Sat.May 06, 2017 - Fri.May 12, 2017

article thumbnail

National Geographic Channel Tonight: Pwnie Express’s Jayson E. Street Breaks into Banks Designed To Keep Him Out

Outpost24

Not all hackers are bad guys. After all, a hacker is simply someone who figures how to repurpose a tool, a gadget, or a device to carry out a task the object wasn’t designed to do. Steve Wozniak was a hacker before he co-created Apple. Tesla, Turing, and DaVinci, are all hackers in their own right.

67
article thumbnail

New ABA Opinion – Attorneys Must Take Reasonable Cybersecurity Measures To Protect Client Data

Privacy and Cybersecurity Law

On May 11, 2017, the American Bar Association (ABA) issued Formal Opinion 477, making clear that a lawyer may transmit information […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing

Hunton Privacy

On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative data breach class action against Michaels Stores, Inc. (“Michaels”). The plaintiff’s injury theories were as follows: (1) the plaintiff’s credit card information was stolen and twice used to attempt fraudulent purchases; (2) the risk of future identity fraud and (3) lost time and money resolving the attempted fraudulent charges and monitoring credit.

article thumbnail

Comment le numérique rebat les cartes du secteur énergétique

CGI

Digital disruption is in the cards for the energy sector. harini.kottees…. Mon, 05/08/2017 - 02:42. The pace at which digitalization is accelerating poses a major challenge for organizations in the energy sector. The momentum is unsurprising, given that 81% of the utilities executives interviewed for the 2016 CGI Global 1000 outlook revealed that transforming to become a digital enterprise is a top strategic priority.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

CMSWire Article: How Information Architecture Improves Customer Experience

JKevinParker

My latest CMSWire article is " How Information Architecture Improves Customer Experience ": Have you ever had a problem finding information on a website or app? If so, you were experiencing a poor information architecture (IA). Conversely, a great experience with a site or application is only possible with solid IA under the surface. While information architecture doesn't get the headlines that personalization or chat bots receive, when built on a unified information strategy, IA can improve the

More Trending

article thumbnail

Preparing for GDPR – Appointing Your Data Protection Officer

Managing Your Information

Appointing a Data Protection Officer is an essential part of compliance with GDPR for some organisations. With just over a year to go until the implementation of the General Data Protection Regulation (GDPR) one of the tasks to get started with for certain types of organisations is the appointment of a Data Protection Officer (DPO). The Article 29 Data Protection Working Party (WP29) has recently published some useful guidance (5 April 2017) that describes the DPO as being at the “heart of this

GDPR 28
article thumbnail

[0day] Proving Box.com fixed ASLR via ImageMagick uninitialized zlib stream buffer

Scary Beasts Security

Overview In my previous post, we explored using an ImageMagick 0day (now a 1day) in the RLE decoder to to determine missing ASLR in both box.com and dropbox.com. In response, both Box and DropBox sensibly limited the available decoders. Both dropped RLE support and lots more. As you may recall from a different but related post , I had challenges working with Box to accurately determine the status of security reports I submitted.

IT 20
article thumbnail

A New Adventure with Tahzoo

JKevinParker

I recently started a brand new adventure in my career. I am now Senior VP/Managing Director of marketing technology labs with Tahzoo , a data-driven customer experience agency based in Washington, D.C. I have been fortunate to work for some great companies and mostly for great bosses. I even had a good long run with my own Web design, hosting, and content management services business.

article thumbnail

HHS Plans To Launch Cybersecurity Center Focused On Medical App Security

Privacy and Cybersecurity Law

The US Department of Health and Human Services (HHS) announced on April 20 that it plans to launch a cybersecurity initiative modeled […].

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Dear Facebook…Please Give Me Agency Over The Feed

John Battelle's Searchblog

The post Dear Facebook…Please Give Me Agency Over The Feed appeared first on John Battelle's Search Blog. (cross posted from NewCo Shift ). Like you, I am on Facebook. In two ways, actually. There’s this public page , which Facebook gives to people who are “public figures.” My story of becoming a Facebook public figure is tortured (years ago, I went Facebook bankrupt after reaching my “friend” limit), but the end result is a place that feels a bit like Twitter, but with more opportuni

IT 72
article thumbnail

Proving missing ASLR on dropbox.com and box.com over the web for a $343 bounty :D

Scary Beasts Security

Overview Cloud file storage providers such as Box and DropBox will typically thumbnail uploaded images for purposes of showing icons and previews. Predictably, both providers appear to use ImageMagick for thumbnailing. So what happens if we come knocking with the ImageMagick 1-day CESA-2017-0002? CESA-2017-0002 is a vulnerability in the RLE image decoder, where the allocated render canvas memory is not initialized under some conditions.

Cloud 24
article thumbnail

President Trump Signs Executive Order on Cybersecurity

Hunton Privacy

On May 11, 2017, President Trump signed an executive order (the “Order”) that seeks to improve the federal government’s cybersecurity posture and better protect the nation’s critical infrastructure from cyber attacks. The Order also seeks to establish policies for preventing foreign nations from using cyber attacks to target American citizens. Read the full text of the Order.

article thumbnail

DHS Warns Congress On Mobile Device Security

Privacy and Cybersecurity Law

On May 4, 2017, the US Department of Homeland Security (DHS) submitted a new study to Congress that detailed current and emerging […].

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

White House Signs New Cybersecurity Executive Order

Privacy and Cybersecurity Law

On May 11, 2017, President Donald Trump signed a new Executive Order on cybersecurity entitled Strengthening the Cybersecurity of Federal Networks and […].