Biometric technologies may soon replace cumbersome passwords, but the U.S. National Institute of Technology is looking out to a time when you won't even have to press your finger onto a grimy fingerprint reader to gain entry to a computer.NIST has funded a number of companies to make touchless fingerprint readers possible, and is creating a framework for evaluating possible technologies for widespread use.Touchless fingerprint readers could be particularly useful for quickly identifying large numbers of people, such as a queue entering a controlled facility, NIST contends. Germaphobes would also appreciate the technology, as they would not have to touch potentially germy fingerprint readers to gain access to their computers.To read this article in full or to leave a comment, please click here
Hewlett-Packard has devised two new ways of securing enterprise systems in the endless war on malicious network attackers.One service inspects the Internet addresses being requested by employees for malicious links and the other service learns how an organization's coders write their programs.The two new releases aim to "protect the interactions among your most valuable assets: your users, your applications and your data," said Frank Mong, HP vice president of solutions. The company announced the new software at the HP Protect security conference, held this week near Washington.HP DNS Malware Analytics (DMA) monitors outbound DNS (Domain Name System) requests to ensure employee browsers aren't contacting rogue or malware Web sites. A DNS server provides specific numeric Internet addresses to end-user computers requesting Web sites by their domain names.To read this article in full or to leave a comment, please click here
VMware is making a case that network virtualization can improve security in the enterprise.VMware, one of the biggest proponents of virtualizing the entire data center, says CIOs concerned about protecting their IT infrastructures from attackers should look at virtual networking, which has been around a while but isn't as popular as server virtualization."The security industry is messy and complicated, and we spend the bulk of our dollars on products that don't really solve the problem. It simply isn't working," said Pat Gelsinger, VMware CEO, in a keynote talk at the VMworld conference in San Francisco.To read this article in full or to leave a comment, please click here
Today, organizations need to analyze data from multiple sources and, to stay competitive, they need to do it when the data is fresh off the wire. But installing the software to take on this task can be onerous.Open source software vendor Mesosphere plans to release a stack of integrated open source software that would make it easy for enterprises to capture data in real time and analyze it on the fly.The stack, called Mesosphere Infinity, is based on Apache Mesos open source software for managing clusters of servers. Mesosphere offers a commercial edition of this open source software called the Mesosphere Data Center Operating System, which is used in this package.To read this article in full or to leave a comment, please click here
Responding to allegations from anonymous ex-employees, security firm Kaspersky Lab has denied planting misleading information in its public virus reports as a way to foil competitors.“Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” reads an email statement from the company. “Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.”MORE: 13 Big Data & Analytics Startups to WatchTo read this article in full or to leave a comment, please click here
Released almost two weeks ago, the new Windows 10 operating system already has its first set of security patches.For August, Microsoft’s monthly round of security patches contains five bulletins that cover Windows 10, as well as a bulletin that covers the new Edge browser that runs on Windows 10.Overall, Microsoft released 14 security bulletins for this month’s Patch Tuesday—which occurs on the second Tuesday of each month.Three of the bulletins were marked as critical, meaning that they should be patched as quickly as possible. A bulletin typically contains a set of patches for a single set of software products, such as all the supported versions of Windows.To read this article in full or to leave a comment, please click here
Oracle published, then quickly deleted, a blog post criticizing third-party security consultants and the enterprise customers who use them.Authored by Oracle chief security officer Mary Ann Davidson, the post sharply admonished enterprise customers for reverse engineering, or hiring consultants to reverse engineer, the company’s proprietary software, with the aim of finding as of yet unfixed security vulnerabilities.The missive, entitled “No, You Really Can’t,” was issued Monday on Davidson’s corporate blog, then pulled a few hours later. The Internet Archive captured a copy of the post.To read this article in full or to leave a comment, please click here
Responding to an accusatory blog post, BlackBerry has again denied that its embedded operating system caused the potentially dangerous vulnerability recently demonstrated in Chrysler Jeep Cherokees.Last month, security researchers demonstrated how to circumnavigate the in-vehicle entertainment system of the Jeep Cherokee to take over the car itself, including control of the dashboard, steering mechanism, transmission, locks, and brakes.Over 1.4 million vehicles have subsequently been recalled to fix the problem. The dealerships will install updated software, though owners can install the update themselves.To read this article in full or to leave a comment, please click here
IT security firm Qualys has unveiled a free inventory service that can help organizations keep track of all their computers and virtual machines.The service, called Qualys AssetView, provides an inventory of an organization’s computers and their software.Administrators can use the service to run reports that compile asset information, or to run search queries to find out which of their computers are running outdated or unlicensed software, for instance.Qualys AssetView gives IT and security staff a “simple and quick way” of figuring out what assets they have and what software is on them, said Sumedh Thakar, Qualys chief product officer.To read this article in full or to leave a comment, please click here
In a move to round out its portfolio of enterprise identity management software, CA Technologies is acquiring security software provider Xceedium.The purchase will allow CA to offer to enterprises more comprehensive coverage of who is allowed on their sensitive networks and systems, according to CA.Identity management is proving to be an increasingly vital component to securely managing the enterprise. It is the process of assigning each employee or contractor a systems account, and then limiting that user to only those systems that he or she has a legitimate reason to use.The recent breach at the U.S. Office of Personnel Management might have been thwarted, for instance, through tighter access controls.To read this article in full or to leave a comment, please click here
Advance, a global media group that owns the Condé Nast group of consumer publications, has ventured into the realm of data analysis, purchasing New York-based analytics firm 1010data for $500 million.Advance plans to infuse 1010data with capital to expand its operations, so it can take on more of the growing market for big data-styled analysis services.Sandy Steier, 1010data co-founder and CEO, in a statement issued Monday that there will be no disruption to its customers, employees nor to its business as a result of the acquisition, which will instead allow 1010data to grow more quickly.The purchase is a bit of an unusual one for Advance, which has filled its portfolio with traditional media properties.To read this article in full or to leave a comment, please click here
While the buzz around big data analysis is at a peak, there is less discussion about how to get the necessary data into the systems in the first place, which can involve the cumbersome task of setting up and maintaining a number of data processing pipelines.
To help solve this problem, Santa Clara, California start-up DataTorrent has released what it calls the first enterprise-grade ingestion application for Hadoop, DataTorrent dtIngest.
The application is designed to streamline the process of collecting, aggregating, and moving data onto and off of a Hadoop cluster.
The software is based on Project Apex, an open source software package available under the Apache 2.0 license.To read this article in full or to leave a comment, please click here
Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they’re concerned about the company snooping on their corporate information.On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.“Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request,” wrote Leonard Law, Google product manager, in a blog post describing the new feature.To read this article in full or to leave a comment, please click here
Cloud services continue to grow by leaps and bounds for Amazon.com.The company reported that Amazon Web Services generated $1.8 billion in sales in the second quarter, up about 80 percent from the $1 billion it brought in a year earlier.That helped Amazon achieve a profit of $92 million, a turnaround from its loss of $126 million in last year’s second quarter.Overall revenue grew by 20 percent, reaching $23.18 billion.Amazon offers an increasingly broad range of products and services, including an e-commerce site, video streaming, cloud computing, ebook readers, tablets and phones.The company continues to briskly roll out new online services. During this last quarter, it launched Amazon Business, an e-commerce portal for businesses, as well as Amazon Mexico, a version of its e-commerce site specifically for that country. It also introduced the Amazon Echo, a voice-controlled device for ordering Amazon products or playing music and audio news.To read this article in full or to leave a comment, please click here
BlackBerry continues to shift its focus from selling mobile phones to securing them—as well as other portable devices, and increasingly connected items that are part of the Internet of things.“All of our investments and acquisitions go to one thing, to make the most secure mobile platform that the industry has to offer,” said John Chen, BlackBerry executive chairman and CEO, kicking off a morning of presentations at the company-sponsored BlackBerry Security Summit, held Thursday in New York.BlackBerry still sells handsets, but, to judge from the day’s presentations, it clearly sees a brighter future now in enterprise mobile security, where it can best leverage its remaining strengths in the market.To read this article in full or to leave a comment, please click here
U.S law enforcement officials have arrested five individuals who reportedly were involved in the high-profile 2014 computer hacking of JPMorgan.Three of the individuals were arrested for stock manipulation while the other two were arrested for running an illegal Bitcoin exchange, according to the FBI.To read this article in full or to leave a comment, please click here
Potentially saving the world from another online security disaster like last year’s Heartbleed, Amazon Web Services has released as open source a cryptographic module for securing sensitive data passing over the Internet.The software, s2n, is a new implementation of Transport Layer Security (TLS), a protocol for encrypting data. TLS is the successor of SSL (Secure Sockets Layer), both of which AWS uses to secure most of its services.The AWS engineers who designed s2n, short for signal-to-noise, reduced the amount of code needed to implement TLS, with the hopes of making it easier to spot potential security vulnerabilities.To read this article in full or to leave a comment, please click here
Like visiting a junk yard to find cheap parts for an aging vehicle, researchers from the Massachusetts Institute of Technology have come up with a way to fix buggy software by inserting working code from another program.Using a system they call CodePhage, the researchers were able to fix flaws in seven common open-source programs by using, in each case, functionality taken from between two and four “donor” programs.Fixing such errors can help make code more secure, since malicious hackers often exploit flaws to gain entry to a system. CodePhage can recognize and fix common programming errors such as out of bounds access, integer overflows, and divide-by-zero errors.To read this article in full or to leave a comment, please click here
To help enterprise customers better manage applications sprawled across hybrid clouds, Microsoft has purchased BlueStripe Software, a provider of technology for watching over distributed applications.Microsoft plans to fold BlueStripe’s software into its System Center and Operations Management Suite software for managing IT resources, giving users more details on how their applications are running on premise and in the cloud.“BlueStripe’s enterprise-class solution enables IT professionals to move from monitoring IT at the infrastructure level to gaining visibility into applications at the transaction level,” Mike Neil, Microsoft general manager for the enterprise cloud operations, wrote in a blog post Wednesday.To read this article in full or to leave a comment, please click here
Microsoft has a gigantic new member of its Surface family of touch-enabled devices called the Surface Hub, a widescreen all-in-one computer that can act as the focal point of conference-room meetings.Announced in January, the Surface Hub will go on sale in September, according to Brian Eskridge, senior manager for the Microsoft Surface Hub. Pre-orders for the computer begin Wednesday.The company is marketing the Surface Hub as a less expensive, and easier to maintain, replacement for the traditional assortment of office audio-video and computer equipment used in today’s conference rooms.To read this article in full or to leave a comment, please click here
Joab Jackson