Security Is a Game
November 12, 2020
This article’s headline caught my attention: “Stop Thinking of Cybersecurity As a Problem: Think of It As a Game.” I think I understand. The write up asserts:
The thing is, cybersecurity isn’t a battle that’s ultimately won, but an ongoing game to play every day against attackers who want to take your systems down. We won’t find a one-size-fits-all solution for the vulnerabilities that were exposed by the pandemic. Instead, each company needs to charge the field and fend off their opponent based on the rules of play. Today, those rules are that anything connected to the internet is fair game for cybercriminals, and it’s on organizations to protect these digital assets.
Interesting idea. Numerous cyber security solutions are available. Some organizations have multiple solutions in place. Nevertheless, bad actors continue to have success. If the information in Risk Based Security 2020 Q3 Report Data Breach QuickView is anywhere close to accurate. The “game” is being won by bad actors: Lots of data was sucked down by cyber criminals in the last nine months.
Fun, right?
Stephen E Arnold, November 12, 2020
Security: A Happy Illusion Like Free Chocolate Chip Cookies at a Hotel Desk
November 12, 2020
“Hotels.com, Expedia Provider Exposed Data for Millions of Guests” contains a couple of interesting statements.
- A company called Prestige Software provides the hotel reservation systems for Hotels.com, Booking.com, and Expedia.com.
- Data for bookings were stored on Amazon AWS S3. The system contained credit card data for millions of people.
The article points out that the incident “does illustrate the dangers of a heavy reliance on third party providers for platforms.”
The article does not ask the question, “Prestige Software, what’s your approach to AWS S3 security?”
Stephen E Arnold, November 12, 2020
Are Big Tech Companies Like Countries? Not Exactly
November 11, 2020
The BBC published “China to Clamp Down on Internet Giants.” The article explains that China has figured out that online outfits may pose a challenge to government officials, procedures, and methods. The article explains:
China has proposed new regulations aimed at curbing the power of its biggest internet companies. The regulations suggest increasing unease in Beijing with the growing influence of digital platforms.
China has taken steps to make sure ants won’t ruin the government picnic. Other companies are affected as well. Europe is taking a similar, but uniquely European approach. Plus, the United States, asleep at the regulatory switch for a couple of decades, has heard the regulatory bleats as well.
The proposed rule changes in China, according to the BBC:
…will also take aim at companies that treat customers differently based on their data and spending habits.
Are big tech companies like countries? No, no they are not. Some big tech companies may not agree until the regulators grab their insect spray and zap the ants and other creatures buzzing in an annoying manner.
Stephen E Arnold, November 11, 2020
The Atlantic: Inventing Reality Using Real Journalism
November 11, 2020
I read “The Atlantic Apologizes for Ruth Shalit Barrett Story After Fabrication, Multiple Inaccuracies Revealed.” The write up may be a hoax about a hoax. Who knows? But this “real journalism” thing is becoming increasingly amusing. The Atlantic? This was a go to source for those in my high school English class at term paper time. Who knew that the information in a publication founded in 1857 could have lost its connection with facts and reality?
The write up report:
The Atlantic said it regrets commissioning and publishing a feature story written by Ruth Shalit Barrett — who was fired from The New Republic in the 1990s over incidents of plagiarism — which has been revealed to include a fabrication and multiple inaccuracies. In a lengthy editor’s note added to Barrett’s edited story, “The Mad, Mad World of Niche Sports Among Ivy League-Obsessed Parents,” late Friday, The Atlantic said, “new information emerged” about the article that was published in the outlet’s November 2020 print edition and on its website Oct. 17 “that has raised serious concerns about its accuracy, and about the credibility of the author, Ruth Shalit Barrett.”
What about that fact checking from the publication which published the work of Oliver Wendell Holmes?
If the story is accurate, the Atlantic will cruise happily along the river of facts on which the good ship Atlantic floats.
Stephen E Arnold, November 11, 2020
Office Text Generation
November 11, 2020
Navigate to Office Ipsum. Select an “ipsum”, jargon for nonsense text,” and enjoy the output.
Here’s an example of the content created:
Out of the loop make it more corporate please gage [sic] where the industry is heading and give back to the community what we’ve learned. Disband the squad but rehydrate as needed workflow ecosystem yet hard stop. Move the needle golden goose we don’t want to boil the ocean so we need to socialize the comms with the wider stakeholder community. We need to make the new version clean and sexy it’s a simple lift and shift job cross sabers big data and personal development radical candor creativity requires you to murder your children.
I wish this were not so close to some of the “original content” I read each day.
Stephen E Arnold, November 11, 2020
AWS Security Maturity
November 10, 2020
Struggling with leaky S3 buckets? Discovering phishing campaigns launched from your AWS instance? Wrestling with multiple, often confusing, security options? Answer any of these questions with a “yes”, and you may want to check out this paper, “AWS Security Maturity Roadmap.” After reading the essay, you will probably consider seeking an expert to lend a hand. Hey, why not call the author of the paper? The white paper does a good job of providing a useful checklist so the reader can determine what’s been overlooked.
Stephen E Arnold, November 10, 2020
Surveys: These Marketing Devices Are Accurate, Right?
November 10, 2020
There’s nothing like a sample, a statistical sample, that is. What’s interesting is that the US polls seem to have been reflecting some interesting but marketing-type trends. The bastion of “real journalism”— the UK Daily Mail — published “…We Did a Good Job: Defiant Pollster Nate Silver Rushes to Defend His Profession after Another Systematic Failure of Polls in the Build-Up to an Election.” Bibliophiles will note that I have omitted the tasteful obscenity. I like to avoid using words likely to irritate the really smart software which edits blog posts.
The write up points out:
FiveThirtyEight founder and editor-in-chief Nate Silver hit back at those slamming the website for being so off with their election predictions.
Let’s think about why FiveThirtyEight and other polls seem to have predicted a reality different from the one generated by humanoids marking ballots.
First, there is the sample. Picking people at random is dependent on a number of factors: Sources, selection bias, humanoids who don’t respond, etc.
Second, there are the humanoids themselves. Some people plug in the “answers” which get the poll over with really fast. I lose interest at the first hint of dark patterns which make it tough to know how may questions I have to answer to get the coupon, pat on the head, or the free shopping sack.
Third, there is counting. Yep, humans or machine things can happen.
Fourth, there is analysis. It is remarkable what one can do when counting or doing “analytics.”
The Daily Mail quotes an expert about making polls better:
‘The polling profession needs to reshape and reorganize their questionnaires,’ Luntz [the polling expert] told DailyMail.com. ‘It’s the only way they’ll ever get it right.’
But I keep thinking about the FiveThirtyEight obscenity. Defensive? Eloquent? Subjective? Insightful?
That subjective thing.
Stephen E Arnold, November 10, 2020
YouTube Factoid
November 10, 2020
Investor Place published “YouTube Is Now Google’s Biggest Growth Engine and Could Be Worth $200 Billion on Its Own.” The write up contains an interesting factoid which may be semi-true.
YouTube is now nearly 20% of Google’s business, and it’s growing three times faster than the rest of the company.
After decades of effort, Google has another revenue stream, based on advertising and subscriptions.
So what?
There’s the $200 billion and the “could”.
Stephen E Arnold, November 10, 2020
Machine Learning and Medical Risk
November 9, 2020
I spotted an AAAS article called “Machine Learning Shows Similar Performance to Traditional Risk Prediction Models.” The information can be interpreted in different ways, depending upon one’s point of view. For example, machine learning misses the boat, or machine learning works about as well as humans fumbling along. One sentence warranted a blue exclamation point:
cardiovascular disease risk predictions for the same patients varied substantially between models, especially in patients with higher risks. For example, a patient with a cardiovascular disease risk of 9.5-10.5% predicted by the traditional QRISK3 model had a risk of 2.9-9.2% and 2.4-7.2% predicted by other models. Models that ignored censoring (including commonly used machine learning models) substantially underestimated risk of cardiovascular disease.
The report begs another question: “What other machine learning models underestimate risk?”
Stephen E Arnold, November 9, 2020
Android: Fragmentation? What Fragmentation
November 9, 2020
Interesting statement in “Older Android Phones Will Be Cut Off From a Large Chunk of the Web in 2021”:
Let’s Encrypt noted that roughly 34% of Android devices are running a version older than 7.1 based on data from Google’s Android development suite.
Android fragmentation? What fragmentation?
Stephen E Arnold, November 9, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
