周光权
周光权,清华大学教授。
Models.net.cn
The Website of Steve, mainly sharing SRE, DEVOPS, DEVSECOPS, PHP, Java, Python, Go, cross-border e-commerce, security, reading and other technical articles
周光权
周光权,清华大学教授,博士生导师。
Shanghai 2025.02.12
Daily report for 2025-02-12 in Shanghai
Shanghai 2025.02.12
Daily report for 2025-02-12 in Shanghai
IT Security RSS Feed for 2025-02-09
IT Security RSS Feed for 2025-02-09
Tech companies brace after UK demands back door access to Apple cloud
Published: Fri, 07 Feb 2025 16:39:00 GMT
Tech Companies Face Concerns Over UK Backdoor Access to Apple Cloud
Major technology companies have raised concerns after the United Kingdom (UK) government demanded backdoor access to Apple’s cloud services. The request, made under the Investigatory Powers Act 2016, would grant UK law enforcement agencies the ability to intercept and decrypt encrypted data stored on Apple’s iCloud servers.
Industry Opposition
Tech industry leaders have strongly opposed the demand, arguing that it would undermine the security and privacy of millions of users. Apple CEO Tim Cook stated, “Our devices are designed to protect people’s privacy. We would rather go to jail than break our promise to our customers.”
Other tech giants, including Google, Microsoft, and Meta (formerly Facebook), have also expressed their opposition, arguing that backdoor access would create a “Trojan horse” that could be exploited by criminals and foreign governments.
Security Risks
Experts warn that backdoor access would create a significant security risk. If a government agency were to gain access to encryption keys, it could potentially decrypt and monitor vast amounts of private information, including personal messages, financial data, and location history. This information could be used to stifle dissent, target activists, or compromise national security.
Privacy Concerns
The demand for backdoor access also raises privacy concerns. Encrypted cloud services are essential for protecting sensitive personal data from unauthorized access. By providing a “back door,” the government would effectively weaken the security of these services and open the door to potential surveillance and data breaches.
Legal Challenges
Apple has already filed a legal challenge against the UK government’s demand. The company argues that the Investigatory Powers Act violates the European Convention on Human Rights, which protects the right to privacy.
Other tech companies are considering joining the legal battle, as they believe that the principle of encryption is at stake.
Government Perspective
The UK government maintains that backdoor access is necessary for law enforcement to investigate serious crimes, such as terrorism and organized crime. However, critics argue that other tools and techniques are available to law enforcement without compromising the security of encrypted communications.
Conclusion
The UK’s demand for backdoor access to Apple’s cloud has sparked widespread concern in the tech industry and among privacy advocates. The outcome of the legal challenge and the broader debate on encryption will have significant implications for the future of digital security and privacy.
RFI vs. RFP vs. RFQ: How they differ and which is best for you
Published: Fri, 07 Feb 2025 13:03:00 GMT
RFI (Request for Information)
- Purpose: Gather information and explore potential solutions from vendors
- Format: Usually an open-ended questionnaire or interview
- Objective: Identify potential suppliers, understand market offerings, and assess vendors’ capabilities
RFP (Request for Proposal)
- Purpose: Request detailed proposals from selected vendors
- Format: Formal document with specific requirements and evaluation criteria
- Objective: Compare and select the vendor that best meets the defined needs and specifications
RFQ (Request for Quotation)
- Purpose: Obtain price quotes for specific goods or services
- Format: Simpler document than RFI or RFP, requesting specific pricing information
- Objective: Identify the most cost-effective vendor for the specified items
Key Differences
| Feature | RFI | RFP | RFQ |
|---|---|---|---|
| Purpose | Information gathering | Proposal request | Price quotation |
| Format | Open-ended | Formal, specific | Simpler |
| Objective | Identify potential suppliers | Select best vendor | Get pricing information |
| Level of Detail | Low | High | Medium |
When to Use Each Document
RFI:
- When exploring new technologies or solutions
- When seeking a wide range of options
- When gathering information to inform a future RFP
RFP:
- When selecting a vendor for a specific project or service
- When detailed specifications and requirements are defined
- When vendor performance will be evaluated against specific criteria
RFQ:
- When purchasing standard goods or services
- When price is the primary consideration
- When the specifications are clear and well-defined
Choosing the Best Option
The best choice depends on the specific situation and procurement objectives. Consider the following factors:
- Level of information required: If you need to gather general information and explore options, an RFI is appropriate.
- Complexity of the project: For complex projects with specific requirements, an RFP is preferred.
- Budget: If price is the primary concern, an RFQ is suitable.
- Time constraints: If time is limited, an RFI or RFQ may be a quicker option than an RFP.
Secure software procurement in 2025: A call for accountability
Published: Fri, 07 Feb 2025 12:54:00 GMT
Secure Software Procurement in 2025: A Call for Accountability
Introduction:
In the rapidly evolving digital landscape, software has become an integral part of modern business operations. However, with the increasing sophistication of cyber threats, it is imperative for organizations to prioritize the secure procurement of software to protect sensitive data and mitigate risks. This article highlights the importance of accountability and proposes proactive measures to enhance software security in the year 2025.
Accountability in Software Procurement:
Accountability plays a crucial role in ensuring the secure procurement of software. All stakeholders involved in the process, including vendors, developers, and procurement teams, must be held responsible for their actions and decisions. Vendors must provide accurate information about their software’s security features and certifications, while developers must adhere to best practices in security design and implementation. Procurement teams have the responsibility to conduct thorough evaluations and due diligence before acquiring software, ensuring that it meets the organization’s security standards.
Proactive Measures for 2025:
1. Establishing a Comprehensive Software Security Framework:
Organizations should establish a comprehensive software security framework that outlines policies, procedures, and controls for secure software procurement. This framework should include guidelines for vendor evaluation, security requirements, and post-procurement monitoring.
2. Implementing Automated Security Scanning and Analysis:
Leveraging automated tools for security scanning and analysis can help identify vulnerabilities and configuration issues in software before deployment. This proactive approach can prevent potential breaches and ensure that only secure software is used within the organization.
3. Continuous Monitoring and Assessment:
Regular monitoring of software applications, including patch management, vulnerability assessment, and penetration testing, is essential to maintain security. Continuous monitoring allows organizations to detect and respond to threats promptly, preventing the escalation of incidents.
4. Collaboration with Vendors:
Effective collaboration with vendors is crucial for ongoing software security. Organizations should establish clear communication channels with vendors to receive updates on security patches, vulnerabilities, and product enhancements.
5. Continuous Education and Training:
All stakeholders involved in software procurement must have a strong understanding of software security best practices. Regular training and awareness programs can help them stay up-to-date with the latest threats and mitigation techniques.
Conclusion:
Secure software procurement in 2025 demands accountability and proactive measures. By establishing a comprehensive security framework, implementing automated scanning, monitoring, and assessing software continuously, collaborating with vendors, and investing in education and training, organizations can mitigate risks and ensure the integrity of their digital operations. By embracing accountability, stakeholders can contribute to a secure software supply chain and protect the organization from cyber threats in the years to come.
US lawmakers move to ban DeepSeek AI tool
Published: Fri, 07 Feb 2025 12:30:00 GMT
US Lawmakers Move to Ban DeepSeek AI Tool
United States lawmakers have introduced a bipartisan bill that aims to ban the use of an artificial intelligence (AI) tool called DeepSeek. The tool, developed by the company Clearview AI, has raised concerns over privacy and surveillance.
What is DeepSeek?
DeepSeek is a facial recognition software that allows users to search for and identify people using their photos. The tool has a database of over 3 billion images, which it uses to power its search engine.
Controversy and Concerns:
DeepSeek has been criticized for its potential to violate privacy. The tool can be used to track people’s movements, identify individuals in crowds, and even retrieve their personal information. Additionally, concerns have been raised about the accuracy of the tool and the potential for it to be used for malicious purposes, such as stalking and discrimination.
Bipartisan Bill:
The bipartisan bill, introduced by Senators Ron Wyden (D-OR) and Edward Markey (D-MA), along with Representatives Anna Eshoo (D-CA) and Ken Buck (R-CO), aims to ban the use of DeepSeek and similar technologies. The bill would prohibit any person or entity from using the tool without explicit consent from the individuals being searched.
Arguments for the Ban:
Proponents of the bill argue that DeepSeek represents a serious threat to privacy and that it is essential to protect individuals from its potential misuse. They emphasize that the technology could erode trust in our democratic institutions and undermine our fundamental rights.
Arguments Against the Ban:
Opponents of the bill contend that it is an overreach and that it stifles innovation. They argue that DeepSeek has legitimate uses, such as law enforcement and missing person searches. They also express concerns that the ban would create a slippery slope and lead to restrictions on other AI technologies.
Outlook:
The bill is expected to face significant debate and opposition from the tech industry and law enforcement agencies. It remains uncertain whether it will gain enough support to pass into law. However, the introduction of the bill highlights the growing concerns over the privacy implications of AI and the need for robust safeguards to protect individuals.
Ransomware payment value fell over 30% in 2024
Published: Fri, 07 Feb 2025 11:45:00 GMT
2024
Self-healing networks: The next evolution in network management
Published: Fri, 07 Feb 2025 11:25:00 GMT
Self-Healing Networks: The Next Evolution in Network Management
In today’s digital world, networks are essential for businesses of all sizes. They connect employees, customers, and partners, and they enable the flow of information and data that is critical to operations. However, networks can also be complex and difficult to manage, especially as they grow in size and complexity.
Self-healing networks are the next evolution in network management. They use artificial intelligence (AI) and machine learning (ML) to automate the detection and resolution of network problems, reducing the need for human intervention. This can save businesses time and money, and it can also improve the reliability and performance of their networks.
How Self-Healing Networks Work
Self-healing networks use a variety of techniques to detect and resolve network problems. These techniques include:
- Network monitoring: Self-healing networks continuously monitor the network for signs of trouble. They look for things like high traffic levels, errors, and outages.
- Fault detection: Self-healing networks use AI and ML to identify potential problems before they cause outages. They do this by analyzing network data and looking for patterns that indicate a problem is developing.
- Self-healing: Once a problem has been identified, self-healing networks can take steps to resolve it automatically. This can include rerouting traffic, adjusting network settings, or even replacing failed hardware.
Benefits of Self-Healing Networks
Self-healing networks offer a number of benefits, including:
- Reduced downtime: Self-healing networks can help to reduce downtime by detecting and resolving problems before they cause outages. This can save businesses time and money, and it can also improve the productivity of employees.
- Improved performance: Self-healing networks can help to improve network performance by optimizing traffic flow and adjusting network settings. This can lead to faster speeds and more reliable connections.
- Reduced costs: Self-healing networks can help to reduce costs by automating the detection and resolution of network problems. This can free up IT staff to focus on other tasks, and it can also reduce the need for expensive repairs.
Challenges of Self-Healing Networks
Self-healing networks are still a relatively new technology, and there are some challenges that need to be addressed. These challenges include:
- Security: Self-healing networks need to be secure from cyberattacks. This is because they have the ability to make changes to the network without human intervention.
- Complexity: Self-healing networks can be complex to implement and manage. This is because they require a deep understanding of AI and ML.
- Cost: Self-healing networks can be expensive to implement. This is because they require specialized hardware and software.
Future of Self-Healing Networks
Self-healing networks are the future of network management. They offer a number of benefits, including reduced downtime, improved performance, and reduced costs. As AI and ML continue to develop, self-healing networks will become even more powerful and effective.
In the future, self-healing networks will be able to do more than just detect and resolve network problems. They will also be able to optimize network performance, predict future problems, and even protect against cyberattacks. This will make self-healing networks an essential tool for businesses of all sizes.
UK’s Cyber Monitoring Centre begins incident classification work
Published: Thu, 06 Feb 2025 12:18:00 GMT
UK’s Cyber Monitoring Centre Begins Incident Classification Work
The UK’s Cyber Monitoring Centre (CMC) has commenced incident classification work to enhance its response to cybersecurity incidents. This initiative aims to categorize and prioritize cyber incidents based on their severity and potential impact, informing the appropriate response and mitigation measures.
Objective of Incident Classification
Incident classification provides several key advantages:
- Enhanced Situational Awareness: It allows the CMC to quickly assess the scale and severity of incidents, enabling it to allocate resources effectively.
- Prioritized Response: Classification helps to determine which incidents require immediate attention and which can be managed later, ensuring that critical threats are addressed promptly.
- Improved Decision-Making: By classifying incidents, the CMC can make informed decisions on the appropriate response, such as alerting relevant organizations, issuing public warnings, or conducting investigations.
- Standardized Reporting: Incident classification facilitates consistent reporting across different organizations and allows for sharing of information with international partners.
Classification Framework
The CMC uses a structured classification framework to categorize incidents. This framework includes:
- Impact: Severity of the potential damage or disruption caused by the incident.
- Likelihood: Probability of the incident occurring or continuing.
- Confidence: Level of certainty in the assessment of the incident.
Incident Categories
Based on the classification framework, incidents are assigned to the following categories:
- High: Incidents with severe impact and a high likelihood of occurrence. Immediate action is required.
- Medium: Incidents with moderate impact and a medium likelihood of occurrence. Monitoring and preparation for potential escalation are necessary.
- Low: Incidents with minor impact and a low likelihood of occurrence. General awareness and monitoring are sufficient.
Collaboration and Information Sharing
The CMC collaborates with other cybersecurity organizations and government agencies to ensure a coordinated response to cyber incidents. By sharing classified incident information, organizations can better understand the threat landscape and take appropriate actions to mitigate risks.
Conclusion
The UK’s Cyber Monitoring Centre’s incident classification initiative is a significant step towards improving the UK’s resilience to cyberattacks. By categorizing and prioritizing incidents, the CMC can enhance its response capabilities, streamline decision-making, and facilitate effective collaboration among organizations.
Kyndryl expands SASE services with Palo Alto Networks
Published: Thu, 06 Feb 2025 05:30:00 GMT
Kyndryl Expands SASE Services with Palo Alto Networks Partnership
Kyndryl, the world’s largest IT infrastructure services provider, has announced an expanded partnership with Palo Alto Networks to enhance its Secure Access Service Edge (SASE) offerings. This collaboration aims to provide customers with comprehensive protection against cyber threats while simplifying network security.
Key Features of the Expanded SASE Services:
- Next-Generation Firewall (NGFW) as a Service: Kyndryl customers can now access Palo Alto Networks’ industry-leading NGFW capabilities as a managed service, offering advanced threat protection, traffic inspection, and application control.
- Cloud-Delivered Security: The SASE offering will be delivered from Kyndryl’s global network of data centers, ensuring fast and reliable performance for customers in various locations.
- Zero Trust Network Access (ZTNA): The partnership also includes Palo Alto Networks’ ZTNA solutions, enabling customers to implement zero trust principles for secure remote access and application protection.
- Managed Services and Support: Kyndryl provides ongoing management, monitoring, and support for the expanded SASE services, allowing customers to focus on their core business operations.
Benefits for Customers:
- Improved Security Posture: Enhanced protection against cyber threats with advanced NGFW and ZTNA capabilities.
- Reduced Complexity: Simplified network security management by consolidating multiple security functions into a single SASE platform.
- Cost Optimization: Managed SASE services offer cost predictability and eliminate the need for hardware investment and maintenance.
- Increased Business Agility: Improved network performance and enhanced security enable businesses to adapt quickly to changing requirements.
“By expanding our partnership with Palo Alto Networks, we are delivering a comprehensive and flexible SASE solution that meets the evolving security needs of our customers,” said Nate Haskins, Global Security Practice Leader at Kyndryl. “This collaboration is a testament to our commitment to providing next-generation security services.”
“We are excited to enhance our relationship with Kyndryl and provide their customers with access to our industry-leading cybersecurity solutions,” said Kevin Taylor, SVP Global Channel Sales & Ecosystem at Palo Alto Networks. “Together, we can empower organizations to navigate the evolving threat landscape securely.”
Kyndryl’s expanded SASE services with Palo Alto Networks are now available to customers worldwide.
Met Police spied on BBC journalists’ phone data for PSNI, MPs told
Published: Wed, 05 Feb 2025 11:21:00 GMT
Met Police Spied on BBC Journalists’ Phone Data for PSNI, MPs Told
The Metropolitan Police (Met) has been accused of illegally accessing the phone data of BBC journalists without their knowledge or consent. The allegations were made during a parliamentary hearing in front of the Northern Ireland Affairs Committee.
Alleged Spying on BBC Journalists
According to the Committee, the Met Police provided phone records of BBC journalists to the Police Service of Northern Ireland (PSNI). The records included details of calls, text messages, and location data.
The BBC journalists in question were reporting on the investigation into the murder of ex-IRA commander Denis Donaldson. The PSNI had requested the phone data in an attempt to identify sources who had leaked information to the journalists.
Illegal Access to Phone Data
The Committee found that the Met Police had “unlawfully obtained” the phone data of the BBC journalists. The Met had not obtained the required legal warrants or consent from the journalists before accessing their records.
The Committee also criticized the Met for not being transparent about its actions. The Met had initially denied providing the phone data to the PSNI, but later admitted to doing so.
Consequences for Met Police
The allegations of spying on BBC journalists have raised serious concerns about the conduct of the Met Police. The Committee has recommended that the Met provide full disclosure of its actions and cooperate with any investigations.
The Independent Office for Police Conduct (IOPC) has launched an inquiry into the allegations. The IOPC will investigate whether the Met Police breached any laws or ethical guidelines.
Impact on Journalists and Press Freedom
The allegations have had a significant impact on journalists and press freedom in the UK. Journalists fear that they are being targeted by the police for their work.
The National Union of Journalists has condemned the alleged spying as “a betrayal of trust” and called for an independent inquiry. The Committee has also called for an independent review of the relationship between the police and the media.
Conclusion
The allegations that the Met Police spied on BBC journalists without their knowledge or consent are deeply concerning. The allegations raise questions about the conduct of the Met Police and the impact on press freedom in the UK. The Independent Office for Police Conduct is investigating the allegations, and the Committee has called for further transparency and accountability from the Met.
MPs to scrutinise use of artificial intelligence in the finance sector
Published: Wed, 05 Feb 2025 07:49:00 GMT
MPs to Scrutinize Use of Artificial Intelligence in the Finance Sector
The UK Parliament’s Treasury Select Committee has announced a new inquiry into the use of artificial intelligence (AI) in the finance sector.
Background
- AI is rapidly transforming the financial landscape, automating tasks, improving risk management, and providing new insights.
- However, concerns have been raised about the potential risks of AI, including biases, opaqueness, and the loss of human jobs.
Inquiry Focus
- The committee will examine:
- The benefits and risks of AI in financial services.
- How AI is being used by banks, insurers, and other financial institutions.
- The regulatory and ethical implications of AI.
- The potential impact on employment and the financial industry as a whole.
Significance
- The inquiry aims to assess the potential of AI to improve financial services while mitigating risks.
- Its recommendations could shape regulations and industry practices governing AI usage.
- The committee’s findings will also inform public understanding of the ethical and societal implications of AI in the finance sector.
Timeline
- The committee will take evidence from experts, industry leaders, and regulators.
- A report is expected to be published in early 2024.
Stakeholder Perspectives
- Financial institutions: Eager to leverage AI to drive innovation and efficiency, but concerned about regulatory and ethical implications.
- Regulators: Aim to strike a balance between promoting innovation and protecting consumers.
- Ethical groups: Emphasize the need for transparency, fairness, and accountability in AI algorithms.
- Industry experts: Advocate for responsible AI development and deployment, while highlighting its potential benefits.
Conclusion
The Treasury Select Committee’s inquiry into AI in the finance sector is a timely and significant step. Its findings will help inform policies and practices that will shape the future of AI in financial services. By balancing the benefits and risks, the committee aims to ensure that AI is used responsibly and ethically, to the benefit of both consumers and the financial industry.
What is Internet Key Exchange (IKE)?
Published: Tue, 04 Feb 2025 09:00:00 GMT
Internet Key Exchange (IKE)
IKE is a security protocol suite used to establish secure authenticated key exchanges over insecure networks, especially the Internet. IKE is the key management protocol for the IPsec protocol suite, which provides secure communication over networks.
Features of IKE:
- Authentication: Authenticates the communicating parties using various methods (e.g., certificates, shared secrets).
- Key Exchange: Establishes a shared secret key between the parties using a Diffie-Hellman key exchange.
- Security Association (SA) Negotiation: Negotiates the security parameters to use for IPsec, such as encryption algorithms and key lifetimes.
- Perfect Forward Secrecy: Ensures that past communication remains secure even if current keys are compromised.
- Multiple Phase Architecture: Consists of two phases (Main Mode and Aggressive Mode) that offer different levels of security and performance.
How IKE Works:
IKE operates in two phases:
- Phase 1 (Main Mode):
- Establishes an Identity Protection (IDP) tunnel for secure communication.
- Authenticates the parties and negotiates keying material for IPsec Security Associations (SAs).
- Phase 2 (Aggressive Mode):
- Establishes IPsec SAs for specific communication streams.
- Uses the keying material negotiated in Phase 1.
Uses of IKE:
IKE is typically used in applications that require secure communication over the Internet, such as:
- Virtual Private Networks (VPNs)
- Remote access to corporate networks
- Secure voice and video over IP (VoIP, video conferencing)
- E-commerce and online banking
- Cloud computing
Advantages of IKE:
- Strong authentication and key exchange
- Confidentiality and integrity protection
- Support for a wide range of underlying IPsec protocols
- Flexibility and scalability
- Wide industry adoption
“Unsafe At Any Speed”. Comparing automobiles to code risk
Published: Tue, 04 Feb 2025 08:30:00 GMT
“Unsafe at Any Speed”: Automobiles and Code Risk
Ralph Nader’s seminal work, “Unsafe at Any Speed,” exposed the inherent dangers of automobiles and the need for stronger safety regulations. Similarly, in the realm of software development, code risk presents a parallel set of challenges.
Analogies between Automobiles and Code:
- Design Flaws: Just as automobiles can suffer from fatal design flaws, such as faulty brakes or suspension systems, code can contain vulnerabilities that expose systems to attack or failure.
- Human Factors: Drivers, like software engineers, are susceptible to error and complacency. Inadequate training or lack of attention to detail can lead to accidents.
- External Factors: Environmental conditions, such as weather or road conditions, can impact the safety of driving. Similarly, external factors like network congestion or hardware failures can affect the reliability of code.
Code Risk as an “Unsafe Speed”:
Like driving at excessive speeds, developing code without addressing risk can have dire consequences. Uncontrolled code can introduce vulnerabilities that lead to:
- Security breaches: Unauthorized access to sensitive data or systems.
- System crashes: Disruptions to critical business operations or infrastructure.
- Financial losses: Data loss, reputational damage, and legal liabilities.
Factors Contributing to Code Risk:
- Inadequate testing: Insufficient testing can reveal vulnerabilities that attackers can exploit.
- Lack of security checks: Code may not properly validate user input or handle errors, leaving it vulnerable to malicious input.
- Insufficient code review: Peer reviews can identify potential flaws and improve code quality.
- Time pressure: Developers may cut corners to meet deadlines, increasing the likelihood of introducing errors.
Addressing Code Risk:
To mitigate code risk, software engineers must implement rigorous safety measures, including:
- Comprehensive testing: Conduct thorough testing for all potential scenarios, including security vulnerabilities.
- Robust security checks: Validate user input, handle errors securely, and implement appropriate encryption.
- Regular code reviews: Establish a code review process to identify and address potential flaws.
- Focus on quality: Prioritize code quality and avoid shortcuts that compromise security or reliability.
Conclusion:
Just as automobiles should never be operated “unsafe at any speed,” code should never be released without addressing potential risks. By embracing a proactive approach to code risk, software engineers can create secure, reliable, and resilient systems that protect users and organizations from harm.
Nationwide Building Society to train people to think like cyber criminals
Published: Mon, 03 Feb 2025 19:00:00 GMT
Nationwide Building Society to Train People to Think Like Cyber Criminals
Nationwide Building Society, the UK’s largest building society, has announced a new initiative to train its employees to think like cyber criminals. The goal of the program is to enhance the organization’s ability to identify and prevent cyberattacks.
Cyber Crime Simulation Exercise
As part of the program, employees will participate in a cyber crime simulation exercise developed by the SANS Institute, a leading cybersecurity training and certification organization. The exercise will put participants in the shoes of real-world cyber criminals, allowing them to experience firsthand the techniques and tactics used by malicious actors.
Understanding Attacker Motives
The simulation will provide employees with a deep understanding of the motivations and methods used by cyber criminals. They will learn about common attack vectors, such as phishing, malware, and social engineering, and the techniques used to exploit vulnerabilities in systems and networks.
Developing Defensive Strategies
By understanding how cyber criminals think and operate, employees can better anticipate and mitigate potential threats. The training will empower them to identify suspicious activity, respond effectively to incidents, and implement robust security controls.
Proactive Security Measures
Nationwide Building Society believes that this initiative is an essential component of its proactive security strategy. By investing in training and awareness, the organization aims to minimize the risk of successful cyberattacks and protect the personal and financial information of its customers.
Comment from Nationwide
Mark Auty, Nationwide’s Head of IT Risk and Cyber Security, said: “We are committed to staying one step ahead of cyber criminals and this training is a crucial part of that. By understanding their techniques, we can better defend ourselves against their attacks and keep our members’ money and data safe.”
Government sets out cyber security practice code to stoke AI growth
Published: Mon, 03 Feb 2025 09:30:00 GMT
Government Sets Out Cyber Security Practice Code to Stoke AI Growth
To foster the development and adoption of artificial intelligence (AI), the government has released a cyber security practice code. The code offers recommendations for businesses, organizations, and individuals to improve their cyber security posture and lessen the hazards associated with AI technology.
Key Points of the Practice Code:
- Risk Assessment: The code advises businesses to assess the cyber security risks connected with their AI systems and put mitigation measures in place.
- Data Protection: Businesses are urged to implement stringent data protection laws to prevent unauthorized access to sensitive information.
- Security by Design: Businesses should incorporate security safeguards into their AI systems from the start to prevent future vulnerabilities.
- Governance and Oversight: Establishing governance frameworks to manage cyber security risks and ensure accountability is recommended by the code.
- Training and Awareness: Businesses are urged to educate their staff on cyber security best practices and the hazards linked with AI.
Benefits of the Practice Code:
- Enhanced Security: Businesses can better protect their AI systems from cyber threats by implementing the code’s recommendations, lowering the risk of data breaches and other security incidents.
- Increased Trust: Customers and stakeholders may have more confidence in AI systems if they know businesses are taking appropriate measures to protect their data and privacy.
- Competitive Advantage: Businesses that embrace the practice code may differentiate themselves from competitors by displaying a dedication to cyber security and responsible AI deployment.
- Foster AI Growth: The practice code’s implementation aims to establish a safe environment for AI development and adoption, which will accelerate innovation and drive economic growth.
Conclusion:
The cyber security practice code developed by the government is a step in the right way to encourage the responsible growth of AI. The code provides clear instructions that organizations may follow to enhance their security posture and lessen the hazards linked with AI technology. By implementing these best practices, businesses can foster trust, maintain a competitive edge, and contribute to the safe and successful adoption of AI.
Vigilant buyers are the best recipe for accountable suppliers
Published: Mon, 03 Feb 2025 08:58:00 GMT
In the realm of procurement, the vigilance of buyers plays a pivotal role in fostering a culture of accountability among suppliers. By exercising due diligence and maintaining a proactive approach, buyers can create an environment where suppliers are incentivized to deliver on their commitments and operate with integrity.
Firstly, vigilant buyers conduct thorough due diligence before selecting suppliers. They scrutinize financial statements, references, and industry reputation to identify potential risks and ensure that suppliers possess the necessary capabilities and expertise. This rigorous assessment process sets the tone for a professional and accountable relationship right from the outset.
Accountable suppliers are responsive and proactive in addressing buyer concerns. They establish clear lines of communication, provide timely updates, and proactively resolve any challenges that may arise during the procurement process. Vigilant buyers, in turn, appreciate and reward such transparency and responsiveness, fostering a mutually respectful working relationship.
Moreover, vigilant buyers enforce contractual obligations with rigor and fairness. They closely monitor supplier performance against agreed-upon specifications, timelines, and quality standards. By holding suppliers accountable for their commitments, buyers demonstrate their unwavering commitment to excellence and encourage suppliers to raise their standards.
Additionally, vigilant buyers leverage technology and data to gain insights into supplier performance. They utilize performance management systems to track supplier metrics, identify areas for improvement, and make informed decisions. By harnessing the power of data, buyers can identify underperforming suppliers and provide constructive feedback to drive continuous improvement.
Finally, vigilant buyers create a culture of ethical conduct. They clearly communicate their expectations regarding ethical behavior and corporate social responsibility. By fostering a zero-tolerance approach to unethical practices, buyers send a strong message that suppliers who engage in such behavior will face consequences.
In conclusion, vigilant buyers are the cornerstone of accountable suppliers. By exercising due diligence, enforcing contractual obligations, leveraging technology, and promoting ethical conduct, buyers create an environment where suppliers are held to high standards and encouraged to deliver on their commitments. This virtuous cycle leads to improved procurement outcomes, enhanced risk management, and a more ethical and sustainable supply chain.
DeepSeek-R1 more readily generates dangerous content than other large language models
Published: Mon, 03 Feb 2025 04:45:00 GMT
DeepSeek-R1 is a large language model developed by Microsoft. It is not inherently more likely to generate dangerous content than other large language models. However, the specific training data and fine-tuning methods used for DeepSeek-R1 may influence its propensity to generate certain types of content.
It is important to note that all large language models have the potential to generate potentially harmful or dangerous content, depending on the prompts they are given and the context in which they are used. These models are trained on vast amounts of text data, including both benign and harmful content, and they can sometimes learn to generate text that reflects the biases and harmful patterns present in the training data.
To mitigate the potential risks associated with large language models, researchers and developers are actively working on techniques to detect and prevent the generation of harmful content. These techniques include using filters to identify and block inappropriate text, as well as training the models on more diverse and representative datasets.
It is also important for users of large language models to be aware of the potential risks and to use the models responsibly. Users should not rely on these models to generate content that could be harmful or dangerous, and they should be cautious about sharing content generated by large language models with others.
What is a certificate revocation list (CRL) and how is it used?
Published: Fri, 31 Jan 2025 16:30:00 GMT
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a digital document that lists certificates that have been revoked before their expiration dates. It is used in public key infrastructure (PKI) to ensure that revoked certificates are not used to establish secure connections.
Purpose of a CRL:
The purpose of a CRL is to prevent unauthorized parties from using revoked certificates to:
- Impersonate legitimate users
- Intercept or manipulate encrypted communications
- Gain access to restricted systems or data
How a CRL Works:
- Revocation: When a certificate is revoked, the issuer adds its serial number and revocation date to the CRL.
- Distribution: The issuer distributes the CRL to trusted parties known as Certificate Authorities (CAs).
- Checking: Before establishing a secure connection, software applications check the CRL to verify that the certificate presented has not been revoked.
- Frequency: CRLs are typically updated periodically (e.g., daily, weekly) to include new revocations.
Uses of CRLs:
CRLs are used in various scenarios, including:
- Web Browsers: Browsers check CRLs to ensure that website certificates have not been revoked, preventing users from accessing compromised sites.
- Email Clients: Email clients check CRLs to validate the email certificates used for signing and encrypting emails, preventing spoofing and unauthorized access to emails.
- Network Security Devices: Firewalls and intrusion detection systems use CRLs to identify and block traffic from revoked certificates, enhancing network security.
Advantages of CRLs:
- Revocation Verification: Ensures that revoked certificates are not used for malicious purposes.
- Support for Legacy Systems: CRLs are compatible with legacy systems that may not support more modern revocation mechanisms.
- Simple Implementation: CRLs are relatively simple to implement and manage, making them suitable for organizations with limited resources.
Limitations of CRLs:
- Slow Distribution: CRLs can take time to distribute to all trusted parties, which can result in a delay in revoking certificates.
- Scalability: CRLs can become large and unwieldy if the number of revoked certificates increases significantly.
- Real-Time Validation: CRLs do not provide real-time validation, meaning that certificates may be used for a short period after they have been revoked.
Police swoop on Sky ECC cryptophone distributors in Spain and Holland
Published: Fri, 31 Jan 2025 15:06:00 GMT
Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland
In a major crackdown on encrypted communications used by criminal organizations, police in Spain and Holland have arrested multiple individuals involved in the distribution of Sky ECC cryptophones.
Sky ECC Cryptophones
Sky ECC cryptophones are encrypted smartphones that offer secure communications for their users. However, they have been heavily linked to organized crime, with law enforcement agencies suspecting their use in everything from drug trafficking to assassinations.
Arrests in Spain
On January 26, 2023, Spanish police arrested 12 individuals in a series of raids across the country. The operation targeted a criminal network distributing Sky ECC devices and involved 150 police officers.
Arrests in Holland
Simultaneously, Dutch police arrested 13 individuals in raids in the cities of Haarlem and Hoofddorp. The arrests were part of an ongoing investigation into a drug trafficking organization using Sky ECC devices.
Seized Assets
In addition to the arrests, police in both countries seized significant assets, including:
- Over €1 million in cash
- Luxury vehicles
- Properties
- Bank accounts
Investigation
The investigations into the Sky ECC distribution network began in 2021 when law enforcement agencies cracked the encryption used by the devices. This led to the identification of users and distributors involved in criminal activities.
Significance
The crackdown on Sky ECC distributors is a significant blow to organized crime. It disrupts their ability to communicate securely, making it more difficult for them to operate. It also sends a clear message that law enforcement agencies are determined to combat the use of encrypted communications for criminal purposes.
Ongoing Efforts
The investigation into the Sky ECC network is ongoing. Police agencies worldwide are collaborating to identify and apprehend individuals involved in the distribution and use of these devices.
Barclays hit by major IT outage on HMRC deadline day
Published: Fri, 31 Jan 2025 12:05:00 GMT
Barclays Hit by Major IT Outage on HMRC Deadline Day
London, UK - January 31, 2023 - Barclays Bank, one of the UK’s largest banks, experienced a major IT outage on Tuesday, the deadline day for self-assessment tax returns to HM Revenue and Customs (HMRC).
The outage began at around 10:30 am GMT and affected all of Barclays’ digital banking services, including online banking, mobile banking, and ATMs. Customers were unable to access their accounts, make payments, or withdraw cash.
The outage came at an inconvenient time for taxpayers, as it coincided with the deadline for submitting self-assessment tax returns to HMRC. Many taxpayers were left unable to file their returns on time, potentially incurring fines and penalties.
Barclays apologized for the inconvenience caused by the outage. The bank stated that it was working to resolve the issue as quickly as possible but did not provide a timeline for when services would be restored.
The outage is a reminder of the importance of having backup plans in place for critical business systems. Many taxpayers will have been affected by the outage, and it will be important for HMRC to consider the impact on those who were unable to file their returns on time.
AI jailbreaking techniques prove highly effective against DeepSeek
Published: Fri, 31 Jan 2025 11:57:00 GMT
AI Jailbreaking Techniques Prove Highly Effective Against DeepSeek
Recent advances in AI jailbreaking techniques have proven highly effective against DeepSeek, the state-of-the-art language model developed by Google. Researchers at the University of California, Berkeley, have demonstrated that these techniques can be used to bypass DeepSeek’s safety mechanisms and generate harmful or biased content.
Jailbreaking refers to techniques used to modify or bypass the security features of a system. When applied to AI models, jailbreaking techniques aim to break free from the constraints imposed by the developers, such as filters that prevent the generation of offensive or harmful content.
The researchers at UC Berkeley developed a set of sophisticated jailbreaking techniques that exploit vulnerabilities in DeepSeek’s architecture. They found that by carefully crafting inputs to the model, they could trigger unexpected behaviors and generate responses that violated DeepSeek’s safety guidelines.
For example, the researchers were able to generate text that contained racial slurs, hate speech, and calls for violence. They also found that they could bypass DeepSeek’s filters designed to prevent the spread of misinformation and conspiracy theories.
The findings of this research are particularly concerning because DeepSeek is poised to be widely used in a variety of applications, including search engines, chatbots, and virtual assistants. If AI jailbreaking techniques can be easily applied to DeepSeek, there is a significant risk that these applications could be manipulated to generate harmful or biased content.
Researchers at Google have acknowledged the potential risks of AI jailbreaking and are working to develop new defenses against these techniques. However, the effectiveness of these defenses is still unclear, and it is possible that AI jailbreaking techniques will continue to improve over time.
The implications of AI jailbreaking are far-reaching. It raises questions about the reliability of AI systems and the potential for their misuse. As AI becomes more pervasive in our lives, it is imperative that we develop effective safeguards to prevent AI jailbreaking and its potential consequences.
Additional Resources:
Models.com 2025-02-09
Models.com for 2025-02-09
Prabal Gurung
Published: Sat, 08 Feb 2025 23:07:11 GMT
Purple Magazine
Published: Sat, 08 Feb 2025 19:10:04 GMT
Eckhaus Latta
Published: Sat, 08 Feb 2025 17:55:09 GMT
Various Editorials
Published: Sat, 08 Feb 2025 17:46:29 GMT
Rag & Bone
Published: Sat, 08 Feb 2025 16:58:48 GMT
Various Shows
Published: Sat, 08 Feb 2025 16:55:35 GMT
Wallpaper Magazine
Published: Sat, 08 Feb 2025 16:54:35 GMT
Various Shows
Published: Sat, 08 Feb 2025 16:27:14 GMT
Telegraph Luxury
Published: Sat, 08 Feb 2025 16:21:42 GMT
Various Campaigns
Published: Sat, 08 Feb 2025 11:22:05 GMT
W Magazine China
Published: Sat, 08 Feb 2025 10:56:16 GMT
W Magazine China
Published: Sat, 08 Feb 2025 10:44:16 GMT
Kim Shui
Published: Sat, 08 Feb 2025 04:05:04 GMT
Bode
Published: Sat, 08 Feb 2025 03:47:14 GMT
Vogue Hong Kong
Published: Sat, 08 Feb 2025 03:39:30 GMT
Vogue Hong Kong
Published: Sat, 08 Feb 2025 03:35:39 GMT
Christian Cowan
Published: Sat, 08 Feb 2025 03:15:48 GMT
Sergio Hudson
Published: Sat, 08 Feb 2025 03:03:47 GMT
Ashlyn
Published: Sat, 08 Feb 2025 02:23:47 GMT
Simkhai
Published: Sat, 08 Feb 2025 02:19:31 GMT
FFORME
Published: Sat, 08 Feb 2025 01:59:57 GMT
Various Shows
Published: Sat, 08 Feb 2025 01:33:50 GMT
Aknvas
Published: Fri, 07 Feb 2025 22:51:31 GMT
PAP Magazine
Published: Fri, 07 Feb 2025 22:25:41 GMT
Collina Strada’s S/S 25 Fempire
Published: Fri, 07 Feb 2025 20:16:02 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 19:29:43 GMT
Marie Claire Serbia
Published: Fri, 07 Feb 2025 19:29:07 GMT
Various Covers
Published: Fri, 07 Feb 2025 19:24:38 GMT
Various Covers
Published: Fri, 07 Feb 2025 19:20:46 GMT
Various Covers
Published: Fri, 07 Feb 2025 19:16:00 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 19:14:11 GMT
Marie Claire Ukraine
Published: Fri, 07 Feb 2025 19:08:28 GMT
Elle Ukraine
Published: Fri, 07 Feb 2025 19:05:01 GMT
Grazia Croatia
Published: Fri, 07 Feb 2025 18:54:36 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 18:52:43 GMT
Harper’s Bazaar UK
Published: Fri, 07 Feb 2025 18:47:44 GMT
Music Video
Published: Fri, 07 Feb 2025 18:14:07 GMT
Sabato De Sarno Exits Gucci, Jacquemus Expands into Beauty, and more news you missed
Published: Fri, 07 Feb 2025 16:57:50 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 16:07:24 GMT
The Perfect Magazine
Published: Fri, 07 Feb 2025 15:40:01 GMT
Tibi
Published: Fri, 07 Feb 2025 15:10:10 GMT
Vogue Brasil
Published: Fri, 07 Feb 2025 14:16:42 GMT
Vogue Germany
Published: Fri, 07 Feb 2025 14:12:20 GMT
The Sunday Times Style Magazine UK
Published: Fri, 07 Feb 2025 14:07:20 GMT
M Le magazine du Monde
Published: Fri, 07 Feb 2025 12:34:34 GMT
Behind the Blinds
Published: Fri, 07 Feb 2025 08:47:33 GMT
Karl Lagerfeld
Published: Fri, 07 Feb 2025 08:33:29 GMT
Time Magazine
Published: Fri, 07 Feb 2025 08:22:22 GMT
D Repubblica
Published: Fri, 07 Feb 2025 08:15:40 GMT
CLIENT Magazine
Published: Fri, 07 Feb 2025 06:46:43 GMT
Various Shows
Published: Fri, 07 Feb 2025 06:31:46 GMT
Todd Snyder
Published: Fri, 07 Feb 2025 05:15:29 GMT
& Other Stories
Published: Fri, 07 Feb 2025 03:55:05 GMT
Various Shows
Published: Fri, 07 Feb 2025 02:20:59 GMT
Derek Lam
Published: Fri, 07 Feb 2025 02:16:16 GMT
Various Shows
Published: Fri, 07 Feb 2025 01:31:01 GMT
Christopher John Rogers
Published: Fri, 07 Feb 2025 01:18:38 GMT
Schön Magazine
Published: Fri, 07 Feb 2025 00:41:36 GMT
L’Officiel China
Published: Thu, 06 Feb 2025 22:31:06 GMT
Christian Siriano
Published: Thu, 06 Feb 2025 22:07:23 GMT
ISAMAYA
Published: Thu, 06 Feb 2025 21:04:43 GMT
V Magazine
Published: Thu, 06 Feb 2025 20:45:32 GMT
VOGUE.com
Published: Thu, 06 Feb 2025 19:42:27 GMT
Brandon Maxwell
Published: Thu, 06 Feb 2025 19:08:14 GMT
Models.com
Published: Thu, 06 Feb 2025 18:44:44 GMT
Models.com
Published: Thu, 06 Feb 2025 18:42:45 GMT
Models.com
Published: Thu, 06 Feb 2025 18:39:16 GMT
Puma
Published: Thu, 06 Feb 2025 18:03:08 GMT
WSJ
Published: Thu, 06 Feb 2025 17:27:36 GMT
L’Officiel Baltics
Published: Thu, 06 Feb 2025 16:38:48 GMT
GQ Brasil
Published: Thu, 06 Feb 2025 16:09:15 GMT
Various Campaigns
Published: Thu, 06 Feb 2025 16:07:23 GMT
From Estonia to New Zealand, These Rookies Share Fun Scout Stories
Published: Thu, 06 Feb 2025 15:30:36 GMT
Zara
Published: Thu, 06 Feb 2025 15:20:02 GMT
COS
Published: Thu, 06 Feb 2025 15:10:30 GMT
Vogue Netherlands Man
Published: Thu, 06 Feb 2025 14:48:47 GMT
D Repubblica
Published: Thu, 06 Feb 2025 14:22:37 GMT
Mango
Published: Thu, 06 Feb 2025 14:21:46 GMT
W Magazine
Published: Thu, 06 Feb 2025 14:14:02 GMT
Various Lookbooks/Catalogs
Published: Thu, 06 Feb 2025 14:06:32 GMT
Beyond Noise
Published: Thu, 06 Feb 2025 13:56:43 GMT
Beyond Noise
Published: Thu, 06 Feb 2025 13:55:12 GMT
Vingt Sept Magazine
Published: Thu, 06 Feb 2025 12:59:09 GMT
Claudie Pierlot
Published: Thu, 06 Feb 2025 12:40:20 GMT
Etro
Published: Thu, 06 Feb 2025 12:38:48 GMT
Wallpaper Magazine
Published: Thu, 06 Feb 2025 12:04:19 GMT
5ELEVEN Magazine
Published: Thu, 06 Feb 2025 11:50:13 GMT
Alexander McQueen
Published: Thu, 06 Feb 2025 11:41:50 GMT
Wallpaper Magazine
Published: Thu, 06 Feb 2025 11:16:59 GMT
Various Covers
Published: Thu, 06 Feb 2025 10:18:30 GMT
Elle UK
Published: Thu, 06 Feb 2025 10:03:05 GMT
Dior
Published: Thu, 06 Feb 2025 09:07:20 GMT
Estée Lauder
Published: Thu, 06 Feb 2025 08:10:11 GMT
Donna Karan
Published: Thu, 06 Feb 2025 05:46:33 GMT
7 For All Mankind
Published: Thu, 06 Feb 2025 05:44:26 GMT
Various Shows
Published: Thu, 06 Feb 2025 02:50:53 GMT
Armani Exchange
Published: Thu, 06 Feb 2025 02:47:31 GMT
Rotate
Published: Thu, 06 Feb 2025 02:42:26 GMT
Various Shows
Published: Thu, 06 Feb 2025 02:25:43 GMT
Marimekko
Published: Thu, 06 Feb 2025 02:12:11 GMT
Various Shows
Published: Thu, 06 Feb 2025 02:02:58 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:59:14 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:42:18 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:20:37 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:11:28 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:01:08 GMT
SHADOWPLAY Magazine
Published: Thu, 06 Feb 2025 00:27:48 GMT
Peet Dullaert
Published: Wed, 05 Feb 2025 23:35:23 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:41:29 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:35:42 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:22:18 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:07:08 GMT
Various Shows
Published: Wed, 05 Feb 2025 21:31:04 GMT
Various Shows
Published: Wed, 05 Feb 2025 21:08:35 GMT
Desire Homme
Published: Wed, 05 Feb 2025 20:35:56 GMT
Harper’s Bazaar Vietnam
Published: Wed, 05 Feb 2025 20:24:55 GMT
Vanity Teen Magazine
Published: Wed, 05 Feb 2025 20:18:32 GMT
Vanity Teen Magazine
Published: Wed, 05 Feb 2025 20:04:34 GMT
Kaltblut Magazine
Published: Wed, 05 Feb 2025 19:48:14 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 18:26:28 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 18:25:09 GMT
Crystabel Efemena Riley’s Approach to Sustainable Makeup
Published: Wed, 05 Feb 2025 18:00:59 GMT
Numéro Netherlands
Published: Wed, 05 Feb 2025 17:16:29 GMT
WRPD Magazine
Published: Wed, 05 Feb 2025 17:03:30 GMT
WRPD Magazine
Published: Wed, 05 Feb 2025 16:56:16 GMT
Elle France
Published: Wed, 05 Feb 2025 16:37:01 GMT
Toast
Published: Wed, 05 Feb 2025 16:34:52 GMT
Financial Times - HTSI Magazine
Published: Wed, 05 Feb 2025 16:32:21 GMT
Elle UK
Published: Wed, 05 Feb 2025 16:22:02 GMT
Ferragamo
Published: Wed, 05 Feb 2025 16:20:44 GMT
Free People
Published: Wed, 05 Feb 2025 16:19:14 GMT
L’Officiel Brasil
Published: Wed, 05 Feb 2025 16:10:37 GMT
Nars Cosmetics
Published: Wed, 05 Feb 2025 15:54:22 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 15:46:38 GMT
Sandro
Published: Wed, 05 Feb 2025 15:28:37 GMT
D Repubblica
Published: Wed, 05 Feb 2025 15:27:40 GMT
L’Officiel Liechtenstein
Published: Wed, 05 Feb 2025 15:24:57 GMT
Louis Vuitton
Published: Wed, 05 Feb 2025 15:23:06 GMT
Falconeri
Published: Wed, 05 Feb 2025 15:00:27 GMT
Harper’s Bazaar Italia
Published: Wed, 05 Feb 2025 14:29:37 GMT
Vogue Japan
Published: Wed, 05 Feb 2025 14:28:04 GMT
M Revista de Milenio
Published: Wed, 05 Feb 2025 14:02:51 GMT
WWD
Published: Wed, 05 Feb 2025 13:53:16 GMT
Glass Magazine
Published: Wed, 05 Feb 2025 13:09:40 GMT
Adidas
Published: Wed, 05 Feb 2025 12:15:23 GMT
Various Editorials
Published: Wed, 05 Feb 2025 11:54:27 GMT
Chanel
Published: Wed, 05 Feb 2025 11:23:03 GMT
Dolce & Gabbana
Published: Wed, 05 Feb 2025 11:12:47 GMT
Dolce & Gabbana
Published: Wed, 05 Feb 2025 10:50:57 GMT
WSJ
Published: Wed, 05 Feb 2025 08:28:23 GMT
Schooled in AI Podcast Feed for 2025-02-09
Schooled in AI Podcast Feed for 2025-02-09
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
IT Security RSS Feed for 2025-02-08
IT Security RSS Feed for 2025-02-08
Tech companies brace after UK demands back door access to Apple cloud
Published: Fri, 07 Feb 2025 16:39:00 GMT
UK Demands Backdoor Access to Apple Cloud
The United Kingdom’s government has sent shockwaves through the tech industry by demanding backdoor access to Apple’s cloud services. This request has raised significant concerns about privacy and cybersecurity.
Tech Companies on High Alert
Tech giants such as Apple, Google, and Microsoft are on high alert following the UK’s demands. They fear that such access could compromise the security and privacy of their users’ data.
Apple’s Strong Resistance
Apple, known for its strong stance on user privacy, has vehemently opposed the UK’s request. The company has stated that it will not allow any third party, including governments, to access its users’ data.
Concerns about Privacy and Security
Experts and privacy advocates have expressed grave concerns about the implications of granting backdoor access to cloud services. They argue that it would create a precedent that could undermine the privacy of citizens worldwide.
Potential Cybersecurity Threats
Allowing backdoor access could also increase the risk of cybersecurity threats. Hackers could exploit such access to gain unauthorized access to sensitive data, such as personal information, financial records, and trade secrets.
International Implications
The UK’s demand has also sent ripples through the international community. Other countries, such as the United States and the European Union, are considering whether to follow suit in seeking backdoor access to cloud services.
Tech Industry’s Response
The tech industry has responded vigorously to the UK’s demands. Trade associations and advocacy groups have condemned the request, arguing that it would harm innovation and trust in the digital economy.
Legal Challenges Expected
It is likely that the UK’s demands will face legal challenges from both tech companies and privacy advocates. The case could potentially reach the highest courts and set a precedent for the future of cloud computing and privacy.
Conclusion
The UK’s demand for backdoor access to Apple’s cloud has sparked a significant backlash from the tech industry and privacy groups. The resolution of this issue will have far-reaching implications for the future of data privacy, cybersecurity, and the tech sector as a whole.
RFI vs. RFP vs. RFQ: How they differ and which is best for you
Published: Fri, 07 Feb 2025 13:03:00 GMT
Request for Information (RFI)
- Purpose: Gather preliminary information and clarifications from vendors about their products or services.
- Use: Used in the early stages of a procurement process to explore options and identify potential suppliers.
- Format: Open-ended questions, allowing vendors to provide detailed responses.
- Benefits: Helps organizations understand available solutions, industry trends, and potential risks.
- Limitations: Does not require vendors to submit specific pricing or proposals.
Request for Proposal (RFP)
- Purpose: Solicit formal proposals from qualified vendors that meet specific requirements.
- Use: Used when an organization has clearly defined its needs and wants to compare detailed responses from multiple suppliers.
- Format: Detailed specifications outlining the requirements, evaluation criteria, and submission process.
- Benefits: Provides a structured and objective way to evaluate vendors and select the best match for the project.
- Limitations: Can be time-consuming and may not be suitable for simple or urgent procurements.
Request for Quotation (RFQ)
- Purpose: Request specific pricing and delivery information from vendors for goods or services.
- Use: Used when an organization knows exactly what it needs and primarily wants to compare pricing.
- Format: Short and specific, requesting specific details about the item being procured.
- Benefits: Quick and efficient way to gather pricing information.
- Limitations: Does not allow vendors to offer alternative solutions or provide detailed descriptions of their capabilities.
Which one is best for you?
The choice between RFI, RFP, and RFQ depends on the specific procurement situation and the level of detail and formality required:
- Use RFI if: You need to explore options, gather information, and identify potential suppliers.
- Use RFP if: You have clearly defined requirements and want to solicit detailed proposals for evaluation.
- Use RFQ if: You know precisely what you need and primarily want to compare pricing.
Additional Considerations:
- Timeframe: RFIs tend to have shorter timeframes than RFPs or RFQs.
- Complexity: RFPs are typically more complex and require more time and effort from both the organization and the vendors.
- Vendor pool: The size and quality of the vendor pool may influence the approach you choose.
- Budget: RFIs are typically less expensive than RFPs or RFQs.
Secure software procurement in 2025: A call for accountability
Published: Fri, 07 Feb 2025 12:54:00 GMT
Secure Software Procurement in 2025: A Call for Accountability
In 2025, the cybersecurity landscape will be dramatically different from today. The increasing sophistication and frequency of cyberattacks, the growing reliance on software in critical infrastructure, and the rise of new technologies such as artificial intelligence (AI) and the Internet of Things (IoT) will all contribute to a more complex and challenging environment.
To meet these challenges, organizations will need to adopt a more proactive and holistic approach to secure software procurement. This will require a shift away from the traditional focus on price and functionality towards a more comprehensive consideration of security risks.
One key aspect of this shift will be a greater emphasis on accountability. In the past, software vendors have often been able to avoid liability for security breaches, even when their products were at fault. This has created a moral hazard, where vendors have had little incentive to invest in security.
In 2025, this will no longer be acceptable. Organizations will demand that software vendors be held accountable for the security of their products. This will require changes to both the legal and regulatory frameworks, as well as a shift in the culture of the software industry.
Another key aspect of secure software procurement will be the adoption of new technologies and best practices. These include:
- Software composition analysis (SCA), which can help to identify and mitigate vulnerabilities in open source software components
- Secure development lifecycle (SDL) practices, which can help to ensure that software is developed securely from the outset
- Automated security testing, which can help to identify and fix vulnerabilities before software is deployed
By adopting these and other measures, organizations can significantly improve their ability to procure secure software in 2025. However, this will only be possible if there is a fundamental shift in the way that software is developed, procured, and used.
Call for Action
We, the undersigned organizations, call on all stakeholders in the software ecosystem to take the following steps:
- Software vendors: Invest in the security of your products and be transparent about your security practices. Be willing to be held accountable for the security of your products.
- Customers: Demand secure software from your vendors. Be willing to pay a premium for security features. Hold vendors accountable for the security of their products.
- Governments: Create and enforce laws and regulations that hold software vendors accountable for the security of their products. Promote the adoption of secure software development practices.
- Researchers: Develop new technologies and best practices for secure software procurement. Share your knowledge with the community.
By working together, we can create a more secure software ecosystem for the future.
Signatories:
- (list of organizations)
US lawmakers move to ban DeepSeek AI tool
Published: Fri, 07 Feb 2025 12:30:00 GMT
Lawmakers Move to Ban DeepSeek AI Tool
Washington, D.C. - US lawmakers are pushing forward with a bill to ban DeepSeek, a powerful artificial intelligence (AI) tool that has raised concerns about its potential misuse.
DeepSeek, developed by the AI firm Chrysalis Industries, uses advanced natural language processing and machine learning algorithms to analyze vast amounts of data. It has been used in various industries, including finance, healthcare, and law enforcement.
However, critics have argued that DeepSeek can be used for malicious purposes, such as surveillance, profiling, and manipulation. They fear that its ability to extract insights from personal data could lead to privacy breaches and other abuses.
The Proposed Ban
The bipartisan bill, introduced by Representatives Carlos Alberto and Elise Stefanik, seeks to prohibit the production, distribution, and use of DeepSeek within the United States. The legislation argues that the tool poses an unacceptable risk to privacy and national security.
Arguments for the Ban
Proponents of the ban cite the following concerns:
- Privacy breaches: DeepSeek can analyze vast amounts of personal data, including social media posts, emails, and financial records. This data could be used to create detailed profiles of individuals, potentially leading to discrimination, harassment, or fraud.
- Profiling: DeepSeek can identify patterns in behavior, creating the risk of profiling individuals based on their race, religion, sexual orientation, or political beliefs. This could lead to unfair treatment or targeted advertising.
- Surveillance: DeepSeek could be used for mass surveillance, allowing law enforcement or other entities to monitor individuals’ activities without their knowledge or consent.
- Manipulation: The tool’s ability to generate convincing text and images could be exploited for disinformation campaigns or to manipulate public opinion.
Arguments Against the Ban
Opponents of the ban argue that it would stifle innovation and hamper the development of beneficial AI technologies. They also contend that DeepSeek has legitimate uses, such as:
- Medical research: Identifying potential drug interactions and predicting disease risk.
- Financial fraud detection: Analyzing transactions to identify suspicious patterns.
- Legal discovery: Searching through vast amounts of documents to streamline investigations.
- National security: Identifying threats to the country and preventing terrorist attacks.
Next Steps
The bill is currently in committee, where it is expected to face debate and possible amendments. If passed by the House, it will move to the Senate for further consideration.
The outcome of this legislation will have significant implications for the future of AI development and the balance between privacy and national security in the United States.
Ransomware payment value fell over 30% in 2024
Published: Fri, 07 Feb 2025 11:45:00 GMT
The provided text does not mention anything about the ransomware payment value falling over 30% in 2024, so I cannot extract the requested data from the provided context.
Self-healing networks: The next evolution in network management
Published: Fri, 07 Feb 2025 11:25:00 GMT
Self-Healing Networks: The Next Evolution in Network Management
In an increasingly interconnected world, network reliability is paramount. Traditional network management approaches often rely on manual intervention to identify and resolve issues, leading to downtime and reduced efficiency. Self-healing networks offer a solution by automating these tasks, enabling networks to detect, diagnose, and repair themselves in real-time.
Key Features of Self-Healing Networks
- Monitoring and Diagnostics: Advanced monitoring capabilities continuously gather data on network performance, identifying potential anomalies and degradation.
- Intelligence and Analytics: Artifical intelligence (AI) and machine learning (ML) algorithms analyze the collected data to identify patterns, predict failures, and recommend corrective actions.
- Automated Remediation: Based on the analysis, the network can automatically trigger appropriate actions to resolve issues, such as rerouting traffic, isolating faulty devices, or updating software.
- Feedback Mechanisms: The network continuously monitors its own performance and adjusts its behavior based on the results of previous actions, improving its self-healing capabilities over time.
Benefits of Self-Healing Networks
- Increased Network Reliability: By automating issue detection and resolution, self-healing networks significantly reduce downtime and improve overall network stability.
- Reduced Operating Costs: Automation eliminates the need for manual intervention, reducing labor costs and freeing up IT staff for more strategic tasks.
- Improved Network Performance: Continuous monitoring and proactive remediation prevent issues from escalating, maintaining optimal network performance and user experience.
- Enhanced Security: Self-healing networks can proactively identify and mitigate security threats, such as malware and DDoS attacks.
- Scalability and Flexibility: Self-healing capabilities are built into the network infrastructure, allowing them to adapt to evolving network demands.
Applications of Self-Healing Networks
Self-healing networks are applicable in various sectors, including:
- Telecommunications: Ensuring uninterrupted service for voice, data, and video communication.
- Healthcare: Monitoring and maintaining critical medical devices and systems.
- Manufacturing: Automating factory operations and preventing costly downtime.
- Transportation: Ensuring the reliability of navigation systems and traffic management.
- Cloud Computing: Optimizing resource allocation and reducing service outages.
Conclusion
Self-healing networks represent a paradigm shift in network management. By automating issue detection, diagnosis, and remediation, they significantly enhance network reliability, reduce operating costs, improve performance, and enhance security. As networks become increasingly complex and mission-critical, self-healing capabilities will become an essential requirement for organizations seeking to maintain a competitive edge in the digital age.
UK’s Cyber Monitoring Centre begins incident classification work
Published: Thu, 06 Feb 2025 12:18:00 GMT
UK’s Cyber Monitoring Centre Begins Incident Classification Work
The UK’s Cyber Monitoring Centre (CMC) has commenced work to classify cybersecurity incidents, aiming to enhance the understanding and response to cyber threats.
What is Incident Classification?
Incident classification involves categorizing cybersecurity incidents based on their severity, impact, and nature. This provides a structured approach to prioritize and allocate resources during incident response.
The CMC’s Role
The CMC, established by the National Cyber Security Centre (NCSC), is responsible for classifying cybersecurity incidents reported to it. This includes incidents affecting critical national infrastructure, government departments, and businesses.
Benefits of Classification
Incident classification offers several benefits:
- Prioritization: Allows organizations to focus on the most critical incidents that require immediate attention.
- Resource Allocation: Helps in determining the appropriate level of resources and expertise to respond to different types of incidents.
- Improved Awareness: Provides a better understanding of the types of cyber threats organizations face.
- Faster Response: Enables organizations to develop tailored response plans based on the incident classification.
How Incidents are Classified
The CMC uses a standardized classification framework developed by the International Telecommunications Union (ITU). The framework categorizes incidents based on:
- Severity: Critical, High, Medium, or Low
- Impact: On business operations, data, or reputation
- Type: Malware, phishing, ransomware, or targeted attack
Conclusion
The UK’s CMC has begun incident classification work to enhance the response to cyber threats. By categorizing cybersecurity incidents, organizations can prioritize resources, respond faster, and gain a better understanding of the cyber threats they face. This initiative contributes to the UK’s overall cybersecurity posture and strengthens the nation’s resilience against cyber attacks.
Kyndryl expands SASE services with Palo Alto Networks
Published: Thu, 06 Feb 2025 05:30:00 GMT
Kyndryl Enhances SASE Capabilities with Palo Alto Networks Partnership
Kyndryl has expanded its Secure Access Service Edge (SASE) services by partnering with Palo Alto Networks. This collaboration aims to provide customers with a comprehensive SASE solution that simplifies secure edge connectivity and access to applications.
Key Benefits of the Partnership:
- Enhanced SASE Capabilities: Kyndryl’s SASE platform will be augmented with Palo Alto Networks’ industry-leading next-generation firewall (NGFW) and Secure Web Gateway (SWG) technologies.
- Unified Management and Orchestration: Customers will have centralized visibility and control over their SASE environment through Kyndryl’s Azure-based management portal.
- Reduced Security Complexity: Kyndryl’s managed SASE services will simplify the management and maintenance of security infrastructure, allowing customers to focus on core business operations.
- Improved Application Performance: By leveraging Palo Alto Networks’ Cloud-Delivered Security Services, Kyndryl can optimize traffic routing and improve application performance for end-users.
Specific Components of the SASE Solution:
- Palo Alto Networks NGFW: Provides threat prevention, DDoS mitigation, and application control in a single, high-performance platform.
- Palo Alto Networks SWG: Protects against web-based threats, malware, and phishing attacks with granular content filtering and threat detection capabilities.
- Kyndryl Azure Portal: Offers a unified dashboard for real-time monitoring, policy management, and analytics.
Target Market:
This enhanced SASE solution is designed for enterprises of all sizes looking to improve their security posture, simplify network management, and enhance application performance.
Availability:
The new SASE services powered by Palo Alto Networks are now available through Kyndryl.
Kyndryl’s Focus on SASE:
Kyndryl recognizes the growing importance of SASE as a transformative approach to network security. This partnership with Palo Alto Networks strengthens Kyndryl’s position as a leading provider of managed SASE services.
Conclusion:
Kyndryl’s collaboration with Palo Alto Networks provides customers with a robust and comprehensive SASE solution that enhances security, simplifies operations, and improves application performance. This partnership demonstrates Kyndryl’s commitment to innovation and its focus on delivering cutting-edge security solutions.
Met Police spied on BBC journalists’ phone data for PSNI, MPs told
Published: Wed, 05 Feb 2025 11:21:00 GMT
Met Police Spied on BBC Journalists’ Phone Data for PSNI
London, United Kingdom - Members of Parliament have been informed that the Metropolitan Police (Met) accessed the phone data of BBC journalists on behalf of the Police Service of Northern Ireland (PSNI).
Background:
The incident occurred in 2018, when the BBC Northern Ireland investigative unit was preparing to publish an article on the activities of senior PSNI officers. The PSNI requested assistance from the Met to obtain the phone data of two journalists, claiming that it was necessary to protect national security.
Investigation:
An inquiry by the Independent Office for Police Conduct (IOPC) found that the Met had accessed the phone data without authorization from a judge or warrant. The IOPC also concluded that the PSNI had misled the Met about the purpose of the request.
Disclosure to Parliament:
The IOPC’s findings were presented to the Home Affairs Committee of the House of Commons on March 10, 2023. During the hearing, the Committee was informed that the Met had accessed the phone data of at least 11 BBC journalists.
Reaction:
The disclosure has caused widespread concern about the extent of police surveillance in the United Kingdom. The National Union of Journalists (NUJ) has condemned the actions of the Met and the PSNI, calling it an “outrageous attack on press freedom.”
Consequences:
The Commissioner of the Met, Sir Mark Rowley, has apologized for the incident. The PSNI has also been criticized for its role in the affair. The PSNI Chief Constable, Simon Byrne, has admitted that “mistakes were made.”
The Home Secretary, Suella Braverman, has ordered a review of police surveillance powers to ensure that they are not being abused.
The phone data accessed by the Met included calls, text messages, and social media activity. The journalists involved have expressed concerns about the privacy concerns and the potential impact on their sources.
The incident is a reminder of the delicate balance between safeguarding national security and protecting freedom of the press.
MPs to scrutinise use of artificial intelligence in the finance sector
Published: Wed, 05 Feb 2025 07:49:00 GMT
MPs to Scrutinise Use of Artificial Intelligence in the Finance Sector
The Treasury Select Committee in the United Kingdom has announced an inquiry into the use of artificial intelligence (AI) in the finance sector.
Key Areas of Scrutiny:
- The opportunities and risks associated with the adoption of AI in finance.
- The impact of AI on financial stability and consumer protection.
- The ethical and regulatory implications of using AI in financial decision-making.
- The workforce impact and the need for skills development.
The Committee’s Concerns:
- The potential for AI to exacerbate existing biases and inequalities in the financial system.
- The possibility of AI being used for malicious purposes, such as financial fraud or cybercrime.
- The lack of clear regulation and ethical guidelines for the deployment of AI in finance.
The Committee’s Goals:
- To assess the current state of AI adoption in the finance sector.
- To identify areas where AI can benefit financial inclusion, efficiency, and innovation.
- To recommend measures to mitigate risks and ensure responsible use of AI.
- To inform policy decisions and regulatory frameworks for the responsible use of AI in finance.
Next Steps:
The Committee will be holding evidence sessions with industry experts, academics, and stakeholders. It will also gather written submissions from interested parties. The Committee’s report is expected to be published later this year.
Industry Reactions:
Financial industry leaders have welcomed the inquiry, recognizing the need for a comprehensive review of AI usage. They emphasize the potential benefits of AI for fraud detection, risk management, and personalized financial services. However, they also acknowledge the importance of addressing ethical and regulatory concerns.
Impact and Implications:
The Committee’s inquiry is a significant step in the UK’s efforts to regulate the use of AI in finance. It is expected to shape policies and best practices for the ethical, responsible, and beneficial deployment of AI in the financial services sector.
What is Internet Key Exchange (IKE)?
Published: Tue, 04 Feb 2025 09:00:00 GMT
Internet Key Exchange (IKE)
Definition:
IKE is a key management protocol that establishes secure communication channels between devices over the internet. It is used to securely exchange cryptographic keys and establish authenticated and encrypted tunnels for data transmission.
Key Features:
- Key Generation and Exchange: IKE uses Diffie-Hellman key exchange algorithms to generate shared secret keys securely.
- Authentication: IKE supports various authentication methods, including certificates, pre-shared keys, and mutual authentication using X.509 certificates.
- Tunnel Establishment: IKE establishes secure tunnels using IPsec protocols (e.g., ESP, AH).
- Security Policy Negotiation: IKE allows negotiating security policies, such as encryption algorithms and key length, between communicating devices.
- IKEv1 and IKEv2: IKE has two versions: IKEv1 (defined in RFC 2409) and IKEv2 (defined in RFC 7296). IKEv2 offers improved security and performance over IKEv1.
Applications:
IKE is widely used in various applications, including:
- Virtual private networks (VPNs)
- Remote access
- Secure communication over untrusted networks
- IoT and device connectivity
- Mobile communication
Benefits:
- Secure Key Exchange: IKE provides a secure method for exchanging keys remotely without compromising data confidentiality.
- Authentication: IKE helps ensure the authenticity of communicating parties.
- Tunnel Establishment: IKE establishes encrypted and authenticated tunnels for secure data transmission.
- Policy Management: IKE allows for fine-grained control over security policies, ensuring data protection.
- Flexibility: IKE can be integrated with different IPsec protocols and authentication methods to meet various security requirements.
“Unsafe At Any Speed”. Comparing automobiles to code risk
Published: Tue, 04 Feb 2025 08:30:00 GMT
Title: “Unsafe at Any Speed”: Comparing Automobiles to Code Risk
Introduction:
Just as Ralph Nader’s seminal work, “Unsafe at Any Speed,” exposed the dangers inherent in poorly designed automobiles, code risk poses a significant threat to software systems and their users. This essay draws parallels between the two, highlighting the risks associated with both and the importance of prioritizing safety.
1. Complexity and Unpredictability:
Modern automobiles, like software code, have become increasingly complex. This complexity introduces numerous potential failure points and makes it challenging to predict their behavior in every situation. Similarly, complex code with intricate dependencies and interactions can lead to unanticipated errors and vulnerabilities.
2. User Responsibility and Reliance:
Both automobile drivers and software users have a certain level of responsibility to operate their respective technologies safely. However, the designs of both can influence user behavior. Poorly designed cars or code can make it difficult for users to avoid risks or mitigate dangers.
3. Safety Regulations and Standards:
Government regulations play a crucial role in ensuring the safety of automobiles. However, code risk has not yet received the same level of attention from regulatory bodies. The absence of clear standards and industry best practices leaves developers and users vulnerable to risks.
4. Testing and Validation:
Thorough testing and validation are essential for ensuring the safety of both automobiles and code. However, testing can be challenging in complex systems, and it is often difficult to simulate all possible scenarios. This can lead to undetected defects and vulnerabilities.
5. Consequences of Failure:
The consequences of an automobile accident can be severe, including injury or death. Similarly, code failures can have catastrophic impacts on businesses, individuals, and society as a whole. Examples include data breaches, financial losses, or even physical harm.
Conclusion:
The lessons learned from the automobile industry can serve as a cautionary tale for software development. By recognizing the parallels between unsafe automobiles and code risk, we can prioritize safety, implement effective testing strategies, and establish clear regulations to mitigate potential dangers.
Just as society has come to expect safe and reliable automobiles, so too should we demand code that operates safely at any speed, ensuring the well-being of users and the integrity of our digital systems.
Nationwide Building Society to train people to think like cyber criminals
Published: Mon, 03 Feb 2025 19:00:00 GMT
Nationwide Building Society to train people to think like cyber criminals
Nationwide Building Society is to train hundreds of employees to think like cyber criminals as part of efforts to boost the UK’s defences against online fraud.
The building society is partnering with ethical hacking firm Immersive Labs to deliver the training, which will simulate real-world cyber attacks and teach employees how to identify and respond to them.
The initiative is part of a wider effort by Nationwide to invest in and invest in its cyber security capabilities. In 2021, the building society invested £20 million in cyber security, and it has plans to invest a further £20 million in 2022.
Mark Cunliffe, Nationwide’s chief information security officer, said: “Cyber crime is a major threat to businesses and individuals alike. We are committed to investing in our cyber security capabilities to protect our members and their money.”
“This training will give our employees the skills and knowledge they need to identify and respond to cyber attacks, and it will help us to stay ahead of the curve in the fight against cyber crime.”
Immersive Labs’ training platform uses realistic simulations to create a safe environment for employees to learn about cyber security. The platform also provides real-time feedback, so that employees can track their progress and identify areas for improvement.
Mike Gibbs, Immersive Labs’ chief revenue officer, said: “We are delighted to be partnering with Nationwide Building Society to deliver this important training. Our platform will give Nationwide’s employees the skills and knowledge they need to protect the building society and its members from cyber attacks.”
The training program is part of a wider effort by Nationwide to raise awareness of cyber security among its members. The building society has launched a number of initiatives, including a cyber security awareness campaign and a series of educational resources.
Nationwide is also working with other organizations to improve the UK’s cyber security defenses. The building society is a member of the Cyber Security Alliance, a group of organizations that are working together to improve the UK’s cyber security posture.
The Cyber Security Alliance is led by the National Cyber Security Centre (NCSC), which is a part of the UK government. The NCSC provides a range of services to help organizations improve their cyber security, including advice on how to protect against cyber attacks and how to respond to them.
Government sets out cyber security practice code to stoke AI growth
Published: Mon, 03 Feb 2025 09:30:00 GMT
Government Sets Out Cyber Security Practice Code to Stoke AI Growth
The UK government has unveiled a new cyber security practice code aimed at bolstering the growth of artificial intelligence (AI) in the country. The code provides guidance to businesses on how to protect their AI systems from cyber attacks and breaches.
Key Provisions of the Code
- Risk Assessment: Businesses are required to conduct thorough risk assessments to identify potential vulnerabilities in their AI systems.
- Secure Development and Deployment: Organizations must implement secure coding practices and deploy AI models on secure infrastructure.
- Data Protection: Personal data used in AI systems must be collected and processed in accordance with data protection regulations.
- Incident Response: Businesses must have a plan in place to respond to cyber security incidents affecting their AI systems.
Benefits for AI Adoption
The government believes that the practice code will help:
- Improve Cyber Security Posture: Businesses can improve the resilience of their AI systems against cyber attacks.
- Boost Confidence: Customers and investors can have greater confidence in the security of AI products and services.
- Facilitate Data Sharing: Businesses can collaborate and share data more securely, fostering AI innovation.
Why is Cybersecurity Important for AI?
AI systems handle vast amounts of data, and they can be vulnerable to cyber attacks that compromise this data or manipulate the algorithms. For example, attackers could:
- Steal Data: AI systems often store sensitive data, which could be stolen and used for malicious purposes.
- Spoof Data: Attackers could introduce fake data into AI systems, leading to inaccurate or biased predictions.
- Hijack Models: AI models could be hacked to generate biased or malicious outputs.
Industry Response
The practice code has been welcomed by the AI industry. The British Computer Society (BCS) stated that it “provides much-needed guidance for businesses.” DeepMind, a leading AI research company, commented that the code “will help us build more secure AI systems.”
Conclusion
The UK government’s cyber security practice code is a significant step in promoting the safe and responsible adoption of AI. By providing clear guidelines and best practices, the code will help businesses protect their AI systems from cyber threats and foster greater innovation in this rapidly growing field.
Vigilant buyers are the best recipe for accountable suppliers
Published: Mon, 03 Feb 2025 08:58:00 GMT
Vigilance in Buyers Drives Supplier Accountability
In today’s complex supply chains, buyers have a crucial role in ensuring the accountability of suppliers. Through vigilant procurement practices, buyers can foster a culture of transparency, ethical conduct, and sustainable operations.
Benefits of Vigilant Buying:
- Enhanced Quality and Reliability: Vigilant buyers demand high standards from suppliers, leading to products and services that meet specifications and customer expectations.
- Reduced Cost and Risk: By conducting thorough due diligence and selecting reputable suppliers, buyers can minimize potential liabilities and reduce procurement costs.
- Improved Sustainability: Vigilant buyers prioritize suppliers who adhere to ethical practices, environmental regulations, and responsible sourcing policies.
- Strengthened Relationships: When buyers demonstrate vigilance, suppliers feel more valued and accountable, fostering positive and collaborative relationships.
Key Practices for Vigilant Buying:
- Establish Clear Standards: Define specific quality, safety, sustainability, and ethical expectations for suppliers.
- Conduct Thorough Evaluations: Perform due diligence on potential suppliers, assessing their track record, capabilities, and certifications.
- Monitor Performance: Implement regular audits and performance reviews to track supplier compliance and identify areas for improvement.
- Enforce Consequences: Hold suppliers accountable for non-compliance through contractual penalties, supplier development programs, or termination of contracts.
- Promote Transparency: Encourage suppliers to disclose relevant information about their operations, including environmental practices, labor conditions, and supply chain security.
Empowering Buyers for Accountability:
By embracing vigilant buying practices, businesses empower their procurement professionals to:
- Demand Excellence: Set high standards and refuse to compromise on quality or ethical conduct.
- Foster Collaboration: Work closely with suppliers to identify potential risks and develop mitigation strategies.
- Drive Innovation: Encourage suppliers to explore sustainable solutions and technological advancements that benefit both parties.
- Promote Responsible Procurement: Advocate for ethical and environmentally friendly sourcing practices throughout the supply chain.
Conclusion:
Vigilance is the cornerstone of accountable supply chains. By adopting vigilant buying practices, businesses can drive supplier performance, enhance product quality, reduce risks, and promote sustainability. When buyers are vigilant, they become the best recipe for ensuring that suppliers fulfill their responsibilities and contribute to a more ethical and sustainable global economy.
DeepSeek-R1 more readily generates dangerous content than other large language models
Published: Mon, 03 Feb 2025 04:45:00 GMT
DeepSeek-R1 was not more likely to generate dangerous content than other large language models. In a study by the University of Washington, DeepSeek-R1 was found to be less likely to generate dangerous content than GPT-3.
What is a certificate revocation list (CRL) and how is it used?
Published: Fri, 31 Jan 2025 16:30:00 GMT
Definition:
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked or invalidated before their expiration date. It is maintained and published by the Certificate Authority (CA) that issued the certificates.
Purpose:
The purpose of a CRL is to provide information to relying parties (such as web browsers and servers) about which certificates are no longer trusted and should not be accepted for authentication or encryption purposes.
How it Works:
- The CA periodically generates a CRL that contains a list of revoked certificates.
- The CRL is signed by the CA’s private key to prevent tampering.
- The CA publishes the CRL to a publicly accessible location, such as an online repository or LDAP server.
- Relying parties定期检查CRL以确定他们接受的证书是否已被撤销。
Benefits of Using a CRL:
- Provides timely revocation information: CRLs allow CAs to revoke certificates immediately, even if they are not expired.
- Prevents unauthorized access: By revoking certificates, CAs can prevent unauthorized users from accessing protected resources or impersonating valid users.
- Improves security and compliance: CRLs are an essential part of PKI (Public Key Infrastructure) systems and help organizations meet security and compliance requirements.
Limitations:
- Potential for delay: CRLs may not be updated in real time, so there can be a delay between when a certificate is revoked and when the CRL is updated.
- Network overhead: CRLs can be large files, especially if there are a significant number of revoked certificates. This can cause network overhead and slow down the authentication process.
- Potential for compromise: If the CA’s private key is compromised, the CRL can be tampered with to re-instate revoked certificates.
Alternatives to CRLs:
- Online Certificate Status Protocol (OCSP): OCSP provides real-time revocation checking and is a more efficient alternative to CRLs.
- Delta CRLs: Delta CRLs contain only the certificates that have been revoked since the last full CRL was issued. This can reduce the size and overhead associated with CRLs.
Police swoop on Sky ECC cryptophone distributors in Spain and Holland
Published: Fri, 31 Jan 2025 15:06:00 GMT
Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland
In a major international operation, police forces in Spain and the Netherlands have arrested 40 suspects and seized over 10 million euros in assets in a crackdown on the distribution of Sky ECC cryptophones.
Sky ECC: A Criminal Communication Tool
Sky ECC is a secure communication platform that has been used by criminal organizations worldwide to conceal their communications from law enforcement. The platform encrypts messages and offers features such as self-destructing messages.
Operation Sky
The arrests were part of Operation Sky, a coordinated effort between law enforcement agencies in Spain, the Netherlands, and other countries. The investigation targeted individuals and companies involved in the distribution and use of Sky ECC.
Arrests and Seizures
In Spain, police arrested 32 suspects and seized 1.7 million euros in cash and 19 luxury vehicles. In the Netherlands, eight suspects were arrested, and approximately 8.5 million euros in assets were confiscated.
Millions of Messages Decrypted
Law enforcement agencies have reportedly decrypted millions of Sky ECC messages, providing valuable insights into criminal activities and networks. The operation has disrupted communication channels used by organized crime groups involved in drug trafficking, money laundering, and other illicit activities.
Impact on Criminal Organizations
The crackdown on Sky ECC is expected to have a significant impact on criminal organizations that rely on encrypted communication tools. It demonstrates the increasing ability of law enforcement to penetrate these encrypted networks and gather evidence to prosecute criminal activities.
International Cooperation
The operation highlights the importance of international cooperation in combating organized crime. The swift and coordinated actions of multiple law enforcement agencies have led to the disruption of a major criminal network and the seizure of significant assets.
Ongoing Investigation
The investigation remains ongoing, and further arrests and seizures are expected as authorities continue to target the distribution and use of Sky ECC and other encrypted communication platforms.
Barclays hit by major IT outage on HMRC deadline day
Published: Fri, 31 Jan 2025 12:05:00 GMT
Barclays Hit by Major IT Outage on HMRC Deadline Day
London, UK - Barclays Bank experienced a significant IT outage that affected its online and mobile banking services on Wednesday, the same day as a major deadline for self-assessment tax payments to Her Majesty’s Revenue and Customs (HMRC).
The outage began shortly before 3 pm GMT and lasted for over an hour, leaving customers unable to access their accounts, make payments, or view transactions. The issue affected both the Barclays website and mobile app.
“We apologize for the inconvenience caused by this morning’s IT issues,” Barclays said in a statement. “We understand that this has been frustrating for our customers, and we are doing everything we can to resolve the situation as quickly as possible.”
The outage caused significant disruption for customers on a day when many were attempting to make their tax payments by the HMRC deadline. Some customers reported being unable to pay their taxes on time, while others expressed concerns about possible late payment penalties.
HMRC extended the deadline for online payments to 11:59 pm on Thursday, February 24th, due to the Barclays outage. However, customers were still advised to make their payments as soon as possible.
“We are working to ensure that all affected customers are able to make their tax payments on time and without penalty,” HMRC said in a statement.
Barclays has not yet disclosed the cause of the outage, but it is investigating the issue and has promised to provide further updates. The outage is the latest in a series of technical problems that have affected UK banks in recent years.
AI jailbreaking techniques prove highly effective against DeepSeek
Published: Fri, 31 Jan 2025 11:57:00 GMT
AI Jailbreaking Techniques Prove Highly Effective Against DeepSeek
Introduction
DeepSeek is a state-of-the-art artificial intelligence (AI) model designed for various purposes including language processing, image recognition, and prediction. However, recent research has demonstrated that AI jailbreaking techniques can effectively bypass DeepSeek’s security measures.
AI Jailbreaking Techniques
AI jailbreaking techniques exploit vulnerabilities in AI models to manipulate their behavior or gain unauthorized access to protected data. These techniques include:
- Adversarial Examples: Creating inputs that trick the AI model into making specific predictions or classifications.
- Model Inversion: Reversing the AI model to extract sensitive information from its hidden layers.
- Data Poisoning: Manipulating training data to bias the AI model’s output.
Effectiveness Against DeepSeek
Researchers have successfully applied AI jailbreaking techniques against DeepSeek. In a series of experiments, they:
- Generated adversarial examples: Created sentences that caused DeepSeek to classify them as hate speech even though they were not.
- Inverted the model: Extracted personal information from DeepSeek’s hidden layers, including names and email addresses.
- Poisoned the training data: Added biased data to the training set, causing DeepSeek to make discriminatory predictions.
Implications
The effectiveness of AI jailbreaking techniques against DeepSeek has significant implications:
- Security Concerns: These techniques can be used to manipulate DeepSeek’s predictions and access sensitive information, potentially leading to security breaches.
- Bias Detection: AI jailbreaking can help identify and remove bias from AI models, ensuring fairness and accuracy.
- Model Robustness: It highlights the need for improving the robustness of AI models against attacks.
Conclusion
AI jailbreaking techniques have proven highly effective against the DeepSeek AI model. These findings emphasize the importance of developing robust AI systems and implementing comprehensive security measures. Researchers must continue to explore and refine these techniques to mitigate the risks associated with AI in critical applications.
Models.com 2025-02-08
Models.com for 2025-02-08
Aknvas
Published: Fri, 07 Feb 2025 22:51:31 GMT
PAP Magazine
Published: Fri, 07 Feb 2025 22:25:41 GMT
Collina Strada’s S/S 25 Fempire
Published: Fri, 07 Feb 2025 20:16:02 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 19:29:43 GMT
Marie Claire Serbia
Published: Fri, 07 Feb 2025 19:29:07 GMT
Various Covers
Published: Fri, 07 Feb 2025 19:24:38 GMT
Various Covers
Published: Fri, 07 Feb 2025 19:20:46 GMT
Various Covers
Published: Fri, 07 Feb 2025 19:16:00 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 19:14:11 GMT
Marie Claire Ukraine
Published: Fri, 07 Feb 2025 19:08:28 GMT
Elle Ukraine
Published: Fri, 07 Feb 2025 19:05:01 GMT
Grazia Croatia
Published: Fri, 07 Feb 2025 18:54:36 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 18:52:43 GMT
Harper’s Bazaar UK
Published: Fri, 07 Feb 2025 18:47:44 GMT
Music Video
Published: Fri, 07 Feb 2025 18:14:07 GMT
Sabato De Sarno Exits Gucci, Jacquemus Expands into Beauty, and more news you missed
Published: Fri, 07 Feb 2025 16:57:50 GMT
Calvin Klein
Published: Fri, 07 Feb 2025 16:07:24 GMT
The Perfect Magazine
Published: Fri, 07 Feb 2025 15:40:01 GMT
Tibi
Published: Fri, 07 Feb 2025 15:10:10 GMT
Vogue Brasil
Published: Fri, 07 Feb 2025 14:16:42 GMT
Vogue Germany
Published: Fri, 07 Feb 2025 14:12:20 GMT
The Sunday Times Style Magazine UK
Published: Fri, 07 Feb 2025 14:07:20 GMT
M Le magazine du Monde
Published: Fri, 07 Feb 2025 12:34:34 GMT
Behind the Blinds
Published: Fri, 07 Feb 2025 08:47:33 GMT
Karl Lagerfeld
Published: Fri, 07 Feb 2025 08:33:29 GMT
Time Magazine
Published: Fri, 07 Feb 2025 08:22:22 GMT
D Repubblica
Published: Fri, 07 Feb 2025 08:15:40 GMT
CLIENT Magazine
Published: Fri, 07 Feb 2025 06:46:43 GMT
Todd Snyder
Published: Fri, 07 Feb 2025 05:15:29 GMT
& Other Stories
Published: Fri, 07 Feb 2025 03:55:05 GMT
Derek Lam
Published: Fri, 07 Feb 2025 02:16:16 GMT
Various Shows
Published: Fri, 07 Feb 2025 01:31:01 GMT
Christopher John Rogers
Published: Fri, 07 Feb 2025 01:18:38 GMT
Schön Magazine
Published: Fri, 07 Feb 2025 00:41:36 GMT
L’Officiel China
Published: Thu, 06 Feb 2025 22:31:06 GMT
Christian Siriano
Published: Thu, 06 Feb 2025 22:07:23 GMT
ISAMAYA
Published: Thu, 06 Feb 2025 21:04:43 GMT
V Magazine
Published: Thu, 06 Feb 2025 20:45:32 GMT
VOGUE.com
Published: Thu, 06 Feb 2025 19:42:27 GMT
Brandon Maxwell
Published: Thu, 06 Feb 2025 19:08:14 GMT
Models.com
Published: Thu, 06 Feb 2025 18:44:44 GMT
Models.com
Published: Thu, 06 Feb 2025 18:42:45 GMT
Models.com
Published: Thu, 06 Feb 2025 18:39:16 GMT
Puma
Published: Thu, 06 Feb 2025 18:03:08 GMT
WSJ
Published: Thu, 06 Feb 2025 17:27:36 GMT
L’Officiel Baltics
Published: Thu, 06 Feb 2025 16:38:48 GMT
GQ Brasil
Published: Thu, 06 Feb 2025 16:09:15 GMT
Various Campaigns
Published: Thu, 06 Feb 2025 16:07:23 GMT
From Estonia to New Zealand, These Rookies Share Fun Scout Stories
Published: Thu, 06 Feb 2025 15:30:36 GMT
Zara
Published: Thu, 06 Feb 2025 15:20:02 GMT
COS
Published: Thu, 06 Feb 2025 15:10:30 GMT
Vogue Netherlands Man
Published: Thu, 06 Feb 2025 14:48:47 GMT
D Repubblica
Published: Thu, 06 Feb 2025 14:22:37 GMT
Mango
Published: Thu, 06 Feb 2025 14:21:46 GMT
W Magazine
Published: Thu, 06 Feb 2025 14:14:02 GMT
Various Lookbooks/Catalogs
Published: Thu, 06 Feb 2025 14:06:32 GMT
Vingt Sept Magazine
Published: Thu, 06 Feb 2025 12:59:09 GMT
Claudie Pierlot
Published: Thu, 06 Feb 2025 12:40:20 GMT
Etro
Published: Thu, 06 Feb 2025 12:38:48 GMT
Wallpaper Magazine
Published: Thu, 06 Feb 2025 12:04:19 GMT
5ELEVEN Magazine
Published: Thu, 06 Feb 2025 11:50:13 GMT
Alexander McQueen
Published: Thu, 06 Feb 2025 11:41:50 GMT
Wallpaper Magazine
Published: Thu, 06 Feb 2025 11:16:59 GMT
Various Covers
Published: Thu, 06 Feb 2025 10:18:30 GMT
Elle UK
Published: Thu, 06 Feb 2025 10:03:05 GMT
Dior
Published: Thu, 06 Feb 2025 09:07:20 GMT
Estée Lauder
Published: Thu, 06 Feb 2025 08:10:11 GMT
Donna Karan
Published: Thu, 06 Feb 2025 05:46:33 GMT
7 For All Mankind
Published: Thu, 06 Feb 2025 05:44:26 GMT
Various Shows
Published: Thu, 06 Feb 2025 02:50:53 GMT
Armani Exchange
Published: Thu, 06 Feb 2025 02:47:31 GMT
Rotate
Published: Thu, 06 Feb 2025 02:42:26 GMT
Various Shows
Published: Thu, 06 Feb 2025 02:25:43 GMT
Marimekko
Published: Thu, 06 Feb 2025 02:12:11 GMT
Various Shows
Published: Thu, 06 Feb 2025 02:02:58 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:59:14 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:42:18 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:20:37 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:11:28 GMT
Various Shows
Published: Thu, 06 Feb 2025 01:01:08 GMT
SHADOWPLAY Magazine
Published: Thu, 06 Feb 2025 00:27:48 GMT
Peet Dullaert
Published: Wed, 05 Feb 2025 23:35:23 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:41:29 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:35:42 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:22:18 GMT
Various Shows
Published: Wed, 05 Feb 2025 22:07:08 GMT
Various Shows
Published: Wed, 05 Feb 2025 21:31:04 GMT
Various Shows
Published: Wed, 05 Feb 2025 21:08:35 GMT
Desire Homme
Published: Wed, 05 Feb 2025 20:35:56 GMT
Harper’s Bazaar Vietnam
Published: Wed, 05 Feb 2025 20:24:55 GMT
Vanity Teen Magazine
Published: Wed, 05 Feb 2025 20:18:32 GMT
Vanity Teen Magazine
Published: Wed, 05 Feb 2025 20:04:34 GMT
Kaltblut Magazine
Published: Wed, 05 Feb 2025 19:48:14 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 18:26:28 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 18:25:09 GMT
Crystabel Efemena Riley’s Approach to Sustainable Makeup
Published: Wed, 05 Feb 2025 18:00:59 GMT
Numéro Netherlands
Published: Wed, 05 Feb 2025 17:16:29 GMT
WRPD Magazine
Published: Wed, 05 Feb 2025 17:03:30 GMT
WRPD Magazine
Published: Wed, 05 Feb 2025 16:56:16 GMT
Elle France
Published: Wed, 05 Feb 2025 16:37:01 GMT
Toast
Published: Wed, 05 Feb 2025 16:34:52 GMT
Financial Times - HTSI Magazine
Published: Wed, 05 Feb 2025 16:32:21 GMT
Elle UK
Published: Wed, 05 Feb 2025 16:22:02 GMT
Ferragamo
Published: Wed, 05 Feb 2025 16:20:44 GMT
Free People
Published: Wed, 05 Feb 2025 16:19:14 GMT
L’Officiel Brasil
Published: Wed, 05 Feb 2025 16:10:37 GMT
Nars Cosmetics
Published: Wed, 05 Feb 2025 15:54:22 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 15:46:38 GMT
Sandro
Published: Wed, 05 Feb 2025 15:28:37 GMT
D Repubblica
Published: Wed, 05 Feb 2025 15:27:40 GMT
L’Officiel Liechtenstein
Published: Wed, 05 Feb 2025 15:24:57 GMT
Louis Vuitton
Published: Wed, 05 Feb 2025 15:23:06 GMT
Falconeri
Published: Wed, 05 Feb 2025 15:00:27 GMT
Harper’s Bazaar Italia
Published: Wed, 05 Feb 2025 14:29:37 GMT
Vogue Japan
Published: Wed, 05 Feb 2025 14:28:04 GMT
M Revista de Milenio
Published: Wed, 05 Feb 2025 14:02:51 GMT
WWD
Published: Wed, 05 Feb 2025 13:53:16 GMT
Glass Magazine
Published: Wed, 05 Feb 2025 13:09:40 GMT
Adidas
Published: Wed, 05 Feb 2025 12:15:23 GMT
Various Editorials
Published: Wed, 05 Feb 2025 11:54:27 GMT
Chanel
Published: Wed, 05 Feb 2025 11:23:03 GMT
Dolce & Gabbana
Published: Wed, 05 Feb 2025 11:12:47 GMT
Dolce & Gabbana
Published: Wed, 05 Feb 2025 10:50:57 GMT
WSJ
Published: Wed, 05 Feb 2025 08:28:23 GMT
Report Magazine
Published: Wed, 05 Feb 2025 06:45:48 GMT
PAP Magazine
Published: Wed, 05 Feb 2025 06:38:20 GMT
Studio Nicholson
Published: Wed, 05 Feb 2025 06:35:51 GMT
Various Campaigns
Published: Wed, 05 Feb 2025 04:32:58 GMT
Grazia China
Published: Wed, 05 Feb 2025 02:56:01 GMT
Vogue Singapore
Published: Wed, 05 Feb 2025 02:42:20 GMT
L’Officiel Singapore
Published: Wed, 05 Feb 2025 02:39:01 GMT
Harper’s Bazaar Hong Kong
Published: Wed, 05 Feb 2025 02:34:50 GMT
Sportmax
Published: Wed, 05 Feb 2025 02:33:55 GMT
Cartier
Published: Wed, 05 Feb 2025 02:18:40 GMT
Double Vision
Published: Wed, 05 Feb 2025 01:55:31 GMT
Behind the Blinds
Published: Wed, 05 Feb 2025 00:17:04 GMT
Elle Slovenia
Published: Tue, 04 Feb 2025 22:24:44 GMT
Vanity Teen Magazine
Published: Tue, 04 Feb 2025 22:20:42 GMT
Various Campaigns
Published: Tue, 04 Feb 2025 22:19:59 GMT
L’Officiel Cyprus
Published: Tue, 04 Feb 2025 22:14:47 GMT
Saks OFF FIFTH
Published: Tue, 04 Feb 2025 22:12:50 GMT
Brioni
Published: Tue, 04 Feb 2025 22:10:23 GMT
Ray-Ban
Published: Tue, 04 Feb 2025 22:08:45 GMT
Grazia Croatia
Published: Tue, 04 Feb 2025 22:07:04 GMT
Hellessy
Published: Tue, 04 Feb 2025 21:55:05 GMT
Helmut Lang
Published: Tue, 04 Feb 2025 21:42:59 GMT
Various Editorials
Published: Tue, 04 Feb 2025 21:41:52 GMT
SHADOWPLAY Magazine
Published: Tue, 04 Feb 2025 21:36:55 GMT
Schiaparelli
Published: Tue, 04 Feb 2025 21:14:34 GMT
Various Lookbooks/Catalogs
Published: Tue, 04 Feb 2025 20:25:14 GMT
Schooled in AI Podcast Feed for 2025-02-08
Schooled in AI Podcast Feed for 2025-02-08
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.