Machine Learning on local devices still is not real machine learning. The article refers to iPhoneX’s new chip and the “CoreML” SDK. Unfortunately, training the ML model still has to occur somewhere else.

ML requires training a model to recognize inputs. It’s impossible to create one ML Model to recognize all possible real world situations, so it’s necessary to continue collecting data, “retrain” the model, and redeploy the updated model.

For anyone who’d rather not ship all of their information to someone else’s cloud, we’re still years away from real ML capabilities for our own devices.

If anyone knows of an available ML solution that can perform continuous training/learning on a local device, I’d love to hear about it.

http://flip.it/xqvU3i

Advertisements

Overview of privacy concerns with iPhoneX FaceID (and other facial recognition utilities). The note that companies have been patenting abilities to recognize emotions (and health) should raise concerns.

ByTheWay… you don’t have to own one of these devices to have your privacy violated… simply being in range of someone else’s camera opens the door to abusive companies.

http://flip.it/ZdEzf0

Apple MacOS High Sierra security/root bug

If you’ve updated to MacOS High Sierra (OSX 10.13), this is not good news.  Although Apple released a bug fix, it should really give security conscious users some pause.

There are some good overviews of how to harden MacOS/OSX, but I haven’t seen an updated guide that specifically addresses this latest problem (researchers just haven’t had time to investigate the underlying problems and the full extent of what Apple changed and what is affected.  Despite that gap, reviewing a hardening guide and applying relevant procedures is still a good practice.  Here’s a couple references to get you started.

Additionally, here’s a link to a good description of the root account security bug and a manual procedure which hardens the system against this problem.  Conversations in the SecKC community and other security community confirmed the vulnerability and confirmed this manual config appears to address the problem.

Unfortunately this manual approach probably isn’t for most home/casual consumer users.  It requires using the Terminal and some advanced features most users never interact with.  And it introduces a security configuration which would probably complicate future updates and changes for many people.

Bottom line. Apple really messed up.

So what should you do?  If you’re a security conscious person with system administrator skills, you should spend the time it takes to harden your system (and test that hardening).  If your not a sys admin, update update update.  And keep checking for more updates over the next days and weeks.

Search Engine Optimization (SEO) is like whack-a-mole.

For the tl:dr crowd…  Google’s algorithms are constantly changing; and no matter the topic work in a least one mention of cats.  LOL.

 

https://www.startupgrind.com/blog/how-i-modified-my-seo-game-to-keep-up-with-google-in-2017-21/?utm_content=buffer6e14c&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

Brand Hijacking: doppelgänger domains, typo squatting, and counterfeit apps

Does your cyber security program address doppelgänger domains, typo squatting, and counterfeit apps?Organizational impersonation (brand hijacking) uses your reputation to dupe a victim. These attacks never hit your firewalls.  

Let that sink in. A brand impersonation/hijacking attack is unlikely to touch any of you apps, websites, networks, firewalls, or logs. It occurs completely outside of and independent of any resources under your organizational control.

Fortunately, basic defenses against these kind of risks can be implemented with rather simple tools; yet, this topic is overlooked by many organizations and security teams. Yet, it yields a two for one benefit… the same practices that reduce risks of brand hijacking are also applicable to verify the apps and services your organization consumes from others are legitimate and secure.

Who assesses your security configuration management practices?

Who assesses your security configuration management practices?

In follow up to Security Misconfiguration is the #5 risk in 2017.

Are assessments an internal processes? Do you rely on auditors (often an adversarial experience for staff)? Do you rely on Pentests and vulnerability scans (often limited in scope)? Or wait for the post-mortem after an event occurs?

If these options seem lacking, perhaps its time to consider adding a 3rd party assessment to your security program.  A few of the benefits include:

  • reduced burden on Security Operations team.
  • fresh perspectives and insights.
  • assistance preparing for Audits.
  • determination if scope of Pentests and Vulnerability Scans are appropriate and adequate.
  • evaluation of Security Configuration Management practices.  If needed, can provide coaching (or assistance) in establishing configuration management.
  • an SOW thats right for you and the current needs of your organization, not driven by the agenda of an auditor or a product vendor.

Even if your organization is not bound by regulations requiring specific security measures or audits, you may want to be proactive about your organization’s security health for more fundamental reasons.

Good security practices have numerous benefits:

  • fewer work errors and better quality control.
  • fewer occasions of unplanned down time.
  • better confidence in ability to handle exceptions quickly and efficiently.
  • better understanding of business relationships, dependencies, and trust decisions.
  • better understanding of roles and responsibilities.
  • better cost controls of the products and services purchased by your organization.

As you can see, good security practices can achieve much more than audit compliance.

Is your security program achieving it’s potential?

Security Misconfiguration is the #5 risk in 2017.

The latest “OWASP Top 10” lists “Security Misconfiguration” as the #5 security risk in 2017. Does your organization review it’s security configurations? Do you validate and test them? Does your organization practice configuration management?

 

 

Being agile, it’s not that complicated.

Some of the conversations I’ve been drawn into about Agile have been nothing short of mind-numbingly overcomplicated.  The Manifesto for Agile Software Development and the Twelve Principles of Agile Software are actually quite straightforward.
The manifesto only contains 62 words (354 characters).  The principles are described with 180 words (1,081 characters).
Yet, Amazon.com currently offers 4,521 books on “agile”.
If you really feel the need to read (or promote) a book about being agile… read “Corps Business: The 30 Management Principles of the U.S. Marines”.


   According to the “Scrum Alliance: Certified Agile Leadership Program”, an Agile Leader:

  – Operates effectively amid uncertainty, complexity, and rapid change
– Is knowledgeable about Agile values, approaches, and practices
– Surfaces more creative solutions through increased self-awareness, a growth mindset, and engaging others
– Aligns and empowers teams toward delivering more customer value
– Personally integrates feedback and experiments, and adapts their ways
– Takes a collaborative continuous-improvement approach to organizational effectiveness
– Catalyzes change in others and facilitates organizational change

Um… yeah… just give me a couple Marine Privates and stand back.  I’ll take someone whose earned their Eagle, Globe, and Anchor over a certificate of attendance, any day.

Still seeking a robust Bento replacement.

Still seeking a robust Bento replacement.  It’s been five years since the last update (Mar 16, 2011) and about two and a half years since it was discontinued (Sept 30, 2013).  And yet, two things still surprise me.  (1) There still isn’t a feature complete replacement product, and (2) I’m still using Bento.  It still works.

The short list of leading Bento replacements: 1Password, HanDBase, or TapForms.

* as of 2016-01-25, FileMaker would still be a >$350 buy in, require dev work, incur heavy “ease of use” penalties, and still leave me exposed to the poor Apple-FileMaker long term risks.

2016-01-25: tried/purchased 1Password and was left frustrated by missing features.

The 2nd worst of all is: any “schema” changes are only “per record”… i.e., adding a field only adds it to the record being currently edited… it’s doesn’t change the underlying table structure… because… they don’t have an underlying table structure… they don’t have a record/table/db schema… each record is just a bag of bits.

The #1 worst problem is: after customizing the fields for a record, and trying to export the record, the result is nearly gibberish.  It would be very labor intensive to create my preferred “schema” in 1Password and then subsequently export/migrate to even a basic spreadsheet.

2016-01-25: evaluated TapForms and elected not to purchase those apps.

The MAC App is $34.99, 13.4MB.

The iPad app is $8.99, 29.9MB.

The iPhone app is $8.99, 32MB.

From the support forum, the developer has been responding to “wifi-sync” requests, with “it’s four or five months away”… but he’s been saying that for a year.  Until he gets that option figured out, TF is a non-starter.

2015-03-01, really need to find a replacement before the Bento apps quit working altogether.

Must have features: wifi sync, ipad forms.

1Password is iOS universal, HB and TF are not.

The HandDBase folks are leaving basic features, like form design, out of the MAC App.

** 2015-10-10, HDB pulled out of the MAC App Store over some little bitchy thing earlier this year.

1Password has too many integration points with too many things; it’s a high risk product in the long term.

** 2015-10-10, 1P began requiring IOS 9 less than a 1 week after Apple released the new OS. No backwards compatibility at all!

TapForms may become the defacto choice at some point… but I’ll wait a bit longer (Bento is till working today).

** 2015-10-10, TF is only syncing thru iCloud or DropBox (not an option for secure content).

2015-10-10, still looks like a DIY custom app is my best option…

Delete individual items from OS X 10.11 El Capitan “Messages 9.0” app.

To delete individual items from OS X 10.11 El Capitan “Messages 9.0” app.   *this is for deleting specific messages within a conversation thread.  if the same Messages/iMessage account is active on multiple MacBooks, this will likely only delete the items on the specific macbook where you do this (ie., it doesn’t auto-delete the items from all connected devices).

  1. press and hold the command key
  2. click each of the individual messages to delete from a conversation.
  3. use the delete key.

It’s easy once you know the option is there, but it’s not obvious.


To delete individual items from a Messages conversation in iOS 9

  1. press and hold a finger on one of the items to be delete.
  2. look for the ” Copy | More… ” popup to appear.
  3. tap “More…”, now the selected message will get a checkmark and an option to delete.
    • if there are multiple items in the conversation, each will now have a circle which can be checked (tapped) to select for deletion.
  4. tap the circles to select any additional messages to be deleted.
  5. tap “Delete All” at the top left of the screen.

*This doesn’t delete message items from other devices.  Nor does it remove/retract sent items from recipients.