Friday, February 16, 2018

13 AI trends that will reshape the economy in 2018

A report from CB Insights examined the effect of artificial intelligence on specific industries, and how it will shift the labor market.
  • Artificial intelligence will impact specific industries and the economy as a whole, leading to new jobs and wars over AI talent. — CB Insights, 2018
  • As AI moves to defense, the US and China will vie for the top spot in tech leadership. — CB Insights, 2018
Artificial intelligence (AI) is poised to radically shift the way professionals use technology to get work done. With the proper dataset behind it, AI can help alleviate many repetitive and redundant tasks, changing the way humans approach work.
While the biggest controversy around AI is its potential to replace jobs, the technology will affect other aspects of the economy in major ways. A recent report from CB Insights highlights some of the key AI trends worth paying attention to in 2018.

1. Robot babysitters

As AI-powered robots and other forms of automation take over repetitive roles, those roles previously held by humans will shift. As such, CB Insights believes that one job for impacted blue collar workers will be that of robot babysitter—which includes maintaining and operating the robots.

2. AI for X

Because of the broad uses of AI, CB Insights noted that firms will likely offer "out-of-the-box 'AI for X'" solutions this year. As AI and related technologies like machine learning continue to spread into niche markets, it further proves that these technologies are becoming "the building blocks for modern software and applications," the report said.

3. China vs. the US

The US is the leader in total number of AI investment deals, but it is losing share to China, whose work in this field is growing at an exponential clip. Tech like facial recognition and AI chips are powering China's rise, as the country takes more dollars in total AI funding, the report said.

4. AI-powered warfare

AI will be the "backbone of new government-sponsored cybersecurity efforts," the report said. As cybersecurity blends with traditional warfare, AI will be used to detect threats and help respond to breaches, according to the report.

5. Voice must come to non-English speaking markets

Voice-based assistants like Amazon Alexa, Google Assistant, and Apple's Siri are growing in popularity, but are limited in their language support, according to the report. In 2018, these companies will increasingly compete to capture non-English speaking markets.

6. White collar automation accelerates

AI-enhanced software and tools will boost the productivity of white collar workers in 2018. According to the report, these tools will dramatically impact clerical and legal work, among other fields.

7. AI at the edge

Edge computing is a necessary destination for AI in 2018, as certain decision making processes must be handled locally to be effective. One example noted in the report was that of autonomous vehicles, that will need to make decisions more quickly to remain safe.

8. Capsule networks

Capsule networks have the potential to displace convolutional neural networks (CNNs) as one of the foundational piece of future AI tools, the report said. These networks can "identify general patterns with less data and be less vulnerable to incorrect results," the report said.

9. AI talent wars

Want to make money in tech? Go into AI. As noted in the report, AI experts are in high demand across the tech sector, and their salaries often average in the high six-figures.

10. Machine learning hype will die

The industry reached "peak" machine learning in 2017, the report said, and the hype is starting to die down as the technology is normalized. Pretty soon, AI will be table stakes in enterprise software tools, not a differentiating factor.

11. Amazon, Google, Microsoft dominate enterprise AI

The same tech giants that dominate public cloud also dominate the AI market, according to the CB Insights report. These firms often offer AI as a Service to simplify the process for their customers.

12. AI is coming to clinical diagnostics

At least in the US, regulators are considering AI as a tool that could be used in medical diagnostics. Image recognition tools could be used to help doctors more effectively diagnose and treat patients.

13. DIY AI

Despite the complexity of AI, it is easier than ever for non-experts to begin experimenting with the technology. "Between open source software libraries, hundreds of APIs and SDKs, and easy assembly kits from Amazon and Google, the barrier to entry is lower than ever before," the report said.

This one business file is most used in cyberattacks -

Nearly 41 million PDFs scanned in the last three months were part of an attack, according to Barracuda Networks.
  • PDF files are the most likely to be weaponized and transmitted through attack surfaced, because they are easily created and transmitted. — Barracuda Networks, 2018
  • Nearly 41 million PDFs scanned in the last three months were part of an attack. — Barracuda Networks, 2018
Businesses beware: That PDF you're about to open may be part of a targeted cyberattack that will compromise your system.
PDF files are the most likely of any other file type to be weaponized, according to a Thursday report from security firm Barracuda Networks. In the last three months, nearly 41 million PDFs scanned were part of an attack, often containing links to malicious sites and active scripts, the report found.

 

PDFs are especially susceptible to malicious activity because they are easy to construct and transmit, the report noted. Business users and consumers alike must be extremely cautious when opening any PDF attachment in an email or on a website, even when it appears to come from a trusted source. Security professionals should also ensure that employee cybersecurity training is in place at their organization to decrease the likelihood of someone accidentally opening a malicious file or link on a work machine.
 "Organizations often become aware of vicious cyberattacks after the damage has already been done," Fleming Shi, senior vice president of technology at Barracuda Networks, said in a press release.
The most sophisticated and efficient attacks are carried over embedded scripts such as JavaScript and VisualBasic: More than 75% of these scripts are malicious, the report found. Scripts can be embedded in HTML or other rich document formats such as RFT and Office. Of the 70 million Office documents scanned by Barracuda Networks in the last three months, more than 4.7 million were malicious or suspicious.
Compressed files are another increasingly popular way for criminals to transmit hidden attacks, and hide non-malware infections like PowerShell scripts. One example of this took place in September 2017, when Barracuda detected a massive ransomware campaign with more than 27 million emails reaching customers in less than a day.
Information leaked in the Equifax breach and other major cyberattacks that resulted in the loss of personally identifiable information (PII) for millions of people will also likely increase both mass phishing and spear phishing attacks in the coming year, the report noted, so businesses and consumers should be vigilant in their efforts to combat these threats.

Investors Warned of Cryptocurrency ‘Pump-and-Dump’ Schemes By Gabriel T. Rubin


WASHINGTON—Regulators on Thursday warned consumers to beware of “pump-and-dump” manipulation schemes in virtual-currency markets as they try to rein in misconduct on unregulated spot exchanges.
The guidance from the Commodity Futures Trading Commission targets schemes that rely on coordinated efforts to create phony demand for cryptocurrencies, followed by schemers quickly selling their stakes to take advantage of the inflated prices.
The CFTC advisory is part of a broader consumer-education effort related to virtual currencies such as bitcoin, which have seen a swell of interest from retail investors in recent months.
“As with many online frauds, this type of scam is not new—it simply deploys an emerging technology to capitalize on public interest in digital assets,” said CFTC spokeswoman Erica Richardson.
The advisory came in response to complaints the CFTC has received from consumers who say they have lost money in pump-and-dump schemes.
The CFTC has tried to strike a balance between supporting the growth of virtual-currency derivatives and blockchain-based applications while warning investors about the risks of investing in the underlying currencies, citing extreme volatility and opaque, unregulated exchanges that are prone to cyberattacks.
The agency treats virtual currencies like commodities, but as with other commodities, it mostly lacks jurisdiction over the primary market: It regulates corn futures contracts but not the buying and selling of corn itself, for instance. But the CFTC can use its enforcement powers to target manipulation of underlying markets if it would have an effect on derivatives contracts.
Last month, the CFTC brought charges in three cases involving virtual currencies, alleging that defendants fraudulently solicited customers and violated other commodity laws and regulations.
Write to Gabriel T. Rubin at gabriel.rubin@wsj.com

DDoS Attacks Can Be A Smokescreen For Other Crimes - WSJ

By Kate Fazzini - WSJ 
A single cyberattack may be enough to keep an executive up at night. But what happens when that cyberattack is cover for a more destructive one?
U.K.-based mobile phone retailer Dixons Carphone PLC in January was fined £400,000, or about $563,000, by the U.K.’s Information Commissioner Office. The penalty stems from a 2015 incident in which the Carphone Warehouse division of the company was hit with a distributed denial of service, or DDoS, attack that coincided with the theft of personal information associated with 2.4 million customers.
A DDoS attack floods a company’s network with so much information that its website crashes. A company isn’t off the hook for breaches that happen at the same time, said Michael Sutton, chief information security officer for cloud security company Zscaler Inc. DDoS attacks don’t typically lead to a violation that would incur a fine. But a follow-on cyber assault in which hackers steal money or data could result in regulatory penalties for a victim company, Mr. Sutton said.
Using DDoS attacks as a diversionary tactic is of more concern now because the capabilities of attackers have grown, he said. Such attacks can be pulled off using many more internet-connected devices than ever before, including webcams.
New mass exploitation DDoS tools have emerged recently that have made it easier to create wider scale, high volume attacks against companies. That includes a tool known as “Autosploit,” which was released in January by hackers and can help attackers gather together large numbers of internet-connected devices for a DDoS attack.
Alan Lynn, commander of the U.S. Department of Defense’s information networks joint force headquarters, expressed concern at a conference last month about the growing power of DDoS attacks. He referred to the “terabyte of death,” or a future DDoS attack much larger than predecessors, according to a statement from the Defense Department.
DDoS attacks may be launched as a diversionary measure, or other criminals may take advantage of a company’s weakened defenses when they know it already is under siege, said Ashley Stephenson, chief executive of network security company Corero Inc.
In either event, executives should ensure their security teams can respond to multiple threats at once. They can do this by holding tabletop exercises that practice this type of activity, and then codifying those steps in a larger strategic plan, said Mr. Stephenson. “Even when there is a fire at the front door, they are checking the back door and the side door as well,” he said.
Not Always About Money
DDoS attacks are one of the oldest methods of cyberattack against corporations and government. The tactic gained notoriety more than a decade ago as a political or nuisance attack often against large companies, to embarrass them or spread an ideological message. At the time, Izz ad-Din al-Qassam Cyber Fighters and the Syrian Electronic Army, which supports Syrian president Bashar al Assad, executed DDOS attacks. They struck large U.S. banks and media companies to spread anti-capitalist, pro-Syrian and pro-Iranian political messages.
Criminals eventually found ways to make money by employing this style of attack. In 2012, the Financial Services Information Sharing and Analysis Center warned that DDoS attacks were being used to distract bank staff from fraudulent wire transactions. The Federal Financial Institutions Examinations Council warned in 2014 about the emergence of DDoS attacks as diversionary tactics for a range of other crimes.
Write to Kate Fazzini at kate.fazzini@wsj.com.

Thursday, February 15, 2018

Hack the Air Force 2.0 uncovers over 100 vulnerabilities

Participants managed to secure themselves over $103,000 in rewards.(source- ZdNet)

How AI Is Changing Contracts - Harvard Business Review (HBR)

How AI Is Changing Contracts  - Beverly Rich - FEBRUARY 12, 2018 - HBR

Contracting is a common activity, but it is one that few companies do efficiently or effectively. In fact, it has been estimated that inefficient contracting causes firms to lose between 5% to 40% of value on a given deal,  depending on circumstances. But recent technological developments like artificial intelligence (AI) are now helping companies overcome many of the challenges to contracting.

The main challenge firms face in contracting arises from the sheer number of contracts they must keep track of; these often lack uniformity and are difficult to organize, manage, and update. Most firms don’t have a database of all the information in their contracts – let alone an efficient way to extract all that data – so there’s no orderly and fast way to, for example, view complex outsourcing agreements or see how a certain clause is worded across different divisions. It requires a lot of manpower to draft, execute, and improve not only the contracts themselves but also the contracting processes and the transactions these contracts govern.

If, for example, a large tech company finds itself with a huge volume of procurement contracts that all have varying renewal dates and renegotiation terms, it would require hundreds of hours and a team of contract managers to review and track of all this information to ensure that no renewal or opportunity is missed.

AI software, however, can easily extract data and clarify the content of contracts. (It could quickly pull and organize the renewal dates and renegotiation terms from any number of contracts.) It can let companies review contracts more rapidly, organize and locate large amounts of contract data more easily, decrease the potential for contract disputes (and antagonistic contract negotiations), and increase the volume of contracts it is able to negotiate and execute.

In my research, I have seen that many companies use contract management software, and a smaller number of firms – mostly those with a high volume of routinized contracts – use more advanced software with AI capabilities. These firms have generally seen an increase in productivity and efficiency in their contracting.

The use of AI contracting software has the potential to improve how all firms contract – and it will do so in three ways: by changing the tools firms use to contract, influencing the content of contracts, and affecting the processes by which firms contract.

Improved Tools for Managing Contracts

While software for legal document review has existed for years, it typically only helps companies store and organize their contracts. Contracting software that uses AI raises the bar for what these tools can accomplish. AI contracting software can, for example, identify contract types (even in multiple languages) based on pattern recognition in how the document is drafted. Because AI contracting software trains its algorithm on a set of data (contracts) to recognize patterns and extract key variables (clauses, dates, parties, etc.), it allows a firm to manage its contracts more effectively because it knows – and can easily access — what is in each of them. AI software also offers a simple prediction, which has implications for due diligence: AI contracting software can quickly sort through a large volume of contracts and flag individual contracts based on firm-specified criteria.

Current AI software can also read contracts accurately in any format, provide analytics about the data extracted from the contracts, and extract contract data much faster than would be possible with a team of lawyers. This may sound like bad news for lawyers, but this is not necessarily the case: having additional contract data could allow firms to update their contracts more regularly, and lawyers could focus more on their role as counsel instead of contract reviewer.

Keeping Contracts Consistent

AI contracting software helps firms keep terms and usage consistent in all of their contracts. For example, if a company wants to define the term “confidential information” in a specific way in its non-disclosure agreements (NDAs), it must make sure that all of its divisions are on board with this definition, and that changes to the definition get incorporated quickly and accurately, because variation could prove damaging to the company. AI contracting software can easily keep this term consistent across the firm’s templates, and it can spot other terms that signal “confidential information” in NDAs from business partners.

Being able to identify and extract key data points helps firms organize and execute contracts as well. For example, a company with a large number of vendor contracts must ensure that they are keeping track of variations in termination provisions and penalty and damage provisions – both in their own contracts and in vendor contracts. Managing variations is a huge undertaking that requires proactive organization. But AI contracting software can record and standardize these provisions in the company’s contracts and in those that vendors send, making it far easier to identify instances of noncompliance and ensure that unfavorable provisions are dealt with promptly.


Additionally, AI contracting software can quickly assess risk in contracts (performing the risk analysis much faster than a team of lawyers) by identifying terms and clauses that are suboptimal. And it can reduce the risk of human error in contract drafting and review.

New Processes Require New Skills

As new AI contracting tools change the actual content of contracts, this, in turn, affects the contracting processes that firms use. Previously, successful contracting required skills in drafting and negotiating contracts, as well as in managing and reviewing them. Specialized high-value transactions were dependent on groups of attorneys devoting hours to comprehensive due diligence. Contracting professionals were expected to find clever ways to draft contracts to include clauses that favored their client. And even more routine transactions required employees to pay close attention to details.

But when most due diligence and contract organization – and even contract drafting — is done using AI contracting software, the resources required to produce a large volume of contracts, both simple and complex, will change. This doesn’t necessarily mean companies will need fewer lawyers, but rather their roles may transform. For example, lawyers will spend more time in assessing risk and providing counsel, rather than in document review. And instead of having a large team of associates conducts due diligence before a deal, companies will have a smaller, more agile team review the documents that the software flags and then offer advice. Indeed, Professor Gillian K. Hadfield, a law professor at the University of Southern California who specializes in contract law, believes that AI in contracting will lead to a better use of legal talent: “lawyers will shift their focus from routine activities to much more high-value work involved in shaping strategies and navigating complex legal problems.”

Similarly, the role of contract management professionals will shift. Whereas contract compliance was previously done by an entire team, AI tools enable a well-designed software platform – coupled with a few employees – to do the job. Rather than organizational skills being key to the role, contract managers will need more technical and process flow expertise to work with the software.

These improvements to tools, content, and processes will mean that contracting becomes faster, better, and easier once this technology is more widespread. But it is important to recognize that, while AI promises to do a lot, it won’t do everything.

Contracting technology is currently at a midpoint: One stream of development will be in industries with highly routinized, template-based contracts. Here, AI contracting technology will be used in a blockchain model, allowing contracts to evolve and essentially re-write themselves according to the parties’ needs. The other main use will be to help develop contracting standards, such as how to debate and structure certain clauses. When companies negotiating a contract can easily access every similar contract from the past twenty years, prioritized by industry, and see what wording is most commonly used, we should see less onerous negotiating over clauses, leading to an easier contracting process.

Understanding what AI contracting tools can and cannot do is key to their successful implementation and use. Right now, they may offer the highest value-add to companies with large volumes of contracts – cutting time spent in contract review and drafting – and companies that conduct more routinized transactions. But as this technology develops, it is all but certain that it will one day be useful to all firms.

Beverly Rich, J.D., is a doctoral candidate in Strategy at the University of Southern California Marshall School of Business. Her research focuses on how organizations use legal strategies, particularly contracts and technology, to gain competitive advantages.

8 Questions to Ask Someone Other Than “What Do You Do?” - Harvard Business Review


David Burkus , JANUARY 30, 2018  - Harvard Business Review (HBR)
 
We’ve all been in the awkward situation of meeting someone new and having to build rapport quickly — at networking events, industry conferences, charity events, dinner parties, and other social-professional situations. If you’re like many people — especially most Americans — you break the awkward silence with a pretty standard question:

“So, what do you do?”

But that question might not be the best way to build rapport with someone else. In fact, it may be best to avoid talking about work entirely.

Research findings from the world of network science and psychology suggests that we tend to prefer and seek out relationships where there is more than one context for connecting with the other person. Sociologists refer to these as multiplex ties, connections where there is an overlap of roles or affiliations from a different social context. If a colleague at work sits on the same nonprofit board as you, or sits next to you in spin class at the local gym, then you two share a multiplex tie. We may prefer relationships with multiplex ties because research suggests that relationships built on multiplex ties tend to be richer, more trusting, and longer lasting. We see this in our everyday lives: The work friend who is also a “friend friend” is far more likely to stick with you should one of you change jobs. And it goes the other way, too: People who have at least one real friend at work report liking their jobs more.

Which brings us back to the problem of using “So, what do you do?” as your opener.

Assuming you’re already at a work-related networking event or meeting another person in a work context, the question quickly sets a boundary around the conversation that the other person is now a “work” contact. It’s possible you might discover another commonality and build a multiplex tie, but it’s far less likely to happen in that conversation.

Instead, consider beginning your introductory questions with something deliberately non-work-related and trusting that the context of the meeting will eventually steer the conversation back to work-related topics. Toward that end, here’s a few questions you could start with that will leave you more likely to find multiple commonalties and turn your new contacts into a multiplex tie — and maybe even a friend:

What excites you right now? 

This is a question that has a wide range of possible answers. It gives others the ability to give with a work-related answer, or talk about their kids, or their new boat, or basically anything that excites them.

What are you looking forward to? 

This question works for the same reason, but is more forward-looking than backward-looking, allowing others to choose from a bigger set of possible answers.

What’s the best thing that happened to you this year? 

Similar to the previous two, but reversed: more backward-looking than forward-looking. Regardless, it’s an open-ended question that gives others a wealth of answers to choose from.

Where did you grow up?

 This question dives into others’ backgrounds (but in a much less assertive and loaded way than “Where are you from?”) and allows them to answer with simple details from childhood or to engage in their story of how they got to where they are right now and what they’re doing.


What do you do for fun? 

This question steers the conversation away from work, unless of course they are lucky enough to do for work what they’d be doing for fun anyway. Even then, it’s understood as a non-work question and the most likely answers will probably establish non-work ties.

Who is your favorite superhero? 

This might seem random, but it’s one of my favorites. Occasionally, asking this question has led me to bond over the shared love of a character, but more often you’ll find a shared connection or two in the reason for why the other person chose that particular character…or why they’re not really into superheroes.

Is there a charitable cause you support?

 Another big, open-ended question (assuming they support at least one charitable cause). It’s important to define support as broader than financial donations, as support might be in the form of volunteering or just working to raise awareness. You’re also really likely to either find shared ground or find out about a cause you didn’t know about.

What’s the most important thing I should know about you? 

This one is effective for similar reasons as many of the above, plus it gives the broadest possible range from which they can choose. It can come off as a little forthright, so when to use it depends on a lot of contextual clues.

Regardless of which question you choose, the important thing is to ask a question open-ended enough to allow others to select non-work answers if they choose. Doing so will increase the chances that you didn’t just turn a stranger into a new contact on your phone, but that you actually made a new friend.


David Burkus is the best-selling author of three books, including the forthcoming Friend of a Friend, and Associate Professor of Leadership and Innovation at Oral Roberts University.  

Wednesday, February 14, 2018

Android devices targeted in web-based cyberattack, forced to mine cryptocurrency

Android devices are being targeted for mining Monero through forced redirects and rogue ad networks, which could make it difficult for Google to stop the attacks.

  • A new cryptomining attack targets only Android phones, potentially because mining on phones does not give the audible cue of fans revving up as a processor is maxed out.
  • As the attack is propagated through the web, the potential for Google to detect and ban offending APKs using code audits seems remote.
A series of related web pages have been targeting Android devices for mining the Monero cryptocurrency since at least November 2017. While this attack occurs over the web—not in malware distributed in an APK—the attack and associated mining script can seemingly be invoked as part of advertising modules in free mobile apps.

 

The attack, discovered by MalwareBytes researcher Jérôme Segura, was found while researching the EITest malware family. While the associated domains display information relating to a standard technical support scam when viewed on Internet Explorer or Chrome, the Monero mining attack is presented through a series of redirects when "Android" is present in the browser user-agent, according to the MalwareBytes blog.
Compared to drive-by mining attacks targeting desktop or notebook computers, mining cryptocurrencies on mobile devices would theoretically be slower, as mobile SoCs are less capable of the number crunching required for mining. However, the telltale signs that mining has started is also less obvious, as the often jet-like sound of computer fans spinning at maximum speed as a desktop or laptop processor is driven to 100% obviously does not occur on smartphones.
The attack in question displays an ominous warning that "your device is showing suspicious surfing behavior," indicating to the user that the device will begin mining cryptocurrency "in order to recover server costs incurred by bot traffic" until the user solves a CAPTCHA to prove they are not a bot, the post said. Oddly, the CAPTCHA answer ("w3FaSO5R") is hardcoded in the webpage. After submitting the answer, the script redirects the user to the Google homepage.
The MalwareBytes researchers estimate that the attack only generates a few thousand dollars worth of Monero per month, though they also note that the wildly fluctuating nature of cryptocurrency valuation could mean that the ill-gotten gains, when cashed out, may be worth significantly more.
This attack is one in a series of similar attacks, as cryptocurrency mining is becoming an increasingly popular strategy for criminals to generate a profit. The Smominru botnet leverages the EternalBlue exploit used in the WannaCry attack to use Windows servers as Monero miners, gaining between $2.8 and $3.6 million dollars. Additionally, more than 4,000 government websites in the United States, United Kingdom, and Australia were victim to a mining attack via a compromised third-party JavaScript library. Surreptitiously using computing power for mining is not limited to external attacks, as engineers at a Russian nuclear facility were recently detainedfor using a government supercomputer for mining.
Presently, the Opera web browser has blocked mining scripts from running, but other browser vendors have yet to follow suit. Because this attack is propagated through the web, the potential for Google to ban offending APKs from the Play Store using code audits seems remote.

It's HTTPS or bust: How to secure your website

You no longer have a choice about locking down your website. Google will mark all non-HTTPS sites as insecure this July. It's time to lock your site down, and Let's Encrypt gives you a free and easy way to do it.

Companies have been delaying securing their websites for years. It's too much trouble, they think. It will cost too much, others say. Too bad. Google isn't putting up with these excuses anymore.
Come July 2018, with the release of Chrome 68, any site not protected with Secure-Socket Layer/Transport Layer Security (SSL/TLS) will be marked with the red-triangle of an insecure site. Unless you secure your site, you can kiss your web traffic goodbye.
This has been coming ever since 2010, when Firesheepshowed your login could be stolen over a Wi-Fi connection. We knew then the only way secure the web was for every website to support encryption.
To secure your website, you must install an X.509 Digital Certificate, generically called an SSL certificate, on your server. A trusted third party, called a Certificate Authority (CA), guarantees the Digital Certificate's authenticity with a Digital Signature, so your visitors can be sure they are where they thought they were going.
There are many CAs. Some of the best commercial ones are Network SolutionsEntrust, and Symantec. Prices for certificates from a major provider range from $50 to $500. You can also get a free certificate -- that's every bit of good for most purposes -- from the non-profit Internet Security Research Group (ISRG)'s Let's Encrypt. The big business difference between the commercial CAs and Let's Encrypt is that commercial businesses back up their security with a warranty of between $500,000 and $1 million. With Let's Encrypt, you're on your own.
You can also self-sign your own certificate. That's fine, if it's just you connecting to your site, but self-signed certificates are useless for visitors who can't be sure your site is really the one they intended to visit.

WEB SECURITY CERTIFICATE TYPES

Before deploying any certificate you must know there are three different SSL certificate types. These are, in order of business capability: Domain Validation (DV) SSL Certificates, Organization Validation (OV) SSL Certificates, and Extended Validation (EV) SSL Certificates.
These certificates vary with how much encryption they use. While you can find discount certificates with 256-bit encryption, for real-world purposes, you need at least a 2048-bit certificate.
Domain Validation
A DV is often, but not always, a self-signed certificate. It's also offered by some CAs, such as GeoTrust and RapidSSL. All a DV means is that the site has been registered by someone with admin rights to the site. If the certificate is valid and signed by a trusted CA, a web browser connecting to the site will inform you that it has successfully secured an HTTPS connection. You can use a DV to secure a simple website.
Organization Validation
An OV validates the domain ownership and includes ownership information like the site owner's name, city, state, and country. This is the minimum certification level for a commercial website. This middle-tier of certificates is seldom used.
Extended Validation
For a serious website, your best choice is an EV SSL certificate. These legally validate the domain's owners. Depending on the CA, it can take weeks to get one, so it's past time to start the processing of getting one. Sites with a SV SSL certification have a green address bar in most browsers.
The first two certifications come in two flavors. The first is the inexpensive single domain certificate. As the name suggests, it protects a single website. Its brother, the wildcard certificate, protects multiple sub-domains.
EV certificates are always a single-domain certificate. If you need to cover multiple sub-domains with EV certificates, you can often get a volume discount, but you can't get a wildcard that will cover all your sub-domains.

LET'S ENCRYPT

The easiest and cheapest way to get a certificate is to use Let's Encrypt with its DV certificates. Let's Encrypt is a free, automated, and open security certificate authority (CA) for everyone. It does not offer, nor will it ever offer, OV or EV certificates. Still, if you're not doing e-commerce from within your site, a Let's Encrypt DC may be all you need.
  • Free: Anyone who owns a domain name can use Let's Encrypt to get a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let's Encrypt to painlessly get a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let's Encrypt will advance TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Much like the internet protocols themselves, Let's Encrypt is a joint effort to benefit the community, beyond any one organization's control.
Technically, Let's Encrypt's management software uses Automated Certificate Management Environment (ACME) to:
    • Prove: Automatically prove to the Let's Encrypt Certificate Authority (CA) that you control the website.
    • Obtain a browser-trusted certificate and set it up on your web server.
    • Keep track of when your certificate will expire, and automatically renew it. Since the service's certifications automatically expire every 90 days, you must renew the certificate frequently. To make sure, you're never caught short, you should automatically renew it every 60 days.
    • Help you revoke the certificate if that ever becomes necessary.
    If you're running an e-commerce site, use an EV SSL certificate from a well-regarded CA. To find the right commercial certificate for you, check out SSL Shopper's recommendations. For the rest of us, a Let's Encrypt certificate should work just fine.
    To get started with Let's Encrypt, first update your server operating system and web server, and then download and install Let's Encrypt. If you're using a hosting site for your web server, use its in-house instructions or services.
    If you're running your own web server on Linux, the easiest way to do this is with Certbot. This site provides detailed instructions for the most popular Linux server distributions and for the following web server programs: Apache, NGINX, Haproxy, and Plesk. If you're running on Microsoft Azure, you can use the GetSSL - Azure Automation PowerShell script. Still running your web server on Windows Server? Then, check out ACMESharp, which uses .NET and PowerShell.
    Let's Encrypt will add wildcard certificates at the end of February 2018. However, you can still cover all your site's subdomains -- e.g. mail.example.com, www.example.com, preproduction.example.com -- by requesting a certificate using Subject Alternative Names (SAN).
    So, what are you waiting for? Get on with securing your site, whether with Let's Encrypt or an EV from an established CA. If you don't, you'll be in a world of hurt this summer when people stop coming to your site because it's insecure.

    5 eye-opening statistics about minorities in tech

    Diversity efforts could net the IT industry an extra $400 billion in revenue each year. Here's why.

    By Alison DeNisco Rayome | February 7, 2018, 4:00 AM PST

    The evidence is clear: A more diverse workforce leads to higher revenues and more creative teams. But despite funnelling millions of dollars into well-intentioned diversity initiatives, white men remain overrepresented in the industry compared to the private sector as a whole.
    The issue is difficult to address for a variety of reasons, including the fact that "the diversity problems of each race are different," Buck Gee, an executive advisor at the nonprofit Ascend, told TechRepublic. "In Silicon Valley for blacks and Hispanics, the basic problem is getting in the door. The problem with Asian Americans in Silicon Valley is upper mobility to management. You need different strategies for each race, and you can't just throw it in as a diversity program, because not all diversity programs are apt for all the races or genders."
    The lack of diverse hiring is usually not malicious, Gee said. "By and large, the executives I've dealt with in Silicon Valley and tech all want to do the right thing," he added. "I don't believe there's an attempt to not be diverse. They're so busy in their day-to-day priorities of hitting the numbers and running the business that unless there's somebody inside the company pushing this and making it priority, it doesn't get enough attention."
    Here are five statistics about minorities in tech that highlight why the problem is worth paying attention to.

    1. There are half as many African Americans and Hispanics in tech as in the rest of the private sector

    Compared to overall private industry, the high-tech sector in 2014 employed a larger share of whites (68.5% tech vs. 63.5% private sector), Asian Americans (14% tech vs. 5.8% private sector) and men (64% tech vs. 52% private sector). It also employed a smaller share of African Americans (7.4% tech vs. 14.4% private sector), Hispanics (8% tech vs. 13.9% private sector), and women (36% tech vs. 48% private sector), according to the US Equal Employment Opportunity Commission(EEOC).

    2. 83% of tech executives are white

     

    White people are represented at a higher rate in the tech sector's executives category than the rest of the private sector, at 83%—more than 15% higher than their representation in the professionals category, which includes jobs like computer programming, according to the EEOC. Other groups are represented at significantly lower rates in the executive category than in the professionals, including African Americans (2% to 5.3%), Hispanics (3.1% to 5.3%), and Asian Americans (10.6% to 19.5%).

    3. More than 50% of employees at Apple and Google are still white

    Apple's most recent diversity report, out in November 2017, highlighted an interesting fact: Underrepresented minorities employed at the company grew from just 19% in 2014 to 23% in 2017. While the tech giant claims that 50% of its new hires in the US this year were from historically underrepresented groups in tech, the meager results mirror the industry at large.
    The numbers for all employees break down as follows: 21% of Apple employees are Asian, 9% are black, 13% are Hispanic, and 3% are multiracial. Some 54% are white. Women only make up 23% of workers in tech roles, and 32% of employees overall, according to Apple.
    Google found similar results in their diversity report: In 2016, black candidates made up 3% of all new hires, while Latinx candidates made up 4%. Google's overall workforce is 56% white, 35% Asian, 4% two or more races, 4% Hispanic or Latinx, 2% black, and less than 1% American Indian or Alaskan Native, and Native Hawaiian or Pacific Islander.
    4. Unfair treatment and turnover costs companies $16 billion per year
    Unfair treatment in the workplace is the single largest driver of turnover in the tech industry, costing companies more than $16 billion per year in employee replacement costs, according to a 2017 study from the Kapor Center for Social Impact and Harris Poll examining why people leave tech jobs.
    Unfairness or mistreatment within a work environment was cited as the No. 1 reason for leaving a tech job by 37% of respondents. It was named more frequently than actively seeking a better opportunity (35%), dissatisfaction with the work environment (25%), being recruited away (22%), or dissatisfaction with their job duties/responsibilities (19%), the study found.

    5. Diversity efforts could net the IT industry an extra $400 billion in revenue each year

    If properly implemented, diversity efforts could net the IT industry an extra $400 billion in revenue each year, according to CompTIA CEO Todd Thibodeaux.
    "Financially a one percentage point move toward representative diversity leads to a three-point increase in revenue," Thibodeaux said during a keynote address at CompTIA's 2017 ChannelCon. "Companies in the top quartile for ethnic and gender diversity are more likely to surpass industry norms for revenue and operating margin. Companies in the bottom quartile for diversity aren't just lagging behind, they are rapidly losing ground."

    Top FBI, CIA, and NSA officials all agree: Stay away from Huawei phones


    When the CIA, FBI, and NSA reach the same conclusion, you should probably listen.


    By Michael Simon


    STAFF WRITER, PCWORLD | FEB 14, 2018 6:49 AM PT


    IN THE AGE OF FAKE NEWS, COLLUSION, COERCION, AND BOTS, THE HEADS OF ALL THREE U.S. INTELLIGENCE AGENCIES ALL AGREE ON ONE THING: DON’T BUY HUAWEI PHONES.


    CBS News is reporting that FBI Director Christopher Wray, CIA Director Mike Pompeo, and Director of National Intelligence Dan Coats each gave testimony on Capitol Hill this week to address the cybersecurity threats facing the nation and all admitted that they would never willingly use a Huawei handset.


    The impact on you at home: The intelligence community has been warning about the risk of Huawei for years, but the timing of the message here is clear: buy the Mate 10 Pro at your own risk. Ever since a 2012 investigative report—in which Huawei was wholly uncooperative—lawmakers have been warning about the potential dangers of using Huawei phones, but with the company on the verge of a U.S. breakout, the rhetoric has been ramped up considerably. Even without any hard evidence, the intelligence community seemingly has ample reason to suspect Huawei of cyber espionage, and it is stopping at nothing to ensure the Mate 10 Pro isn't a big seller in the U.S.

    huawei mate 10 pro back

     

    The Mate 10 Pro is a great phone with a great camera, but officials fear it may be used to spy 


    Sorry, Mate


    While Huawei wasn’t specifically targeted in the officials’ prepared statements on the threat assessment, Senate Intelligence Committee chairman Sen. Richard Burr steered the conversation to China when he stated, “The focus of my concern today is China, and specifically Chinese telecoms companies  


    ZTE might be a small player in the smartphone industry, but Huawei is the No. 2 or No. 3 phone maker in the world and has been desperately trying to break into the U.S. market for years. Heading into CES it seems as though it had finally gained a foothold with a U.S. carrier, but AT&T pulled out at the last minute after pressure from a bipartisan group of lawmakers.


    When asked whether they would recommend U.S. citizens buy phones from these manufacturers, none said they would, with committee member Sen. Mark Warner adding, “We need to make sure that this is not a new way for China to gain access to sensitive technology.”


    In his opening remarks, Coats said the U.S. is facing "a complex, volatile, and challenging threat” from foreign entities “using cyber to penetrate virtually every major action that takes place in the U.S.” While the agencies have yet to produce specific evidence that Huawei is working with the Chinese government to siphon data from its customers, Huawei has long been suspected of using its technology to spy on users.

    Earlier this week, Huawei was caught bribing users to leave glowing reviews for the new handset on  BestBuy.com. Those comments have since been removed. With the $799 Mate 10 Pro due to begin shipping on Feb. 18, Huawei had this to say in response, “Huawei is aware of a range of U.S. government activities seemingly aimed at inhibiting Huawei’s business in the U.S. market. Huawei is trusted by governments and customers in 170 countries worldwide and poses no greater cybersecurity risk than any ICT vendor, sharing as we do common global supply chains and production capabilities.”


    In our review of the   Mate 10 Pro, we found it to be an impressive premium handset, with a powerful chip and excellent AI integration, while the Leica-branded camera bested the Pixel 2, iPhone X, and Sony Xperia XZ1 in our  Last Cam Standing video series.


    This story, "Top FBI, CIA, and NSA officials all agree: Stay away from Huawei phones" was originally published by  PCWorld.