What Blockchain Can’t Do

Executive Summary

When assessing blockchain business models, it is useful to understand what blockchain can’t do. Think about the problem of tracking babies within a hospital ward and beyond. The effects of a baby being mistaken for another baby can be horrendous. Therefore, storing records that contain a baby’s current location in a way that makes these data points immutable and verifiable seems like a great use of blockchain technology. But there is a big problem with using blockchain to solve such a problem. The digital records may be immutable and verifiable, but how does someone know which digital record is attached to which baby? To link an entry on the blockchain to an actual, real-life baby, we would need to give the baby a physical identifier through a physical tag, or in a more futuristic world, a small chip or digital genome record that links the baby to its digital record. And this is where blockchain falls down. It can’t help with this process, and can’t ensure that perhaps the most important step of verification is happening correctly.

Goal! Spam Campaigns Capitalize on the World Cup Craze

When it comes to online fraud lures, scammers and spammers gear up to send massive campaigns of malicious email messages to recipients who may or may not open them. To increase their chances, ne’er-do-wells ride the tides of current news and events — and global sporting events are opportunities not to be missed.

4 Tips to Creatively Close the Information Security Skills Gap

Jeff Combs, a cybersecurity recruiter and career coach, likes to joke that thanks to the security skills gap, he’s an overnight sensation — it only took about 15 years. Combs began assisting firms with their search for security professionals in the late 1990s, a time when the industry was still fairly new, and no one had ever uttered the phrase “skills gap.”

Four short links: 28 June 2018

Migrating Messenger Storage (Facebook Engineering) — Once we decided to update the service and move to MyRocks, migrating data between storage systems while keeping Messenger up and running for more than one billion accounts proved to be an interesting challenge. It’s amazing how much effort it takes to keep something looking the same.

Secure Coding Practices in Java

BitSight, a provider of security ratings, raises $60M at a valuation of around $600M

As the tech world continues to grapple with how best to deal with the growing issue of malicious hacking and other security breaches, a startup that has developed a ratings system to track how well businesses are faring has raised a large growth round to expand its business. BitSight, which provides an ongoing, changing “risk security posture” of some 1,200 organizations, has raised $60 million in a Series D round led by Warburg Pincus, funding that it will use to expand its risk management solutions — specifically in areas like analytics — and overall business development.

Is User Training the Weakest Link for Your Email Security Approach?

The days of only deploying an email security gateway to block viruses, spam and other threats from reaching user email accounts are gone. Even though gateways no doubt have their place in a comprehensive security strategy, in most cases they are paired with supplementary technologies to ensure the most effective layered email protection. This is critical because gateways aren’t designed to sniff out attacks such as social engineering, phishing, spear phishing, and business email compromise (BEC). There is also the constant possibility of users being phished on personal email accounts that aren’t controlled by gateways at all. There are technologies to accompany gateways such as AI powered email security solutions, which offer the best hope to stop spear phishing, impersonation and BEC attacks.

Will Dropping Serialization from Java Remove the Vulnerabilities?

During “Ask The Architect” at the Devoxx UK 2018 conference, Oracle’s chief architect, Mark Reinhold, called Java’s serialization mechanism a “horrible mistake” and a virtually endless source of security vulnerabilities. More importantly, Reinhold announced Oracle’s decision to improve Java’s security by changing the way Java handles object serialization. Nearly half of the vulnerabilities that have been patched in the JDK in the last two years are related to serialization. Serialization security issues have also plagued almost every software vendor including Google, IBM, SAP, and many more.

ISACA And SecurityScorecard Define Critical Questions To Implement Continuous Assurance For Data

ISACA and SecurityScorecard announce a joint research paper, “Continuous Assurance Using Data Threat Modeling,” to provide enterprises guidance in adopting an attacker’s point of view to help account for data. With a step-by-step guide to apply application threat modeling principles to data, enterprises can now establish a baseline for monitoring ongoing data risk over time.