Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don't mirror the security attributes of the original connections between clients and servers.HTTPS inspection checks the encrypted traffic coming from an HTTPS site to make sure it doesn't contain threats or malware. It's performed by intercepting a client's connection to an HTTPS server, establishing the connection on the client's behalf and then re-encrypting the traffic sent to the client with a different, locally generated certificate. Products that do this essentially act as man-in-the-middle proxies.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. As of mid-February, the plan for Verizon Communications to acquire a majority of Yahoo’s web assets is still on, despite the announcement of Yahoo having suffered two massive breaches of customer data in 2013 and 2014. The sale price, however, has been discounted by $350 million, and Verizon and Altaba Inc. have agreed to share any ongoing legal responsibilities related to the breaches. Altaba is the entity that will own the portion of Yahoo that Verizon is not acquiring.To read this article in full or to leave a comment, please click here
Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers.An investigation started by security researchers from Morphisec into a recent email phishing attack against high-profile enterprises pointed to a group that uses techniques documented by several security companies in seemingly unconnected reports over the past two months."During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much-discussed attack campaigns," Michael Gorelik, Morphisec's vice president of research and development, said in a blog post. "Based on our findings, a single group of threat actors is responsible for many of the most sophisticated attacks on financial institutions, government organizations, and enterprises over the past few months."To read this article in full or to leave a comment, please click here
An experiment by scholars at the Eindhoven University of Technology in the Netherlands has demonstrated a wireless network based on infrared rays that can move data at speeds of 42.8Gbps.The system, which is the work of new Ph.D recipient Joanne Oh, uses light “antennas,” which don’t have any moving parts, translating signals from a fiber-optic cable into infrared light and beaming them to receivers in the same room, which can be tracked by their return signals – when a user’s device moves out of one beam’s area of function, another light antenna can take over.+ALSO ON NETWORK WORLD: Cisco security advisory dump finds 20 warnings, 2 critical + Raspberry Pi roundup: Pi Day, Remembrances of Pis Past, competitor corner, STEM and SKULLSTo read this article in full or to leave a comment, please click here
Chief data officers (CDOs) are among the most highly sought-after executives among corporations for whom data analytics has become a cornerstone of digital strategies. But the rush to promote data-crunching experts to the CDO role has created a new challenge: Finding a leader who can use data to help drive a business transformation.Companies eager to establish data analytics have promoted managers to the CDO role based on their technical wizardry rather than their leadership capabilities, says Joshua Clarke, partner for executive recruiter Heidrick & Struggles, who highlighted the problem in "Choosing the right chief data officer," a new report detailing the rapid evolution of the CDO role.To read this article in full or to leave a comment, please click here
Researchers with the Defense Advanced Research Projects Agency will this month present a program that looks to develop a new generation of radiofrequency (RF) and millimeter-wave transistors to address the power and range requirements for billions of wirelessly communicating devices in everything from unmanned aircraft and home appliances to sensors and smartphones.+More on Network World: DARPA plan would reinvent not-so-clever machine learning systems+“The same basic transistor types have been dominant since their invention and we have been engineering the heck out of them for 50 years,” said Dan Green, a program manager in DARPA’s Microsystems Technology Office (MTO) and the overseer of the forthcoming Dynamic Range-enhanced Electronics and Materials (DREaM) program. “We’ve gotten a lot out of that approach, but the focus on so few types of transistor technologies and just a few semiconductor materials also has fundamentally limited us in the RF world.”To read this article in full or to leave a comment, please click here
Slack’s international customers are now able to set channel names in their native tongue, thanks to an update the group chat service rolled out Thursday.
According to an in-app bulletin, users will be able to set up rooms to discuss work and other topics using a wider variety of characters. As a result, users can name channels in Japanese, German, French and a wide variety of other languages. It’s an improvement over Slack’s previous set of heavy restrictions on channel names.
The news comes the same week that Microsoft released its competing Teams group chat app to Office 365 customers worldwide. At launch, Microsoft touted that the service supports 19 languages, and a test of its channel creation feature shows that it at least supports channel names using Japanese Hiragana, Simplified Chinese and Cyrillic characters.To read this article in full or to leave a comment, please click here
Facebook, Twitter and Google have been given a month to make changes to their user agreements in the European Union or face "enforcement action."European consumer authorities put the social media services on notice last November that their terms of service did not comply with EU law, asked them to make changes and to address the problem of scams that misled users of the services.The authorities and the European Commission met with the companies on Thursday to discuss their proposed changes, and gave them a month to make their final proposals, the European Commission said Friday. If those proposals don't satisfy the authorities, then they could take enforcement action, the Commission said.To read this article in full or to leave a comment, please click here
Ecobee understands your local weather, schedule and desired comfort settings, to ensure your home is at the right temperature at the right time. Control it using your mobile device from anywhere, or using your voice via the Alexa service. Get free monthly reports on how much energy you’ve saved and tips on how you can save even more. Ecobee monitors your heating and cooling systems and alerts you if it senses that something isn’t working properly. Currently the smart WiFi thermostat is discounted 17% off its typical list price, saving you $29. Get the Ecobee3 thermostat on Amazon now for $139.92. To read this article in full or to leave a comment, please click here
Ecobee understands your local weather, schedule and desired comfort settings, to ensure your home is at the right temperature at the right time. Control it using your mobile device from anywhere, or using your voice via the Alexa service. Get free monthly reports on how much energy you’ve saved and tips on how you can save even more. Ecobee monitors your heating and cooling systems and alerts you if it senses that something isn’t working properly. Currently the smart WiFi thermostat is discounted 13% off its typical list price, saving you $22.52. Get the Ecobee3 thermostat on Amazon now for $146.48. To read this article in full or to leave a comment, please click here
There’s no doubt that we’re quickly moving toward a multi-cloud-dominated world. By the end of 2018, over half of enterprise-class businesses will subscribe to more than five different public cloud services.1 The pragmatic reality for the vast majority of enterprises is that their IT, and thus their data and services, will span multiple data centers and computing clouds. This will accelerate fragmentation of data and systems that have to be seamlessly integrated to yield their full potential.Despite the benefits promised by public cloud, most enterprises can’t realistically move all their data off premises for various reasons—because data sets are too large to move in bulk or because of other preventative regulatory, privacy or security requirements, for example. To read this article in full or to leave a comment, please click here
Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.And in both cases Ask Partner Network (APN), which distributes the Ask.com toolbar, told the security vendors who discovered the incidents that it had fixed the problem. The first one was discovered by security vendor Red Canary, and the second was caught by Carbon Black, whose researchers just wrote about it in their company blog.To read this article in full or to leave a comment, please click here
Bluntly put, IT managers move to flash array storage for speedy performance and reliability. But the systems vary widely in many respects and the selection must be matched to the organization's needs. So how do you decide?To read this article in full or to leave a comment, please click here(Insider Story)
New research is turning on its head the idea that legacy systems -- such as Cobol and Fortran -- are more secure because hackers are unfamiliar with the technology.New research found that these outdated systems, which may not be encrypted or even documented, were more susceptible to threats.By analyzing publicly available federal spending and security breach data, the researchers found that a 1% increase in the share of new IT development spending is associated with a 5% decrease in security breaches."In other words, federal agencies that spend more in maintenance of legacy systems experience more frequent security incidents, a result that contradicts a widespread notion that legacy systems are more secure," the paper found. The research paper was written by Min-Seok Pang, an assistant professor of management information systems at Temple University, and Huseyin Tanriverdi, an associate professor in the Information, Risk and Operations Department at the University of Texas at Austin.To read this article in full or to leave a comment, please click here
Some users have reported that one of this week's Windows 10 updates crippled their PCs, according to a thread on Reddit.They fingered the KB4013418 update as the most likely culprit. That update was marked simply as "Update for Windows 10 Version 1607" in Windows Update, and in the accompanying support document, tagged as a "servicing stack update."[ Related: Fix Windows 10 problems with these free Microsoft tools ]
In Microsoft's parlance, a servicing stack consists of the executable file and associated libraries needed to install Windows and its updates.To read this article in full or to leave a comment, please click here
Google Home users got a surprise on Thursday when their virtual assistants cheerily mentioned that the live-action remake of “Beauty and the Beast” is opening in theaters this weekend.The ad seems to pop up when users ask for a rundown of their day, which kicks off the Home’s “My Day” feature. That feature is supposed to offer users information about the weather, their calendars and relevant news. But at the end of the rundown, the Google Assistant offered the following unsolicited tidbit, according to a video posted to Twitter by Bryson Meunier :“By the way, Disney’s live action 'Beauty and The Beast' opens today,” it says. “In this version of the story, Belle is the inventor instead of Maurice. That rings truer, if you ask me. For some more movie fun, ask me something about Belle.”To read this article in full or to leave a comment, please click here
Augmented and virtual reality are catching on, even if it is still early days for both.While some analysts at Strategy Analytics worry there aren't enough engaging 360-degree VR movies and other content on the market, IDC analysts on Thursday said there are plenty of early business-focused rollouts of AR to justify optimism.[ To comment on this story, visit Computerworld's Facebook page. ]
IDC pointed to medical, industrial and marketing applications already in use and predicted a bullish, 10-fold spike for AR and VR headsets by 2021.To read this article in full or to leave a comment, please click here
Employers who once focused on finding software development talent from top universities are now hiring developers who learned the trade from coding bootcamps, junior colleges, and online resources, technical recruiter HackerRank says.To read this article in full or to leave a comment, please click here(Insider Story)
Details matter when developing an incident response (IR) plan. But, even the most successful IR plans can lack critical information, impeding how quickly normal business operations are restored.To read this article in full or to leave a comment, please click here(Insider Story)
At the outset of the Trump presidency, there is considerable uncertainty around what the new administration might mean for tech policy, a deeply complex set of issues that were largely out of view on the campaign trail.As a candidate, Trump did not articulate a tech policy agenda, though he stressed the need for a tougher posture on cybersecurity.[ Related: What to expect from the Trump administration on cybersecurity ]Now in the Oval Office, Trump has a range of areas where he could advance polices that impact the tech sector, from immigration to privacy to curbing regulations on emerging technologies such as drones and health IT applications.To read this article in full or to leave a comment, please click here