Apple’s macOS file encryption easily bypassed without the latest fixes

Without the macOS update released this week, Apple's disk encryption can be easily defeated by connecting a specially crafted device to a locked Macbook.The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature. The DMA mechanism is typically used by disk drive controllers, graphics cards, network cards, and sound cards because accessing the memory through the CPU would otherwise keep the processor busy and unavailable for other tasks.Apple's macOS has DMA protections, but they only kick in when the OS is running. However, the EFI (Extensible Firmware Interface) -- the modern BIOS -- initializes Thunderbolt devices at an early stage in the boot process and this enables them to use DMA before the OS is started, security researcher Ulf Frisk said in a blog post.To read this article in full or to leave a comment, please click here

Evernote CEO: ‘We let our users down’ with privacy policy change

Evernote CEO Chris O'Neill has had a long couple of days. The company he runs recently ignited a firestorm among its users when it announced a privacy policy change that would have required users to open up all their notes for analysis in order to take advantage of forthcoming machine learning features. "We let our users down," he said in an interview. "We really tactically communicated in about as poor a way as we could."Evernote is going back to the drawing board and reversing course on the proposed policy. Users won't have their data shared with employees to help with machine learning unless they explicitly opt in. To read this article in full or to leave a comment, please click here

Limited Time $40 Discount On Kindle Paperwhite Bundle – Deal Alert

Amazon has activated a limited time discount on its popular Kindle Paperwhite e-reader, when you buy it bundled with a few essential accessories. The bundle includes the latest Kindle Paperwhite 6" E-Reader in black with Special Offers ($119.99), an Amazon Leather Cover ($39.99), and Amazon 5W Power Adapter ($19.99), all for $139.97, for a limited time, saving you $40. See the bundle on Amazon.To read this article in full or to leave a comment, please click here

Oracle CEO Safra Catz joins Trump’s transition team

Oracle co-CEO Safra Catz is joining President-elect Donald Trump's transition team, the team said Thursday. She will sit on its executive committee and remain in her position at Oracle.The appointment comes a day after Catz and other tech leaders met Trump in a high-profile meeting at his New York offices."I'm actually privileged and honored to even be here, and we are looking forward to helping you, and your administration,"  Catz said at the beginning of the meeting.+ ALSO: Trump to tech CEOs: We're there for you +To read this article in full or to leave a comment, please click here

4 historic security events of 2016 and what they teach us [Infographic]

What is it they say about failing to learn the lessons of history and being doomed to repeat it? However the famous saying goes, I think we can agree that the events of 2016 can be very instructive if we choose to pay attention.Just yesterday, for example, Yahoo disclosed a breach from 2013 involving more than 1 billion user accounts — and those are unrelated to the 2014 breach disclosed in September involving over 500 million user accounts.Among the lessons from the Yahoo breaches is that hackers are very good at what they do and are getting increasingly sophisticated. What can you do to prevent an email-based attack from happening in your organization? Above all, pay attention to the human element.To read this article in full or to leave a comment, please click here(Insider Story)

Top 10 business collaboration stories of 2016

In 2016, a battle started to heat up in the enterprise collaboration market. The stalwarts of business, as well as consumer tech giants and a set of new entrants, were all in the mix. In this increasingly crowded market, the varying apps and other services targeted businesses from many different angles.Here are our picks for the most significant collaboration developments of the past year.1) Facebook at Work (finally) launches as 'Workplace' Facebook already owns consumer social networking, and with its new Workplace service, it set sights on the enterprise. The offering is designed to feel familiar to Facebook users but also remain separate from the company's consumer platform. (For more details, read our prelaunch history of Workplace.)To read this article in full or to leave a comment, please click here

Facts and figures for the year ahead in IT

IT sharpens its focusImage by ComputerworldWhat's the outlook for the tech year ahead? In general, IT executives are feeling optimistic as they head into 2017. According to the results of Computerworld's Tech Forecast 2017 survey, enterprises plan to continue on the path to digital transformation, deepening their commitment to big data and analytics, as well as cloud computing and software as a service (SaaS).To read this article in full or to leave a comment, please click here

HTTP/2 promises better performance — but with security caveats

The new Internet communication protocol, HTTP/2, is now being used by 11 percent of websites -- up from just 2.3 percent a year ago, according to W3Techs.The new protocol does offer better performance, but there is no particular rush to upgrade, and it's backwards-compatible with the previous protocol, HTTP/1.1.No security problems have been found in the protocol itself, but there are vulnerabilities in some implementations and the possibility of lower visibility into internet traffic, so it's worth waiting for everything to shake out.The pressure to switch is likely to come from lines of business, said Graham Ahearne, director of product management at security firm Corvil.To read this article in full or to leave a comment, please click here

HTTP/2 promises better performance — but with security caveats

The new Internet communication protocol, HTTP/2, is now being used by 11 percent of websites -- up from just 2.3 percent a year ago, according to W3Techs.The new protocol does offer better performance, but there is no particular rush to upgrade, and it's backwards-compatible with the previous protocol, HTTP/1.1.No security problems have been found in the protocol itself, but there are vulnerabilities in some implementations and the possibility of lower visibility into internet traffic, so it's worth waiting for everything to shake out.The pressure to switch is likely to come from lines of business, said Graham Ahearne, director of product management at security firm Corvil.To read this article in full or to leave a comment, please click here

49% off CyberPower Surge Protector 3-AC Outlet with 2 USB (2.1A) Charging Ports – Deal Alert

The Professional Surge Protector CSP300WUR1 safeguards common home and office devices, such as computers and electronics, by absorbing spikes in energy caused by storms and electrical power surges. Designed for convenience, the portable CSP300WUR1 is ideal for travelers. It provides 600 joules of protection, has three surge-protected outlets, and a folding wall tap plug. Two USB ports (2.1 Amp shared) charge personal electronics, including smartphones, digital cameras, MP3 players, and other devices. A Limited-Lifetime Warranty ensures that this surge suppressor has passed high quality standards in design, assembly, material or workmanship and further protection is offered by a $50,000 Connected Equipment Guarantee. It currently averages 4 out of 5 stars on Amazon, where its typical list price of $22 has been reduced 49% to just $11.27. See the discounted CSP300WUR1 on Amazon.To read this article in full or to leave a comment, please click here

49% off CyberPower Surge Protector 3-AC Outlet with 2 USB (2.1A) Charging Ports – Deal Alert

The Professional Surge Protector CSP300WUR1 safeguards common home and office devices, such as computers and electronics, by absorbing spikes in energy caused by storms and electrical power surges. Designed for convenience, the portable CSP300WUR1 is ideal for travelers. It provides 600 joules of protection, has three surge-protected outlets, and a folding wall tap plug. Two USB ports (2.1 Amp shared) charge personal electronics, including smartphones, digital cameras, MP3 players, and other devices. A Limited-Lifetime Warranty ensures that this surge suppressor has passed high quality standards in design, assembly, material or workmanship and further protection is offered by a $50,000 Connected Equipment Guarantee. It currently averages 4 out of 5 stars on Amazon, where its typical list price of $22 has been reduced 49% to just $11.27. See the discounted CSP300WUR1 on Amazon.To read this article in full or to leave a comment, please click here

BlackBerry hands its brand to TCL, maker of its last smartphones

The BlackBerry smartphone is dead: Long live the BlackBerry smartphone.A week after it officially pulled out of the smartphone market, BlackBerry has agreed to license its brand to handset manufacturer TCL.The Chinese company will make and market future BlackBerry handsets worldwide except for India, Indonesia, Bangladesh, Sri Lanka and Nepal, where BlackBerry has already struck local licensing deals.This is hardly new territory for TCL, which manufactured BlackBerry's last two handsets, the Android-based DTEK50 and DTEK60.To read this article in full or to leave a comment, please click here

BlackBerry hands its brand to TCL, maker of its last smartphones

The BlackBerry smartphone is dead: Long live the BlackBerry smartphone.A week after it officially pulled out of the smartphone market, BlackBerry has agreed to license its brand to handset manufacturer TCL.The Chinese company will make and market future BlackBerry handsets worldwide except for India, Indonesia, Bangladesh, Sri Lanka and Nepal, where BlackBerry has already struck local licensing deals.This is hardly new territory for TCL, which manufactured BlackBerry's last two handsets, the Android-based DTEK50 and DTEK60.To read this article in full or to leave a comment, please click here