Yonas Tibebu

  Configuration management (CM) is a governance and systems engineering process for ensuring consistency among physical and logical assets in an operational environment. The configuration management process seeks to identify and track individual configuration items (CIs), documenting functional capabilities, and interdependencies.  Administrators, technicians, and software developers can use configuration management tools to verify the effect a change to one configuration item has on other systems. Configuration management is one of the operational processes identified in the IT Infrastructure Library (ITIL) service management framework, although an enterprise need not adopt the ITIL framework to perform configuration management. Configuration management is referred to as Service Asset and Configuration Management in ITIL V3. For a configuration management system to operate, it needs some form of mechanism in which to store the informatio...

  Ransomware as a service (RaaS) is the offering of pay-for-use malware created for extortion over stolen or encrypted data, known as ransomware. The author of the ransomware makes the software available to customers called affiliates who can use the software to hold people’s data hostage with relatively little technical skill. The use of RaaS allows affiliates to enter an area of extortion practices that was previously exclusive to the authors themselves. For the malware author, the business model allows them to scale their earnings from their software with less personal risk than incurred if they use it themselves. Offering their software to others removes them from the final crime by having another perform the act of ransom. An uptick in the number of ransomware infections has been attributed by many security experts to the advent of RaaS. McAfee security researchers claim that the RaaS model has an ability to create vast affiliate networks, enabli...

A graphics processing unit (GPU) is a computer chip that performs rapid mathematical calculations, primarily for the purpose of rendering images. In the early days of computing, the central processing unit (CPU) performed these calculations. As more graphics-intensive applications such as AutoCAD were developed, however, their demands put strain on the CPU and degraded performance. GPUs came about as a way to offload those tasks from CPUs and free up processing power. Today, graphics chips are being adapted to share the work of CPUs and train deep neural networks for AI applications. A GPU may be found integrated with a CPU on the same circuit, on a graphics card or in the motherboard of a personal computer or server. NVIDIA, AMD, Intel and ARM are some of the major players in the GPU market.   GPU vs. CPU A GPU is able to render images more quickly than a CPU because of its parallel processing architecture, which allows it to perform multiple calculations...

Data mining is the process of sorting through large  data sets to identify patterns and establish relationships to solve problems through data analysis. Data mining tools allow enterprises to predict future trends. In data mining,  association rules are created by analyzing data for frequent if/then patterns, then using the support and confidence criteria to locate the most important relationships within the data. Support is how frequently the items appear in the database, while confidence is the number of times if/then statements are accurate. Other data mining  parameters include Sequence or Path Analysis, Classification, Clustering and Forecasting. Sequence or Path Analysis parameters look for patterns where one event leads to another later event. A Sequence is an ordered list of sets of items, and it is a common type of data structure found in many databases. A Classification parameter looks for new patterns, and might result in ...

Security debt is a type of technical debt that occurs when an organization fails to prioritize information security dependencies at the beginning of a project. Security debt is developer lingo for "work we owe." Like monetary debt, security debt must eventually be paid. Just as failure to pay down a financial debt on time will result in additional charges, failure to pay down security debt can result in additional risk -- both financial and reputational. Security debt can be surfaced in several ways, including through: User bug reports Publicly disclosed flaws Fuzz testing Pen testing Static analysis tools To reduce security debt, software developers should include security testing early in the software development life cycle and automate patch management as much as possible.

Deep fake (also spelled deepfake) is a type of artificial intelligence  used to create convincing image, audio and video hoaxes. The term, which describes both the technology and the resulting bogus content, is a portmanteau of deep learning and fake. Deep fake content is created by using two competing AI algorithms -- one is called the generator and the other is called the discriminator. The generator, which creates the phoney multimedia content, asks the discriminator to determine whether the content is real or artificial. Together, the generator and discriminator form something called a generative adversarial network (GAN). Each time the discriminator accurately identifies a content as being fabricated; it provides the generator with valuable information about how to improve the next deep fake. The first step in establishing a GAN is to identify the desired output and create a training dataset for the generator. Once the generator begins creating an acceptabl...

  A memory leak is the gradual loss of available computer memory when a program (an application or part of the operating system) repeatedly fails to return memory that it has obtained for temporary use. As a result, the available memory for that application or that part of the operating system becomes exhausted and the program can no longer function. For a program that is frequently opened or called or that runs continuously, even a very small memory leak can eventually cause the program or the system to terminate. A memory leak is the result of a program bug. Some operating systems provide memory leak detection so that a problem can be detected before an application or the operating system crashes. Some program development tools also provide automatic "housekeeping" for the developer. It is always the best programming practice to return memory and any temporary file to the operating system after the program no longer needs it.

  A filter bubble is an algorithmic bias that skews or limits the information an individual user sees on the internet. The bias is caused by the weighted algorithms that search engines, social media sites and marketers use to personalize user experience (UX). The goal of personalization is to present the end user with the most relevant information possible, but it can also cause a distorted view of reality because it prioritizes information the individual has already expressed interest in. The data used to personalize user experience and create an insulating bubble comes from many sources, including the user’s search history, browsing choices and previous interaction with web pages. Filter bubbles, which affect an individual's online advertisements, social media newsfeeds and web searches, essentially insulate the person from outside influences and reinforce what the individual already thinks. The word bubble, in this context, is a synonym for...

  Two-factor authentication (2FA), sometimes referred to as  two-step verification  or  dual-factor authentication , is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user's credentials and the resources the user can access. Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically, a password or passcode. Two-factor authentication methods rely on a user providing a password, as well as a second factor, usually either a security token or a biometric factor, such as a fingerprint or facial scan. Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing...

Chaos engineering is the process of testing a distributed computing system to ensure that the system can withstand unexpected disruptions in function. It is so named because it relies on concepts from  chaos theory, which focuses on random and unpredictable behavior. The goal of chaos engineering is to continuously conduct controlled experiments that introduce random and unpredictable behavior in order to discover weaknesses in a  system. In computing, a distributed system is any grouping of computers that are linked over a network and share resources.  Distributed systems can break when unexpected conditions or situations (such as an unintentional change from an intentional update) occur.  Large distributed systems have complex and unpredictable dependencies between components, which can it difficult to  troubleshoot an error. This is where chaos engineering comes into play. Chaos engineering identifies "what if" sce...

ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash. With physical access to a machine, ATM jackpotting enables the theft of the machine’s cash reserves, which are not tied to the balance of any one bank account. Thieves who are successful and remain undetected can walk away with all of the machine’s cash. The culprits use a portable computer to physically connect to the ATM along and use malware to target the machine’s cash dispenser. In this bold public approach, an attacker will often use deception and weaker targets to limit risk, like dressing as service personnel to avoid scrutiny. Stand-alone ATMs in retail and service outlets are more likely targets, away from a bank’s tighter monitoring and security. Older machines, which may not be fully up to date, are also common targets. ATM owners are encouraged to apply all available updates.