CyberOSINT banner

A Dark Web Spider for Proactive Protection

April 29, 2016

There is a new tool for organizations to more quickly detect whether their sensitive data has been hacked.  The Atlantic discusses “The Spider that Crawls the Dark Web Looking for Stolen Data.” Until now, it was often many moons before an organization realized it had been hacked. Matchlight, from Terbium Labs, offers a more proactive approach. The service combs the corners of the Dark Web looking for the “fingerprints” of its clients’ information. Writer Kevah Waddell reveals how it is done:

“Once Matchlight has an index of what’s being traded on the Internet, it needs to compare it against its clients’ data. But instead of keeping a database of sensitive and private client information to compare against, Terbium uses cryptographic hashes to find stolen data.

“Hashes are functions that create an effectively unique fingerprint based on a file or a message. They’re particularly useful here because they only work in one direction: You can’t figure out what the original input was just by looking at a fingerprint. So clients can use hashing to create fingerprints of their sensitive data, and send them on to Terbium; Terbium then uses the same hash function on the data its web crawler comes across. If anything matches, the red flag goes up. Rogers says the program can find matches in a matter of minutes after a dataset is posted.”

What an organization does with this information is, of course, up to them; but whatever the response, now they can implement it much sooner than if they had not used Matchlight. Terbium CEO Danny Rogers reports that, each day, his company sends out several thousand alerts to their clients. Founded in 2013, Terbium Labs is based in Baltimore, Maryland. As of this writing, they are looking to hire a software engineer and an analyst, in case anyone here is interested.

 

Cynthia Murrell, April 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Google Search, Jr.

April 6, 2016

As a kid friendly society, we cater to the younger generations by making “child friendly” versions of everything from books to meals.  When the Internet made headway into our daily lives, kid friendly dashboards were launched to keep the young ones away from pedophiles and to guarantee they only saw age-appropriate content.  The kid protocols sucked, for lack of better terms, because the people designing them were not the greatest at judging content.

With more tech-savvy, child wise Web developers running the show now, there are more kid friendly products with more intelligence behind their design.  One of the main Internet functions that parents wish were available for their offspring is a safe search engine, but so far their answers have been ignored.

The Metro reports there is now a “New Search Engine Kiddle Is Like Google For Children-Here’s What It Does.”  Kiddle’s purpose is to filter results that are safe for kids to read and also is written in simple language.

Kiddle is not affiliated with the search engine giant, however:

“Kiddle is not an official Google product, but the company uses a customized Google search to deliver child-friendly results.  Kiddle uses Google colors but instead of the traditional white background has adopted an outer space theme, fit with a friendly robot.  It will work in the same manner as Google but its search will be heavily filtered.”

The results will be filleted as such: the first three sites will be kid friendly, four through seven will be written in simple language, and the remaining will be from regular Google filtered through by the Kiddle search.

Kids need to understand how to evaluate content and use it wisely, but the Internet prevents them from making the same judgments other generations learned, as they got older.  However, kids are also smarter than we think so a “kid friendly” search tool is usually dumbed down to the cradle.  Kiddle appears to have the best of both worlds, at least it is better than parental controls.

 

Whitney Grace, April 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Google DeepMind Acquires Healthcare App

April 5, 2016

What will Google do next? Google’s London AI powerhouse has set up a new healthcare division and acquired a medical app called Hark, an article from Business Insider, tells us the latest. DeepMind, Google’s artificial intelligence research group, launched a new division recently called DeepMind Health and acquired a healthcare app. The article describes DeepMind Health’s new app called Hark,

“Hark — acquired by DeepMind for an undisclosed sum — is a clinical task management smartphone app that was created by Imperial College London academics Professor Ara Darzi and Dr Dominic King. Lord Darzi, director of the Institute of Global Health Innovation at Imperial College London, said in a statement: “It is incredibly exciting to have DeepMind – the world’s most exciting technology company and a true UK success story – working directly with NHS staff. The types of clinician-led technology collaborations that Mustafa Suleyman and DeepMind Health are supporting show enormous promise for patient care.”

The healthcare industry is ripe for disruptive technology, especially technologies which solve information and communications challenges. As the article alludes to, many issues in healthcare stem from too little conveyed and too late. Collaborations between researchers, medical professionals and tech gurus appears to be a promising answer. Will Google’s Hark lead the way?

 

Megan Feil, April 5, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

RAVN ACE Can Help Financial Institutions with Regulatory Compliance

March 31, 2016

Increased regulations in the financial field call for tools that can gather certain information faster and more thoroughly. Bobsguide points to a solution in, “RAVN Systems Releases RAVN ACE for Automated Data Extraction of ISDA Documents Using Artificial Intelligence.” For those who are unaware, ISDA stands for International Swaps and Derivatives Association, and a CSA is a Credit Support Annex. The press release informs us:

“RAVN’s ground-breaking technology, RAVN ACE, joins elements of Artificial Intelligence and information processing to deliver a platform that can read, interpret, extract and summarise content held within ISDA CSAs and other legal documents. It converts unstructured data into structured output, in a fraction of the time it takes a human – and with a higher degree of accuracy. RAVN ACE can extract the structure of the agreement, the clauses and sub-clauses, which can be very useful for subsequent re-negotiation purposes. It then further extracts the key definitions from the contract, including collateral data from tabular formats within the credit support annexes. All this data is made available for input to contract or collateral management and margining systems or can simply be provided as an Excel or XML output for analysis. AVN ACE also provides an in-context review and preview of the extracted terms to allow reviewing teams to further validate the data in the context of the original agreement.”

The write-up tells us the platform can identify high-credit-risk relationships and detail the work required to repaper those accounts (that is, to re-draft, re-sign, and re-process paperwork). It also notes that even organizations that have a handle on their contracts can benefit, because the platform can compare terms in actual documents with those in that have been manually abstracted.

Based in London, enterprise search firm RAVN tailors its solutions to the needs of each industry it serves. The company was founded in 2011.

 

Cynthia Murrell, March 31, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Google and Reverse Engineering

March 28, 2016

I don’t want to make a big deal out of the information presented in “Google’s Reverse Engineering Software BinDiff Now Free for Researchers.” The write up reports that Zynamics’ code is now free. The write up explained:

What’s the code’s application? The write up reports:

BinDiff is a comparison tool for scrutinizing disassembled binary files and finding both similarities and differences in code through reverse engineering. The software can be used to identify and isolate flaws and bugs in software, namely, “fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versions of the same binary,” according to Blichmann. Binary files for x86, MIPS, ARM/AArch64, PowerPC, and other architectures can be analyzed with the software.

Are there other uses for this software? The write up identifies a number of benign uses; for example port function names.

The article concludes:

Interested parties can download the software directly from Zynamics.

Stephen E Arnold, March 28, 2016

No Search Just Browse Images on FindA.Photo

March 2, 2016

The search engine FindA.Photo proves itself to be a useful resource for browsing images based on any number of markers. The site offers a general search by terms, or the option of browsing images by color, collection (for example, “wild animals,” or “reflections”) or source.  The developer of the site, David Barker, described his goals for the services on Product Hunt,

“I wanted to make a search for all of the CC0 image sites that are available. I know there are already a few search sites out there, but I specifically wanted to create one that was: simple and fast (and I’m working on making it faster), powerful (you can add options to your search for things like predominant colors and image size with just text), and something that could have contributions from anyone (via GitHub pull requests).”

My first click on a swatch of royal blue delivered 651 images of oceans, skies, panoramas of oceans and skies, jellyfish ballooning underwater, seagulls soaring etc. That may be my own fault for choosing such a clichéd color, but you get the idea. I had better (more various) results through the collections search, which includes “action,” “long-exposure,” “technology,” “light rays,” and “landmarks,” the last of which I immediately clicked for a collage of photos of the Eiffel Tower, Louvre, Big Ben, and the Great Wall of China.

 

Chelsea Kerwin, March 2, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Wrangle That Data: Trifacta Receives $35 Million

February 14, 2016

When I read “Data Cleaning Software Company Trifacta Raises $35 Million,” I realized that the notion of automating the clean up of disparate data was an unsolved problem. Odd. I have been operating on the assumption that tools from Lexmark Kapow and Palantir had tamed that stallion years ago. Wrong.

According to the write up:

New investor Cathay Innovation and existing investors Accel Partners, Greylock Partners, and Ignition Partners participated in the new round. To date, the company has raised more than $76 million, including the $25 million round announced May 2014.

That’s a reasonable chunk of change for a function many search and content processing vendors suggest is a no brainer. Trifacta has a pocketful of cash to provide some evidence that the belief that cleaning up data remains a big, big problem.

Will Trifacta surge to the top of the data clean up pile. If one takes a peek at the azure chip consulting firm reports on this housekeeping sector, there are quite a few vendors chasing customers in this sector.

Now returning to the question about incumbents like Kapow and Palantir. Where are these companies? I can understand why Kapow has slipped from some folks’ radar, but the Palantir operation is active in the commercial sector and seems to have helpers, wizards, and smart software which allows a person with little or no training to import, process, and extract insights from disparate data.

Do those funding Trifacta perceive Kapow and Palantir as companies unable or unwilling to tackle the problems Trifacta addresses? Good question.

Stephen E Arnold, February 14, 2016

 

Topology Is Finally on Top

December 21, 2015

Topology’s  time has finally come, according to “The Unreasonable Usefulness of Imagining You Live in a Rubbery World,” shared by 3 Quarks Daily. The engaging article reminds us that the field of topology  emphasizes connections over geometric factors like distance and direction. Think of a subway map as compared to a street map; or, as writer Jonathan Kujawa describes:

“Topologists ask a question which at first sounds ridiculous: ‘What can you say about the shape of an object if you have no concern for lengths, angles, areas, or volumes?’ They imagine a world where everything is made of silly putty. You can bend, stretch, and distort objects as much as you like. What is forbidden is cutting and gluing. Otherwise pretty much anything goes.”

Since the beginning, this perspective has been dismissed by many as purely academic. However, today’s era of networks and big data has boosted the field’s usefulness. The article observes:

“A remarkable new application of topology has emerged in the last few years. Gunnar Carlsson is a mathematician at Stanford who uses topology to extract meaningful information from large data sets. He and others invented a new field of mathematics called Topological data analysis. They use the tools of topology to wrangle huge data sets. In addition to the networks mentioned above, Big Data has given us Brobdinagian sized data sets in which, for example, we would like to be able to identify clusters. We might be able to visually identify clusters if the data points depend on only one or two variables so that they can be drawn in two or three dimensions.”

Kujawa goes on to note that one century-old tool of topology, homology, is being used to analyze real-world data, like the ways diabetes patients have responded to a specific medication. See the well-illustrated article for further discussion.

Cynthia Murrell, December 21, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Cybercrime to Come

December 2, 2015

Apparently, we haven’t seen anything yet. An article at Phys.org, “Kaspersky Boss Warns of Emerging Cybercrime Threats,” explain that personal devices and retail databases are just the beginning for cyber criminals. Their next focus has the potential to create more widespread chaos, according to comments from security expert Eugene Kaspersky. We learn:

“Russian online security specialist Eugene Kaspersky says cyber criminals will one day go for bigger targets than PCs and mobiles, sabotaging entire transport networks, electrical grids or financial systems. The online threat is growing fast with one in 20 computers running on Microsoft Windows already compromised, the founder and chief executive of security software company Kaspersky Lab told AFP this week on the sidelines of a cybersecurity conference in Monaco.”

The article also notes that hackers are constantly working to break every security advance, and that staying safe means more than installing the latest security software. Kaspersky noted:

“It’s like everyday life. If you just stay at home and if you don’t have visitors, you are quite safe. But if you like to walk around to any district of your city, you have to be aware of their street crimes. Same for the Internet.”

Kaspersky’s company, Kaspersky Lab, prides itself on its extensive knowledge of online security. Founded in 1997 and headquartered in Moscow, the company is one of the leading security firms in the world.

Cynthia Murrell, December 2, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Interview with Informatica CEO

November 26, 2015

Blogger and Datameer CEO Stefan Groschupf interviews Anil Chakravarthy, acting CEO of Informatica, in a series of posts on his blog, Big Data & Brews. The two executives discuss security in the cloud, data infrastructure, schemas, and the future of data. There are four installments as of this writing, but it was an exchange in the second iteration, “Big Data  Brews: Part II on Data Security with Informatica,” that  captured our attention. Here’s Chakravarthy’s summary of the challenge now facing his company:

Stefan: From your perspective, where’s the biggest growth opportunity for your company?

Anil: We look at it as the intersection of what’s happening with the cloud and big data. Not only the movement of data between our premise and cloud and within cloud to cloud but also just the sheer growth of data in the cloud. This is a big opportunity. And if you look at the big data world, I think a lot of what happens in the big data world from our perspective, the value, especially for enterprise customers, the value of big data comes from when they can derive insights by combining data that they have from their own systems, etc., with either third-party data, customer-generated data, machine data that they can put together. So, that intersection is good for, and we are a data infrastructure provider, so those are the two big areas where we see opportunity.

It looks like Informatica is poised to make the most of the changes prompted by cloud technology. To check out the interview from the beginning, navigate to the first installment, “Big Data & Brews: Informatica Talks Security.”

Informatica offers a range of data-management and integration tools. Though the company has offices around the world, they maintain their headquarters in Redwood City, California. They are also hiring as of this writing.

Cynthia Murrell, November 26, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Next Page »