Yonas Tibebu

A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS). In order to understand how DNS attacks work, it is important to first understand how the domain name system works. DNS is a protocol that translates a user-friendly domain name, like WhatIs.com, into the computer-friendly IP address 206.19.49.154. When an end user types the people-friendly domain name WhatIs.com into a client’s browser, a program in the client’s operating system called a DNS resolver looks up WhatIs.com’s numerical IP address. First, the DNS resolver checks its own local cache to see if it already has the IP address for WhatIs.com. If it doesn’t have the address, the resolver then queries a DNS server to see if it knows the correct IP address for WhatIs.com. DNS servers are recursive, which simply means that they can query each other to either find another DNS server that knows the correct IP address or find the authoritative DNS server that s...

Tower of Hanoi is a complex tape backup strategy that's useful for archiving data for an extended period of time in an economical manner. The strategy, which is based on a mathematical puzzle invented by the French mathematician Edouard Lucas, uses a cycle of exponential retention periods instead of a large number of tapes. Lucas, who is well-known for his study of the Fibonacci sequence and his work with prime numbers, loved recreational mathematics. His Tower of Hanoi puzzle, which is still marketed as a toy for children, has a platform with three poles. There is a stack of disks or rings on the first pole. The stack looks like a pyramid; each disk going down the pole is a little larger than the one above it. To solve Lucas' puzzle, the player must move all the discs from the first pole to the third pole in the fewest possible moves. There are two rules: only one disk can be moved at a time and a larger disc cannot be placed on top of a smaller one. There are sever...

Statistical noise is unexplained variability within a data sample. The word "noise" has its roots in telecom signal processing; in that context, noise describes unexplained electrical or electromagnetic energy that can degrade the quality of signals and corresponding data. In both telecom and data science, the presence of noise can significantly affect sampling. Sampling is an analysis technique in which a representative subset of data points is selected, manipulated and analysed to identify signals , which are patterns in a larger data set. Signals are important because they are the patterns the analyst needs to examine in order to draw conclusions. Noise can interfere with signals, however, and cause the analyst's attention to be misdirected. A popular solution is to use algorithms that can help separate noise from signals, but even this can be problematic. In machine learning (ML), for example, statistical noise can create problems when algorithms ...

A soft skill is a personal attribute that supports situational awareness and enhances an individual's ability to get a job done. The term soft skills are often used as a synonym for people skills or emotional intelligence. Unlike hard skills, which describe a person's technical ability to perform a specifically-defined task, soft skills are broadly applicable across job titles and industries. It's often said that while hard skills might get someone an interview, soft skills will help that person get (and keep) the job. Business executives and leaders are making soft skills more of a priority when hiring, as they are often essential for workers to succeed in modern organizations. In 2018, LinkedIn listed leadership, communication, collaboration and time management as the top four most in-demand soft skills. Technology company iCIMS Inc., which develops recruiting and other employee management-related software, analysed its proprietary data and found that problem-sol...

Pen Testing as a Service (PTaaS) is a cloud service that provides information technology (IT) professionals with the resources they need to conduct and act upon point-in-time and continuous penetration tests. The goal of PTaaS is to help organizations build successful vulnerability management programs that can find, prioritize and remediate security threats quickly and efficiently. In IT security, it is common practice for businesses to hire reputable, white hat testers to come in and proactively look for attack vectors that could be exploited. Inviting an outside entity to try and breach a network, server or application may sound counter-intuitive, but it’s also one of the best ways to identify and remediate difficult-to-spot security issues.  How PTaaS works In the old days, before cloud computing, pen test results were delivered after the conclusion of the testing period. While the information was helpful, the historical nature of the data often made it dif...

A data citizen is an employee who is given access to an organization's proprietary information. Use of the word "citizen" is meant to emphasize the idea that an employee's right to access corporate data also comes with responsibilities. While citizens in the United States have the right to assemble, for example, they also have a responsibility to obey federal, state and local laws. Similarly, an employee who has been granted the right to access corporate data also has a responsibility to support the company's data governance policies. As corporate data citizens increasingly expect more transparent, accessible and trustworthy data from their employers, it has become more important than ever for the rights and responsibilities of both parties to be defined and enforced through policy. In some large organizations, data governance policies define and enforce the data citizen's right to easily access trustworthy data while data stewardship policies ...

Behaviour-based security is a proactive approach to security in which all relevant activity is monitored so that deviations from normal behaviour patterns can be identified and dealt with quickly. As machine learning continues to improve, this approach to security management is expected to play an important role in securing computing at the edge of the network. Traditional security software is signature-oriented: the software monitors data streams and compares data in transit to signatures in an anti-virus vendor's library of known threats. Behaviour-based security programs work a little differently -- they monitor data streams too, but then they compare data stream activity to a baseline of normal behaviour and look for anomalies. Behaviour-based security products use applied mathematics and machine learning to flag events that are statistically significant. While there may still be instances where an organization needs to choose between signature-based and anomaly-based...

Serverless computing is an event-driven application design and deployment paradigm in which computing resources are provided as scalable cloud services. In traditional application deployments, the server's computing resources represent fixed and recurring costs, regardless of the amount of computing work that is actually being performed by the server. In a serverless computing deployment, the cloud customer only pays for service usage; there is never any cost associated with idle, down-time. Serverless computing does not eliminate servers, but instead seeks to emphasize the idea that computing resource considerations can be moved into the background during the design process. The term is often associated with the NoOps movement and the concept may also be referred to as "function as a service (Faas)" or "runtime as a service (RaaS)." One example of public cloud serverless computing is the AWS Lambda service. Developers can drop in code, create back...