Cisco's security team today called the weakness in Apache Struts “critical” and is evaluating many its products to assess the impact.The company said it will publish a list of vulnerable products here as it learns of them.Earlier this week Apache revealed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could let an attacker execute commands remotely on the targeted system using what’s known as acrafted Content-Type header value.-More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+To read this article in full or to leave a comment, please click here
Google is letting its customers get a taste of its cloud for free, without a time-limited trial. The company quietly launched a new “Always Free” tier on Thursday that lets people use small amounts of its public cloud services without charge, beyond the company’s limited-time trial.The tier includes — among other things — 1 f1-micro compute instance, 5 GB per month of Regional Storage and 60 minutes per month of access to the Cloud Speech API. Using the free tier requires users to provide a credit card that Google can automatically bill for any use over the limits.In addition, the cloud provider expanded its free trial so that users get $300 in credits that they can use for up to 12 months. Google will halt users’ workloads if they eat up all of the credits before the end of 12 months.To read this article in full or to leave a comment, please click here
Just what is a security operations and analytics platform architecture (SOAPA) anyway? In the past, most enterprises anchored their security analytics and operations with one common tool: Security Information and Event Management (SIEM) systems. Now, SIEM still plays a major role here, but many organizations are supplementing their security operations centers (SOCs) with additional data, analytics tools and operations management systems. We now see SOCs as a nexus for things like endpoint detection and response tools (EDR), network analytics, threat intelligence platforms (TIPs) and incident response platforms (IRPs). In aggregate, security operations is changing, driven by a wave of new types of sensors, diverse data sources, analytics tools and operational requirements. And these changes are driving an evolution from monolithic security technologies to a more comprehensive event-driven software architecture along the lines of SOA 2.0, where disparate security technologies connected with middleware for things like data exchange, message queueing and business-level trigger conditions. To read this article in full or to leave a comment, please click here
Three of my four children are of school-going age. When they arrive home in the afternoon, the youngest usually makes a dash for the games console, the middle one is tired to the point of being miserable, and the eldest announces herself loudly, wanting to share every detail from her day with anyone who will lend an ear. The only thing they all seem to have in common is that they are hungry and want dinner.RELATED: What IT admins love/hate about 8 top network monitoring tools
While I'm the type of parent who makes the children fish-finger sandwiches and declares them fed, my wife prefers to serve a lavish five-course meal. In the past, she would often customize meals to meet each child's individual taste and preference. After a while, I had to put a stop to it.To read this article in full or to leave a comment, please click here
Microsoft's FUSE Labs has announced it is killing So.cl (or just plain Socl), a multimedia-infused social network and search tool positioned as a complement to Facebook, Twitter, Pinterest, Tumblr and other more established social services. The So.cl (pronounced Social) service quietly launched at a few universities in late 2011, became generally available in 2012 and is being discontinued as of March 15.VISIT the 2016 Microsoft Product GraveyardThe free service could be accessed via a Microsoft or Facebook account. (Confession: I created my first So.cl post this morning.)To read this article in full or to leave a comment, please click here
I have written at length about just how bad many legacy enterprise software products are. I was reminded about this recently when raising an invoice for one particular client. This client is an enterprise technology vendor, with some of the best software tools on the planet and extensive conceptual videos detailing just how its platforms enable enterprise application users to be as efficient as they are with their consumer technology tools.Alas, the reality of the internal tools that this particular vendor uses was very different from the hype. The task of raising a single invoice—a seemingly simple job—took on absolutely epic proportions with deep operating system and browser requirements, poor user experience, and, fundamentally, a system that didn't work. I came away, once again feeling nothing but sympathy for my friends who have to use these systems on a day-to-day basis.To read this article in full or to leave a comment, please click here
The International Monetary Fund in Washington is shifting some of its IT work overseas, and somewhere between 100 and 200 IT workers are impacted by this change.The work is being taken over by India-based IT managed services provider L&T Infotech, and the change was announced to the staff last year. The transition, which involves training L&T employees, is continuing through the end of this year. IMF IT workers are being to encourage to stay by means of an incentive package.The affected IT workers are all third-party contractors. Some of the contractors have been working at the IMF for five and 10 years or longer, and are viewed as staff for most purposes.To read this article in full or to leave a comment, please click here
The international body crafting the 5G standard has approved an accelerated roadmap that could see large-scale trials and deployments in 2019 instead of 2020.At a meeting this week in Dubrovnik, Croatia, the 3GPP signed off on a 5G work plan that several top mobile operators and network vendors came out in favor of last week. It would create an interim 5G specification before the full-scale standard is completed.It’s important to get the next generation of mobile out into the world soon because users keep increasing their data consumption, said Lorenzo Casaccia, vice president of technical standards at Qualcomm, in a blog post on Thursday. That’s why his company is backing the in-between spec, which is now expected to be done by the end of this year and available in software about three months later.To read this article in full or to leave a comment, please click here
The long-awaited Ryzen CPUs are finally here and AMD’s shiny new hardware arrived with helpful new software in tow.Following in the footsteps of the WattMan overclocking tool for Radeon graphics cards, the Ryzen Master overclocking tool is aimed at giving you complete control over your new Ryzen chip, allowing you to push your processor to the bleeding edge of its potential performance. Want to crank voltage higher, fiddle with clock speeds, monitor temperatures, or even completely disable some of your chip’s cores? AMD’s overclocking software enables all that and more.To read this article in full or to leave a comment, please click here
Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn’t. At Google Cloud Next, the company’s leadership made the case that Google Cloud was the most secure cloud.At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.To read this article in full or to leave a comment, please click here
The revelation through Wikileaks that the CIA has explored hacking vehicle computer control systems should concern consumers, particularly as more and more cars and trucks roll off assembly lines with autonomous features."I think it's a legitimate concern considering all of the computers being added to cars," said Kit Walsh, a staff attorney with the privacy group Electronic Frontier Foundation (EFF). "There's no reason the CIA or other intelligence agencies or bad actors couldn't use those vulnerabilities to hurt people.To read this article in full or to leave a comment, please click here
Earlier this week, Danish-speaking users were hit by malware spread through Dropbox, but the company responded quickly to shut down the attack.
According to a research report by AppRiver, the attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning.
The attack was unusual in that it narrowly targeted a specific audience, said Troy Gill, security analyst at AppRiver.
"Somehow, they found this language-based list of email addresses," he said. "I'm not sure where they gathered it."To read this article in full or to leave a comment, please click here
Mobile devices have transformed the digital enterprise allowing employees to access the information they need to be most productive from virtually anywhere. Has that convenience come at a cost to enterprise security, though?
According to Forrester's The State of Enterprise Mobile Security: 2016 to 2017, by Chris Sherman, "Employees are going to continue to purchase and use whatever devices and apps they need to serve customers and be highly productive, whether or not these devices are company-sanctioned."To read this article in full or to leave a comment, please click here
WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.But will software companies want it?The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified -- and it almost certainly is -- possessing it would be a crime.That was underlined on Thursday by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.To read this article in full or to leave a comment, please click here
The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here
Last November, when Google announced that machine learning research luminary Fei-Fei Li, Ph.D. would join Google’s Cloud Group Platform group, a lot was known about her academic work. But Google revealed little about why she was joining the company except she would lead machine learning for the Google Cloud business.After five months of suspense, yesterday Li revealed the focus of her new role during her keynote address at Google’s cloud developer conference, Cloud Next 2017. She will apply her experience to democratize machine learning to the enterprise. Her task: Study the problems that machine learning could solve in a wide variety of industries and enable enterprises to adopt machine learning.To read this article in full or to leave a comment, please click here
You’d be hard-pressed to write a better opening script than the one playing out for Cisco and its now year-old acquisition of Jasper. The $1.4 billion deal was to make Jasper technology the centerpiece of Cisco’s Internet of Things strategy and it has largely done that. Of course, challenges remain – improving security and product family integration among them but the companies are off to a good start.Cisco closed the deal on Jasper last March and since then Cisco says the number of companies using Jasper’s Control Center has grown to over 9,000 from 3,500 and the company continues to add 1.5 million devices a month. In addition, the number of service providers offering Control Center services has grown to 50 from 35. Control Center is the central component of Jasper that lets users automate connectivity as well as launch and manage all aspects of IoT services.To read this article in full or to leave a comment, please click here
In terms of made up holidays, Pi Day is the one that irritates me the least (compared with Talk Like a Pirate Day or Star Wars Day). Maybe it’s because there’s the opportunity of eating some pie (baked pie or pizza), or maybe it’s because I’m a semi-math geek.Maybe it’s because the founder of Pi Day, Larry Shaw, shares my last name (but we’re not directly related). See the video at the top of the page for more information on the origins of the holiday.Whatever the reason, I’m OK with Pi Day. Which is why I agreed to participate in the Network World Pi Day Challenge, set to stream live on Network World’s Facebook and YouTube channel (2 p.m. EDT on March 14).To read this article in full or to leave a comment, please click here
A systems administrator was showering the other day (maybe not literally) when he had this thought: “I’ve never actually seen Stack Overflow’s front page. I wonder what percentage of their traffic requests are to simply http://stackoverflow.com.”As with any knowledge market – and news sites such as this one – most of the traffic to Stack Overflow would be assumed to arrive at addresses other than its homepage. The wondering here was about details. And no one need wonder any longer, as stepping up to the plate is Nick Craver, Stack Overflow Architecture Lead:
Someone poked me for an answer here so here's some data:To read this article in full or to leave a comment, please click here
Relax, Mixpanel’s sales people probably aren’t going to pester you if you’re an enterprise IT pro. You’re not the target customer for this San Francisco-based provider of cloud-based analytics tools. But that doesn’t mean Mixpanel shouldn’t at least be on your radar since there’s a good chance you’re supporting people within your organization who might be using Mixpanel – we’re talking engineers, designers and other product development team members who want to get a better view of how their products are actually being used and received.MORE: 15 big data and analytics companies to watchTo read this article in full or to leave a comment, please click here