Padel – As Serious As Tennis But More Fun?

Matti Fun

Padel as sport is fast growing, high energetic and adrenalin generation team sports developed several decades ago but only now gaining some serious attention and popularity. It’s fun, fast-paced and very social racquet sports, similar to tennis: as serious, but perhaps more fun…? 😉

Just some days ago I decided to participate in a padel tournament in Spain, Costa del Sol, in a local Tennis and Padel club called Los Pacos Racket Club where mainly 4th series players challenged themselves against others. The event took place during the October’s Halloween party and included many people dressing up with Halloween style: blood in their skin, costumes, knifes, scarves, etc.  Absolutely fantastic! 🙂

Here is a one close shot of a junior player reaching the ball back of the court. You can see the walls and fences behind and on the side.

blog_padel_sports-1

As usual, let’s go into some details and facts regarding Padel sports – What is Padel?

  • Padel is typically played in doubles on a court third of the size of a tennis court: 10×20 meters. Scoring is the same as in tennis and balls are similar but a bit slower (less pressure). The main differences are in the court that has walls in the back and back-sides and balls can be played off them in a similar war as in the game of squash; and another main difference is that racquets are solid and stringless.
  • The sport was invented in 1969 in Mexico (Acapulco) by Mr. Enrique Corcuera.
  • The padel is currently popular in Latin American countries, such as Mexico, Argentina, Brazil as well as in Spain in Europe. However, it is gaining very much popularity and spreading fast especially in Europe: Netherlands, France, Germany, UK, all the way to North in Finland.
  • The professional association is called Federacion Internation de Padel (FIP) and the world professionals compete mostly in the World Padel Pro Tour (PPT) created in 2005.
  • The highest ranking top Padel players in the world are currently: Fernando Belasteguin (ARG), Pablo Lima (BRA) and Francisco Navarro Compan (ES). See the official and latest ranking here.

Here is another picture of myself, preparing for the hit..

image (1)

You can find more information regarding the Padel Sports from Wikipedia or check some nice videos on YouTube.

 

Java – Declining programming language?

Matti Development, Tech

I stumbled into this Java chart recently, by Indeed.com, which shows job posting trends for Java as a programming language and what can I say… Java has obviously lost some market share as a language requirement in job posting since few years back: 2009-2012 where the share was 3% compared to current 1.5% figure.

Java job trends graph from Indeed.com

Original source: http://www.indeed.com/jobanalytics/jobtrends?q=java&l=

Can we assume Java is a declining programming language?

Well… An article at CIO magazine states that one of the developer related trends in 2016 is the accelerated decline of Java as language. And by reviewing some of the active job posts available, they usually state the a relation to maintaining a legacy application or maintaining Java codebase.

On the other hand we should think about the impact Java has had and still has towards many of the programming languages, trending coding platforms, meaning the Java knowledge and expertise does not really hurt… Right? Think about examples such as Scala or Go or even Swift – they do have object oriented approach with similar syntax. Or then scripting languages such as JavaScript or Groovy. Sometimes the relation is a bit gray but knowing “de facto” programming language such as Java would not hurt but other way around.

Mobile application programming for Android is built on top of Java with the Android platform. Knowing Java in this context would allow using cross-platform tools to compile your application even for iOS (iPhones and iPads) such as using RoboVM. Then Node.js, the trendy back-end platform uses Javascript which is syntax-wise related to the Java (even otherwise completely different 😉 ).

Conclusion: Java may be declining but Java is not dead. I would still count Java knowledge as a Plus in your professional resume. Especially when included with flavours of some trending programming languages such as Node.js or one of its’ variants. See for yourself in this study – Java still being the number one in the most popular languages. And is definitely a good foundation for any other modern programming languages out there. Thus, I highly recommend to learn it today!

Don’t shoot me… I am an old-Java programmer and may not be 100% objective in this matter. 🙂

Enterprise Mobility – Webcast on November 3rd 2015

Matti Cloud, Development, Mobile, Tech, Webcasts

A new webcast regarding Enterprise Mobility will be provided next week, November 3rd 2015.

Please do not hesitate to join if you are interested. The webcast will be provided for free and will focus on enterprise mobility aspects and include an overview of Oracle’s mobility offering: Mobile Cloud Service (MCS).

Registration is required. Register here: https://oracletalk.webex.com/oracletalk/onstage/g.php?MTID=e297ae2dffc85ce1f650d101adaeea6a0

Webcast details

Build Your Mobile Strategy—Not Just Your Mobile Apps.

Overview of Oracle Mobile Cloud Service:

  • A platform that understands the challenges of moving enterprise data to mobile in a secure, scalable, elegant fashion, one that makes it easy to do things right.
  • A set of APIs and declarative tools that can help you move away from the tactical, and unite all lines of business along a well-defined strategy, to get enterprise data out of the back end and into a set of robust and appealing B2C or B2E mobile applications— while at the same time addressing each team member’s top-of-mind concerns.
  • A platform that enables development models driven by mobile app developers (“outside in”) and by service developers (“inside out”) simultaneously.

Join us to learn what’s new in the mobile area from Oracle; understand Oracle’s Mobile Backend as a Service and examples of how to use it.

I am your speaker as a Senior Sales Consultant from Oracle. This presentation will be provided in English.

Welcome! 🙂

Cloud Security

Matti Cloud, OnPremise, Security, Tech

79 There were 79 big public cyber attacks in August 2015, according to Hackmageddon cyberattack and data breach monitoring. This number covers the discovered and publicly announced attacks found so far.

But this is just a tip of the iceberg. In addition there were:

  • Nearly 1 million new malware threats released every day – based on CNN News
  • 20 million network attacks on Utah secure government networks, increasing dramatically within last months – based on Deseret News

Serious numbers to consider…

What is a data breach?

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.

If we look at the history of past big data breaches, we can see an increasing trend for more regular data breaches and severity. Since last 10 years, starting from 2005 big AOL data breach affecting 100M+ user accounts we have seen many other huge and disastrous data breaches: Sony Playstation Network (80M users), US Military (80M), Adobe (40M), Evernote (50M), US Office (20-25M), Ebay (150M), Target (70M), JP Morgan Chase (80M), Home Depot (60M), Anthem (80M), Ashley Madison (40M), …

Millions and millions of user accounts are being breached on daily basis and the trend is clear: frequency and severity of cyberattacks is increasing. As a matter of fact, I recently saw an article stating that there is a “340% increase in cyberattacks in the healthcare industry”.

Can we be sure that our data is secure on the cloud?
Can we be sure our data is safe on-premise?

Are you sure our data is secure on the cloud?

Types of Threats

What types of threats and attacks there are? Let’s take a look at some most common threats.

One of the most common attack types is called DoS, Denial Of Service or its’ advanced variation called Distributed Denial of Service. The DoS involves flooding of computer resources with more requests it can handle, which causes server to crash/halt/jam and thereby prevents access to it’s services for authorized users. This is very popular nowadays, if not the most popular, where we see news on weekly basis.

Some other popular cyber attacks include SQL Injections, Email bombing, Phishing and Hacking.

SQL Injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution to exploit a security vulnerability in an application’s software, e.g. in user input with incorrect error handling for string literal escape characters embedded in SQL statements. This is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Email bombing is about sending large amount of emails to victims email resulting in interruption of victim’s emails or even email server of the organization.

Phishing includes the mass distribution of ”spoofed” email messages which appear to be coming from the correct origin, e.g. banks, insurance agencies, logistics companies, retailers, credit card organizations. These are designed to fool recipients to give sensitive information such as passwords, credit card details, account names, etc.

According to the FBI, thieves stole nearly $750 million in email related crimes (phishing, frauds and scams) from more than 7,000 victim companies in the U.S. between October 2013 and August 2015. This is only in United States.

Hacking is a straight-forward threat involving gaining unauthorized access to a computer and modifying the system to enable continuous access, changing the configuration, collecting data/information or operating the system, all without the knowledge or approval of the system owners.

Then we have Malware and Viruses that are means to steal data or gain unauthorized access to the systems or otherwise make damage to the victims environment. Usually used as part of more wide scale attacks, such as Advanced Persistent Attacks or Watering Hole.

Advanced Persistent Attack (APT) is a set of stealthy and continuous computer hacking processes, often done by humans targeting a specific organization. APT is usually done for business or political motives, and they require a high degree of stealth mode activity over a long period of time. The APT usually uses sophisticated techniques using malware to exploit vulnerabilities in systems.

Watering Hole is a computer attack strategy identified in 2012, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites that specific target group often uses and infects one or more of them with malware. Eventually, some members of the target group gets infected.

Many attacks typically involve insider threat, for instance a case where malicious software is used or unauthorized access is used to modify the system in a way that it involves changing the raw data just before it’s processed by a computer and then changing it back to original values to prevent identifying the attack. This is called data diddling. The source of this kind of attack could be fraudulent application developer or database administrator or DevOp.

Financial institutions faced some years ago a cyber-crime where group of persons used a technique called salami attack; This is typically used for financial crimes by making the alteration of so insignificant that in a single case it would go completely unnoticed by individual/organization, e.g. a bank employee inserts a program into bank’s servers that deducts a small amount from every customer account. This could also happen on enterprise level.
Very often used technique with stolen credit cards to proceed automated purchases of very insignificant.
Nowadays banks and credit card companies are implementing heuristics and algorithms to detect such methods in an automated way and luckily there are 3rd party anti-fraud solutions available as well, such as PayApi among others.

Impact

Impact for businesses result in loss of data, loss of control of their IT systems and therefore interruption of their services. Nowadays the problems include not only down-time of IT systems but instead more and more result in loss of revenues and harm to the company’s brand image.

Based on Ponemon Institute study for sample of organizations with over 1000 employees, the cost of cybercrime reaches $15 Million annually per organization.

The regulatory organizations, such as European Union Data Security is leading the definition of Personal Data Protection Act which results in direct penalties for the companies.

Not to forget Intellectual Property, knowledge and internal assets. Think about your valuable company data or sensitive information being published on Internet or even sold to your competitors?

How to protect?

How do we protect from these threats?
What can we do to minimize the impact of such attacks?

Protecting from threats, including both external and internal threats, require tools and activities that help to PREVENT… DETECT… and REACT.

The traditional check-list based security approach should be transformed to a risk based security: identifying, analysing and evaluating potential threats, planning preventive and corrective actions, defining a plan B and recovery plans.

The security actions should also cover all levels of IT infrastructure, from top to bottom, left and right, multi-layered approach considering end-to-end type of security.

The common CIA type of security approach is a good starting point for the security strategy. The acronym CIA in this context stands for Confidentiality, Integrity and Authorization. Often also added with additional A for Availability.

Our cloud security is so good that even you can't access it

Database is the most vulnerable to attacks. According to the IDG’s CSO Online survey, 52% of CSOs said that DB is the most vulnerable to attacks; network being the 2nd with 34%. Then on the other hand they allocated only 15% of their IT budget to secure database vs. network 67% vs. application 15%.

That said, it was stated that ”Investments are going up to secure database”.

The dilemma here was that CSO thinks it is DBA’s job. And DBA thinks it’s CSO’s job, because he is only involved in performance and optimization tasks.

What can we do to protect? Some good tips include:

  • Define data inventory which helps to prioritize defenses
  • Identify normal data flows for sensitive data. Monitor these! Abnormal data movement is often the first sign of a compromise.
  • The largest proportion of data breach discoveries are gound using data loss prevention actions on data movements and intrusion detection and prevention systems.
    Including data security controls such as encryption, account analysis and access auditing
  • Security policy and risk management provide the necessary review and oversight to protect your sensitive data while keeping it accessible to those who need it
  • Finding hidden endpoints and identifying weaknesses; measuring the effectiveness continuously

In addition to this, the cloud service provider should guarantee and comply that:

  • Invalid/fraudulent requests are blocked before they reach the service
  • All security actions are documented and can be used with external audits and compliancy checks
  • Use specific Network Intrusion Detection Systems, firewalls, IP Filtering, VPN Connectivity, and other security mechanisms. Even specific DDoS attack prevention should be in place/implemented.
  • Data centers should be physically guarded; all physical processes and operations should be documented and monitored.
  • 24/7 availability. Infrastructure should ensure 99.999% availability (cooling, electricity, facilities)
  • Cloud provider and their data center facilities should do background checks of employees; security training, physical access security (electronic token access, surveillance cameras, guards, log of all visitors, access logs, escorted visitors)
  • Logs should be encrypted and should not reveal sensitive customer data

If all or some of the above are not in place with your cloud service provider, I would highly recommend to clarify the gaps and make a proper risk analysis to decide proper actions on the potential threats.

Summary

A short recap… 🙂

Cloud Threats happen continuously. They happen every day and involve millions of users on daily basis. There is a great variety of threats and so called, attack vectors; new ways are identified while old ones are being blocked.

The impact on companies result in interruption of services, loss of data, even business losses and negativity to the brand image.

The traditional checklist based security is not sufficient nowadays; firewall and encryption is not the silver bullet anymore… We need risk-based end-to-end security that is continuously reviewed and updated: this covers protection, detection and reaction to the threats.

And there are solutions available: it is up to companies to determine the risk and to decide necessary effort to minimize or avoid such risk being realizing. There are solutions and many things can be considered with cloud systems and services.

Perhaps Cloud is more secure than On-Premise in some use cases with credible cloud service provider which has good resources to implement necessary security measures?

Questions

Questions?

If you have any questions re: this matter, please do not hesitate to contact me using this.

 

This article has also been re-posted as a LinkedIn post Oct 27th 2015 for wider business audience and to test the reach-out and SEO of such blog post. If you are interested on these results, please contact and I’ll share them with you.
If you find this information useful, feel free to share and link into it.

Website Updated

Matti Uncategorized

Hey! I have updated the website with new layout and look&feel.

Please feel free to comment the new site. And if you have any feedback or issues, please do not hesitate to contact me using the Contact Form (use subject: Feedback).

At the same time, the hosting provider has been changed and whole website content being erased.

I will be back-adding some content into this website; put only few and over time and only if I have time 😉 Definitely not all the old content will be added back to here, but instead the focus will be on creating new content and new blog posts from time-to-time.

Welcome to new vilola.com website – my blog, portfolio and contact form.