Security_eBook_blog_Banner

Issues with NPM causing massive headaches

The digital world is full of dangers. Self-replicating worms, druggie chatbots and cellphones that are out to get you. Will you ever be safe? Read our weekly roundup and be aware …


ID-100269052 copy

It was a terrible week for NPM (Node Package Manager). The default package manager for web application framework Node.js organizes the open source software libraries for thousands of online applications. It managed to break a lot of them after a disgruntled developer unpublished a software package provided by NPM. This left organizers scrambling for control of the package, which was eventually republished under someone else’s name.

As if that wasn’t enough, a Google researcher found a vulnerability in NPM that allows attackers to create a self-replicating worm that can spread through most of its packages. All of which begs the question: how much open source software are your applications using, do you know what other software packages it depends on, and how sure can you be that it’s safe?

Dangerous cellphones cut and zap users

Phones are responsible for more injuries than you’d think. InfoWorld compiled a list of hospital reports documenting cellphone injuries, and it makes for interesting reading. Distracted driving was an obvious cause of injury, but there were some more surprising ones, too.

A couple of people got zapped when putting phones in their mouths, and one woman cut her finger on her phone’s jeweled case when answering it. In a true example of natural selection, one chap went to the emergency room after punching his telephone.

Thirteen of the 523 people in the report were hit by thrown phones, while a couple were bitten by dogs and cats spooked by ringing phones (which is another reason not to download that Bieber ringtone). Are you being phone-safe? Be careful out there, people.

Now everyone can write their own Tay bot

Remember Tay, the artificial intelligence teenaged bot who went bonkers last week after Microsoft let her loose on the Internet? She came back for a brief period and tweeted about taking drugs in front of the police, before melting down and repeatedly posting the message “You are too fast, please take a rest.” We’re not sure we’d want our own teens hanging around with this kid.

What would you do if your bot melted down spectacularly on the Internet? Microsoft doubled down, announcing an open source tool to let people build their own chatbots. Unveiled at the Build Conference, BotFramework will let developers build bots that respond to chat messages sent via email, SMS and Slack among others. Hopefully they won’t generate the same kinds of racist, sexist banter that Tay sprayed across the Internet.

Propaganda sent to thousands of Internet printers

Tay failed because its machine learning algorithms were designed to learn from what people were saying to it. Unfortunately, the Internet is full of pranksters eager to use technology to undermine others and make a point, and it was relatively easy to pollute Tay’s ‘thinking.’

Another troller always eager to make a point is notorious hacker and racist Andrew Auernheimer (aka Weev), who sent white supremacist messages to every printer publicly accessible on the Internet. It turns out there are lots of them. Universities were hit, causing a storm of Reddit complaints.

Best of expertIP

One doesn’t tend to think of banks as big advocates of bitcoin. Its anonymity and associations with illegal black markets have coloured the digital currency’s reputation. But the blockchain — the technology that underpins bitcoin — is of interest to our financial institutions. There are still areas of banking that are outmoded, inefficient and ripe for disruption. Just ask anyone who gets paid by a cheque in the mail or who wants to transfer money overseas quickly and cheaply.

In a blog post this week, Danny Bradbury talks about how banks are rethinking various aspects of their operations using blockchain technology, which allows multiple participants to work together directly without a central hub. This has ramifications for processes including post-trade settlements, which are currently slow and cumbersome.

Blockchain technology could reduce infrastructure costs related to cross-border payments, security trading and regulatory compliance by up to $20 billion each year within the next six years, according to an analysis by Finextra. No wonder dozens of banks are playing with it in the labs.

Image courtesy of Free Digital Photos

SIP eBook 2014 expertIP bottom banner update
Comments are closed.