Rowhammer is a vulnerability in commodity dynamic random access memory (DRAM) chips that allows an attacker to exploit devices with DRAM memory by repeatedly accessing (hammering) a row of memory until it causes bit flips and transistors in adjacent rows of memory reverse their binary state: ones turn into zeros and vice versa. Continued…
Quote of the Day
“Rowhammer is a physical attack and deduplication is part of the operating system, which means anything right on the machine is potentially vulnerable.” – Robert Graham
Does Rowhammer mark a new wave of hardware vulnerabilities?
Experts say that the Rowhammer vulnerability isn’t a worry for enterprises, but it may be the first of a growing number of hardware vulnerabilities.
Drammer proves Rowhammer can be used to root Android
Researchers proved the Rowhammer hardware vulnerability can be exploited reliably on Android in order to allow attackers to gain root access.
Rowhammer exploit: Are Microsoft Edge browser users at risk?
Rowhammer exploits can give attackers read and write access to Microsoft Edge browsers. Find out how enterprises can prevent these attacks.
How to mitigate bit flipping flaw caused by Rowhammer exploits
A flaw in DRAM allows attackers to use Rowhammer exploits to prompt high rates of bit flipping. Find out what this attack does and how to prevent it.
‘Ingenious’ attack mixes memory deduplication with Rowhammer
An exploit combines memory deduplication and Rowhammer to allow read or write memory access.
Flip-flops, also called bistable gates, are digital logic circuits that can be in one of two states. Flip-flops maintain their state indefinitely until an input pulse called a trigger is received. When a trigger is received, the flip-flop outputs change state according to defined rules and remain in those states until another trigger is received. Continued…
Quote of the Day
“Found in everything from memories and microprocessors to mobile phones and countless other items, ICs are so woven into our lives that it would be hard to imagine a world without them.” – Jim Tully
Microsoft open tech promises switch hardware independence
New Microsoft open tech provides data center operators with the freedom of mixing networking hardware, without the integration hassles.
50 years of chips
On 12 September 1958, Jack Kilby created a revolution with the world’s first integrated circuit.
Moore’s Law 50 years on: Supercomputing is not just for boffins
On 19 April 1965, Intel’s Gordon Moore outlined his vision of how microelectronics would power the modern world.
Software-defined storage: a proxy for storage transformation
Despite fears of supplier hype, software-defined storage does reflect important trends that affect storage, such as the increasing separation between hardware and software.
Video: Pneumatic chip runs on thin air
The latest in a long line of weird computers runs calculations on nothing more than air.
Click fraud is the practice of artificially inflating traffic statistics for online advertisements. In the common pay-per-click advertising model, advertisers pay a fee for each click on their ad, anticipating that they have attracted a potential customer. Continued…
Quote of the Day
“Ad fraud botnets are being used to inflate the web views all across the internet. It looks as if there is more browsing happening than there actually is.” – Michael Tiffany
How ad fraud botnets are costing companies billions of dollars
Michael Tiffany of White Ops talks with SearchSecurity about how ad fraud botnets are spreading and costing companies billions of dollars a year.
Click fraud to ransomware: Study highlights dangers of malware lifecycle
New research puts the malware lifecycle in the spotlight, explaining how a click fraud malware transformed into ransomware in less than two hours.
Is click fraud malware hiding bigger potential threats?
Simple click fraud malware can be easily changed into more dangerous ransomware. Here’s how to assess the potential of low-level threats.
How does the HummingBad malware enable click fraud?
The HummingBad malware has been used to generate click fraud revenue from 10 million infected devices worldwide. Find out how the malware works.
Machine versus the bots: Does your website pass the Turing 2.0 test?
Robert Richardson questions whether computers can detect the bots vs. real users, as security tools use browser behavior and polymorphism to protect against data theft and fraud.
DataOps (data operations) is an approach to designing, implementing and maintaining a distributed data architecture that will support a wide range of open source tools and frameworks in production. Continued…
Quote of the Day
“DataOps is a data management method that emphasizes communication, collaboration, integration, automation and measurement of cooperation between data engineers, data scientists and other data professionals.” – Andy Palmer
Up-and-coming data engineers complement entrenched data scientists
Data engineers come online to do data wrangling and programming. They join vaunted data scientists, who focus more on math and analytics.
Experts advise on data science for business teambuilding
A modern data science for business team should acknowledge that you can’t find all the skills you need in one person. A diverse team can deliver better results.
Emerging: DataOps and three tips for getting there
DataOps and Agile analytics enjoyed a bit of the spotlight at the third annual Boston Data Festival: The Data Mill reports.
Data science team building 101: Cross-functional talent key to success
At BigData TechCon in Boston, data scientists discussed approaches to solving today’s new data analytics problems. A data science team leader touted team-based approaches.
Building data science teams takes skills mix, business focus
Analytics managers offered advice on building data science teams as part of a Strata + Hadoop World 2016 panel discussion on finding and retaining data scientists.
FRPC Rule 41 is the part of the United States Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence. Continued…
Quote of the Day
“While the changes to Rule 41 are intended to assist U.S.-based investigations, there is nothing stopping judges from applying the legislation globally now that jurisdiction is no longer an obstacle.” – Yorgen Edholm
Rule 41: Why security and privacy experts are wary
Rule 41 of the Federal Rules of Criminal Procedure has security and privacy experts frustrated. Here’s a closer look at the rule and why it’s important.
Risk & Repeat: Will Rule 41 changes become cybersecurity law?
This Risk & Repeat podcast episode discusses the proposed Rule 41 changes, which go into effect on Dec. 1, 2016, and a last-ditch effort to stop them.
Congress floats last-chance bill to delay Rule 41 changes
The Review the Rule Act looks to delay until July 2017 the controversial changes to Rule 41, which would expand government powers to access systems.
Senate bill would quash unlimited Rule 41 government hacks
Read about a Senate effort to limit remote, unlimited government hacking power with a bill to reverse the Supreme Court and Justice Department on Rule 41.
Activists, DOJ spar over Rule 41 changes to enhance FBI searches
Despite DOJ claims that Rule 41 alterations change nothing, protests by a coalition of tech firms, privacy and rights activists led by EFF continue to grow.
In software testing, a canary (also called a canary test) is a push of programming code changes to a small number of end users who have not volunteered to test anything. The goal of a canary test is to make sure code changes are transparent and work in a real world environment. Continued…
Quote of the Day
“Plan a canary app rollout for relatively small changes where confidence in the release is high, such as testing problem fixes or regressions.” – Stephen J. Bigelow
Automated out of a job? Results from the Harvey Nash Technology Survey
The Harvey Nash Technology Survey 2017 shows software testers and others fear automation may eliminate their jobs. Here’s what to prepare for.
Improve application rollout planning with advanced options
The right application deployment plan makes all the difference. Consider these three techniques during rollout planning.
Want disciplined DevOps software delivery? It takes six steps
If the goal is disciplined DevOps software delivery, get ready to make some changes. Expert Yvette Francino explains.
Dissect DevOps problems with this expert podcast
DevOps problems arise due to a litany of reasons, ranging from implementation to lack of a proper culture change. Learn to tackle these problems at the source.
For web companies, optimizing CI/CD mandates an IT infrastructure upgrade
Continuous integration and deployment aren’t just about the developer experience — they also often necessitate an IT infrastructure upgrade.
Predictive modeling is a process that uses data mining and probability to forecast outcomes. Continued…
Quote of the Day
“In looking to unleash effective and speedy predictive modeling techniques in an organization, bringing a standard business intelligence mindset to the process won’t cut it.” – Mike Lampa
How predictive modeling and forecasting failed to pick election winner
Predictive modeling and forecasting this election cycle failed to see the Drumpf phenomenon coming and missed the mark by a mile in their predictions.
Faster modeling techniques in predictive analytics pay off
Businesses can’t let data scientists get bogged down in academic predictive modeling techniques. If the process doesn’t pay off, it’s time to reevaluate priorities.
Big data analytics projects raise stakes for predictive models
Big data analytics projects can sink or swim based on how organizations cope with technical and skills issues that must be considered as part of the analytical modeling process.
Talking Data podcast: Predictive modeling techniques
This edition of Talking Data examines the finer points of predictive modeling techniques.
Building predictive analytics models takes a team effort
Analytics managers say data scientists should put algorithms through the wringer when building predictive analytics models to ensure that the models deliver valid results.
Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or trends. Continued…
Quote of the Day
“It’s essential that you extend your security controls beyond the perimeter, adding network anomaly detection capabilities to your other existing security tools.” – Peter Sullivan
Behavioral threat assessment means real-time threat detection
A behavioral threat assessment tool that provides real-time threat detection may be just what your enterprise security system needs now.
Knock advanced malware out cold with network anomaly detection
Peter Sullivan explores the need for network anomaly detection to protect the enterprise network from advanced malware in this Security School.
How to integrate network behavior anomaly detection into enterprise systems
Network behavior anomaly detection (NBAD) can be a valuable tool for financial firms. However, without proper integration, the tool is useless. In this tip, we lay out the steps required for a successful integration.
The case for using anomaly-based monitoring in zero-day detection
In light of recent failures by the signature-based model, expert Char Sample discusses anomaly-based monitoring technology and the potential it holds for enterprise security.
Can behavioral detection improve enterprise network security?
Expert Kevin Beaver discusses whether multi-session behavioral detection and traffic analysis is more effective malware detection than traditional perimeter technologies.
BizDevOps, also known as DevOps 2.0, is an approach to software development that encourages developers, operations staff and business teams to work together so the organization can develop software more quickly, be more responsive to user demand and ultimately maximize revenue. Continued…
Quote of the Day
“The tricky challenge of BizDevOps is to ensure that information is shared equally with everyone — particularly developers — so customer-first decisions are made.” – Valerie Silverthorne
Tried and true advice for getting started with BizDevOps
BizDevOps, the next gen of DevOps, will take time, patience and sweeping cultural changes in order to work. Here’s a roundup of advice.
BizDevOps and digital performance management are the new drivers
Call it BizOps or BizDevOps, digital performance management uses metrics to determine which slow pages to fix first. And no, it’s not the slowest one.
Wondering what comes after DevOps? Developers, it’s time for BizDevOps
BizDevOps is next-gen DevOps, bringing business people into the development and deployment process. Here’s how and why it works.
Overcoming the scale-up challenge of enterprise DevOps adoption
CIOs and IT leaders share their advice on what enterprises can do to accelerate the spread of DevOps within their organizations.
Learn the secrets of developing soft skills in coders
Developers with strong communication skills are in demand today. Expert Bruce Tulgan explains developing soft skills in coders.
On a Web site, clickstream analysis (also called clickstream analytics) is the process of collecting, analyzing and reporting aggregate data about which pages a website visitor visits — and in what order. The path the visitor takes though a website is called the clickstream. Continued…
Quote of the Day
“By using customer data analytics, companies have made significant strides in understanding customer preferences and behavior.” – Lauren Horwitz
Companies still struggle to unlock customer data analytics insight
Customer data analytics is the new black in sales, marketing and service. Companies know understanding customer data will lead to success in the future.
Customer personalization brings intelligence to sales and marketing
Companies no longer succeed with generic messaging to customers. Companies are investing in customer personalization technologies to help them tailor messaging to their clientele’s needs and preferences.
Customer data silos continue to hobble the omnichannel experience
Companies believe in the omnichannel experience and the ability to serve customers seamlessly across communication channels. But customer data silos still hobble the vision.
Data collection practices spark debate on big data ethics, privacy
The increasing emphasis on collecting and analyzing customer data is driving a debate on big data ethics and whether tighter privacy rules are needed to protect consumers.
Clickstream data edges retailer into ‘big data’ analytics territory
Big data analytics grapples with huge data sets coming at a quickening pace, but one Gartner analyst said data variety is having the greatest impact on businesses. Learn why that is and how the analytics environment is changing.