Joab Jackson

Author Archives: Joab Jackson

Kaspersky denies faking anti-virus info to thwart rivals

Responding to allegations from anonymous ex-employees, security firm Kaspersky Lab has denied planting misleading information in its public virus reports as a way to foil competitors.“Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” reads an email statement from the company. “Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.”MORE: 13 Big Data & Analytics Startups to WatchTo read this article in full or to leave a comment, please click here

Windows 10 gets its first set of security patches

Released almost two weeks ago, the new Windows 10 operating system already has its first set of security patches.For August, Microsoft’s monthly round of security patches contains five bulletins that cover Windows 10, as well as a bulletin that covers the new Edge browser that runs on Windows 10.Overall, Microsoft released 14 security bulletins for this month’s Patch Tuesday—which occurs on the second Tuesday of each month.Three of the bulletins were marked as critical, meaning that they should be patched as quickly as possible. A bulletin typically contains a set of patches for a single set of software products, such as all the supported versions of Windows.To read this article in full or to leave a comment, please click here

Oracle pulls blog post critical of security vendors, customers

Oracle published, then quickly deleted, a blog post criticizing third-party security consultants and the enterprise customers who use them.Authored by Oracle chief security officer Mary Ann Davidson, the post sharply admonished enterprise customers for reverse engineering, or hiring consultants to reverse engineer, the company’s proprietary software, with the aim of finding as of yet unfixed security vulnerabilities.The missive, entitled “No, You Really Can’t,” was issued Monday on Davidson’s corporate blog, then pulled a few hours later. The Internet Archive captured a copy of the post.To read this article in full or to leave a comment, please click here

BlackBerry denies its OS was to blame in Jeep Cherokee hack

Responding to an accusatory blog post, BlackBerry has again denied that its embedded operating system caused the potentially dangerous vulnerability recently demonstrated in Chrysler Jeep Cherokees.Last month, security researchers demonstrated how to circumnavigate the in-vehicle entertainment system of the Jeep Cherokee to take over the car itself, including control of the dashboard, steering mechanism, transmission, locks, and brakes.Over 1.4 million vehicles have subsequently been recalled to fix the problem. The dealerships will install updated software, though owners can install the update themselves.To read this article in full or to leave a comment, please click here

Qualys offers free IT asset management service for enterprises

IT security firm Qualys has unveiled a free inventory service that can help organizations keep track of all their computers and virtual machines.The service, called Qualys AssetView, provides an inventory of an organization’s computers and their software.Administrators can use the service to run reports that compile asset information, or to run search queries to find out which of their computers are running outdated or unlicensed software, for instance.Qualys AssetView gives IT and security staff a “simple and quick way” of figuring out what assets they have and what software is on them, said Sumedh Thakar, Qualys chief product officer.To read this article in full or to leave a comment, please click here

Who goes there? CA will know with Xceedium buy

In a move to round out its portfolio of enterprise identity management software, CA Technologies is acquiring security software provider Xceedium.The purchase will allow CA to offer to enterprises more comprehensive coverage of who is allowed on their sensitive networks and systems, according to CA.Identity management is proving to be an increasingly vital component to securely managing the enterprise. It is the process of assigning each employee or contractor a systems account, and then limiting that user to only those systems that he or she has a legitimate reason to use.The recent breach at the U.S. Office of Personnel Management might have been thwarted, for instance, through tighter access controls.To read this article in full or to leave a comment, please click here

Condé Nast parent company jumps into big data market with 1010data purchase

Advance, a global media group that owns the Condé Nast group of consumer publications, has ventured into the realm of data analysis, purchasing New York-based analytics firm 1010data for $500 million.Advance plans to infuse 1010data with capital to expand its operations, so it can take on more of the growing market for big data-styled analysis services.Sandy Steier, 1010data co-founder and CEO, in a statement issued Monday that there will be no disruption to its customers, employees nor to its business as a result of the acquisition, which will instead allow 1010data to grow more quickly.The purchase is a bit of an unusual one for Advance, which has filled its portfolio with traditional media properties.To read this article in full or to leave a comment, please click here

DataTorrent tackles complexity of Hadoop data ingestion

While the buzz around big data analysis is at a peak, there is less discussion about how to get the necessary data into the systems in the first place, which can involve the cumbersome task of setting up and maintaining a number of data processing pipelines. To help solve this problem, Santa Clara, California start-up DataTorrent has released what it calls the first enterprise-grade ingestion application for Hadoop, DataTorrent dtIngest. The application is designed to streamline the process of collecting, aggregating, and moving data onto and off of a Hadoop cluster. The software is based on Project Apex, an open source software package available under the Apache 2.0 license.To read this article in full or to leave a comment, please click here

Google: Lock up your Compute Engine data with your own encryption keys

Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they’re concerned about the company snooping on their corporate information.On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.“Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request,” wrote Leonard Law, Google product manager, in a blog post describing the new feature.To read this article in full or to leave a comment, please click here

Amazon posts a profit as AWS sales nearly double

Cloud services continue to grow by leaps and bounds for Amazon.com.The company reported that Amazon Web Services generated $1.8 billion in sales in the second quarter, up about 80 percent from the $1 billion it brought in a year earlier.That helped Amazon achieve a profit of $92 million, a turnaround from its loss of $126 million in last year’s second quarter.Overall revenue grew by 20 percent, reaching $23.18 billion.Amazon offers an increasingly broad range of products and services, including an e-commerce site, video streaming, cloud computing, ebook readers, tablets and phones.The company continues to briskly roll out new online services. During this last quarter, it launched Amazon Business, an e-commerce portal for businesses, as well as Amazon Mexico, a version of its e-commerce site specifically for that country. It also introduced the Amazon Echo, a voice-controlled device for ordering Amazon products or playing music and audio news.To read this article in full or to leave a comment, please click here

Blackberry delves deeper into security with AtHoc purchase

BlackBerry continues to shift its focus from selling mobile phones to securing them—as well as other portable devices, and increasingly connected items that are part of the Internet of things.“All of our investments and acquisitions go to one thing, to make the most secure mobile platform that the industry has to offer,” said John Chen, BlackBerry executive chairman and CEO, kicking off a morning of presentations at the company-sponsored BlackBerry Security Summit, held Thursday in New York.BlackBerry still sells handsets, but, to judge from the day’s presentations, it clearly sees a brighter future now in enterprise mobile security, where it can best leverage its remaining strengths in the market.To read this article in full or to leave a comment, please click here

Five arrested in JPMorgan hacking case

U.S law enforcement officials have arrested five individuals who reportedly were involved in the high-profile 2014 computer hacking of JPMorgan.Three of the individuals were arrested for stock manipulation while the other two were arrested for running an illegal Bitcoin exchange, according to the FBI.To read this article in full or to leave a comment, please click here

Amazon releases open source cryptographic module

Potentially saving the world from another online security disaster like last year’s Heartbleed, Amazon Web Services has released as open source a cryptographic module for securing sensitive data passing over the Internet.The software, s2n, is a new implementation of Transport Layer Security (TLS), a protocol for encrypting data. TLS is the successor of SSL (Secure Sockets Layer), both of which AWS uses to secure most of its services.The AWS engineers who designed s2n, short for signal-to-noise, reduced the amount of code needed to implement TLS, with the hopes of making it easier to spot potential security vulnerabilities.To read this article in full or to leave a comment, please click here

MIT tests ‘software transplants’ to fix buggy code

Like visiting a junk yard to find cheap parts for an aging vehicle, researchers from the Massachusetts Institute of Technology have come up with a way to fix buggy software by inserting working code from another program.Using a system they call CodePhage, the researchers were able to fix flaws in seven common open-source programs by using, in each case, functionality taken from between two and four “donor” programs.Fixing such errors can help make code more secure, since malicious hackers often exploit flaws to gain entry to a system. CodePhage can recognize and fix common programming errors such as out of bounds access, integer overflows, and divide-by-zero errors.To read this article in full or to leave a comment, please click here

Microsoft acquires BlueStripe for operations management

To help enterprise customers better manage applications sprawled across hybrid clouds, Microsoft has purchased BlueStripe Software, a provider of technology for watching over distributed applications.Microsoft plans to fold BlueStripe’s software into its System Center and Operations Management Suite software for managing IT resources, giving users more details on how their applications are running on premise and in the cloud.“BlueStripe’s enterprise-class solution enables IT professionals to move from monitoring IT at the infrastructure level to gaining visibility into applications at the transaction level,” Mike Neil, Microsoft general manager for the enterprise cloud operations, wrote in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Microsoft Surface Hub goes on sale in September

Microsoft has a gigantic new member of its Surface family of touch-enabled devices called the Surface Hub, a widescreen all-in-one computer that can act as the focal point of conference-room meetings.Announced in January, the Surface Hub will go on sale in September, according to Brian Eskridge, senior manager for the Microsoft Surface Hub. Pre-orders for the computer begin Wednesday.The company is marketing the Surface Hub as a less expensive, and easier to maintain, replacement for the traditional assortment of office audio-video and computer equipment used in today’s conference rooms.To read this article in full or to leave a comment, please click here

Microsoft fixes buggy browser in Patch Tuesday update

Internet Explorer, always heavily scrutinized by both security researchers and online attackers, has once again gotten the majority of patches in this month’s Microsoft’s Patch Tuesday round of monthly bug fixes.For June, Microsoft issued 8 bulletins, which collectively contain 45 patches. The bulletin for IE alone MS15-06 contains 24 patches, including 20 that cover critical flaws, meaning they should be applied as quickly as possible.Other bulletins cover faults in the Windows operating system, the Office suite, Windows Media Player, Active Directory, and the Exchange Server.To read this article in full or to leave a comment, please click here

CA acquires Grid-Tools for agile development

Adding to a growing portfolio of software development applications, CA Technologies has acquired Grid-Tools, whose software automates the process of testing newly-built applications.CA customers will be able to use Grid-Tools’ products to build software using agile development methodologies, in which small teams work in close collaboration to quickly build and update large applications.Last week, CA announced it is purchasing for $480 million Rally Software, which offers a set of software and cloud services to help developers manage complex software projects.To read this article in full or to leave a comment, please click here

IBM muscles up on OpenStack with Blue Box buy

Betting that demand for hybrid clouds will grow strongly, IBM has acquired Blue Box, which specializes in offering OpenStack open source cloud hosting services.IBM will use Blue Box’s technology and infrastructure to help its customers adopt hybrid cloud computing, so that their workloads can be easily moved between a public cloud and their own data centers.A private company, Blue Box gives organizations an alternative to setting up and deploying the OpenStack internally, offering the software stack as a service instead. This allows an organization to control workloads from a single console whether they run on Blue Box’s private cloud or on internal infrastructure.To read this article in full or to leave a comment, please click here

Silk Road mastermind Ulbricht sentenced

The creator and chief operator of the Silk Road has been sentenced to two life sentences in jail for running the online drug marketplace, which federal prosecutors estimated facilitated the sales of more than US$213 million worth of drugs and other unlawful goods between 2011 and 2013.The life sentences are to be served concurrently, along with a five-year sentence for hacking and twenty years for money laundering. The government is also seeking $183 million from Ulbricht based on the profits he made.In February, Ross Ulbricht was found guilty of multiple charges related to the operation of Silk Road, including narcotics conspiracy, engaging in a continuing criminal enterprise, conspiracy to commit computer hacking and money laundering. The narcotics and criminal enterprise charges carry maximum penalties of life in prison. Under current federal sentencing laws, Ulbricht faced at least 20 years behind bars.To read this article in full or to leave a comment, please click here