned from forums and marketplaces, means they might be providing an illusion of security, rather than the real thing.

 

There is a lot of misleading or outright fabricated information in the dark web. Often, particular listings or entire sites are scams, and forum chatter can be populated with people just trying to rip each other off. For that reason, it’s not really good enough to just report everything and anything you see to a customer.

Cox consulted with several Dark Web Monitoring vendors, who describe a balancing act—avoid passing along false flags (which cost clients time and money) while ensuring real threats do not slip through their fingers. A “confidence-level” some services include with each report aims to mitigate that uncertainty, but it is an inexact science. Especially since the Dark Web is ever changing.

Cynthia Murrell, May 26, 2017

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • AI Reduces Productivity: Quick Another Study Needed Now
  • Prompt Tips and Query Refinements
  • Silicon Valley Streetbeefs
  • If Math Is Running Out of Problems, Will AI Help Out the Humans?
  • How Can Creatives Survive AI Disruptions?

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org