Friday, July 31, 2020
Twitter: Employees Compromised in Phone Spear-Phishing Attack
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
Twitter: Employees Compromised in Phone Spear-Phishing Attack
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
source https://www.darkreading.com/attacks-breaches/twitter-employees-compromised-in-phone-spear-phishing-attack/d/d-id/1338512?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/attacks-breaches/twitter-employees-compromised-in-phone-spear-phishing-attack/d/d-id/1338512?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Show HN: FrontAid – CMS for JSON Files in Git https://ift.tt/2EDr9XD
Show HN: FrontAid – CMS for JSON Files in Git https://frontaid.io/ July 31, 2020 at 03:33PM
3 Ways Social Distancing Can Strengthen your Network
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
source https://www.darkreading.com/perimeter/3-ways-social-distancing-can-strengthen-your-network/a/d-id/1338460?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/perimeter/3-ways-social-distancing-can-strengthen-your-network/a/d-id/1338460?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
3 Ways Social Distancing Can Strengthen your Network
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
source https://www.darkreading.com/vulnerabilities---threats/hidden-property-abusing-allows-attacks-on-nodejs-applications/d/d-id/1338509?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/vulnerabilities---threats/hidden-property-abusing-allows-attacks-on-nodejs-applications/d/d-id/1338509?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Show HN: Lifebelt – Secure and reliable applications on Kubernetes https://ift.tt/30ibG7P
Show HN: Lifebelt – Secure and reliable applications on Kubernetes https://ift.tt/2D8sMvT July 31, 2020 at 02:12PM
Show HN: Augmented Hacker News Reader https://ift.tt/3hQHMgL
Show HN: Augmented Hacker News Reader https://ift.tt/2PdAQ0O July 31, 2020 at 09:55AM
Show HN: A Free Gatsby.js/Tailwind Theme for Business Websites https://ift.tt/2DqCE3R
Show HN: A Free Gatsby.js/Tailwind Theme for Business Websites https://ift.tt/2XfQIVb July 31, 2020 at 07:21AM
Show HN: A bookmarking tool designed to help synthesize your web research https://ift.tt/3jZdV7y
Show HN: A bookmarking tool designed to help synthesize your web research https://klobie.com July 31, 2020 at 04:02AM
Show HN: Deck for Reddit – A Reddit client optimized for desktop https://ift.tt/2XeuAdD
Show HN: Deck for Reddit – A Reddit client optimized for desktop https://rdddeck.com July 31, 2020 at 03:20AM
Thursday, July 30, 2020
Show HN: Time-series weather data API for data analysts https://ift.tt/2EAzE5J
Show HN: Time-series weather data API for data analysts https://oikolab.com July 30, 2020 at 05:14PM
Tales of the Work From Home World
Whether COVID-19 causes your organization to return to work-from-home or not, here are some remote work tips for managers and employees.
Using the Attack Cycle to Up Your Security Game
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
source https://www.darkreading.com/attacks-breaches/using-the-attack-cycle-to-up-your-security-game/a/d-id/1338434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/attacks-breaches/using-the-attack-cycle-to-up-your-security-game/a/d-id/1338434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Using the Attack Cycle to Up Your Security Game
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
Vermont Taxpayers Warned of Data Leak Over the Past Three Years
A vulnerability in the state’s system may have exposed personal data that can be used for credential theft for those who filed Property Transfer Tax returns online.
from Threatpost https://ift.tt/39HO1kk
via gqrds
from Threatpost https://ift.tt/39HO1kk
via gqrds
Show HN: GOMP, a tool for comparing Git branches https://ift.tt/30aomxp
Show HN: GOMP, a tool for comparing Git branches https://ift.tt/30aonBt July 30, 2020 at 04:40PM
Show HN: Arkade (0.5.1) – one-stop CLI for Kubernetes https://ift.tt/2Xdp5fc
Show HN: Arkade (0.5.1) – one-stop CLI for Kubernetes https://ift.tt/3jT1331 July 30, 2020 at 04:21PM
Show HN: A Slack Clone Using Postgres Row Level Security https://ift.tt/3jQnNAN
Show HN: A Slack Clone Using Postgres Row Level Security https://ift.tt/3g9jbTU July 30, 2020 at 03:54PM
Show HN: I'm building a catalog of cloud architecture https://ift.tt/2P84BQT
Show HN: I'm building a catalog of cloud architecture https://getrevolv.com July 30, 2020 at 03:45PM
Show HN: Search for ingredients to pair with other ingredients https://ift.tt/30Z0lsg
Show HN: Search for ingredients to pair with other ingredients https://ift.tt/2XIFJEx July 30, 2020 at 03:26PM
Show HN: Moufette – an open-source tool to capture users feedback https://ift.tt/3gdajfX
Show HN: Moufette – an open-source tool to capture users feedback https://ift.tt/3385zod July 30, 2020 at 02:47PM
Show HN: Project “Dragonfly Mini” https://ift.tt/2D4xwmd
Show HN: Project “Dragonfly Mini” https://ift.tt/30bYPDZ July 30, 2020 at 11:59AM
Show HN: HN Mail – Topic-based HN newsletter service https://ift.tt/30ZqMyb
Show HN: HN Mail – Topic-based HN newsletter service https://hnmail.io/ July 30, 2020 at 07:36AM
Show HN: A useful canvas drawing tool – PenTool https://ift.tt/2ExmjLw
Show HN: A useful canvas drawing tool – PenTool https://ift.tt/2DinmhS July 30, 2020 at 04:11AM
Wednesday, July 29, 2020
Launch HN: Humanloop (YC S20) – A platform to annotate, train and deploy NLP https://ift.tt/3hPLoiS
Launch HN: Humanloop (YC S20) – A platform to annotate, train and deploy NLP Hey HN. We’re Peter, Raza and Jordan of Humanloop ( https://humanloop.com ) and we’re building a low code platform to annotate data, rapidly train and then deploy Natural Language Processing (NLP) models. We use active learning research to make this possible with 5-10x less labelled data. We’ve worked on large machine learning products in industry (Alexa, text-to-speech systems at Google and in insurance modelling) and seen first-hand the huge efforts required to get these systems trained, deployed and working well in production. Despite huge progress in pretrained models (BERT, GPT-3), one of the biggest bottlenecks remains getting enough _good quality_ labelled data. Unlike annotations for driverless cars, the data that’s being annotated for NLP often requires domain expertise that’s hard to outsource. We’ve spoken to teams using NLP for medical chat bots, legal contract analysis, cyber security monitoring and customer service, and it’s not uncommon to find teams of lawyers or doctors doing text labelling tasks. This is an expensive barrier to building and deploying NLP. We aim to solve this problem by providing a text annotation platform that trains a model as your team annotates. Coupling data annotation and model training has a number of benefits: 1) we can use the model to select the most valuable data to annotate next – this “active learning” loop can often reduce data requirements by 10x 2) a tight iteration cycle between annotation and training lets you pick up on errors much sooner and correct annotation guidelines 3) as soon as you’ve finished the annotation cycle you have a trained model ready to be deployed. Active learning is far from a new idea, but getting it to work well in practice is surprisingly challenging, especially for deep learning. Simple approaches use the ML models’ predictive uncertainty (the entropy of the softmax) to select what data to label... but in practice this often selects genuinely ambiguous or “noisy” data that both annotators and models have a hard time handling. From a usability perspective, the process needs to be cognizant of the annotation effort, and the models need to quickly update with new labelled data, otherwise it’s too frustrating to have a human-in-the-loop training session. Our approach uses Bayesian deep learning to tackle these issues. Raza and Peter have worked on this in their PhDs at University College London alongside fellow cofounders David and Emine [1, 2, 3]. With Bayesian deep learning, we’re incorporating uncertainty in the parameters of the models themselves, rather than just finding the best model. This can be used to find the data where the model is uncertain, not just where the data is noisy. And we use a rapid approximate Bayesian update to give quick feedback from small amounts of data [4]. An upside of this is that the models have well-calibrated uncertainty estimates -- to know when they don’t know -- and we’re exploring how this could be used in production settings for a human-in-the-loop fallback. Since starting we’ve been working with data science teams at two large law firms to help build out an internal platform for cyber threat monitoring and data extraction. We’re now opening up the platform to train text classifiers and span-tagging models quickly and deploy them to the cloud. A common use case is for classifying support tickets or chatbot intents. We came together to work on this because we kept seeing data as the bottleneck for the deployment of ML and were inspired by ideas like Andrej Karpathy’s software 2.0 [5]. We anticipate a future in which the barriers to ML deployment become sufficiently lowered that domain experts are able to automate tasks for themselves through machine teaching and we view data annotation tools as a first step along this path. Thanks for reading. We love HN and we’re looking forward to any feedback, ideas or questions you may have. [1] https://ift.tt/30Wq0lr – this establishes some of the basic techniques used in the past to estimate uncertainty in deep learning models. [2] https://ift.tt/3hK2xus – One of the first scalable approaches that estimates uncertainty in deep learning models. [3] https://ift.tt/39FoLLa work to combine uncertainty together with representativeness when selecting examples for active learning. [4] https://ift.tt/39B0GFo – a simple Bayesian approach to learn from few data [5] https://ift.tt/2hsOCzx July 29, 2020 at 05:57PM
The Future's Biggest Cybercrime Threat May Already Be Here
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
source https://www.darkreading.com/vulnerabilities---threats/the-futures-biggest-cybercrime-threat-may-already-be-here/a/d-id/1338439?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/vulnerabilities---threats/the-futures-biggest-cybercrime-threat-may-already-be-here/a/d-id/1338439?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
The Future's Biggest Cybercrime Threat May Already Be Here
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Show HN: AutoIterative – an opinionated way to hire software engineers https://ift.tt/334P7VO
Show HN: AutoIterative – an opinionated way to hire software engineers https://ift.tt/3gb40cZ July 29, 2020 at 03:43PM
Show HN: Fyipe – Status Page, PagerDuty, Pingdom All in One https://ift.tt/338Psqu
Show HN: Fyipe – Status Page, PagerDuty, Pingdom All in One https://fyipe.com/ July 29, 2020 at 12:10PM
Show HN: WebGL simulation of rainy autumn day/evening https://ift.tt/3078bkl
Show HN: WebGL simulation of rainy autumn day/evening https://ift.tt/3f3VHhK July 29, 2020 at 03:22PM
4 Tips for Building an Effective Microservices Architecture
A microservices architecture makes it easier to automate orchestration, ensure reliability, and quickly deploy features and updates.
Show HN: Daily Summary of Hacker News Posts and Comments https://ift.tt/39Ew9q8
Show HN: Daily Summary of Hacker News Posts and Comments https://ift.tt/3hDXmMG July 29, 2020 at 11:34AM
Show HN: Humans vs AI – A/B testing GPT-3 https://ift.tt/2El1NNV
Show HN: Humans vs AI – A/B testing GPT-3 https://ift.tt/2DkdiVh July 29, 2020 at 09:50AM
Show HN: I rebuilt a web-based IDE https://ift.tt/30ZZtnr
Show HN: I rebuilt a web-based IDE https://www.atheos.io/ July 29, 2020 at 02:30AM
Show HN: Cute tricks for SIMD vectorized binary encoding of nucleotides in Rust https://ift.tt/2X05PBZ
Show HN: Cute tricks for SIMD vectorized binary encoding of nucleotides in Rust https://ift.tt/2DbsLqX July 29, 2020 at 02:49AM
Tuesday, July 28, 2020
Show HN: Go-fileserver – Share files from PC to mobile over WiFi via QRCode https://ift.tt/30X8dKO
Show HN: Go-fileserver – Share files from PC to mobile over WiFi via QRCode https://ift.tt/3hzIjU5 July 28, 2020 at 04:37PM
Show HN: I built a free alternative stock data platform https://ift.tt/30ToNvc
Show HN: I built a free alternative stock data platform https://ift.tt/2Yt1YPl July 28, 2020 at 04:48PM
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
source https://www.darkreading.com/cloud/as-businesses-move-to-the-cloud-cybercriminals-follow-close-behind/a/d-id/1338450?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/cloud/as-businesses-move-to-the-cloud-cybercriminals-follow-close-behind/a/d-id/1338450?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Launch HN: QuestDB (YC S20) – Fast open source time series database https://ift.tt/2EjYre2
Launch HN: QuestDB (YC S20) – Fast open source time series database Hey everyone, I’m Vlad and I co-founded QuestDB ( https://questdb.io ) with Nic and Tanc. QuestDB is an open source database for time series, events, and analytical workloads with a primary focus on performance ( https://ift.tt/2DmHzQo ). It started in 2012 when an energy trading company hired me to rebuild their real-time vessel tracking system. Management wanted me to use a well-known XML database that they had just bought a license for. This option would have required to take down production for about a week just to ingest the data. And a week downtime was not an option. With no more money to spend on software, I turned to alternatives such as OpenTSDB but they were not a fit for our data model. There was no solution in sight to deliver the project. Then, I stumbled upon Peter Lawrey’s Java Chronicle library [1]. It loaded the same data in 2 minutes instead of a week using memory-mapped files. Besides the performance aspect, I found it fascinating that such a simple method was solving multiple issues simultaneously: fast write, read can happen even before data is committed to disk, code interacts with memory rather than IO functions, no buffers to copy. Incidentally, this was my first exposure to zero-GC Java. But there were several issues. First, at the time It didn’t look like the library was going to be maintained. Second, it used Java NIO instead of using the OS API directly. This adds overhead since it creates individual objects with sole purpose to hold a memory address for each memory page. Third, although the NIO allocation API was well documented, the release API was not. It was really easy to run out of memory and hard to manage memory page release. I decided to ditch the XML DB and then started to write a custom storage engine in Java, similar to what Java Chronicle did. This engine used memory mapped files, off-heap memory and a custom query system for geospatial time series. Implementing this was a refreshing experience. I learned more in a few weeks than in years on the job. Throughout my career, I mostly worked at large companies where developers are “managed” via itemized tasks sent as tickets. There was no room for creativity or initiative. In fact, it was in one’s best interest to follow the ticket's exact instructions, even if it was complete nonsense. I had just been promoted to a managerial role and regretted it after a week. After so much time hoping for a promotion, I immediately wanted to go back to the technical side. I became obsessed with learning new stuff again, particularly in the high performance space. With some money aside, I left my job and started to work on QuestDB solo. I used Java and a small C layer to interact directly with the OS API without passing through a selector API. Although existing OS API wrappers would have been easier to get started with, the overhead increases complexity and hurts performance. I also wanted the system to be completely GC-free. To do this, I had to build off-heap memory management myself and I could not use off-the-shelf libraries. I had to rewrite many of the standard ones over the years to avoid producing any garbage. As I had my first kid, I had to take contracting gigs to make ends meet over the following 6 years. All the stuff I had been learning boosted my confidence and I started performing well at interviews. This allowed me to get better paying contracts, I could take fewer jobs and free up more time to work on QuestDB while looking after my family. I would do research during the day and implement this into QuestDB at night. I was constantly looking for the next thing, which would take performance closer to the limits of the hardware. A year in, I realised that my initial design was actually flawed and that it had to be thrown away. It had no concept of separation between readers and writers and would thus allow dirty reads. Storage was not guaranteed to be contiguous, and pages could be of various non-64-bit-divisible sizes. It was also very much cache-unfriendly, forcing the use of slow row-based reads instead of fast columnar and vectorized ones.Commits were slow, and as individual column files could be committed independently, they left the data open to corruption. Although this was a setback, I got back to work. I wrote the new engine to allow atomic and durable multi-column commits, provide repeatable read isolation, and for commits to be instantaneous. To do this, I separated transaction files from the data files. This made it possible to commit multiple columns simultaneously as a simple update of the last committed row id. I also made storage dense by removing overlapping memory pages and writing data byte by byte over page edges. This new approach improved query performance. It made it easy to split data across worker threads and to optimise the CPU pipeline with prefetch. It unlocked column-based execution and additional virtual parallelism with SIMD instruction sets [2] thanks to Agner Fog’s Vector Class Library [3]. It made it possible to implement more recent innovations like our own version of Google SwissTable [4]. I published more details when we released a demo server a few weeks ago on ShowHN [5]. This demo is still available to try online with a pre-loaded dataset of 1.6 billion rows [6]. Although it was hard and discouraging at first, this rewrite turned out to be the second best thing that happened to QuestDB. The best thing was that people started to contribute to the project. I am really humbled that Tanc and Nic left our previous employer to build QuestDB. A few months later, former colleagues of mine left their stable low-latency jobs at banks to join us. I take this as a huge responsibility and I don’t want to let these guys down. The amount of work ahead gives me headaches and goosebumps at the same time. QuestDB is deployed in production, including into a large fintech company. We’ve been focusing on building a community to get our first users and gather as much feedback as possible. Thank you for reading this story - I hope it was interesting. I would love to read your feedback on QuestDB and to answer questions. [1] https://ift.tt/11g71v6 [2] https://ift.tt/39KJE6k [3] https://ift.tt/2CUWTH9 [4] https://ift.tt/30TsPDL... [5] https://ift.tt/37TmfQV [6] https://ift.tt/2CY2Pix July 28, 2020 at 04:57PM
Podcast: Security Lessons Learned In Times of Uncertainty
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2020.
from Threatpost https://ift.tt/2OYV66q
via gqrds
from Threatpost https://ift.tt/2OYV66q
via gqrds
Show HN: An *Actually* Tiny Basic for Arduino https://ift.tt/2X2YRMA
Show HN: An *Actually* Tiny Basic for Arduino https://ift.tt/2P0zQgA July 27, 2020 at 12:06PM
Show HN: New Dark Theme for Highlight.js https://ift.tt/2EovUUJ
Show HN: New Dark Theme for Highlight.js https://ift.tt/2WY7Yy3 July 28, 2020 at 01:56PM
4 Things COVID-19 Has Taught About the Internet and Networking Infrastructure
Insights about network performance under the stress of COVID will guide how infrastructure is built and managed well after the emergency has subsided.
Show HN: A read-it-later app to solve Pocket/Instapaper's endless list problem https://ift.tt/2CN63Wi
Show HN: A read-it-later app to solve Pocket/Instapaper's endless list problem https://dayreads.com July 28, 2020 at 05:18AM
Show HN: Would You Survive the Titanic? https://ift.tt/2CMFdh0
Show HN: Would You Survive the Titanic? https://ift.tt/2X2cxqY July 28, 2020 at 03:54AM
Show HN: GraphQL API for WordPress https://ift.tt/3hHMRI4
Show HN: GraphQL API for WordPress https://ift.tt/30Jb8Xn July 28, 2020 at 01:50AM
Monday, July 27, 2020
Show HN: Plugin to transform WordPress into a GraphQL server https://ift.tt/3fcoz7H
Show HN: Plugin to transform WordPress into a GraphQL server https://ift.tt/30Jb8Xn July 27, 2020 at 04:40PM
Show HN: UnnaturalScrollWheels – Better scroll wheel settings for macOS https://ift.tt/39x1pHD
Show HN: UnnaturalScrollWheels – Better scroll wheel settings for macOS https://ift.tt/3g5fIG0 July 27, 2020 at 05:18PM
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
source https://www.darkreading.com/endpoint/pandemic-credential-stuffing-cybersecuritys-ultimate-inside-job/a/d-id/1338400?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
source https://www.darkreading.com/endpoint/pandemic-credential-stuffing-cybersecuritys-ultimate-inside-job/a/d-id/1338400?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Show HN: Simplemvc.js – A highly opinionated web back end framework https://ift.tt/32ZqZnq
Show HN: Simplemvc.js – A highly opinionated web back end framework https://ift.tt/2BEePW0 July 27, 2020 at 03:34PM
Subscribe to:
Posts (Atom)