Blog

Cardano and new balance partner for supply chain on blockchain tracking authentic premium sneakers

Good stuff and real world companies and use case for Cardano and blockchain.

Beginning as a pilot, the plan is to roll the program out worldwide. There are no plans to use the ADA token for this specific solution.

IOHK partner with New Balance sneaker brand to track supply chain on cardano blockchain

Read More
Amazon , google , Comcast becoming healthcare and telemedicine companies ?

You can’t go a day without hearing about some new potentially disruptive Telehealth, telemedicine, and healthcare transformation product and solution. Amazon wants to create the amazon prime of healthcare. Google has talked about it. Comcast mentions telemedicine and the elderly stay at home care at healthcare conferences. Marketing hype or the future of healthcare? What can hospitals and health organizations do to not be disrupted ?

One thing that is left out of all these “global” conversations is security and privacy. We already know IOT devices and medical devices have lax security at times. And even with HIPAA and other regulations, hospitals have ransom attacks and data leaks.

And who exactly would trust Amazon or Google or Comcast with their healthcare data privacy worries ?

These are companies who thrive off of collecting all the data for AI and advertising. It’s all the data , all the time about people and their customers. Why would anybody believe what Comcast or Google or Amazon say when it comes to “we won’t do that with the data.”

The market for VR/AR devices , Apple smart watches , smart home security devices like Ring and Nest is thriving. And Ring and Nest what to track and watch everything you do and share that data, audio and video with the police and government and nextdoor apps. Oh and Ring is Amazon and Nest is Google if you’d didn’t know.

Yes these devices can help with better health checks, better home automaton and security. But at what cost ? It’s 1984 without the need for 1984. Hand everything over for a free camera. So when looking at the telemedicine and the elderly stay at home telehealth sensors and devices collecting and transmitting your health and body information and daily activities, when is too much , too much ?

What happens when someone wishes to just keep their private stuff , well, Private.

It’s the excuse of “I don’t have anything to hide.” Except, at least in the US, everybody is addicted to pain meds and opioids and viagra and who knows what else. Insurance companies love knowing about your substance abuse and daily routines. Others might love knowing when your home is unoccupied during particular times of the day.

It’s all good until it isn’t.

And why is it big pharmaceutical companies and others are allowed to hide the transparent nature of their shady activities, but normal people should share everything for free. Hand me a free watch.

Any highly personal data stored or transmitted by any device, opens it to being accessed by third-party users or hackers. Or nation state organizations.

It’s already happening.

Which is why Even more security risks associated with telemedicine raise several ethical implications. If a doctor-patient relationship and sensitive data cannot and won’t be protected, will this practice ever obtain widespread support from individuals or hospitals and federal organizations?

Many hospitals have been slow to adopt telemedicine and telehealth because of these data security concerns. So how can hospitals not be disrupted by Amazon or Google or Comcast or some telehealth startup?

The answer lies in those companies histories and lies. Amazon wants to get into healthcare, but cuts healthcare for many part time employees. The great Jeff Bezos Con game to the extreme. Others are not really tech companies but they aren’t a real estate firm or a taxi company or a hospital ….

you name it in any industry and some shady well funded founder usually comes up with what they are not excuse for why they were just poor human beings out for themselves. You really Trust them with your health and private data ?

So hospitals wanting to jump into telemedicine and telehealth should go straight after the Jeff Bezos and other startup founder lies.

Use blockchain. Use encryption.

Use cryptography.

Don’t make it a data play. Make it a better health and hospital community play. Using cardano or hyperledger or ethereum or whatever blockchain to enable secure, immutable , More transparent and pseudo anonymous transactions across various permissionEd networks to allow a mutually agreed upon interaction between different organizations in a pseudo decentralized way.

In healthcare, this can help facilitate a more efficient way to transfer encrypted data effectively and communicate across different groups and organizations. Even offer payment options for the uninsured and unbanked.

Blockchain also allows medical records to be stored in a more secure distributed and pseudo decentralized system, This hybrid blockchain and big data platform can contain encrypted big data and thus enabling providers the capability of storing a complete encrypted patient history with authorization and access control limitations And not a system where data leakage and data hacks happen frequently. Or allow inside jobs that destroy reputations.

Blockchain for telemedicine will help establish a seamless exchange of encrypted data and better patient confidence and faith in healthcare. The data entered must be verified and approved by the patient and doctor, as well as verified against a previous blockchain ledger.

Both the patient and doctor can secure a personal copy of the ledger, rather than a single party having control over the data. This method ensures multiple checks are in place for protecting sensitive data, reducing some of telemedicine’s and Medical device security challenges.

Because of HiPAA and other strict regulations, providing HIPAA compliant telehealth and telemedicine products and services for patients is currently both expensive and complicated. A work in progress as they say. But we know how amazon and google treat ring and nest. Privacy. Security. Regulations. What’s that ?

Telemedicine will help older patients stay healthier and safe at home. It’ll provide access to world renowned doctors from

Afar. One hospital already did a robotics arm surgery with a doctor thousands of miles away from the patient.

So it will lower healthcare costs, increase productivity, optimize efficiency and open new revenue streams. Secure Remote patient access to healthcare services when they most need it.

But If telemedicine is to become a widely accepted practice among patients and hospitals and doctors , the IOT and telemedicine security vulnerabilities need to be addressed through innovative risk management, thought provoking ideals and must include new technologies such as blockchain.

While there is no one security or risk compliance program that prevents hackers from accessing a network, there are many precautions hospitals can take to enhance their security.

Establishing a infosec center of excellence, forming a innovation lab to Test emerging tech , thoroughly doing end to end IT risk assessments, penetration testing and security compliance plans. This is necessary for managing sensitive data and maintaining transparency across all hospital organizations, large and small.

The infosec COE should identify the types of software in place, access and policy controls , and thoroughly evaluate existing processes to ensure the entire system is functioning and secured properly. Whats an ideal future start look like and how can you achieve this vision ?

Blockchain for telemedicine and innovative infosec COE and labs might make your healthcare organization cutting edge and a thought leader in The industry.

Read More
Digital Identity and verification processes on blockchain will change the game for business and university background checks

There has been a global challenge finding enough qualified programmers , cybersecurity experts , nurses , truck drivers, teachers and more. But that’s also helped create an entire industry of fake experienced staffing companies.

Atlanta has quite a few of these firms who find offshore resources and build fake personas and profiles for these individuals who suddenly go from inexperienced to having 10+ years of experience over a one month “bootcamp.”

That’s not the only challenge though. Fake diplomas and fake work experiences are a bigger problem. And we wonder why all these systems go down , are hacked or trucks flip over.

Besides these “boot camps “ that offer these “services” there is a growing trend where people can just pay some website for a counterfeit degree certificate, from made-up universities. We’ve even watched as wealthy celebrities pay to have their own children be some fake high school sports star just to get into a good university.

Some of these fake degree websites have made over $30 million in one year. That’s a lot of fake degrees and personas and experiences. But while someone messing up JC Penny’s mobile app causes downtime , a fake nurse could mean life or

Death. That’s scary.

And now places like open courseware , udemy, coursera and a boatload Of other e-learning and online educational platforms exist and are booming. It’s expected to be valued at over $300 million dollars by 2025.

Education that’s available to all is good. But a qualification award system that’s more fragmented, insecure, a bit fraudulent at times and difficult to verify isn’t good at all.

How can hiring employers or universities trust people to have actually completed these online courses they claim to? Studies already show most people stop after a a few weeks. We already know plenty of wealthy celebrity children cheated an entire system. And that’s the ones who got caught.

Pagarba has worked on digital identity and verification blockchain and AI projects that allow business professionals , government agencies , college graduates, educational and training institutions to upload and store their professional or academic credentials on a immutable easily verifiable blockchain platform.

They could upload, certify , and verify transcripts, certificates, degrees , diplomas and more. And this system can verify university degrees, employment histories, and other professional credentials. The uploaded information will be time stamped on the blockchain and any changes that are made to a qualification are linked to creating a historical chain of education and certification archive.

These blockchain based Digital identity verification platforms simply offer the Credentialed holders the ability to upload their credentials to the platform, and then through a smart contract and machine learning algorithm they go from an unverified document to a validated credential. And it offers potential employers and universities a peace of mind that they are getting the best and the brightest and not some fake crew star or green AI expert.

The colleges and employers can upload these verified academic or work history Credentials and thus create a trail of a degree , certificate or work experience by verified institutions and organizations. These documents and metadata are cryptographically secured and stored on a distributed blockchain network. Blockchain offers immutability and security , thus preventing any 3rd party to edit, change, or remove this data.

Organizations who need to verify a candidate for a job or graduate college application will get Access to this verified and certified credential, while the original uploaded user has complete control over the distribution of these credentials within the blockchain system.

There is a cost to implement this new technology as well as figuring the tokenization or gas cost angle. But in the long run it’ll be far cheaper for the hiring and background processes for businesses and universities because it saves time and resources finding the right qualified and verified candidates. It also reduces the risk of hiring someone who isn’t fully equipped for the job.

Pagaeba has utilized public blockchain systems like bitcoin , stellar , ethereum and ipfs or storj. We’ve also built a

Digital identity app using Hyperledger Fabric and Sawtooth platforms.

Read More
FPGA over GPU and CPU

When would you use an FPGA ?

Maybe you need to optimize a chip for a particular workload, or you need to make changes at the chip level for some sort of upgrade later on. Use cases for FPGAs cover a wide range of areas and verticals.

They could be used inside equipment for video and imaging or advanced circuitry for a computer, or maybe inside a smarter Tesla , think Boeing or Airbus planes utilization, or even intelligent autonomous military drones or weaponry. The use cases and possibilities might be endless. Or infinite.

FPGAs are useful for prototyping or piloting application-specific integrated circuits (ASICs) or processors. Bitcoin mining for example uses the concept of ASICS.

These devices and boards can be reprogrammed until the ASIC or processor design is final and bug-free and the actual manufacturing of the final ASIC begins.

The company Intel sometimes uses FPGAs to prototype new chips.

They recently purchased or bought a company called eASIC.

Why you might ask ?

Intel’s thought process might be a way to accelerate its designing and prototyping process. This company , eASIC, produced something called a “structured ASIC,” which relies on a model that is in between an ASIC and an FPGA.

This ASIC with a FPGA design philosophy bakes the fixed layout into a single design mask for manufacturing. Far more efficient and optimized design process for prototyping. By being a fixed design like an ASIC, it is faster than a variable design, but without the die area benefits of ASIC-like power savings. However, it was designed in FPGA time, rather than ASIC time (up to six months saved), and saves power through its fixed design.

So what can a enterprise business or small business user do with an FPGA ?

FPGAs can be useful to SMBs and enterprise businesses because they can be dynamically reprogrammed with a data path that exactly matches a specific workload.

Think in terms of business and technology processes like Data processing , advanced data analytics, image recognition, data and network encryption, and data compression. Optimized FPGAs are also more power-efficient than running equivalent workloads on a CPU. So a great use case for the Internet of things (IOT). Far better total cost of ownership (TCO) and versatility too.

FPGAs are starting to become important in IOT and fields like Artificial intelligence, machine learning, AI on the edge, and neural networks

More importantly, FPGAs are gaining prominence in deep neural networks (DNNs).

Running DNN inference models takes significant processing power. Think of that P3 AWS bill. Graphics processing units (GPUs) are often used to accelerate inference processing, but in some cases, high-performance FPGAs might actually outperform GPUs in analyzing large amounts of data for machine learning.

AWS has FPGA ec2 instances available now

These Amazon AWS EC2 F1 instances use FPGAs to enable delivery of custom hardware accelerations. F1 instances are easy to program and come with everything you need to develop, simulate, debug, and compile your hardware acceleration code, including an FPGA Developer AMI and supporting hardware level development on the cloud.

Using these F1 instances to deploy hardware accelerations can be useful in many applications to solve complex science, engineering, and business problems that require high bandwidth, enhanced networking, and very high compute capabilities.

Think of use cases where you might have a modest number of distinct operations that account for significant portions of application in run-time. These could be very useful for big data analytics, genomics, electronic design automation (EDA), image and video processing, compression, security, and search/analytics.

Microsoft is also starting to put Intel FPGA versatility to use on their Azure cloud platform

Microsoft’s Project Brainwave provides customers with access to Intel Stratix FPGAs through Microsoft Azure cloud services. The cloud servers outfitted with these FPGAs have been configured specifically for running deep learning models. The Microsoft service lets developers harness the power of FPGA chips without purchasing and configuring specialized hardware and software. Instead, developers can work with common open-source tools, such as the Microsoft Cognitive Toolkit or TensorFlow AI development framework.

FPGAs are becoming very important. And useful.

Ask a Pagarba neoteric innovation sandbox lab

subject matter expert to tell you more ,

Contact FPGA expert today

Read More
Top 10 OWASP application security best recommendations

There are many bugs, flaws, vulnerabilities and more when it comes to cyber security challenges and philosophies.

Below are the OWASP top 10 :

1> Injection:

– Injection flaws include SQL, QS, and LDAP

– injections occur when untrusted data is sent to an interpreter as part of a command or query

– The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization

2> Broken Authentication and Session Management:

– Application functions related to authentication and session management are often because they are not always implemented correctly, thus allowing an attacker to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities

3> Cross-Site Scripting (XSS):

– XSS flaws occur when an application takes untrusted data and sends it to a web browser without proper validation or escaping

– XSS allows attackers to execute scripts in the victim’s browser, which can hijack user sessions, deface websites, or redirect the user to malicious sites

4> Insecure Direct Object Reference:

– direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key

– Without an access control check or other protection, attackers can manipulate these references to access unauthorized data

5> Security Misconfiguration:

– Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform

– Secure settings should be defined, implemented, and maintained, as defaults are often insecure

– software should be kept up to date

6> Sensitive Data Exposure:

– Some web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Think PII and more.

– Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes

– Sensitive data deserves extra protection such as encryption at rest or in transit

– special precautions should be configured when exchanged with the browser

7> Missing Function Level Access Control:

– Most web applications verify function-level access rights before making that functionality visible in the UI

– applications need to perform the same access control checks on the server when each function is accessed

– If requests are not verified attackers will be able to forge requests in order to access functionality without proper authorization

8> Cross-Site Request Forgery (CSRF):

– A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application

– allows the attacker to force the victim’s browser to generate requests the vulnerable application things are legitimate requests from the victim

9> Using Components with Known Vulnerabilities

– Components, such as libraries, frameworks and other software modules, almost run with full privileges

– If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover

– Application components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts

10> Unvalidated Redirects and Forwards

– Web applications frequently redirect and forward users to other pages and websites, and uses untrusted data to determine the destination pages

– Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages

Read More
Bluetooth is bad.

Bluetooth makes life easier. It’s the IOT connectivity easy button. It made your life quick and easy to be able to connect your iPhone or Android , smart earbuds , smart speakers, cars radios , smart lightbulbs and smart fridges and even smart toaster ovens. But blue tooth and Blue tooth low energy is very problematic for reasons more serious than pairing issues.

Bluetooth has been proven time and time again to be a security and privacy nightmare. Security professionals and hackers think of it as a bad word. Or awesome tech if they are capitalizing on the vulnerabilities.

The Def Con hacker conference, in Las Vegas, just finished up and one of the recommendations given to attendees is to make sure Bluetooth is disabled on their phones. Yes, don’t turn on Bluetooth or turn it off is the advice given for this conference.

Think about that the next time you want to leave Bluetooth enabled.

Is this all just more click bait fake news fear mongering like Elon Musk loving to hear himself speak about the end of the world scare tactics ? Not exactly.

This isn’t nuking Mars or Asteroid destroying earth or AI robots turning into sky net scare tactics here. Blue tooth is really poorly designed and built when it comes to security.

It’s been shown at various conferences and events, in blog posts and on YouTube videos that hackers and security professionals can use Bluetooth to identify vulnerable medical devices , digital speakers, and hack into your now always connected car. Hackers or bored tech savvy intelligent thirteen year olds could take control of these devices and force them to play dangerous sounds or mess with heartbeat monitoring devices or turn a car off or lead them astray. The nation state or ransom ware bad guy hackers are one thing , but some script kiddie just learning isn’t even out to really harm anybody. Except they accidentally would in some of these instances.

Earlier this year researchers announced a flaw that could allow hackers to both intercept and alter data sent over Bluetooth. Talk about data security and privacy concerns. A attacker is able to listen in on, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.

There are other stories and media reports where many stores like Walmart or Target or a grocery store now use Bluetooth beacons to track the location of individual shoppers down to the inch. That information is collected, analyzed and often sold or given to advertisers, who then use it to build data profiles on unwitting people just trying to buy some shampoo or socks or a bottle of water.

Many people keep Bluetooth enabled all the time. It makes life easier to pair and connect. Who wants to go to their phone settings or home security settings and enable Bluetooth and then pair it with the other Device every time you want to use your headphones or get into a car. But by having Bluetooth always on and always connected , you open yourself up to these potential hacks, abuses, and privacy violations.

What’s the solution to fix these Bluetooth vulnerabilities and challenges ?

Well that’s simple. You just have to turn Bluetooth off. Use it when you must , disable it or turn it off the rest of the time. Problem solved. It’s not exactly comforting, but it is what it is for now.

Read More