SAN FRANCISCO -- In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter.To read this article in full or to leave a comment, please click here(Insider Story)
Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of US$250 million because of the data breaches.To read this article in full or to leave a comment, please click here
The open compute project (OCP) means you can get the designs that Microsoft, Facebook and (to a lesser extent) Google use for their data centers. The goal is to get original design manufacturers (ODMs) to build them for you rather than buying standard servers and switches from original equipment manufacturers (OEMs).To read this article in full or to leave a comment, please click here(Insider Story)
Facebook’s Boston-area outpost is in Cambridge, close to MIT – they’ve just expanded from a smaller site and annexed a whole floor of a well-kept office building near Kendall Square Station. The first thing you see when you get off the elevator is a floor-to-ceiling pattern of blue lines that are meant to spell out the words “Ship Love” (Facebook’s unofficial motto) in binary.It’s an airy, open-plan space, like many major tech company offices, with exposed concrete and pipes here and there, along with original art on the walls and the requisite amusements – in this case, a couple of Oculus Rifts, some musical instruments and a foosball table.+ALSO ON NETWORK WORLD: 6 Internet of Things companies to watch + Munich's great Linux desktop initiative may endTo read this article in full or to leave a comment, please click here
India’s space agency said today it had launched 104 satellites from a single rocket, crushing the previous record of 37 satellites from a single rocket by the Russian space agency in 2014.The rocket – India’s Polar Satellite Launch Vehicle (PSLV), also known as Cartosat-2 –is a four-stage rocket that India has used for a variety of missions since 1993. This was its 39th flight.+More on Network World: Small satellites bring “Moore’s Law” into space+To read this article in full or to leave a comment, please click here
Gamalon is a Cambridge, MA-based startup that has received $7.7 million from DARPA to create an advanced machine learning and artificial intelligence platform that the company says is more time and computationally efficient than others on the market.Gamalon uses a new type of machine learning it has developed named Bayesian Program Synthesis, which the company says can accelerate machine learning by more than 100X. The basis of the BPS system is that it uses probability statistics to determine potential connections among the data. By doing so, it drastically reduces the amount of data that it needs to conduct artificial intelligence tasks, the company says.To read this article in full or to leave a comment, please click here
Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.To read this article in full or to leave a comment, please click here
U.S. Attorney General Jeff Sessions’ call for a way to “overcome” cryptography met with scorn from a panel of elite cryptographers speaking at this week’s RSA Conference 2017 in San Francisco.“Any one of my students will be capable of writing good crypto code,” says Adi Shamir, the ‘S’ in RSA and a professor at the Weizmann Institute in Israel.Sessions’ use of the term “overcome” during his confirmation hearings actually means installing backdoors, says Ronald Rivest, the ‘R’ in RSA and a professor at MIT. He cited a joint Congressional study that concluded that weakening encryption works against the national interest, and that encryption is global anyway -- so the U.S. can’t call all the shots.To read this article in full or to leave a comment, please click here
My clients have started asking questions about a new industry catch phrase that they've started to hear coming from suppliers of cloud-based computing services. The phrase is "serverless" computing. They've also run into a related phrase, "Function as a Service." Is this really a new idea or a new implementation of an older one?In short, there is little new under the sun in the world of IT and this can be seen as yet another take at supporting a microservice in the context of a cloud computing service.To read this article in full or to leave a comment, please click here
As you may have guessed from my blogs, I was really excited about the year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. To read this article in full or to leave a comment, please click here
Advanced endpoint security products don’t do you much good if they can be evaded or eat your time by consistently throw false positives. Since enterprises are expected to defend against sophisticated threats and money in the security budget only goes so far, you might be interested in the results from NSS Labs’ testing of 13 security vendors AEP solutions. The results were released during the RSA conference.According to NSS Labs’ CEO Vikram Phatak, “The AEP test results provide vendor neutral insight and analysis to help enterprises accelerate their decision process and make informed decisions about when to deploy these products to manage their risk posture.”To read this article in full or to leave a comment, please click here
Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.To read this article in full or to leave a comment, please click here
As tens of thousands of the world’s top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,” he says.He calls this corruption “data landmines,” which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here
The home security camera market has taken a big hit in recent months, becoming the poster child for “bad security behavior” when people talk about the security (or lack thereof) of Internet of Things. Last year’s highly publicized DDoS attack on Dyn highlighted insecure cameras being used as part of a botnet; vulnerabilities were also found in Chinese-based security cameras and at least one Samsung SmartCam product. In the U.S., the FTC filed a complaint against D-Link over claims that their webcams were “secure”.To read this article in full or to leave a comment, please click here
The AARP, a nonprofit organization that advocates for Americans over 50 years of age, has launched its search for nominees for its Innovation Champion Awards to recognize providers of technology-powered products and services that focus on caregivers.Submissions will be accepted in six categories: daily essential activities; caregiver quality of life; health and safety awareness; care coordination; social well-being; and transition support. AARP judges will select five finalists in each category, then invite the public to select winners. MORE: Cisco names winners of Innovate Everywhere ChallengeTo read this article in full or to leave a comment, please click here
Whether you are Kayaking, Beaching, Rafting, Boating, Hiking, Camping or Fishing, Earth Pak believes they have created the best dry bag on the market for any adventure. Toss in your gear, roll it down, and don't be afraid to toss this bag around. It's designed to last for years and will keep your phone, gadgets and gear dry and protected. It comes in 10L, 20L and 30L size, and all models feature 24-42 inch adjustable shoulder straps. Included is Earth Pak's IPX8 certified waterproof phone case that can fit even the largest phones, with simple snap and lock access and clear windows that allow for picture taking without removing from the case. This bag is currently discounted 47% from $45 down to just $24, and averages 5 out of 5 stars from over 1,500 customers (91% rates a full 5 stars -- read all recent reviews here). To read this article in full or to leave a comment, please click here
For IT leaders, it's a bit of déja vú: for the fifth straight year, the Tech Hiring and Retention Survey from executive search and technology firm Harris Allied shows that management's top concern is finding and hiring elite tech talent.To read this article in full or to leave a comment, please click here(Insider Story)
Google has been trying for years to get businesses to abandon Microsoft Office in favor of what it now calls G Suite, the collaboration-oriented trio of Google Docs, Sheets, and Slides, plus companion apps Gmail and Drive. Microsoft has long been the productivity standard-bearer, with Word, Excel, and PowerPoint, supplemented by Outlook and most recently OneDrive.Office 365 vs. G Suite: DocumentsOffice 365 vs. G Suite: SpreadsheetsOffice 365 vs. G Suite: PresentationsTo read this article in full or to leave a comment, please click here(Insider Story)
This should be the year your organization looks to dump its consumer file-sharing software. Don't get me wrong -- many of those services are great for individuals, but they're not really suitable for enterprises. There are other products, however, that offer the file sync that Dropbox and Box and others do so well and so seamlessly, while also providing enterprise-level controls around access, encryption, identity, and more.To read this article in full or to leave a comment, please click here(Insider Story)
Unlimited data plans, like the one announced this week by Verizon, are mostly irrelevant to large businesses that negotiate lower prices with carriers for large pools of data, voice and text for hundreds of workers.But smaller businesses -- say, those with fewer than 50 workers -- could benefit from an unlimited plan, especially if they don't have an assigned telecom manager who manages wireless contracts."Smaller organizations that don't have the staff or capacity to manage their mobility budgets could benefit" from an unlimited plan, said Michael Nziolek, vice president of strategic consulting at Tangoe, a telecom expense management consultancy.To read this article in full or to leave a comment, please click here