Implementing Delegated Administration with the ForgeRock 5.5 Platform – ForgeRock Forum and Blog

Implementing Delegated Administration with the ForgeRock 5.5 Platform – ForgeRock Forum and Blog
— Read on


Watch: Kangaroo boxes flag at Australian golf course –

An Australian woman practicing her golf game at a local course came upon an unusual hazard on the fifth green — a kangaroo boxing with the flag.
— Read on

US food inventory… apparently pecans are more important than I realized.

Interesting, but not arranged by food groups. Unless you’re one of those people who consider pecans a food group. Lol. #ScratchingMyHead at how pecans get their own category and get listed in the first position.

Apple, IBM add machine learning to partnership with Watson-Core ML coupling | TechCrunch

Nice step in closing gaps between ML training, usage, feedback, and retraining. Hopefully it will also evolve into a service that independent app developers can use.

Apple, IBM add machine learning to partnership with Watson-Core ML coupling | TechCrunch
— Read on

How to Group Mac App Icons More Prominently in Your Dock – Mac Rumors

In macOS, the Dock provides convenient one-click access to your most frequently used Mac applications. The simplest way to organize docked apps is to…
— Read on

Machine Learning on local devices still is not real machine learning. The article refers to iPhoneX’s new chip and the “CoreML” SDK. Unfortunately, training the ML model still has to occur somewhere else.

ML requires training a model to recognize inputs. It’s impossible to create one ML Model to recognize all possible real world situations, so it’s necessary to continue collecting data, “retrain” the model, and redeploy the updated model.

For anyone who’d rather not ship all of their information to someone else’s cloud, we’re still years away from real ML capabilities for our own devices.

If anyone knows of an available ML solution that can perform continuous training/learning on a local device, I’d love to hear about it.

Overview of privacy concerns with iPhoneX FaceID (and other facial recognition utilities). The note that companies have been patenting abilities to recognize emotions (and health) should raise concerns.

ByTheWay… you don’t have to own one of these devices to have your privacy violated… simply being in range of someone else’s camera opens the door to abusive companies.

Brand Hijacking: doppelgänger domains, typo squatting, and counterfeit apps

Does your cyber security program address doppelgänger domains, typo squatting, and counterfeit apps?Organizational impersonation (brand hijacking) uses your reputation to dupe a victim. These attacks never hit your firewalls.  

Let that sink in. A brand impersonation/hijacking attack is unlikely to touch any of you apps, websites, networks, firewalls, or logs. It occurs completely outside of and independent of any resources under your organizational control.

Fortunately, basic defenses against these kind of risks can be implemented with rather simple tools; yet, this topic is overlooked by many organizations and security teams. Yet, it yields a two for one benefit… the same practices that reduce risks of brand hijacking are also applicable to verify the apps and services your organization consumes from others are legitimate and secure.

Who assesses your security configuration management practices?

Who assesses your security configuration management practices?

In follow up to Security Misconfiguration is the #5 risk in 2017.

Are assessments an internal processes? Do you rely on auditors (often an adversarial experience for staff)? Do you rely on Pentests and vulnerability scans (often limited in scope)? Or wait for the post-mortem after an event occurs?

If these options seem lacking, perhaps its time to consider adding a 3rd party assessment to your security program.  A few of the benefits include:

  • reduced burden on Security Operations team.
  • fresh perspectives and insights.
  • assistance preparing for Audits.
  • determination if scope of Pentests and Vulnerability Scans are appropriate and adequate.
  • evaluation of Security Configuration Management practices.  If needed, can provide coaching (or assistance) in establishing configuration management.
  • an SOW thats right for you and the current needs of your organization, not driven by the agenda of an auditor or a product vendor.

Even if your organization is not bound by regulations requiring specific security measures or audits, you may want to be proactive about your organization’s security health for more fundamental reasons.

Good security practices have numerous benefits:

  • fewer work errors and better quality control.
  • fewer occasions of unplanned down time.
  • better confidence in ability to handle exceptions quickly and efficiently.
  • better understanding of business relationships, dependencies, and trust decisions.
  • better understanding of roles and responsibilities.
  • better cost controls of the products and services purchased by your organization.

As you can see, good security practices can achieve much more than audit compliance.

Is your security program achieving it’s potential?

Security Misconfiguration is the #5 risk in 2017.

The latest “OWASP Top 10” lists “Security Misconfiguration” as the #5 security risk in 2017. Does your organization review it’s security configurations? Do you validate and test them? Does your organization practice configuration management?