Avast blog: Beware of SEO poisoning

Holy SEO Poisoning Attack Example: SolarMarker Malware - Blog | Menlo  Security

Getting infected with malware isn’t just clicking on an errant file, but it usually occurs because an entire ecosystem is created by attackers to fool you into actually doing the click. This is the very technique behind something called SEO poisoning, in which seemingly innocent searches can tempt you with malware-infested links. The malware chain begins by an attacker generating loads of fake web content that are intended to “borrow” or piggyback on the reputation of a legitimate website. The fakes contain the malware and manage to get search results to appear higher on internet search engines. In this post for Avast’s blog, I describe the practice and offer some tips on how to steer clear of this problem.

These two political opposites can agree on these five things

By David Strom and David Strom  

No you are not seeing double: we are two different people. Democrat David Strom and Republican David Strom. 

Having a well-worn internet presence means that after some time, you get to meet some of your namesakes. Since both of us are authors (Minneapolis David is a Republican who writes on conservative political topics. And as you know me — St. Louis David — as a Democrat who writes about business technology), we thought we would jointly pen a blog post about things that we can both agree on — and where we diverge as well — for our respective audiences. We found these five broad topics.

1) A path towards legal immigration

We both agree that our immigration laws should be updated to allow for a legal path towards citizenship for those who come to our country. That leaves plenty of daylight between us in terms of how this will be implemented, but both of us aren’t happy with the current situation. 

Minneapolis David: It’s not just a truism that immigrants built this country–they continue to make enormous contributions to America. But you can have too much of a good thing, and as we have seen open borders have created a crisis that is splitting this country apart. It’s time to get control of our border and a consensus on the number of immigrants the country can import without causing social distress. 

St. Louis David: I was surprised when I learned how few countries offer birthright citizenship. We need some consistent policy among the various government branches and across federal, state and local authorities. Wishful thinking, I know.

2) Respect for the rule of law and individual decency

BOTH DAVIDS: Calling for the overthrow of our government by anyone shouldn’t be tolerated. The same holds for threatening law enforcement members, or members of Congress, or really anyone for that matter. We should tolerate people of different points of view — one of the reasons why we are jointly writing this blog post. (Democrat David is married to a conservative Republican, BTW.) And by tolerate we mean being able to disagree without the threat of any violence on that person.

Talk of a civil war–and the increasing number of violent incidents related to political disagreements–make solving real problems nearly impossible. Distrust begets distrust. Neither of us have any idea how to solve the problem, but we need to get a handle on it. Political leaders need to take the first step to calm down the rhetoric. 

3) Understanding the role played by the First Amendment and freedom of speech

Until this year, this amendment only applied to government entities. Now we have two court rulings in Texas and Florida that have different interpretations when it comes to the role of social media and how freedom of speech protections should apply. We both deplore and avoid hate speech.

St. Louis David: Regardless of how these cases play out, all of us should be allowed to say what we want, as long as we aren’t promoting violence on a particular group.  

Minneapolis David: Maybe I read John Stuart Mill at an impressionable age, but I have long believed that the more you suppress ideas, the more disastrous the outcome. Let people speak. Some people will say things that are wrong, stupid, or just different from what you think is responsible. A lot of people will think the same of you. Deal with it. 

4) Importance of science research and respect for the scientific method

St. Louis David: This should be easy. Those people who want to “do their own research” or criticize our scientists for explaining a particular result should fully understand the scientific method of testing hypotheses and running double-blind experiments. Part of respecting scientific research is believing that innovation is a key element of this activity, and accepting the role played by innovation in our society. We may differ on how our governments implement these results, however. Neil DeGrasse Tyson offers some sound advice in his latest book: “Do whatever it takes to avoid fooling yourself into believing that something is true when it is false,  or that something is false when it is true.

Minneapolis David: I agree with St Louis David, with a big “but.” I think that scientists have played a big role in the loss of trust in science. Science is about discovery. Its results are better or worse hypotheses. The goal is truth, but we can only approximate the truth asymptotically (look it up!). Scientists need to project more humility, or their mistakes will only undermine confidence. Example: nutrition science, where it seems like they get it wrong all the time, but with great confidence. 

5) Respect for life 

Both of us agree that we should respect life, which we hinted at above. But we realize that we all might have different definitions of what constitutes the precise moment when we think it begins or ends. Polling shows that there is ample room for reasonable compromises. 

St. Louis David: I believe that our government should allow women to choose, and not make their choices a criminal act. 

Minneapolis David: I consider myself “pro-life” in the sense that you know it. I also understand that there are legitimate differences about how we can best determine when life begins. We need to get beyond shouting at each other and have serious discussions, not shouting matches. 

One final note on something we can also agree on: both of us are Mac/iPhone users, and both of us have re-invested in Apple products this past year. 

Nicki’s Central West End blog: Coding camps in the neighborhood

I live in an area of St. Louis called the Central West End, and we are fortunate to have not one but two world-class computer coding training facilities located here: Launchcode and Claim Academy. Both have been in operation for several years and have trained numerous programming professionals through some innovative instruction techniques and by focusing on non-traditional sources for their students. By non-traditional, I mean classes designed for people that have little or no formal programming experience and who want to make a mid-course career correction. In this post for a local blog, I describe their programs, their cost, and their advantages in training newbie programmers.

If you are interested in a programming career, you might want to first read a blog post that I wrote many years ago on how to pick the right online class for Computerworld. I cover things such as knowing what type of learner you are (visual, auditory, etc), figuring out if you have the necessary bandwidth to devote to the classes, thinking about what other support you will need besides the lectures, and understanding what learning programming skills really means.

Avast blog: Your out-of-date medical device could be leaving you vulnerable

Roughly a third of all connected devices have insecure defaults, such as no or weak password protection or poor software design, that make them ripe for exploits.

Last week, the FBI’s Internet Crime Complaint Center issued a public warning claiming that they have “identified an increasing number of vulnerabilities posed by unpatched medical devices.” They stated that these devices, such as insulin pumps and pacemakers, are running outdated firmware. They also lack adequate security features, meaning that hackers could change device settings and create dangerous conditions for the patients who literally depend on them. All of this isn’t a new problem, but the FBI’s notice is a good reminder of how law enforcement might focus its attention in this area. There is more to this story, read my blog post for Avast here.

Avast blog: How Uber was hacked — again

Last week, an 18-year old hacker used social engineering techniques to compromise Uber’s network. He compromised an employee’s Slack login and then used it to send a message to Uber employees announcing that it had suffered a data breach. Uber confirmed the attack on Twitter within hours, issuing more details on this page.

CSO went into details about how the attack happened.

The company claims no user data was at risk, they have notified law enforcement, and all of their services have been restored to operational status. In this post for Avast, I explain what happened and suggest a few lessons to be learned from the experience on how to prevent a similar attack from happening to your business.

CSOonline: CNAPP buyer’s guide

Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms. Enter the Cloud Native Application Protection Platform or CNAPP. IT managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.

cso cnapp vendors tableEven still, that is a lot of software to manage, integrate, and understand. However, almost none of the products that claim to be CNAPP have a full set of features that incorporate all four of these categories. In this post for CSOonline, I explain the landscape and show you how to navigate amongst the contenders.

Avast blog: The latest privacy legal environment is getting interesting

California’s privacy laws have now been in effect for more than two years, and we are beginning to see the consequences. Earlier this month, the California Attorney General’s office released the situations where various businesses were cited and in some cases fined for violations. It is an interesting report, notable for both its depth and breadth of cases.

The CalAG is casting a wide net and in my blog for Avast I discuss what happened there and how the  privacy legal situation is evolving elsewhere. I also offer some words of advice to keep your business from getting caught up in any potential legal action.

Avast blog: The rise of ransomware and what can be done about it

new report by John Sakellariadis for the Atlantic Council takes a deeper dive into the rise of ransomware over the past decade and is worth reading by managers looking to understand this marketplace. In my latest blog for Avast, I explore the reasons for ransomware’s rise over the past decade — such as more targeted attacks, inept crypto management, and failed federal policies — as well as measures necessary to start investing in a more secure future.

Building a better surgical robot

I have learned over the years that doctors who are digital natives, or at least comfortable with the technologies that I use (email and the web), are those doctors that I want to treat me. In the past, whenever I have looked for treatment, I have followed a different path to choose my doctor, looking for someone who was older with loads of experience, who has seen plenty of patients.

But older experience isn’t necessarily relevant anymore, and as I age that is also pushing the envelope of what “older” really means. The older docs got their medical education more than 30 years ago, when there were different treatment modalities, different standards of medical care, and computers were the size of rooms. This is why I went with my urologist, someone closer to my kids’ age than mine, when two years ago I had my prostate removed surgically. The operation went well, and was done with the DaVinici robotic device made by Intuitive Surgical. My surgeon, Eric Kim, did touch me during the surgery — to open and close me up and position the robotic arm The rest of the time he was using the robot.

The robots have some big advantages over manual methods. Patients spend less time in the operating room, not to mention a reduction in blood loss, much smaller incisions and shorter hospital stays. Kim estimates that less than five percent of all prostates are removed by manual methods anymore. He has done more than 100 surgeries using the latest model of the daVinci, one that requires a single incision. Many of his patients that had surgery with this model of the robot — myself included — were able to go home within a few hours.

The robots have another direct benefit: “The doctor has instant feedback from an ultrasound or heart-lung machine without taking their eyes off of the procedure and operating field in progress,” said David Powell, the principal design engineer for Intuitive.

Being interested in technology, I have learned that these robots have evolved from using 3D standard-definition stereo vision to today’s dual-console, multi-window 3D high-definition systems. These units can be found in hundreds of hospitals around the world and are used to perform numerous urology, thoracic, ENT and gynecologic laparoscopic surgical procedures.

The company has worked with Xilinx for two decades, upgrading their Virtex and Spartan FPGA video processing chipsets to make the views seen by their human surgeons more helpful and more precise. Plus, the better video setup means less eye strain for the surgeon, and the ability to train new staff members.

“Xilinx’ embedded processor architecture has led to a major revolution for us in terms of our subsequent platform designs,” said Powell. The current daVinci models employ dozens of these chipsets, and benefits from being programmable, as well as a more scalable and distributed architecture. This means that many new capabilities can be introduced with an in-field firmware upgrade, rather than swapping out major hardware components. All of this results in more uptime and increased robot usage, amortizing their costs over more surgeries. Our hospital has seven of the machines — both older and newer models — that are busy at most times. “It is rare for a robot to sit unused,” said Kim.

It is easy to recognize the newer electronics, because the original daVinci models used a collection of thick custom cables to connect its various components that were failure-prone and required frequent repairs. The current version uses a single fiber optic line to deliver eight channels of full 1080i HD video and is more reliable. Sadly, I wasn’t able to see the machine that did the deed on my prostate, but glad that I got the benefits!

New AMD website: Performance intensive computing

AMD and Supermicro have asked me to help them build this new website that focuses on higher-end computing services. Topics include building computing clusters, taking advantage of GPUs to increase capacity and performance, and highlighting various case studies where this equipment plays a key role, such as with scientific computing and for academic research.