Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best, researchers could scan the entire web and collect those certificates being used on public servers. This made it very hard to discover cases where CAs issued certificates for domain names without the approval of those domains' owners.To read this article in full or to leave a comment, please click here
Looking to put a high-tech solution to a deadly problem the U.S. Department of Transportation has issued a proposed rule to standardize the development and implementation of vehicle communications technologies in cars and trucks. The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing “hundreds of thousands of crashes every year by helping vehicles “talk” to each other,” the DOT stated.+More on Network World: Six key challenges loom over car communication technology+To read this article in full or to leave a comment, please click here
If fake news reports by the mainstream news media are true, all it takes to create fake news are some clever Romanian or Macedonian teenagers with malicious intent and a website—and shazam the fake news propagates throughout Facebook. The reality is SEO, backlinks, paid promotion and other content strategies play a key role.It is odd that mainstream news media would miss the most critical issue because after all, organic and paid promotion of internet traffic is what has put most of them on financial life support.How fake news starts
Promotion starts with a fake news site with a credible URL name, such as realtruenews.org, probably built with WordPress and themed to look like a real news site. The end goal is to get tens or hundreds of thousands of gullible people to share the stories onto Facebook. Gullible reporters help, too.To read this article in full or to leave a comment, please click here
ChangeIP, which refers to itself as a "rockstar, low-cost and high-touch web host," has hit a sour note with customers over the past few days. The company on Monday afternoon reported that it "suffered a system wide DB failure that cascaded to all of our DB systems. Restore been on going since yesterday [Sunday, Dec. 11]." ChangeIP said that due to the size of its MySQL database, recovery was taking longer than anticipated and it was hard to say when a total restore would take place. Early on Tuesday (eastern time), the company said its DNS service had been restored, but that it was still working to restore its database and get web, dynamic DNS and control panel functions back in working order.To read this article in full or to leave a comment, please click here
With the U.S. Presidential election over, there is now talk about infrastructure investment, and by that, most people mean roads and bridges.But not so fast. The most important infrastructure of a modern economy or a modern business is the digital infrastructure. And it’s in worse shape than our roads and bridges. Most of today’s networks were put in place 20 years ago, well before the debilitating forces of cloud, big data, social, mobile computing, and most recently the Internet of Things (IoT) eroded their effectiveness and caused data traffic congestion.+ Also on Network World: Digital transformation: Not your grandfather’s bank +
Sure, these networks still work—they still chug along, even if they’re slower and more vulnerable than we’d like. And let’s face it; it’s human nature to take an "if it ain’t broke, don’t fix it" approach. But that approach didn’t work in the 1990s for the brick-and-mortar businesses as the internet era emerged, and it won’t work today for any company that needs to digitally transform and do business in the network age.To read this article in full or to leave a comment, please click here
I’m a Zen heretic, and so also is my sense of systems security.A very cogent citation describes the folly of it all. The people who install toolbars, click on random stuff and feel like they won something when they downloaded the free app are too plentiful, and security is too tough to understand—even PGP. Bringing up the bottom is as important as extending the top. We don’t ritualize security because that would be too tough, to impolite to do. Your mother did not teach you to use complex passwords and to change them as frequently as your underwear. Given some people I know, it’s a wonder they passed the “p@55w0rd” rubric they were trained to use.To read this article in full or to leave a comment, please click here
Harvesting electromagnetic energy from thin air to develop self-sustaining Internet of Things (IoT) communications may become reality thanks to a new technology called HitchHike. The goal is to reduce the need for continual maintenance of the expected billions of IoT installations. Researchers say they’re close to the finish line. Worst case scenario, they say they’ll be able to get Wi-Fi chips to run for 10 years on the same, small battery.“HitchHike is the first self-sufficient Wi-Fi system that enables data transmission using just micro-watts of energy, almost zero,” claims Pengyu Zhang, a Stanford researcher, in a recent press release from the school.To read this article in full or to leave a comment, please click here
Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.To read this article in full or to leave a comment, please click here
There are some things you just don't need -- until the price plummets to under $20 and then you can't grab your wallet fast enough. The Etekcity Lasergrip 1080 Digital Infrared Thermometer Temperature Gun aims with a laser while instantly measuring the temperature of almost anything you can shoot it at. List price is $49, but with the current 64% off deal you can snag it for just $17.88. The gun gets 4.5 out of 5 stars from over 2,300 reviewers (read reviews). Check electrical components, oven & fridge temps, check for drafts, find a frozen pipe, see if your beer is cold enough (because you can, that's why) -- at $17.88 it might pay for itself in just a few hours of wandering around the house. The Lasergrip 1080 has a measurable range of -58F to 1,022F (can display in celsius as well) and is powered by a 9-volt battery. If you've always wanted to check temps with lasers, see this heavily discounted item now at Amazon.To read this article in full or to leave a comment, please click here
Drones will start getting digital identification certificates under a new service being launched on Tuesday that hopes to bring trust and verification to the skies.The Drone IDs will be SSL/TLS certificates from DigiCert issued through AirMap, a provider of drone flight information data, and will first be available to users of Intel's Aero drone platform.Under the system, drone owners receive the digital ID in the form of an SSL/TLS certificate when they register for AirMap services. The ID is different from the identification number issued to drone owners by the U.S. Federal Aviation Administration and isn't part of any government scheme.To read this article in full or to leave a comment, please click here
Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren't enough qualified candidates to go around.When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 IT decision makers, 82 percent expressed a concern for the cybersecurity skills shortage. It's reached a point where the government has created the National Initiative for Cybersecurity and Studies (NICS) to help address the growing need for cybersecurity professionals, starting by getting kids introduced to cybersecurity as early as middle school.To read this article in full or to leave a comment, please click here
The incidents of ransomware -- especially crypto-ransomware, in which cybercriminals hack vulnerable systems, encrypt the data and hold it for ransom -- saw a huge spike in 2016, and the practice shows no signs of slowing down.According to Symantec's 2016 Internet Security Threat Report (ISTR), there were more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase over 2015, which saw an average 1,000 attacks per day, according to the ISTR.While organizations can't ever be completely protected, there are a number of steps you can take to minimize the risk and potential fallout from a ransomware attack, says Scott Millis, CTO at mobile security and secure device management platform Cyber adAPT.To read this article in full or to leave a comment, please click here
While it's become the standard productivity suite for many businesses, Microsoft Office has lacked a tool specifically built for group communication and collaboration.Office integrationTo read this article in full or to leave a comment, please click here(Insider Story)
Shadow ITImage by ThinkstockEvery employee is on a mission to find the next SaaS application that will make their job easier. With nothing more than a credit card and an expense report, anyone within the organization can sign-up for a new application in minutes.The problem is that employees are signing-up for SaaS apps without the knowledge or permission of their IT administrator. According to Gartner and Cisco, IT pros only know about 7% of the apps in use. Meaning, within any given organization, there are hundreds of unsecured SaaS apps, each a potential entry point for hackers to access your corporate data.To read this article in full or to leave a comment, please click here
Swift 3.1, a limited-focus upgrade to Apple's general purpose systems language, is due next spring, with a few enhancements to the language itself as well as to the Swift Package Manager and Swift on Linux. Source compatibility with Swift 3.0 also is a key goal.Apple detailed goals for the language in a recent bulletin, but the company already is looking past this upgrade to Swift 4, which is planned for late 2017, according to Apple's Ted Kremenek, release manager for Swift 3.1.[ InfoWorld's quick guide: Digital Transformation and the Agile Enterprise. | Download InfoWorld’s essential guide to microservices and learn how to create modern web and mobile applications that scale. ]
"To meet this goal, Swift 3.1 will include changes in mainline development, i.e. the master branch, only until January 16," Kremenek said. "After that date, there will be a 'bake' period in which only select, critical fixes will go into the swift-3.1-branch and move master on to Swift 4 development."To read this article in full or to leave a comment, please click here
According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here
Ransomware is always nasty business, but the latest variant discovered by the MalwareHunterTeam takes the nastiness to a whole ‘nother level.Turning victims into criminals
Apparently, the latest Popcorn Time ransomware adds a new twist to the standard M.O. of demanding payment from their victims or permanently lose access to their files. In what seems like a brilliant if seriously messed up maneuver, if victims don’t want to pay the Bitcoin ransom “the fast and easy way,” the program gives victims the option of paying up “the nasty way”—by sending the ransomware link on to others. To read this article in full or to leave a comment, please click here
A Silicon Valley biometrics company says it has developed a fingerprint sensor that can sit under glass so smartphone screens don't need a cutout or extra button to accommodate the sensor.The Synaptics FS9100 sensor can sit under a millimeter of glass and still provide accurate fingerprint readings, so it should be easier to integrate one under a display.At present, most fingerprint sensors have to sit above the glass, necessitating a cutout in the face of the phone or a dedicated button that houses the sensor. That's the case on market-leading handsets like the iPhone 7 and Samsung Galaxy S7.And while there are some fingerprint sensors that work under glass, that glass needs to be thinner than 1mm, so the glass needs to be shaved in the area of the sensor.To read this article in full or to leave a comment, please click here
President-elect Donald Trump added 131 votes to his winning margin in a recount in Wisconsin of ballots cast in the state for the recent U.S. presidential elections, but a significant part of the recount was not by hand.The recount was asked for by Green Party candidate Jill Stein after doubts were raised that the voting systems can be hacked. Wisconsin uses both the optical scan and direct-recording electronic types of voting machines, which are both susceptible to compromise, Stein said in a petition to the Wisconsin Elections Commission.To read this article in full or to leave a comment, please click here
The thin, lightweight design makes this hub a great travel companion to expand one USB 3.0 port into four. Each port has its own power switch so you can control each port independently. It currently averages 4.5 out of 5 stars on Amazon from over 4,300 people (read recent reviews). Its typical list price of $30 had been reduced 67% to just $10. See it on Amazon.To read this article in full or to leave a comment, please click here