Over the past few days, attackers have been exploiting an unpatched vulnerability in WP Mobile Detector, a WordPress plug-in installed on over 10,000 websites.The plug-in's developer fixed the flaw Tuesday in version 3.6, but in addition to updating immediately, users should also check if their websites haven't already been hacked.The vulnerability is located in a script called resize.php script and allows remote attackers to upload arbitrary files to the Web server. These files can be backdoor scripts known as Web shells that provide attackers with backdoor access to the server and the ability to inject code into legitimate pages.The flaw was discovered by WordPress security outfit PluginVulnerabilities.com after it observed requests for the wp-content/plugins/wp-mobile-detector/resize.php even though it didn't exist on its server. This indicated that someone was running an automated scan for that specific file, likely because it had a flaw.To read this article in full or to leave a comment, please click here
When I think about the Internet, I think about the General Motors bankruptcy of 2009. Okay, maybe it’s not the first thing that pops to mind. But there’s a lesson in it for builders of networks.It is hard not to draw an analogy between the rise of North American car culture and the development of the Internet. In the earliest days of car culture, it was a lot of work to use a car. You needed to be a pretty reasonable mechanic, and you were using a mode of transportation that was just as uncomfortable as any other one, but that was unreliable and experimental as well. But this didn’t matter, because other enthusiasts like you were trying out the same things, and if the new technology turned out to work it would be a really big deal. Similarly, in the earliest days of the network, the users were mostly also developers of the technology. Only pretty geeky people could have thought of telnet or FTP as user-friendly.To read this article in full or to leave a comment, please click here
The Internet of Things will become a bigger connected-device category than smartphones in 2018, telco equipment maker Ericsson says in its latest report.The Swedish company reckons that IoT will grow globally at a CAGR of 23 percent during the period 2015 to 2021, it says on its website.CAGR, or Compounded Annual Growth Rate, is the annual growth rate over the period.That would make IoT a 16 billion unit player by 2021. For comparison, the entire smorgasbord of connected devices will number 28 billion by then, Ericsson says in the report (PDF), published this week.To read this article in full or to leave a comment, please click here
IoT devices are invading the enterprise, often by stealth. Groups and departments are selecting devices such as door locks, air quality monitors, security and control systems which require connection to the enterprise WLAN and the Internet, but with no IT input into the purchase decision. This creates headaches for the network engineer, but they are manageable: a basic enterprise IoT management solution requires just a handful of functions.
IoT is one of the first systems built in the cloud era, and many – if not most – IoT devices are designed to work with Internet-based cloud services (the remainder will need network-specific configuration to connect to inside-the-firewall services).To read this article in full or to leave a comment, please click here
Fred and Ginger, peanut butter and jelly, the Internet of Things (IoT) and... analytics?To read this article in full or to leave a comment, please click here(Insider Story)
Farmers looking for ways to increase their crop output are using more technology and relying a little less on intuition.Farmers associated with Land O'Lakes, a dairy-focused, agricultural cooperative in Minnesota, are using online tools and apps to visualize their fields and to analyze the data in such areas as water management, seed placement and crop diseases.To do that, Land O'Lakes, known for producing the top butter brand in the U.S., has turned to Google's public cloud. The company is involved in a $3.5 million project with Google and expects to see a payback on it in two to three years.To read this article in full or to leave a comment, please click here
As a person who primarily focuses on the human aspects of security and implementing security awareness programs, people are surprised when I am neither upset nor surprised when there is an inevitable human failing. The reason is that I have come to the conclusion that most awareness programs are just very bad, and that like all security countermeasures, there will be an inevitable failing.To read this article in full or to leave a comment, please click here(Insider Story)
In the race to digitize the healthcare industry, providers, insurers and others in the multi-layered ecosystem have failed to take some of the most basic steps to protect consumers' sensitive health information, a senior government official is warning.Servio Medina, acting COO at the Defense Health Agency's policy branch, cautioned during a recent presentation that too many healthcare breaches are the product of basic mistakes, ignorance or employee negligence.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
"These are things that could be prevented," Medina said. "Today's training and awareness efforts that we provide currently are simply not effective. They are not enough. We have to do something radically more and different."To read this article in full or to leave a comment, please click here
This week for our Raspberry Pi roundup, we check out a little bit of magic, check in on the competition and follow up on some exciting Android-related buzz.Magic mirror – from Microsoft?
Raspberry Pi Foundation official blog
The magic mirror is a popular Raspberry Pi project, combining relative ease of construction with a pretty eye-catching result – who wouldn’t want a mirror that shows you the weather, your appointments and maybe the news when you look into it in the morning?To read this article in full or to leave a comment, please click here
We already knew the dates for WWDC, but now it's 100% official. Apple yesterday began sending out invitations to select media outlets confirming that its annual developers conference will kick off at 10 am Pacific Time at the Bill Graham Civic Auditorium in San Francisco on June 13.Per usual, Apple's WWDC event will primarily, if not exclusively, focus on updates to various pieces of Apple software. That being the case, we'll most definitely get a sneak peak at iOS 10 and there's a good chance we'll also get a glimpse at the next-gen version of OS X.Operating systems aside, rumblings from the rumor mill suggest that Apple this year will finally open up Siri to third-party developers by way of an SDK. What's more, there's also a slight chance that Apple will roll out a complete overhaul of Siri itself. Also rumored to be on the agenda is a revamp of Apple Music. Though Apple's streaming music service already has upwards of 13 million subscribers, the service has been riddled with UI and various functionality issues.To read this article in full or to leave a comment, please click here
Apple has been the target of recent criticism for its current pace of innovation. However, though the company's slow-and-steady approach to the enterprise may not be winning over financial analysts, it is proving to be an effective strategy for expansion into the business market. Apple set the stage for a formal courtship of the enterprise nearly two years ago, when it inked an alliance with IBM. Since then, the company has struck deals with Cisco and SAP to tap the strengths of these stalwarts in enterprise services and mobility, in additional to a number of smaller players. To read this article in full or to leave a comment, please click here
The terms shadow IT conjures up negative images in the minds of most IT organizations. Yet non-IT enterprise functions and lines of business are buying more of their own IT systems than ever before, particularly product, operations and external customer-facing groups and highly dynamic services areas. “As business functions seek to realize the benefits from these non-traditional channels of IT enablement, the shadow IT organizations are growing aggressively in order to help orchestrate and aggregate services into business consumable offerings,” says Craig Wright, managing director of outsourcing and technology consultancy Pace Harmon.[ Related: 4 ways to apply SLAs to shadow IT ]To read this article in full or to leave a comment, please click here
Qlik, a vendor of data visualization tools, has agreed to be acquired by private equity investment firm Thoma Bravo for US$3 billion.The sale will give Qlik "additional flexibility" to operate, Lars Björk, the company's CEO, said in a statement.Qlik is touted as a software package for business intelligence needs, with some customers saying it has strong data modeling features. Qlik offers what it calls "self-service" data visualization and discovery, with customer able to build custom charts based on their data needs.To read this article in full or to leave a comment, please click here
You’ve recently graduated and now it’s time to start applying to jobs -- but what skills and experience should you highlight on your resume? To help you decide, CompTIA released the results of its 2016 IT Industry Outlook report, which surveyed 673 IT industry companies in the U.S., Canada and the U.K., and found that millennials have certain skills businesses are clamoring for in the coming year.“Recent grads have grown up in an age of evolving technologies, particularly the Internet Age. They’ve not only developed a unique way of problem solving and critical thinking, but they are also acutely aware of new technologies that may increase operational efficiency in a business,” says Gene Richardson, COO of Experts Exchanges.To read this article in full or to leave a comment, please click here
SS8 built its network traffic-inspection and analysis platform as a tool for intelligence agencies to discover communications among criminals and terrorists but now has scaled it back for enterprises to stop data breaches.Called BreachDetect, the business-sized software gathers highly detailed network traffic data that discovers application flows and the activity of individual machines and analyzes them to find anomalies that indicate foul play.The platform also stores the information it collects so it can be analyzed over and over as new threat indicators are identified. That way corporate security pros can discover threats that may have been lurking undetected for months and figure out when and how they got there, SS8 says.To read this article in full or to leave a comment, please click here
Windows 10 in May recorded its largest increase in user share since August 2015, the first full month after its launch last summer, data published Wednesday showed.The impressive increase came after Microsoft began what will likely be its last big push to put the free Windows 10 on customers' PCs, a campaign that started mid-May and featured a much-derided trick to get users to approve the upgrade from Windows 7 and Windows 8.1.According to U.S.-based analytics vendor Net Applications, Windows 10 powered 19.4% of all Windows PCs in May, a 2.1-point increase from the month before. Net Applications measures user share -- an estimate of the percentage of the global PC population that runs a particular operating system -- by tallying unique visitors to clients' websites.To read this article in full or to leave a comment, please click here
Ransomware authors are not the only cybercriminals who use extortion tactics to make money from users and companies. Data thieves are also increasingly resorting to intimidation.The FBI's Internet Crime Complaint Center (IC3) has received many reports from users whose data was stolen in various high-profile breaches and then received emails threatening to publicly disclose their personal information, including phone numbers, home addresses and credit card information.The ransom amount asked by the extortionists ranged from 2 to 5 bitcoins or approximately $250 to $1,200, IC3 said in an advisory Wednesday.To read this article in full or to leave a comment, please click here
Check out the crazy modded gaming rigs Corsair brought to ComputexImage by James NiccolaiWe stopped by Corsair’s suite at the Computex trade show this week to check out the gaming PCs built to show off its latest components. Pick a CPU, graphics card and motherboard, and Corsair has everything else you need to build out a custom, high performance rig. This system uses the Mirror's Edge Catalyst chassis, modelled after the game of the same name. Someone bolted an LED panel to the side just for the hell of it.To read this article in full or to leave a comment, please click here
A senior finance manager in Oracle’s cloud business has complained to a federal court that she was terminated from her job because she refused to go along with, and threatened to blow the whistle on accounting principles that she considered to be unlawful.In a complaint in the U.S. District Court for the Northern District of California, Svetlana Blackburn has stated that her superiors instructed her “to add millions of dollars in accruals to financial reports, with no concrete or foreseeable billing to support the numbers, an act that Plaintiff warned was improper and suspect accounting.” The former employee is said to have warned her supervisor that she would blow the whistle if ordered to proceed further in the same manner.To read this article in full or to leave a comment, please click here
The next version of Microsoft's SQL Server relational database management system is now available, and along with it comes a special offer designed specifically to woo Oracle customers.
Until the end of this month, Oracle users can migrate their databases to SQL Server 2016 and receive the necessary licenses for free with a subscription to Microsoft's Software Assurance maintenance program.
Microsoft announced the June 1 release date for SQL Server 2016 early last month. Among the more notable enhancements it brings are updateable, in-memory column stores and advanced analytics. As a result, applications can now deploy sophisticated analytics and machine learning models within the database at performance levels as much as 100 times faster than what they'd be outside it, Microsoft said.To read this article in full or to leave a comment, please click here