Sunday, October 13, 2019

Cybersecurity Glossary

Most common used terms in CyberSecurity:

Advanced persistent threats (APTs) This threat results in very significant damage impacting an individual organisation or a country. Attackers are willing to invest a great deal of time, money and knowledge in the attack and generally have considera- ble resources at their disposal.
Backdoor "Backdoor" refers to a software feature that allows us- ers to circumvent the usual access control of a com- puter or of a protected function of a computer program.
Bitcoin Bitcoin is a decentralised payment system that can be used worldwide, as well as the name of a digital mone- tary unit.
Bot Comes from the Slavic word “robota” meaning work. Refers to a program that automatically carries out cer- tain actions upon receiving the command. Malicious bots can control compromised systems remotely and have them carry out arbitrary actions.
Brute force Brute force is a method for solving problems in the fields of computer science, cryptology, and game the- ory based on trying out all possible cases.
CEO-Fraud CEO fraud occurs when perpetrators instruct the ac- counting or finance department in the name of the CEO to make a payment to the (typically foreign) ac-count of the scammers. Generally, the instruction is sent from a spoofed email address.
Command & control server Most bots can be monitored by a botmaster and receive commands via a communication channel. This channel is called a command & control server.
CPU / processor The CPU (central processing unit) is another term for processor, the central unit in a computer, and contains the logical circuits to run a computer program.
Cryptomining Mining creates new blocks and then adds them to the block chain. The process requires considerable pro- cessing power and is therefore remunerated.
DDoS Distributed denial of service attack. A DoS, or denial of service, attack where the victim is simultaneously at- tacked by many different systems.
Defacement Unauthorised alteration of websites.
Domain name system With the help of DNS, the internet and its services can be utilised in a user-friendly way, because users can utilise names instead of IP addresses
Downloader A downloader is a program that downloads and installs one or more instances of malware.
DriveBy-Infection nfection of a computer with malware simply by visiting a website. Often the websites concerned contain repu- table offerings and have already been compromised beforehand for the purposes of spreading the malware. The infection occurs mostly by trying out exploits for vulnerabilities not yet patched by the visitor.
E-currency services A monetary value in the form of a receivable from the issuing authority. The value is saved on a data carrier, issued in return for a sum of money – the value of which is not less than the issued monetary value – and ac- cepted by companies other than the issuing authority as a means of payment.
Exploit-Kit Toolkits with which criminals can generate programs, script or lines of code to exploit vulnerabilities in com- puter systems.
Financial agent A financial agent works as a legal money broker and thus engages in financial transfers. Recently, this term has been used in connection with illegal financial trans- actions.
Global Positioning System (GPS) Global Positioning System (GPS), officially NAVSTAR GPS, is a global navigation satellite system for deter- mining position and measuring time.
Industrial control systems (ICSs) Control systems consist of one or more devices that control, regulate, and/or monitor the behaviour of other devices or systems. In industrial production, the term "industrial control system" (ICS) is often used.
JavaScript Is an object-based scripting language for developing applications. JavaScripts are program components in- tegrated in HTML code enabling specific functions in internet browsers. For example, while checking user in- put on an internet form, a JavaScript can verify that all the characters entered of a telephone number are ac- tually numbers. As is the case with ActiveX Controls, JavaScripts are run on the computer of the website visitor. Aside from useful features, unfortunately danger- ous functions can also be programmed. In contrast to ActiveX, JavaScript is supported by all browsers.
Malware Generic term for software which carries out harmful functions on a computer, e.g. viruses, worms, Trojan horses.
Metadata "Metadata" and "meta-information" refer to data containing information about other data.
MITM Man-in-the-middle attacks (MITM) Attacks in which the attacker infiltrates unnoticed the communication chan- nel between two partners and is thereby able to spy on or even modify their data exchanges.
mobileTAN mobileTAN is a way to incorporate text messages (SMSs) as a transmission channel. After online banking clients transmit their completed funds transfer requests on the internet, the bank sends them a text message on their mobile phone with a TAN that can be used only for that transaction.
P2P Peer to Peer Network architecture in which those sys- tems involved can carry out similar functions (in con- trast to client-server architecture). P2P is often used for exchanging data.
Patch Software that replaces the faulty part of a program with an error-free part, thereby eliminating a vulnerability, for example.
Phishing Fraudsters phish in order to gain confidential data from unsuspecting internet users. For example, this can be account information from online auctioneers (e.g. eBay) or access data for online banking. The fraudsters take advantage of their victims' good faith and helpful- ness by sending them emails with false sender ad- dresses.
PowerShell script PowerShell is a cross-platform framework by Microsoft for automating, configuring, and administering sys- tems, consisting of a command line interpreter and a scripting language.
Proxy A proxy is a communication interface in a network. It works as a mediator, receiving queries on the one side and making a connection on the other side via its own address.
Remote Administration Tool A remote administration tool is used for the remote ad- ministration of any number of computers or computing systems.
Router Computer network, telecommunication, or also internet devices used to link or separate several networks. Routers are used in home networks, for instance, es- tablishing the connection between the internal network and the internet.
Smartphone A smartphone is a mobile phone that offers more computer functionality and connectivity than a standard ad- vanced mobile phone.
SMS Short Message Service for sending text messages (160 characters maximum) to mobile phone users.
Social Engineering Social engineering attacks take advantage of people's helpfulness, credulity or lack of self confidence in order to gain access to confidential data or to prompt them to perform certain actions, for example.
Spam Spam refers to unsolicited and automatically sent mass advertising, into which category spam e-mails also fall. The person responsible for these messages is known as a spammer, whereas the actual sending itself is known as spamming.
Spearphishing emails Targeted phishing attack. For example, victims are tricked into believing that they are communicating with someone they know by email.
Supply chain attacks Attack in which an attempt is made to infect the actual target via the infection of a company in the supply chain.
Take-down Expression used when a provider takes down a site from the network due to its fraudulent content.
Top-Level-Domains Every name of a domain on the Internet consists of a sequence of character strings separated by periods. The term "top level domain" refers to the last name in this sequence, constituting the highest level of the name resolution. If the full domain name of a computer or website is, for instance, the right- most member of the sequence (com) is the top level domain of this name.
Transmission Control Protocol / Internet Protocol (TCP/IP) Transmission Control Protocol / Internet Protocol (TCP/IP) is a family of network protocols, also referred to as the Internet protocol family because of its great importance for the Internet.
Two-factor authentication For this, at least two of the following three authentica- tion factors are required: 1. Something you know (e.g. password, PIN, etc.) 2. Something you have (e.g. a cer- tificate, token, list of codes, etc.) 3. Something you are (e.g. finger print, retina scan, voice recognition, etc.)
UDP The User Datagram Protocol, short UDP, is a minimal, connectionless network protocol that belongs to the transport layer of the internet protocol family.
USB Universal Serial Bus (with a corresponding interface) which enables peripheral devices such as a keyboard, mouse, external data carrier, printer, etc. to be con- nected. The computer does not have to be switched off when a USB device is unplugged or plugged in. For the most part, new devices are automatically identified and configured (depending on the operating system).
Vulnerability A loophole or bug in hardware or software through which attackers can access a system.
Watering-hole attacks Targeted infection by malware via websites that tend to be visited only by a specific user group.
WLAN WLAN stands for Wireless Local Area Network.
Worm Unlike viruses, worms do not require a host program in order to propagate. Instead, they use vulnerabilities or configuration errors in operating systems or applications to spread by themselves from one computer to another.
Zero-Day An exploit which appears on the same day as the security holes are made public.
ZIP-File zip is an algorithm and file format for data compression, in order to reduce the storage space needed for the ar- chiving and transfer of files.

Saturday, September 7, 2019

Private jet charter vs Fractional ownership

Fractional ownership is perhaps the most recent method of private aviation travel. In such an arrangement, you own a portion of a jet fleet, along with other owners. And the price you pay is determined by the amount of hours you fly. This means that you also get to share the cost of maintenance and staff with other co-owners. That said, there may be some disadvantages for you, compared to a jet charter.
A private jet charter allows you to enjoy all the benefits of private air travel, without any up-front costs or maintenance fees. Everything is taken care of for you. You are only required to pay for the service.

For the most part, an on-demand private jet charter works similar to your typical airline.1) You schedule a flight, 2) walk into a terminal, 3) then take the trip to your destination.

But what makes it differ from your standard commercial carrier is that you do not have to worry about any security pat-downs, long flight lines, or the endless wait for your luggage. Instead, upon scheduling and paying for the flight cost, all you need to do is enter, wait, and board. And most of the time, you get to leave as quickly as possible.

That said, you do not necessarily need to own an aircraft to make use of the service. The most prominent hurdle is finding a broker where you can book the flight. But with online applications and options, finding the right plane no longer seems to be a challenge.

Sunday, July 29, 2018

What is a "unicorn" in the high tech domain ( aka "licorne" in French) ?

The "unicorn" companies have common features:

  • specialise on the high tech domain
  • exist since at least 10 years
  • they are capitalised over 1 billion USD even before to be on the stock market

The term "unicorn" has been used for the first time in the literature by Aileen Lee.
We may say that in average there are four unicorns born every year.

Disruptive Innovation
 Nearly all of the unicorn companies have disrupted the industry they belong to. Uber changed the way people book cabs, Airbnb capitalized on the sharing economy, Snapchat disrupted the social networking sphere, Dropbox by sharing files on the Cloud, DJI with drones,  etc.

First Mover’s Advantage
Disruption and the first mover’s advantage go hand in hand. Unicorns not only capitalize on the first mover’s advantage but maintain their positioning by constantly innovating and improving.

Consumer Focused
Their business models are focused on making the things more easier and affordable for the consumers (B2C).

List of unicorn startup companies

Sunday, July 22, 2018

What is GAFA, NATU and BATX?

The acronym GAFA stands for the four most powerful companies on the internet world and simply of the world. 
Those companies are: Google, Apple, Facebook and Amazon and their purchases: Whatsapp, Instagram or Snapchat.

The economical power of those companies might match or even exceed the one of some States.
One might wonder why Microsoft does not belong to this group. That is why sometimes the acronym is GAFAM (with M).
The GAFA companies represent the economy at the beginning of the 21st century and embody the entry to the digital era. 
 The GAFA are challenged by other internet companies known as NATU and BATX.

The acronym NATU stands for: Netflix, Airbnb, Tesla and Uber.
The acronym BATX stands for the four Chinese internet giants: 
       Baidu : the reference search engine in China;
       Alibaba : the reference online marketplace in China;
       Tencent : WeChat app, WeChat app is similar 
                       to WhatsApp but far away much more 
                       advanced. Mainly with  WeChat Chinese can do most of their daily things from their smartphones: groceries, bank payments, money transfer, etc.
    and Xiaomi : smartphone maker. Very similar to Apple.

The economical power of those giants GAFA, NATU and BATX is more and more worrying and increasingly subject to debate. 

Sunday, February 4, 2018

Lexique de la blockchain

Technologie de stockage et de transmission d'informations, transparente, sécurisée, et fonctionnant sans organe centrale de contrôle

ICO (Initial Coin Offering)
Méthode de levée de fonds participative, fonctionnant via l'émission d'actifs numériques (tokens ou jetons) échangeables contre des cryptomonnaies durant la phase de démarrage d'un projet sur la blockchain.

Token ou jeton
Lors d'une ICO, également appelée crowdsale, des tokens sont émis et vendus via internet à des investisseurs afin de financer le lancement et le développement d'un project utilisant la blockchain. Ces tokens doivent en principe être partie intégrante du fonctionnement et/ou du modèle d'affaires du projet.

White paper
Présentation de quelques dizaines de pages, d'un projet: son ambition, sa manière exacte de fonctionner ainsi que, dans le cadre d'une ICO, des jetons, de leurs utilisation et mode de délivrance.

Thursday, December 10, 2015

Leadership and The Boiling Frog Experiment - Organization culture

There is a fascinating 19th century science experiment.  As the story goes, researchers found that when they put a frog in a pan of boiling water, the frog just quickly jumped out.  On the other hand, when they put a frog in cold water and put the water to boil over time, the frog just boiled to death.  The hypothesis is that the change in temperature is so gradual, the frog does not realize it’s boiling to death. While the results of the experiment are in question it is a good metaphor for organization cultures.

Indeed, many organisations/companies are unable to see the changes they are affecting them around, specially by competitors and when they do it is usually too late. The business has being highly impacted.

Wikipedia: The Boiling Frog
Youtube Video Experiment (used image for this article is a capture from the YouTube Video)

Sunday, December 6, 2015

Pattent trolling

I heard from the first time about this term “Patent troll” at a conference about competitive intelligence in Paris.
Indeed patents are often used as a PKI in different companies to illustrate their capacity to innovate or about the “status of art” within their R&D department.

Pattent trolling describes people or companies that misuse patents as a business strategy to weak its competitors by the use of third parties. Such a company (or third party) can then launch lawsuits against infringing, or simply hold the patent without planning to practise the idea in an attempt to keep other companies productivity at a standstill. It is even often the case that the company that has been attacked is obliged to put on the table confidential information in front of a judge. All this goes well when you are at the level of a unique country.
However, things become more complex when those information must be supplied to foreign countries where the impartiality/corruption might be at stake.

Read another interesting articles from:
About the Author
Jose Ferreiro is an entrepreneur and a performer with a passion for working to make this world a better place!