When shopping online and paying with a credit card or debit card, you have to enter the three-digit CVV (card verification value) from the back. These are card-not-present transactions, and entering the security code is supposed to help verify that you physically have the card. But cyber thugs have plenty of ways to get hold of your CVV and burn through your money until you happen to notice the purchases and cancel your card. In fact, card-not-present transactions made up 65 percent of all card fraud.A French digital payment security company called Oberthur Technologies (OT) thinks it can do away such fraud by changing static CVVs to dynamic CVVs, which change every hour. If a crook gets hold of your card number, his or her shopping spree could last no more than an hour; after the security code changes, the card number would be useless.To read this article in full or to leave a comment, please click here
Most of the recent data breaches involve customer information such as user names and passwords, credit card numbers, and medical histories. The companies hacked are hurt -- they have to contact victims, pay for credit monitoring services and fines, and may lose customers, brand reputation, and market value -- but that is collateral damage.Or it has been.Increasingly, attackers are using data leaks to target the companies themselves, going after proprietary or embarrassing information and releasing it in such a way as to do the most harm.That's a change that companies need to be aware of, said Andrew Serwin, co-chair of the global privacy and data security group at San Francisco-based law firm Morrison & Foerster.To read this article in full or to leave a comment, please click here
The Internet Corporation for Assigned Names and Numbers, the long-time coordinator of the internet's Domain Name System, is independent of U.S. government oversight, at least for now.The U.S. National Telecommunications and Information Administration's planned turnover of ICANN oversight to the wider internet community happened early Saturday morning, despite a last-ditch lawsuit filed by four state attorneys general attempting to block the move.Late Friday, a judge in Texas refused to issue an injunction that would have forced the NTIA to retain its oversight of ICANN's coordination of the Domain Name System root and IP addressing functions.To read this article in full or to leave a comment, please click here
No man is an island.Neither are enterprise IoT projects. Enterprise technology is meant to enhance customer service and improve business efficiency. Internet of Things (IoT) projects have to integrate with other business applications to make this happen. How do you bridge IoT islands to mainland business applications?A recent project by Ephlux with Oracle IoT Cloud Service shows the way.
The need
The project involved a commercial HVAC contracting service that handled the installation and repair of several thousand air conditioners. The company was struggling to provide good customer service without eroding their profit margins.To read this article in full or to leave a comment, please click here
“If you ever happen to find yourself in Indonesia, there are two important things you need to know about the way the internet operates there. The first thing is before anyone can look at anything online all of the content first has to pass through this tiny, disorganized, chaotic server room in Jakarta. The second thing you need to know is that there’s a man in charge of that room” — and he can take anything offline at any time.To read this article in full or to leave a comment, please click here(Insider Story)
Attackers have a time advantage over static computer networks because the bad guys can simply hover around the network for long periods, study it and look for an advantage. The computer network is usually just sitting there, dawdling like unfortunate prey silhouetted in a hunter’s rifle scope.The observing hackers can even disappear for a while, return and find nothing’s changed. The vulnerabilities are still in place. Bang! The perp hits when it’s convenient, and it’s all over.The best solution to this time-advantage problem are computer defenses that sense malevolent investigations of the network and then squirt the attack over to a fake network that proffers no intelligence about the genuine network, according to some. They were written about as long ago as 2004 in the International Journal of Digital Evidence (PDF).To read this article in full or to leave a comment, please click here
The source code for a trojan program that infected hundreds of thousands of internet-of-things devices and used them to launch distributed denial-of-service attacks has been published online, paving the way for more such botnets.The code for the trojan, which its creator calls Mirai, was released Friday on an English-language hackers' forum, cybersecurity blogger Brian Krebs reported over the weekend. Krebs' website was the target of a record DDoS attack two weeks ago that was launched from the Mirai botnet.The trojan's creator, who uses the online handle Anna-senpai, said that the decision to release the source code was taken because there's a lot of attention now on IoT-powered DDoS attacks and he wants to get out of this business.To read this article in full or to leave a comment, please click here
So, I’ve decided I need to improve the privacy and security of my life (especially as it relates to computing). And I’ve come to the conclusion that in order to effectively do this, I need to focus on utilizing open source software as much as possible.
What next?
Let’s start at a very simple, basic level: the operating system of my laptop computers (I don’t actually have a desktop currently, but the same ideas will apply) and how they connect to the internet.To read this article in full or to leave a comment, please click here
AMD's new 7th Generation Pro chips have hooks to let PC users easily upgrade to next-generation Zen chips that could come out next year.The new Pro chips, code-named Bristol Ridge, are for business desktops, and will appear in PCs from HP and Lenovo. The ability to easily upgrade is a big deal because it lets users avoid buying new PCs in order to get the Zen chips when they come out.It'll work like this: users buy a desktop with the new AMD Pro chip, but upgrade to Zen later on by replacing chips in the socket.There's a lot to like in the new AMD Pro chips, but there's even more excitement around Zen, which will provide a 40 percent improvement in CPU performance. The new AMD Pro will be compatible with the AM4 socket, which provides the basis for upgrades to Zen.To read this article in full or to leave a comment, please click here
Data center power management vendor Eaton’s newest product has sensors that that the company says will proactively warn customers of when equipment component failures are likely to occur.Eaton’s announcement today of PulseIngisht Analaytics is part of a broader trend in the data center infrastructure management (DCIM) market moving to cloud-based platforms, says 451 Research director for data center technologies Rhonda Ascierto. Vendors such as Eaton, Schneider Electric and Emerson Network Power are evolving their platforms to collect more data their power systems generate and analyze it to provide customers with detailed information about data center performance, and even help predict and prevent downtime from equipment failure.To read this article in full or to leave a comment, please click here
Waratek is introducing a feature to its Java-protection platform that enables upgrading to the current version of Java without having to install Java updates or touch the apps running within the Java virtual machine.The latest version of its AppSecurity for Java uses secure virtual containers around the entire Java application stack to apply the security and performance features of the current Java 8 platform’s security and performance levels without having to install Java 8, the company says.The alternative would be to replace the Java Runtime Environment (JRE) and upgrade the application code directly. That would involve taking the application offline while the upgrades are performed.To read this article in full or to leave a comment, please click here
The European Commission is preparing to fine Google for paying smartphone makers to exclusively use its search engine on their mobile devices, according to Reuters.The European Union's antitrust authority filed a so-called statement of objections against Google in April, accusing it of forcing smartphone makers to exclusively use its search engine if they want access to the Play Store, through which phone users can download and purchase other apps.Now the Commission has sent a redacted copy of that statement of objections to complainants, Reuters reported after seeing the document.To read this article in full or to leave a comment, please click here
Rotating cryptographic keys is a security best practice, so it's good news that ICANN has begun the process to change the root key pair underpinning the security of the DNS. While the chances of a misstep is small, the fact remains that changing the root key pair has never been done before. A mistake can potentially -- temporarily -- break the Internet.No pressure, ICANN.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don't have to remember strings of numbers in order to access web applications and services. However, attackers can hijack legitimate DNS requests to divert users to fraudulent sites through DNS cache poisoning or DNS spoofing.To read this article in full or to leave a comment, please click here
The tech world is famous for producing entrepreneurs who turn startups into corporate empires while radically changing the way people work, play and interact.To read this article in full or to leave a comment, please click here(Insider Story)
Dell recently sent us its R730xd PowerEdge rack server with uprated Intel Broadwell-series CPUs. The company claims that the 2U server with 22 cores is 20% faster than boxes running the older Haswell family of Intel chips.To read this article in full or to leave a comment, please click here(Insider Story)
The hacking group trying to auction off NSA-linked Equation Group hacking tools is unhappy because no one has coughed up the big bucks yet to buy the exploits.On Saturday, the Shadow Brokers took to Medium to release the group’s third message. The hackers sound hurt that people don’t trust them and – if cursing is any indication – the hackers are angry that the Equation Group cyber weapons auction has flopped so far.The Shadow Brokers want $1 million dollars and sound irritated that interested parties want the stolen hacking tools for free. “Peoples is having interest in free files. But people is no interest in #EQGRP_Auction.”To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.The Internet of Things (IoT) promises to produce troves of valuable, fast moving, real-time data, offering insights that can change the way we engage with everyday objects and technologies, amplify our business acumen, and improve the efficiencies of the machines, large and small, wearable and walkable, that run our world.But without careful, holistic forethought about how to manage a variety of data sources and types, businesses will not only miss out on critical insights, but fall behind the status quo. Here’s how to get prepared to wrangle and extract meaning from all of the data that’s headed your way:To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Everyone says there is an information security talent gap. In fact, some sources say the demand for security professionals exceeds the supply by a million jobs. Their argument is basically this: attacks are not being detected quickly or often enough, and the tools are generating more alerts than can be investigated, so we need more people to investigate those alarms.Makes sense, right?Wrong.We believe that, even if companies aroaund the world miraculously hired a million qualified InfoSec professionals tomorrow there would be no change in detection effectiveness and we would still have a “talent gap.” The problem isn’t a people issue so much as it is an InfoSec infrastructure issue.To read this article in full or to leave a comment, please click here
By any measure, Softbank is one massive conglomerate. It owns all or a chunk of Sprint, Vodaphone, ARM Holdings and Alibaba Group, among its many investments. The ARM deal was perhaps the oddest, and most expensive at $32 billion. The claim at the time of the purchase was it would give Softbank a window into the Internet of Things (IoT). But according to Softbank’s CEO, the reasoning goes back much further.Founder and CEO Masayoshi Son told Nikkei Asian Review that he'd had his eye on ARM for more than a decade, and it was due to a meeting with the late Steve Jobs.To read this article in full or to leave a comment, please click here
Getting work done faster on the command line is one of the never changing goals of Unix sysadmins. And one way to do this is to find easy ways to reuse commands that you have entered previously – particularly if those commands are complex or tricky to remember. Some of the ways we do this include putting the commands in scripts and turning them into aliases. Another way is to reissue commands that you have entered recently by pulling them from your command history and reusing them with or without changes. The easiest and most intuitive way to reissue commands is by using the up and down arrows on your keyboard to scroll through previously entered commands. How far back you can scroll will depend on the size of your history buffer. Most people set their history buffers to hold something between 100 and 1,000 commands but some go way beyond that. Hitting the up arrow 732 times might try your patience, but there are are fortunately easy ways to get what you need without wearing out your finger tip! To make this post a little easier to follow, I'm using a modest HISTSIZE setting. You can view your Continue reading