May 15, 2019
Cyber security is complex. But most of the businesses have online forms. We do know that they have to be secured. Here is a time lined account of how we achieved total form protection.
Like many businesses, we do have ‘contact us’ form which is exposed to open internet i.e no login required. Spammer getting in with automated bots.
- Trial 1: We used Google Image selection ‘I am not a Bot’ on the page. However it is not effective. The spammer managed to get though it. In addition, it is actually counter-productive as many ad-blockers doesn’t even show the box to users. i.e we were loosing genuine customers.
- Trial 2: We replaced the Google Image selection ‘I am not a Bot’ with ‘Captcha’ image. Again bots got around. We were still getting spam and annoying users to read the image which is embedded in annoying backgrounds. Not a good user oriented design.
- Trial 3: We used out API (https://www.pivotsecurity.com), and set a challenge to give a developer 5 min to implement form security. Here is how we did it.
Option 1: Little or no integration
<form name=”pivotfrm” id=”contactForm” action=”/contact.php” method=”POST”>
<div id=”Xps145609sDxs” class=”modal”></div>
<input name=”pivotfrmsessionid” id=”pivotfrmsessionid” type=”hidden” data-key=”PUBLIC_KEY” data-uid=”” data-email=”” data-submit=”true” />
Place above code in your contact form and Now simply name your button ‘Xps145609sD’ so that the trigger will be assigned.
When user clicks the button (id: Xps145609sD), a email confirmation dialog will appear and let user put conformation code.
You have a choice to validate code on the server side for added security. Isn’t it neat?
Option 2: API driven integration
Using API approach requires you to present the email/phone no fields as well as conformation field. Using REST API ‘create’ and ‘validate’, customer email address/ Phone is validated and using ‘verifySession’ API, you get the validated email/phone no from the server.
Try it for free. https://www.pivotsecurity.com/
Full source available from GitHub.
November 13, 2018
AI (or Artificial Intelligence to those of you not in the know) is the best thing that could happen
for humans right now. Why? Well it’s simple. We either up our game or we might just fall by the wayside as a species, or worse still , destroy the earth. The worst thing that could happen with AI is that thought centres of the future decide that we are more trouble than we are worth for mother earth and eliminate us.
But in the interim we have a fabulous opportunity to reduce and eventually eliminate menial tasks in favour of more challenging and expansive pursuits that would enable us to realise our potential as a race in terms of Art, Literature, Sport, Philosophy, Architecture and other forms of creativity that at the moment we can only dream of. With more time on our hands we may even realise how fortunate we are to live on this planet for a few brief years. When did you last have enough time to really look at the moon or the stars, admire a bird in flight, or marvel at the changing colours of the leaves in autumn. When did you last feel inspired? It most certainly wasn’t when you were up to your eyes in admin work.
Yet still the negative messages concerning AI prevail. We are all familiar with the nay sayers who state; We could loose our ability to think!; We could become zombies as our collective addiction to technology increases. Yes these are all possibilities but I believe unlikely probabilities. Why? Because I trust in the human capacity to rise to this challenge and our capacity to grow beyond the obvious pitfalls inherent in the impending AI Revolution.
While AI and ML (Machine Learning) are only in their infancy in terms of development, already they are impacting our lives. Smart homes are here and we can rely on technology to anticipate our needs in terms of eg. our heating requirements based on outside temperature and our past recorded ambient room temperatures. AI is also impacting the office and not just the IT departments. With the introduction of RPAs (Robotic Process Automation), aka BOTs, which are automated applications used to perform simple and repetitive tasks that would be time-consuming, mundane or impossible for a human to perform. Many are used over the internet and require no servers, no IT expertise and above all are simple to use. While many of us are familiar with chatbots eg. when we want to order a pizza or renew our insurance online, we are just beginning to wake up to the application of bots in other areas of our lives.
Current applications for BOTs include checking through e-mails for words or phrases to assist HR or Customer Service to anticipate problems or successes in system functionality to speed up response times or prevent PR disasters. Administration departments can check through files, interrrogate websites, explore Social Media accounts and produce reports in a fraction of the time it would take a team of people previously, to give insights on campaigns and give significant business competitive edge. Most are operated over the internet on BOT Platforms that make them very user friendly requiring no specialist IT skills.
So do you now believe me when I tell you that AI is here and ready to ease your work load and open up more opportunitites for you? You could be using your first BOT in just a few minutes. Take a look at the Phoenix Bot Market. https://www.pivotcloudsolutions.com
Written by: Jacinta Mandyam
Pivot Cloud Solutions
August 7, 2018
Yet again another company fined for not doing proper job on legacy systems.
“The settlement has been effected for an amount of US$75 million and is without admission of liability or wrongdoing of any kind by the parties,” Wipro said.
In the last few months there are many instances, Lidl with €500 Mil and 5 years later, had to scrap SAP implementation, one of the prominent low cost airline CEO was booted out as he didn’t know the glitch in legacy system that wrongly triggered tens of millions in over time payments.
Why is this is such a problem? Most companies buy/build system to suit their current needs. But due to software/hardware restrictions, network issues or changing business needs require changes that may or may not be properly documented. After few years, these fixes becomes so unmanageable, no one knows what is actually going on. In many instances, lot of middle level managers makes entire career out of legacy system knowledge.
With fast changing technology landscape, the legacy systems not only difficult to manage but time-consuming to update. Most companies are afraid to touch them.
That is why we introduced ‘Phoenix AI’, a new generation AI which can learn and report/transform legacy systems. With minimal manual intervention and continuous learning,
The Only AI System can Beat the Legacy System.
See more at https://phoenix.pivotcloudsolutions.com/, now available for cloud deployment. If you have AI on your side, why afraid of legacy system?
July 27, 2018
This is the letter I received on the other day. I am no going to name and shame the bank and the head of what ever! This is the same bank told me, “for your security” we are introducing ‘secret word’. Now tell me, secrets are not good. What they are not saying is, our security is not good, we are going to blame your if you loose your money!
Remember the same tactics by credit card companies? Moving you from signature to chip/pin and still blaming you for fraud?
This WAS a bank even myself looked-up to it. It once had been the best secure and innovative bank in Europe if not in the world. Now, it is simply trying to cat-up with other banks. What a shame. Is it due to outsourcing to cut cost? or losing talent?
Here is what you can do to save you from same fate.
Use latest technology to your assistance. Doesn’t mean you get rid of your best people. You empower them with tool they can use to modernize your IT.
Take a look at Phoeninx from Pivot Cloud Solutions.
July 17, 2018
If you still think AI is not for public use, you have to read this and then go being anti-ai lobbyist, if you can!
We have been using our AI to defend cyber attacks, malware attacks and ad-ware (thank god, haven’t been subjected to so called you might like this ‘shit’ ads all over the pages for a long time now).
Here is surprising thing happened even baffled me. We use Pivot Security with full protection enabled (available for customer who are willing to spend some time on customizing their AI offering). Last while week every morning my internet connection was down, I had to enable manually.
I had to engage our internal staff to figure out whether our AI is broken or I am being attacked! It turned out AI detected unusual communication patterns after the system goes sleep. Something is walking the system up and sending data. First we thought it was a malware or even NSA (they don’t respect anyone’s privacy, right!). but it was apple and google! they are communicating with their servers. Why are they doing it? We can’t answer that, only they can answer it.
Our AI learned something a miss, it stared to take defensive action, It shut down the network access, waiting for me to manually enable the network access. It is what we programed to do, in case of emergency take evasive action, it shut down network.
Do you still think AI is not ready for public? Ofcourse there are bad people who are using AI for bad things, but you have to support the good AI development. By helping companies who are committed to good AI development, you are promoting positive things happen in the world.
June 21, 2018
But that client is just a decoy. When the Windows 10 device owner runs the fake VPN client for the first time, it downloads the actual adware components along with a rootkit: Malware that resides at the root of your PC before loading Windows 10. There is also another component called an “updater” that receives instructions and makes updates to the adware and rootkit when needed.
Only Pivot Security, looks after clients https://www.pivotsecurity.com.
June 14, 2018
One of the biggest strengths of Android is the way it allows apps to continue running in the background, just like a normal computer does.
It gives Android a massive advantage over the likes of iOS and Windows Phone, which both have only limited support for multitasking. These operating systems constantly close apps when you switch away from them, then reopen them when you need them again. It makes these systems far less flexible in terms of what apps can do on them, and far less powerful for the user.
But Android’s strength in this area also gives rise to one of the most common questions: how do you close apps?
We’ll get to that in a moment. But first, the sideways answer: you don’t need to close apps on Android at all.
Why closing Android apps is worse than leaving them running
In fact, constantly closing apps can have a detrimental effect on your phone’s performance, and on its battery life.
Android is very good at managing its resources. It has a certain amount of memory (RAM) to work with, and it’ll happily allow apps to use as much as they need for best performance.
If RAM starts to get a bit short, and other apps and tasks need some, then the OS will quietly close one of the apps running in the background that you haven’t used for a while, and assign that app’s RAM to the new task.
As a result, apps can stay in memory for hours, days or potentially even weeks since you last used them. And this is fine. They’re not draining the battery or using other resources so there’s no downside; the upside is they will load much quicker when you need them, and load them right back to the place where you left off too.
(It’s also worth noting at this point that there’s really no benefit in keeping RAM free. RAM exists to be used, and using all of it at any given time—or virtually all of it at least—will ensure your phone or tablet runs smoother than if you try and keep some RAM free.)
With all this in mind, it becomes clear why closing apps can have a worse effect on Android than leaving them open.
Task killers are bad for Android
We’ve known for some time that task killers should not be used. Apps like Advanced Task Killer continue to rack up millions of downloads, despite being worthless or even harmful.
Task killers will frequently close down apps and services that are designed to be left running in the background. When these are closed, they open up again straight away, and the cumulative effect of this constant stopping and starting is that your phone gets slower and the battery drains quicker—the exact opposite of what these task killers are designed to achieve.
The same principle applies to manually closing apps too.
Swiping away apps from recent tasks kills the process of those apps, thus prevent them from being cached in memory. When you launch them later, it takes longer time and much more CPU cycles to create the process and re-initialize the app run-time.
In short: don’t worry about closing apps as a matter of course. Android will take care of it.
How to close apps
All that said, there are occasions when you do need to close apps.
Maybe it has frozen; maybe it is using too many of your device’s resources (loading a large desktop webpage on a device with limited memory can do this); or maybe you want to “reset’ it back to the home screen rather than have it launch at the point where you last left it.
In these cases, and a few more, you should close the app manually.
The process differs slightly from one device to the next. In all cases it involves accessing the ‘recent apps’ menu.
On most recent devices this is a dedicated button. The HTC One M8 has one (on the original HTC One you need to double-tap the home button).
On recent Samsung Galaxy devices like the Galaxy S5, you tap the recent apps button to the left of the home button. On the Galaxy S4 or older, long press either the menu button or the home button.
To close apps on the LG G3 tap the recent apps button to the right of the home button at the bottom of the screen. This is the same as on Nexus devices, Sony Xperia phones and Motorola handsets such as the Moto X and Moto G.
On tapping (double-tapping or long-pressing as needed) the recent apps menu will open showing little thumbnail images of all the apps you’ve used recently and are in memory.
To close them, simply swipe them away—hold your finger down on the thumbnail image and swipe it off the screen, either left or right, or up or down, depending on the device.
The app will now be closed, and will free up the memory it was using.
June 13, 2018
Since we detected the Google’s massive data piracy using our AI tools last year, our board decided we have to have our company privacy restored without someone snooping on you all the time. Here is how we achieved it.
Step 1: Move email hosting off Google (Ok they made it as hard as they can, but thanks to some great guys in Norway and our DevOps guys, we managed to come out victorious). Norway is one of the countries strictly respects privacy.
Step 2: Stop using google searches, Seriously? Yes, with duckduckgo.com and increased tech advances, do you really need google searches, if the other-sites like duckduckgo.com, who indexes at same level and not track you?
Step 3: Using https://www.pivotsecurity.com to protect privacy, we even developed a service that make you ‘invisible’ to Google and Facebook as long as you choose!. Do you know, 9 out 10 websites use google analytics, which sets a cookie on your browser to track you? Facebook is worse, they even track button / image level.
So long until next tech advancement for better living!
May 29, 2018
If you don’t know what is slow hacking and have a web based business to protect, you are exposed!
Since we started using AI assisted security tools, we noticed peculiar behavior, which goes undetected by using any conventional tools in existence. Traditionally, hackers try to compromise hosts using scripts and once they have some or all access, they use the compromised hosts as source to launch an attack. However this method becoming ineffective as security companies and ISPs cracking on the less secure hosts and either restricting them or blocking them all together. However RUDY (stands for Are You Dead Yet) is becoming buzz word of the darknet. Here is how the new technique is being deployed.
First hacker does the sanity check on the target host. Once they know what technologies they are using(ex Angular, NodeJS etc.), which might give clues to API end points and URLs to access.
Attack is composed of targeting known username and password (taken from numerous dumps available on the open net), but triggering not more than 1 -2 requests per min and try to understand what is the target reaction is. AI tools comes handy here! By slowing down but persisting attack over several days and weeks with spoofed IPs, none of the conventional security systems are effective.
How can you stop, You can’t using conventional tools provided by older companies like Cisco or in-house network expert. You have upgrade your knowledge and start using AI to defend.
May 15, 2018
Digital Transformation is a new buzz word but in reality it is made up of dozens of small processes in the organization that are automated.
We are quite thrilled to stat Phase II of our Digital Transformation Tool – Phoenix. On the eve of the event, we ran through no of projects we worked achieving the same but in manual consulting capacity. It is time to share one of them that could highlight the productivity gained and the cost savings which drove Insurance company into hyper growth.
The company (like many) have online presence but does not have full end-to-end process automation, most of the processes are manual and proven to errors. When we took-up the task, the company was already brought IBM workflow manager which is back-bone for agent work flow automation. Besides a numerous micro-upgrades, one particular activity we took-up and saved the company 80%-85% time. By automating one such process not only saved the company money but also true digital transformation as the system is not longer dependent on 9-5 employees.
In every organization, There are processes and workflows that can be automated, only if the team know how and what is going on with-in the system. That is where our Phoenix (https://pivotcloudsolutions.com) comes to help you. Phoenix not only analyses using innovative AI core but also can automate tasks.
What are you waiting for? ask for a demo.