It has been interesting watching the conversation around the rise of Docker and the general attention that containers have received in the past few years. Most fascinating has been the reaction of vendors who make their revenue primarily through virtualization technologies. These vendors have been quick to assert that containers are not secure and that in order to assure certainty for an organization, either containers shouldn't be used at all (their preference, obviously) or they should be used within the ongoing context of virtualized servers.Against this narrative runs two forces. First, the container companies (notably, Docker), while being careful to not alienate their virtualization vendor partners, try to assure customers that containers are actually inherently safe. The second narrative comes from third-party vendors that offer security solutions for containers. These players agree that containers have some fundamental flaws, but their solution resolves these issues.To read this article in full or to leave a comment, please click here
The best Linux shell apps for handling common functionsEver consider the idea of living entirely in a Linux terminal? No graphical desktop. No modern GUI software. Just text—and nothing but text—inside a Linux shell. It may not be easy, but it’s absolutely doable. I recently tried living completely in a Linux shell for 30 days. What follows are my favorite shell applications for handling some of the most common bits of computer functionality (web browsing, word processing, etc.). With a few obvious holes. Because being text-only is hard.To read this article in full or to leave a comment, please click here
High demandSoftware engineers are in high demand across the United States, and depending upon where you live, you can make a killing at this job. But don’t overlook what you’re really making, when you factor in the cost of living. Online jobs marketplace Glassdoor has crunched the numbers by looking at the ratio of each city’s local median software engineer base salary to its official cost of living figures from the federal government.To read this article in full or to leave a comment, please click here
Compensation extras add up for tech CEOsTech CEOs enjoyed a wide range of perks, from corporate aircraft and auto usage to home security, club memberships and financial planning services. Here are the 12 tech CEOs who indulged the most.RELATED: 20 highest paid tech CEOs | Biggest raises and pay cuts | single-page chart of 62 tech CEOs' total pay |To read this article in full or to leave a comment, please click here
If software is indeed "eating the world," as famed venture capitalist and prognosticator on pretty much everything Marc Andreessen once opined, then it goes without saying that the pipes that have the unenviable task of carrying that software become ever more critical. The more important the internet, the more the underlying network of undifferentiated "dumb pipes" becomes important. This has led to the rise of myriad vendors that all help to ensure those "dumb pipes" keep working. A case in point is Veriflow, a company that is bringing a new approach to network breach and outage detection via mathematical network verification.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Alight Enterprise CloudKey features: a platform for deploying vertical applications for mortgage banking, mining/energy, telecommunications and high tech that show the financial ripples of potential decisions across the enterprise. More info.To read this article in full or to leave a comment, please click here
A second man has pleaded guilty to using a phishing scheme to get access to private and sensitive videos and photographs of people in the entertainment industry in Los Angeles.Edward Majerczyk, 28, a resident of Chicago and Orland Park, Illinois, has admitted in a plea agreement entered in the U.S. District Court for the Central District of California that between Nov. 23, 2013 through August 2014, he had engaged in a phishing scheme to obtain usernames and passwords from his victims, according to the U.S. Attorney’s Office for the Central District of California.Majerczyk gained access to the victims’ usernames and passwords after he sent them emails that appeared to be from security accounts of internet service providers. These mails directed the victims to a website that would collect their usernames and passwords. After illegally accessing the email accounts, he obtained personal information including sensitive and private photographs and videos, according to his plea agreement.To read this article in full or to leave a comment, please click here
I’ve tested a few dash cams in the last year (for example the Swann DriveEye and the Papago GOSAFE 520) and I’ve been impressed. Even if you’re not planning to capture the next meteor screaming over your town and shattering windows for miles around, it’s a great hedge against fraudulent insurance claims against you and terrific documentation for any road travel incidents you might have. But as with all technology, while there’s a lot of value in point application, when the point data is aggregated and treated as Big Data, amazing opportunities and insights emerge … which is exactly what comes from turning your iPhone into an ultra-sophisticated dash cam with the Nexar app.To read this article in full or to leave a comment, please click here
If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.To read this article in full or to leave a comment, please click here
Car hacking is not only a “thing” but it's also a thing that’s in its early days and because there’s the potential for exploits with serious and quite possibly life-threatening consequences, automotive cybersecurity is something we should all be very concerned about. Just imagine your own car traveling at speed and having your ability to steer, alter speed, and brake, taken away and then being ransomed to regain control. Charles01 / Wikipedia
Chrysler Jeep CherokeeTo read this article in full or to leave a comment, please click here
Solar Roadways believes the road ahead should be paved with solar panels. The Idaho startup makes hexagonal solar panels that it's trying to get installed on U.S. roads. The goal is to generate enough energy to power homes and businesses, and the panels can even light up to display programmable road markings.
It's a lofty idea but the company has gained some early support. Solar Roadways has completed three rounds of testing with the U.S. Department of Transportation and in 2014 it raised over $2 million on Indiegogo. The project has also caught the attention of Missouri's Department of Transportation, which will install the panels, as part of a pilot program, on a sidewalk in front of the Route 66 Welcome Center in Conway. To read this article in full or to leave a comment, please click here
Attackers are developing an aggressive new ransomware program for Windows machines that encrypts user files as well as the computer's master boot record (MBR), leaving devices unable to load the OS.The program is dubbed Satana -- meaning "Satan" in Italian and Romanian -- and, according to researchers from security firm Malwarebytes, it is functional but still under development.Satana is the second ransomware threat affecting the MBR and seems inspired by another program, Petya, that appeared in March.To read this article in full or to leave a comment, please click here
A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.To read this article in full or to leave a comment, please click here
The advent of high-resolution video recording in smartphones has been a boon for fans looking for concert footage on YouTube, but the bands aren't so keen on their concerts appearing for free online before the show even ends.Of course, it also sucks to be at a concert and have your view blocked by the dozens of smartphones being held up to take pictures and video.So it seems Apple, which has been trying to cozy up to the music industry, has come up with a fix that sounds good on paper but has potential for misuse. It has been granted a patent, first filed in 2011 and refiled in 2014, that allows the iPhone camera to detect an infrared signal that will give instructions or information to the camera.To read this article in full or to leave a comment, please click here
Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.To read this article in full or to leave a comment, please click here
Finding insight in oceans of data is one of enterprises' most pressing challenges, and increasingly AI is being brought in to help. Now, a new tool for Apache Spark aims to put machine learning within closer reach.Announced on Friday, Sparkling Water 2.0 is a major new update from H2O.ai that's designed to make it easier for companies using Spark to bring machine-learning algorithms into their analyses. It's essentially an API (application programming interface) that lets Spark users tap H2O's open-source artificial-intelligence platform instead of -- or alongside -- the algorithms included in Spark's own MLlib machine-learning library.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
The advent of worker mobility and cloud computing have played havoc with the traditional network perimeter. At one time the perimeter was a well-established concept. All of our users, locations, data centers and applications were inside this zone protected by strong network security. That notion seems almost quaint today.
With mobile users and data and applications in the cloud, the old perimeter has basically dissolved, leading to the development of entirely new security tools—secure web gateways, cloud access security brokers, enterprise mobility management, and so on. These new products and services augment the traditional network security stack of firewalls, anti-virus, email and web filtering, etc.To read this article in full or to leave a comment, please click here
DARPA recently said that it had finished integrating seven space-watching networks that will feed tons of new Earth-orbiting junk data into what the agency calls “the largest and most diverse network of space situational awareness networks ever assembled.”+More on Network World: NASA’s hot Juno Jupiter mission+DARPA’s OrbitOutlook (O2) program brings seven previously separate new space sensor networks together that could ultimately feed into the United States Space Surveillance Network (SSN), a worldwide network of 29 military radar and optical telescopes operated by the Air Force as well as NASA, the FAA and other entities that could use the information.To read this article in full or to leave a comment, please click here
Spain has joined the scrum of tax authorities examining Google's accounts to see if the company has paid all that it should.A team of 35 inspectors from Agencia Tributaria, the Spanish tax authority, raided Google offices on two sites in Madrid on Thursday, according to Spanish newspaper El País. The authority requested court approval for the raid on Tuesday, the report said.They were investigating the tax liabilities of Google's subsidiaries in Spain and Ireland, through which the company channels much of its European revenue.+ ALSO ON NETWORK WORLD Is Google pushing the cloud envelope too far? +To read this article in full or to leave a comment, please click here
Leading tech groups hailed the release of Hillary Clinton's agenda for promoting technology and innovation, praising the presumptive Democratic presidential nominee's focus on issues like cybersecurity and her acknowledgement that the industry is vital to the nation's economic prosperity.[ Related: Obama, Zuckerberg push better broadband, innovative startups ]Clinton's "initiative on technology and innovation" comes as the most detailed elucidation of a technology platform from a major presidential candidate this election season, a multi-pronged plan that touches on issues like promoting science and technical education, building out broadband infrastructure and defending net neutrality.To read this article in full or to leave a comment, please click here