Archive for July, 2015

July 28, 2015

GES Review – Airbnb In Africa and Hopes To Expand, Make Entrepreneurs


Brian Chesky, CEO and founder of lodgings-rental website Airbnb, said he attended the Global Entrepreneurship Summit in Kenya to meet African entrepreneurs and explore expansion on the continent, BizTechAfrica reports.

Africa represents a huge opportunity for the company, which more than doubled listings in Africa in the last year, according to the report.

Airbnb describes itself as a community marketplace where guests can book accommodation from private hosts. The website connects people who have space to spare — anything from a sofa or shared room to a private island and everything in between — with those who are looking for a place to stay. Through their experiences on Airbnb, guests and hosts connect with people from all over the globe.

Some entrepreneurs have built empires using Airbnb, such as Alexander Van Dijl, who needed an alternative source of money while he was writing a book. He figured out he could earn substantial money renting out his home and living elsewhere, according to a report in Entrepreneur.com.

Ryan Scott began renting out his own place in San Diego on Airbnb when he was traveling for IBM as a full-time consultant. He set a goal of replacing his IBM income through Airbnb and bought more rental property.

“The disruptive power of Airbnb to the industry is what has enabled me to convince investors that I, as a newcomer on the vacation rental scene, could outperform entrenched vacation rental managers,” Scott told Entrepreneur.com.

Airbnb has a payment system and a review process where both guest and host can review each other to build a reputation. It claims to have 1.5 million listings in 34,000 cities and 190 countries. Founded in August 2008 in San Francisco, California, the company is privately owned and operated.

Airbnb plans to significantly grow its business in Africa, BizTechAfrica reports. The number of Africans using Airbnb to travel has increased by 139 percent and the number of people staying in Airbnb listings on the continent increased by 145 percent in the past year.

To accelerate growth in Africa, Airbnb appointed Nicola D’Elia as general manager for the region. D’Elia worked previously developing the company’s Facebook’s growth and partnerships in Africa, Europe, and the East.

Kenya has 1,400-plus Airbnb listings with 788 of them in Nairobi. The number of Kenyans using Airbnb tripled in the past year, BizTechAfrica reports.

“The spirit of entrepreneurialism is a common thread that unites the Airbnb
community across the globe,” Chesky said. “I’m thrilled to meet so many
entrepreneurs here at GES who will build and grow this community throughout Africa. And I’m excited to see how Airbnb will empower people across the continent to make extra income while providing travelers with a truly authentic experience.”

– See more at: http://afkinsider.com/100727/airbnb-in-africa-hopes-to-expand-make-entrepreneurs-in-africa/#sthash.r2lKdAAF.dpuf

Advertisements
July 11, 2015

Understanding and mitigating a FREAK vulnerability attack


After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here’s some background on the attack and how to stop it.

One day an employee logs onto his company-issued computer and visits an HTTPS-protected website to pay a bill while on his lunch break. A month later the employee is notified by his bank that the credit card used in the transaction to pay his bill has been compromised and fraudulent purchases have been identified.

How did this happen when the site was guaranteed to be protected with an encrypted connection? Doesn’t HTTPS ensure the information to/from the site was safe from malcontents listening to traffic on the Internet? This was a FREAK attack. FREAK is short for “Factoring Attack on RSA-EXPORT Keys” and is a known man-in-the-middle (MitM) vulnerability caused by weak website encryption. In this case, a MitM attacker downgraded the key length of an RSA key to EXPORT-grade length in an encrypted transport-level session. Once done, the attacker could then intercept and decrypt this traffic. But again, how could this happen?

The backstory on the FREAK vulnerability

The story starts with understanding the sophistication of U.S. law enforcement agencies’ previous network traffic monitoring capabilities. About 20 years ago the U.S. federal government imposed an international trade policy on the level of encryption that could be supported in products exported to overseas countries. Why did the government do this? In its agenda to capture illegal and terrorist activities, the government needed the ability to break the cipher of any suspicious encrypted network packets leaving or entering U.S. cyberspace. By imposing this weaker encryption cipher, the NSA had the ability to examine any suspicious activity, even if the contents were fully encrypted.

So what does this have to do with the FREAK vulnerability?Even though the NSA long ago enhanced its monitoring capabilities to break down some of the most sophisticated encryption technologies on the wire today, and lifted the export restrictions on weaker ciphers 10 to 15 years ago, the encryption profile for this old, weaker export encryption mechanism is still sitting on many of today’s browsers — a clear example of the impact of not removing outdated code from common applications.

A FREAK attack has the ability to capture any traffic that has accidently or automatically negotiated to use this old, weaker export cipher between a computer and another site on the Internet — in this case, the payment site the employee visited — and can capture sensitive information the user thought was fully encrypted, without authorization.

FREAK isn’t just for old legacy browsers, either. FREAK vulnerabilities have been found on current operating systems like Android, iOS, Mac OS platforms and many flavors of Microsoft operating systems, including Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, Windows Server 2012 and Windows RT. While the operating vendors are working hard to remove this old code, there is still a viable chance that workers could accidently fall victim to a FREAK attack, and be unaware it is taking place.

Fixing the FREAK vulnerability

Organizations need ways to mitigate the chance of a FREAK attack. The best way is to examine the certificates used by the company-supported browsers and remove the “RSA key exchange EXPORT ciphers” from the supported ciphers in the browsers’ configuration and registry components. However, this could be a difficult problem, due to lack of resources, size of the organization or the distributed nature of the organization’s various platform support groups.

An alternative is to ensure network edge devices do not allow connections outside the organization that use this cipher. By blocking this traffic, the data never leaves the organization, and thus can’t be intercepted.Finally, the last option is to route all HTTPS traffic through a Web proxy, like Blue Coat, Apache Software Foundation, HAProxy, Squid and others where HTTPS traffic is negotiated on the Internet edge of the Web proxy. This way any HTTPS traffic inside the company boundaries that tries to use the RSA key exchange EXPORT ciphers is only used inside the enterprise to the Web proxy. This allows it to negotiate a stronger cipher between itself and the Internet target to protect the data.

While network edge device blocking and Web proxies can be a quick fix, organizations should not consider the vulnerability closed until the RSA key exchange EXPORT ciphers have been patched by the operating system vendors or by the organization’s support teams.

The future of FREAK attacks

Unfortunately, vulnerabilities like FREAK will continue to be a problem. Software bloat is a common issue and keeping track of all the 20+ year modules in products is difficult since many of the original coders are no longer doing development, or may even be retired. Luckily, the FREAK vulnerability was caught and can be patched to eliminate the risk it imposes. However, for other operating systems and applications, some of the foundational components in use have remained unchanged for decades.

FREAK attacks should be a wake-up call to vendors — not only to quickly patch this vulnerability — but also to take the time and allocate sufficient resources to do a deep inventory of their code to ensure other legacy components that are no longer required are removed.

Finally, this is also a call to organizations that purchase these products to encourage their trusted vendor partners to do these reviews. While cyber insurance and financial liability limits soften the blow, every organization needs to maintain vigilant security practices in the protection of their data and the data of their customers. FREAK will soon be a thing of the past, but who can predict the next big legacy vulnerability to surface? And the next one may be magnitudes worse than FREAK.

One day an employee logs onto his company-issued computer and visits an HTTPS-protected website to pay a bill while on his lunch break. A month later the employee is notified by his bank that the credit card used in the transaction to pay his bill has been compromised and fraudulent purchases have been identified.

How did this happen when the site was guaranteed to be protected with an encrypted connection? Doesn’t HTTPS ensure the information to/from the site was safe from malcontents listening to traffic on the Internet? This was a FREAK attack. FREAK is short for “Factoring Attack on RSA-EXPORT Keys” and is a known man-in-the-middle (MitM) vulnerability caused by weak website encryption. In this case, a MitM attacker downgraded the key length of an RSA key to EXPORT-grade length in an encrypted transport-level session. Once done, the attacker could then intercept and decrypt this traffic. But again, how could this happen?

The backstory on the FREAK vulnerability

The story starts with understanding the sophistication of U.S. law enforcement agencies’ previous network traffic monitoring capabilities. About 20 years ago the U.S. federal government imposed an international trade policy on the level of encryption that could be supported in products exported to overseas countries. Why did the government do this? In its agenda to capture illegal and terrorist activities, the government needed the ability to break the cipher of any suspicious encrypted network packets leaving or entering U.S. cyberspace. By imposing this weaker encryption cipher, the NSA had the ability to examine any suspicious activity, even if the contents were fully encrypted.

FREAK attacks should be a call to vendors to not only quickly patch this vulnerability, but to take this as a shot across the bow warning.

So what does this have to do with the FREAK vulnerability?

Even though the NSA long ago enhanced its monitoring capabilities to break down some of the most sophisticated encryption technologies on the wire today, and lifted the export restrictions on weaker ciphers 10 to 15 years ago, the encryption profile for this old, weaker export encryption mechanism is still sitting on many of today’s browsers — a clear example of the impact of not removing outdated code from common applications.

A FREAK attack has the ability to capture any traffic that has accidently or automatically negotiated to use this old, weaker export cipher between a computer and another site on the Internet — in this case, the payment site the employee visited — and can capture sensitive information the user thought was fully encrypted, without authorization.

FREAK isn’t just for old legacy browsers, either. FREAK vulnerabilities have been found on current operating systems like Android, iOS, Mac OS platforms and many flavors of Microsoft operating systems, including Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, Windows Server 2012 and Windows RT. While the operating vendors are working hard to remove this old code, there is still a viable chance that workers could accidently fall victim to a FREAK attack, and be unaware it is taking place.

Fixing the FREAK vulnerability

Organizations need ways to mitigate the chance of a FREAK attack. The best way is to examine the certificates used by the company-supported browsers and remove the “RSA key exchange EXPORT ciphers” from the supported ciphers in the browsers’ configuration and registry components. However, this could be a difficult problem, due to lack of resources, size of the organization or the distributed nature of the organization’s various platform support groups.

Is it time for a DLP system in your enterprise?

An alternative is to ensure network edge devices do not allow connections outside the organization that use this cipher. By blocking this traffic, the data never leaves the organization, and thus can’t be intercepted.

Finally, the last option is to route all HTTPS traffic through a Web proxy, like Blue Coat, Apache Software Foundation, HAProxy, Squid and others where HTTPS traffic is negotiated on the Internet edge of the Web proxy. This way any HTTPS traffic inside the company boundaries that tries to use the RSA key exchange EXPORT ciphers is only used inside the enterprise to the Web proxy. This allows it to negotiate a stronger cipher between itself and the Internet target to protect the data.

While network edge device blocking and Web proxies can be a quick fix, organizations should not consider the vulnerability closed until the RSA key exchange EXPORT ciphers have been patched by the operating system vendors or by the organization’s support teams.

The future of FREAK attacks

Unfortunately, vulnerabilities like FREAK will continue to be a problem. Software bloat is a common issue and keeping track of all the 20+ year modules in products is difficult since many of the original coders are no longer doing development, or may even be retired. Luckily, the FREAK vulnerability was caught and can be patched to eliminate the risk it imposes. However, for other operating systems and applications, some of the foundational components in use have remained unchanged for decades.

FREAK attacks should be a wake-up call to vendors — not only to quickly patch this vulnerability — but also to take the time and allocate sufficient resources to do a deep inventory of their code to ensure other legacy components that are no longer required are removed.Finally, this is also a call to organizations that purchase these products to encourage their trusted vendor partners to do these reviews. While cyber insurance and financial liability limits soften the blow, every organization needs to maintain vigilant security practices in the protection of their data and the data of their customers. FREAK will soon be a thing of the past, but who can predict the next big legacy vulnerability to surface? And the next one may be magnitudes worse than FREAK.

Randall Gamby is an Identity and Access Management (IAM) professional with over 25 years of IAM experience. He is currently the IAM strategist for a Fortune 500 company. Prior to this position he was a Master Security Consultant, a state Information Security officer and the enterprise security architect for an insurance and finance company. His experience also includes many years as an analyst for the Burton Group’s Security and Risk Management Services group. His coverage areas included: secure messaging, security infrastructure, identity and access management, security policies and procedures, credential services and regulatory compliance.

July 11, 2015

Can thinking like cyberattackers improve organizations’ security?


It’s becoming increasingly important for security leaders to think like cyberattackers, which lends to new defenses and security techniques for enterprises. And while enterprises may never fully be ahead of attackers, they can at least be better prepared. Clearly it’s important to secure company data from multiple attack vectors, but beyond this, what specific steps can security leaders take to provide better attacker-minded defenses?

Hackers attack for a variety of reasons, including for fun, financial gain, retribution, espionage or for no particular reason at all. Regardless of the reason, enterprises need to know their attackers and the techniques they use to exfiltrate valuable data.

In The Art of War, Sun Tzu states, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

The major difference between Sun Tzu’s message and today is that cybersecurity is predominantly defensive. Enterprises do not go after hackers or cyberattackers. They are too busy running a business and maintaining a productive, secure IT environment to support that effort. But are there better attacker-minded defenses we need to consider and deploy to strengthen cybersecurity protections? Having an attacker-minded defense is a good defense.

Know the enemy: Who are the attackers? What is their motive for targeting your organization? What techniques do they use to gain unauthorized access or launch destructive attempts, such as denial of service attacks? The attacker landscape for enterprises consists predominantly of criminals, underground hackers, insiders and state-backed hacking groups.

The 2015 PWC Global State of Information Security Survey states the “total number of security incidents detected by respondents climbed to 42.8 million” in 2014 — a 48% increase over 2013. Not surprisingly, the report also finds, “insider crimes are the most costly or damaging than incidents perpetrated by outsiders.” Insiders have time, access and knowledge to their favor, but outsiders clearly get the most press. In spite of the insider threat, the 2015 ISACA Cybersecurity Status Report stated that 55% of respondents expressed concern over corporate reputation.

Know yourself: What do attackers want from your organization? The obvious targets are large corporations, especially in the government, financial and retail industries, but many fail to realize that others, such as SMB’s with less critical enterprises, are targets for use of their resources to attack others. Some specific steps to help protect your organization include:

  • Implement protection measures to secure critical assets commensurate to enterprise risks.
  • Correlate log data, their sources and types of attacks to identify where to strengthen controls.
  • Join other enterprises and participate in threat intelligence groups to share and learn how to identify attack vectors and protect your environment.
  • Establish a strong and well-vetted incident response program to restore capably to normalcy in the event of a major incident or attack.
  • Implement a continuous monitoring process that alerts you to unusual activity externally and internally.
  • Develop a security awareness program that trains employees, including executives, on a periodic basis.
  • Report to management the state of security on a recurring basis.

Cyberattacks are unrelenting. The PWC Information Security Study stated that in 2014, the 42.8 million incidents translated to 117,339 incoming attacks every day. In comparison, this same study reported 3.4 million incidents in 2009. But, as Sun Tzu said, “You need not fear the result of a hundred battles.” Attacks can be, and for the most part are, thwarted with existing protection systems, such as next-generation firewalls and intrusion prevention systems (IPS). However, they must not be neglected or overly relied on for continuous protection.

Perhaps your organization has not experienced a breach and believes existing controls are sufficient, but these cyberattacks evolve and become more sophisticated every day.

“If you know neither the enemy nor yourself, you will succumb in every battle,” Sun Tzu said. Expect to be a target. Implement protection schemes based on the business model, risks and value of critical data. Review attacks experience from your log analysis tools — SIEM and IPS — and determine how your company is being attacked. These will help organizations understand how to deploy the proper protection scheme. There is no such thing as absolute security, but if you don’t think like cyberattackers or know your pain points, the results will undoubtedly be unfavorable.

July 11, 2015

Gmail is finding smarter ways to keep spam out of your inbox


Google boasts that Gmail filters stop 99.9% of all spam, but it wants to do even better. Can Gmail become spam-free?

Google announced a number of improvements to Gmail spam filtering in a blog post on Thursday. That includes applying machine learning technology, such as artificial neural networks to make filters smarter and new tools for businesses to ensure relevant mail always makes it into inboxes.

Artificial Neural Networks are essentially computers that mimic the connections of neurons in the brain, allowing the computers to “learn.” Google uses these to identify images, making tasks like reverse image search possible. These neural networks are also used to create those trippy images you may have seen online lately.

For Gmail, the networks will be used to filter out phishing scams that can easily be mistaken for a legitimate email. You know, the ones that ask you to log in to your Facebook account — but the email comes from a website designed to steal your login credentials.

The threshold for what is considered spam varies from person to person

The threshold for what is considered spam varies from person to person, so the networks will adjust over time, learning which emails you might want in your inbox versus an email someone else might regard as spam.

Google is also rolling out Gmail Postmaster Tools, which will allow “qualified high-volume” senders to get better analytics on the emails they send. With the new tools, users will be able to better avoid sending messages that end up in anti-spam filters; after all, no one wants to have to check a spam folder for bank statements.

Gmail Postmaster Tools launched on Thursday, and the usage of Artificial Neural Networks began earlier this year.

In 2012 Gmail missed 1% of spam messages, according to Google. Now, it only misses 0.1% of spam and only 0.05% of email ends up in the spam folder when it shouldn’t, but the company thinks it can improve on those figures.

July 9, 2015

Logjam flaw crimps TLS encryption


A newly discovered TLS vulnerability that affects thousands of websites, servers and browser users could allow attackers to bypass encryption.

An international team of researchers has released a paper showing a significant vulnerability in the Transport Layer Security (TLS) protocol that allows attackers to downgrade the encryption used over secure connections to a point where it can be broken.

Based on an Internet-wide scan it performed, the research team estimates that 8.4% of the top million Internet domains are susceptible to the TLS vulnerability, known as Logjam. Additionally, the majority of commonly used browsers are at least theoretically vulnerable to Logjam.

The attack can be mounted at varying degrees of vulnerability based on the size of the prime numbers used in key generation. Attacks based on 512-bit primes, the researchers say, are well within the reach of ordinary hackers (though a certain amount of math savvy may be required). In instances where the communication downgrades to larger primes, the researchers feel the attack is well within the reach of nation-state adversaries. In fact, the researchers said that close examination of leaked NSA documents “shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” according to the Logjam research paper.

Kevin Bocek, vice president of security strategy and threat intelligence at SSL encryption vendor Venafi, noted that “weakened encryption protocols like this one with Diffie-Hellman are a disaster waiting to happen.”

“Heartbleed, LogJam, FREAK, Superfish and so many other examples reinforce that there’s too much blind trust when it comes to SSL/TLS, certificates and trust. And I have no doubt that we’ll continue to find many more protocol, crypto and certificate vulnerabilities out there lurking,” Bocek said.

At a website dedicated to describing the flaw (and testing browsers to see if they are vulnerable), the team explained the general outline of the attack: “Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols, including HTTPS, SSH, IPsec, SMTPS and protocols that rely on TLS. While the fundamentals of Diffie-Hellman exchange remain unproblematic, the team said it has ‘uncovered several weaknesses in how Diffie-Hellman key exchange has been deployed.'”

A full description of the technical details are included in the paper authored by the team, comprising researchers at Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft Research, Johns Hopkins University, University of Michigan and the University of Pennsylvania.

July 9, 2015

Mark Zuckerberg’s Vision of ‘Facebook Telepathy’: What Experts Say


brain-power

Could Facebook one day be Brainbook? Mark Zuckerberg said in a recent Q&A that he predicts people will send thoughts and experiences to each other as easily as people text and email today. However, this fanciful idea of brain-to-brain communication is still a long ways off, neuroscientists say.

On Tuesday (June 30), in response to a question about the future of Facebook during an online Q&A with users, CEO Zuckerberg replied: “One day, I believe we’ll be able to send full rich thoughts to each other directly using technology. You’ll just be able to think of something and your friends will immediately be able to experience it too if you’d like. This would be the ultimate communication technology.”

Zuckerberg continued, “We used to just share in text, and now we post mainly with photos. In the future video will be even more important than photos. After that, immersive experiences like VR [virtual reality] will become the norm. And after that, we’ll have the power to share our full sensory and emotional experience with people whenever we’d like.”

He is referring to an advanced form of brain-to-brain communication in which people could plug in, similar to a VR headset, perhaps with some kind of actual physical connection to the brain itself. Brains transmit information between neurons via a combination of electrical and chemical signals, and it’s possible even now to see them via functional magnetic resonance imaging (fMRI), electroencephalograms, and implanted electrodes. So theoretically it is possible to encode those signals into bits just as we do with digital phone signals, and send them to another person for decoding and “playback” in another brain.

Reading the mind

From a purely technical standpoint, it’s possible to “read” a person’s brain activity and get a sense of what that person is thinking, said Christopher James, professor of biomedical engineering at the University of Warwickshire in the U.K. Functional magnetic resonance imaging, electrodes attached to the scalp, or implanting electrodes into the brain can all work to reveal something about brain activity in real-time. But right now the only way anyone knows of to get the precision required to pick up thoughts and feelings is with the electrodes. Imaging technologies and scalp-mounted electrodes can’t resolve areas small enough to know what’s going on at the cellular level, and scalp electrodes can only detect relatively “loud” signals that get through the skull.

But reading the signals is only half the battle. Decoding them is another matter. There’s no single brain area that governs thoughts of a given type; the way a person experiences thinking involves many parts of the brain operating simultaneously. Picking up all those signals that make up a thought in a real brain would require sticking electrodes into lots of different areas.

“We’d have to eavesdrop in many locations — some of them deep. If we did know minutely where to place electrodes there’s going to be a heck of a lot of them,” James told Live Science. “Then we need to make sense of those impulses,” he added, referring to the electrical signals picked up by the electrodes. [Incredible Technology: How to See Inside the Mind]

With the computing power available today scientists could probably make sense of the complex pattern of electrical signals, that is, if they knew exactly what those signals meant. However, that’s far from clear. A person’s thoughts are more than the simple sum total of voltages and currents. Which impulses come first, and in what pattern, and how intense they should be is still a mystery.

James noted that deep brain stimulation, which is used to treat Parkinson’s and epilepsy, involves sending simple signals to specific parts of the brain. But even such a straightforward treatment doesn’t help every patient, and nobody knows why. And thoughts are a far more complex phenomenon than treating Parkinson’s, he said.

Andrew Schwartz, a neurobiologist at the University of Pittsburgh, said the whole problem with any such concept of brain-to-brain communication is that nobody knows what a thought actually is. “How would you recognize a thought in the brain if you cannot define it?” Schwartz said. “If you replace ‘thought’ with intention, or ‘intention to act,’ then we may be able to progress as there is gathering evidence that we can recognize that in brain activity. However, this is very rudimentary at this point.”

Steps to Zuckerberg’s vision

Scientists have conducted several experiments with sending simple bits of data from one brain to another. For example, at the University of Washington a team demonstrated communicating between two brains via the motor cortex — a person with electrodes on his head sent brain signals via the Internet to the motor cortex of another person in another room. The brain information signaled the person receiving the message to move his hand and control a video game.

Starlabs in Barcelona showed that it’s possible to send a rudimentary word signal over the Internet. In that case the sender would think of a word, and the receiver would have the visual cortex stimulated by a magnetic field as the signal came in. The receiver would see flashes and could then interpret the word.

At Duke University scientists have experimented with motor impulses between rats. They linked two rats’ brains. One rat got a reward for hitting one of two levers when a light came on, the other had the levers but no light cue. The second rat was able to hit the correct lever more often than chance whenever the first rat was given the signal to press its lever. [Video – Watch Man Wiggle Rat’s Tail With His Mind Only]

Neuroscientists have even recreated movie clips by looking just at a person’s brainwaves; That mind-reading method, however, was limited to areas of the brain linked to basic visualization and not those areas responsible for higher thought.

James noted that in all these cases the information has been very simple, essentially bits of ones and zeros: When a person thinks about opening a door, they know what a door is, what a handle is, that the hand needs to reach the door handle to open it. That all happens before that person gets to moving arms and grabbing the doorknob.

Challenges ahead

Even with those successes — or at least proofs of concept — progressing to a technology that could transfer a person’s thoughts and feelings to another person is still a ways off, said Andrea Stocco, a research scientist at the University of Washington who took part in the motor cortex experiment. Many brain scientists think similar patterns of neural activity should correspond to similar thoughts in different people. But beyond that, nobody can predict exactly what patterns might be linked to a given set of thoughts. So far scientists can only discover these patterns by experimenting.  [The Top 10 Mysteries of the Mind]

He added that while the technology is in theory available to record impulses in great detail from the brain, in practical terms placing that many wires into a brain to “see” that activity is quite risky. “We do not currently have the technology to record from enough cells in the brain to decode complex thoughts,” he said.

The other problem is an ethical one, James said. An experiment involving hundreds of electrodes inserted into a brain isn’t something any institution would be likely to approve, even with volunteers. He noted such experiments with inserted electrodes tend to be done on people who already have some kind of problem – epilepsy or Parkinson’s disease. (The University of Washington and Starlabs experiment didn’t involve invasive surgery).Those patients are getting electrodes inserted into their brains already. Even then, the data they yield is often crude.

“It’s a bit like having a football stadium with a crowd of people, and putting a microphone outside the door and trying to pinpoint one conversation. The best I can hope for is to get half of them to shout in unison.”

And unfortunately, the only way to know whether such a brain-to-brain interface is working is to work with a sentient creature — a person. In an experiment done on a rat the rat can’t tell us what it is feeling except in simple ways like having the rat hit one lever or another. That isn’t anything close to what humans experience. And it’s important because there’s a very real question of whether such stimulation induces experiences (known as qualia) in the rats, said Giulio Ruffini, CEO of Starlab,

It’s also far from clear what the long-term effects on the brain would be — scarring from electrodes would be just one problem. “The brain doesn’t like getting things stuck into it,” James said.

Schwartz added that motor impulses are one thing — there have been some successes there with prosthetic limbs, for instance. But that is nothing like the “rich experiences” Zuckerberg describes. “There is no scientific data showing that it can be extracted from brain activity,” James said. “Despite many claims about activating particular brain ‘circuits,’ this is almost all wishful thinking and has not been done in any deterministic manner to product a perceived experience. We simply haven’t done the science yet.”

Stocco, though, was somewhat optimistic about Zuckerberg’s vision. “His scenario is far, but not unreachable,” he said, as the kinds of advances necessary are at least imaginable. “We could get there, given adequate work and knowledge.”

http://www.livescience.com

July 9, 2015

Sourcing the modern data center


Significant IT expenditures can represent a make-or-break moment for the department, especially in this economic climate. In terms of selecting data center hardware, planning can go a long way, and selecting the right mix helps to minimize waste and maximize efficiency. A single-vendor data center approach could be the right way to go, but there has been debate as to whether multiple vendors may be the best solution for IT shops. The right answer depends on an organization’s particular needs. IT decision-makers should examine all of the possible solutions, choose the best vendor and then integrate other vendor products if it makes sense to mix and match.

July 9, 2015

Microsoft BizSpark Plus Program Expanded For Qualifying Startups


Are you approaching 3 years as a BizSpark member? Take a look at Microsoft BizSpark graduation offers so you can seamlessly continue using their technology.

Regardless of where you reside or what platform and tools you use, Microsoft’s goal is simple – they aim to help early stage companies accelerate innovation and get their stuff in the hands of customers as quickly as possible. With that in mind, Microsoft BizSpark recently announced an update to its BizSpark Plus program. Starting on July 1, the program will be offering $120,000/year of free Azure cloud services to qualified startups around the world. The offer expands the existing BizSpark Plus program which, in addition to open source friendly Azure, provides free software, developer tools, and technical support to help startups be successful.

July 9, 2015

Get Ready For Windows 10


Windows 10 will be available on July 29 and consumers can purchase a new Windows 10 PC or tablet. And, qualified Windows 7 and Windows 8.1 devices can get a Free Upgrade. Don’t miss out on the opportunity to reach this huge audience! Windows 10 developer tools for Visual Studio 2015 will be delivered with the release which will allow you to build your Universal Windows Platform apps and submit them to the Windows Store. Want an early start on developing for Windows 10? Download the latest Windows 10 SDK and matching mobile emulator from the Windows 10 Developer Tools. When running the latest SDK and emulator in your local development environment, your apps will be able to access the latest Windows capabilities and APIs available in the preview build. Each preview SDK release installs side by side of the official Windows 10 tooling for Visual Studio 2015.

July 9, 2015

EU’s Tusk urges debt relief as part of Greek deal


The European Union’s chairman joined growing international calls for Greece to be granted debt restructuring as part of any new loan deal if it delivers convincing reforms to avert imminent bankruptcy.

The call was an implicit challenge to Germany, Athens’ biggest creditor, which has so far ruled out any write-offs as illegal and taken a restrictive view of reprofiling the debt to help Greece over a major repayment hump this year.

Greek Prime Minister Alexis Tsipras was finalizing a tough package of tax hikes and pension reforms to send to euro zone authorities by midnight in a race to secure agreement at the weekend on a third financial rescue for his country.

European Council President Donald Tusk, who is to chair a special euro group summit on Sunday that will decide Greece’s fate, hoped the plans would be concrete and realistic.

“The realistic proposal from Greece will have to be matched by an equally realistic proposal on debt sustainability from the creditors. Only then will we have a win-win situation,” he said. “Otherwise, we will continue the lethargic dance we have been dancing for the past five months.”

German Chancellor Angela Merkel said a classic “haircut” – a write-off of principal – was out of the question. She did not rule out other forms of debt relief such as extending loan maturities, lower interest rates or a longer moratorium on debt service payments.

International Monetary Fund chief Christine Lagarde and U.S. Treasury Secretary Jack Lew both said on Wednesday that debt restructuring must be part of a viable solution to keep Greece in the euro zone.

Lagarde said any program would have to walk on two legs. “One leg is about significant reforms and fiscal consolidation … And the other leg is debt restructuring, which we believe is needed in the particular case of Greece for it to have debt sustainability.”

http://www.reuters.com/