Google released a new monthly batch of security patches for Android, fixing a dozen critical vulnerabilities that could allow attackers to compromise devices. One of the mitigated issues is a bit-flipping attack against memory chips that could lead to privilege escalation, but a more widespread rooting vulnerability in the Linux kernel remains unpatched.While Google releases firmware updates for its Nexus and Pixel devices on the first Monday of every month, the security patches are shared with third-party device manufacturers one month in advance and are also contributed later to the Android Open Source Project to benefit the entire ecosystem.To read this article in full or to leave a comment, please click here
Pretty much every large enterprise, at least those that realize the world is kind of in a state of change, is thinking about how to make their organization more agile. They’re also quickly reading Marc Andreessen’s famous Wall Street Journal piece from a few years ago, "Why Software Is Eating The World."Hopefully, they’re then putting these two themes, agility and innovation, through software together and deciding that key to remaining competitive is arming their technology teams with the tools, processes, freedoms and cultures to do good stuff.To read this article in full or to leave a comment, please click here
When the French government quietly announced, in the middle of a holiday weekend, the merging of two files to create a megadatabase holding the biometrics of almost 60 million French citizens, it was clearly hoping to avoid an outcry.
It failed.
Among those lining up to criticize the government's move are its own minister of state for the Digital Sector and Innovation, and the National Digital Council, a body created by the government to provide independent recommendations on all matters relating to the effect of digital technologies on society and the economy.
Minister of State Axelle Lemaire told French journalists the megadatabase used 10-year-old technology and had real security problems.To read this article in full or to leave a comment, please click here
In Minnesota on Sunday, Republican presidential nominee Donald Trump added IBM to the list of companies he criticizes for moving jobs offshore or to Mexico. Trump's line was a one sentence throwaway at the Twin Cities rally, but it may have resonated with this rally crowd.In Rochester, Minn., IBM created a massive operation. In 1956, it broke ground on what would become a 32-building, 3.5-million-square-foot complex that employed 8,100 workers at its peak in 1991. It made punch card systems and later became widely known for its AS/400 system development work.IBM created a stable workforce, and by 1988 was able to point out that the average Rochester employee was 39.5 years old and a 14-year IBM veteran. Nearly 40% of those workers were engineers or programmers, according to IBM's official history.To read this article in full or to leave a comment, please click here
The war against spam has been a long one. Just as we get better filtering, spammers and phishers turn to more sophisticated techniques. We are even seeing ransomware attacks like Cryptolocker and Cryptowall become commonly spread over email. There must be a technical way to stop some of this, right?Getting DKIM set up with Microsoft Exchange ServerTo read this article in full or to leave a comment, please click here(Insider Story)
A political backlash is growing over a plan by the University of California, San Francisco, to shift IT jobs overseas. The school is hiring an India-based IT services contractor, and IT workers are expecting to train their foreign replacements.Several lawmakers have written letters questioning the university's plan, including Sen. Charles Grassley (R-Iowa), chairman of the Senate Judiciary Committee, which oversees immigration."It is clear that the University is seeking to replace American workers with lower-cost foreign workers abroad and potentially also in the United States," wrote Grassley, in a letter to Janet Napolitano, the president of the University of California system. The letter, which was sent in late September, has not been made public, but a copy was obtained by Computerworld.To read this article in full or to leave a comment, please click here
Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.Machine learning, and artificial intelligence, has been getting a lot of attention lately and there's a lot of justified excitement about the technology.One of the side effects is that pretty much everything is now being relabeled as "machine learning," making the term extremely difficult to pin down. Just as the word "cloud" has come to mean pretty much anything that happens online, so "artificial intelligence" is rapidly moving to the point where almost anything involving a computer is getting that label slapped on it.To read this article in full or to leave a comment, please click here
A new approachImage by ThinkstockVulnerability assessment and identification strategies have evolved to include the concept of crowd sourced security testing through bug bounty programs. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. The bug bounty path, paved by tech giants, is widening, enabling security teams of all sizes to create and manage robust security assessment programs, get ahead of adversaries, and level the cybersecurity playing field. As we are clearly still in the early- to mid-adopter phase of this new market, Paul Ross, senior vice preside of marketing at Bugcrowd, breaks down how to get started with a bug bounty program, and how to prepare your organization for this new approach to vulnerability testing.To read this article in full or to leave a comment, please click here
Much of the early Black Friday 2016 gaming buzz centers around virtual reality systems and big cuts to Xbox One bundles, but Nintendo this week has grabbed headlines with this holiday blockbuster: slashing the price of its New Nintendo 3DS video game system to $100 (okay, $99.99) starting on Nov. 25.Typically, the Nintendo 3DS sells for about $150 and the 3DS.XL for $200. The special $100 price isn't that much more than for the inferior Nintendo 2DS console, which costs about $80. The original Nintendo 3DS, a portable gaming system that provides 3D-like effects without you needing to don dorky glasses, debuted in 2011 for $250, though the price quickly dropped closer to $170.To read this article in full or to leave a comment, please click here
Following years of higher-than-usual unemployment, hiring has been increasing. In fact, in 2015, the U.S. had as many open jobs as it did in 2001—a staggering 5 million.While the number of openings might sound promising, in reality, top talent remains scarce, and organizations are once again finding themselves battling it out for the best people. In no function is this more apparent than IT—where over half a million of those 5 million open jobs are and a demand that continues to increase.+ Also on Network World: IT hiring: 4 things you're doing wrong (and how to fix them) +
Data from the U.S. Bureau of Labor Statistics indicates that 1.3 million IT and cybersecurity jobs will have to be filled by 2022. Many of the open jobs are for roles that didn’t exist a decade ago, such as cloud integration specialists and mobile application developers. And we can’t keep pace. According to data from the U.S. Bureau of Labor Statistics, by 2020 there will be 1 million more IT jobs than computer science students in the U.S.To read this article in full or to leave a comment, please click here
If you were the World Chess Champion and you were about to defend your title in a 12-round match against a Russian grandmaster, should you be worried about being hacked? Apparently so, since current World Chess Champion Magus Carlsen has asked Microsoft to protect him from attacks by Russian hackers.It’s not like Carlsen, who became a grandmaster at age 13, practices by playing against a computer. In fact, grandmaster and author Andrew Soltis told NPR that “Carlsen won't even play his computer. He uses it to train, to recommend moves for future competition. But he won't play it, because he just loses all the time and there's nothing more depressing than losing without even being in the game.”To read this article in full or to leave a comment, please click here
I often find myself hacking away at web sites and today I have a couple of tools to share that have made my life easier. Well, slightly easier.The first is a neat set of CSS libraries I discovered on W3 Schools. These libraries define commonly used color values for things like safety standards, highway signs, army camouflage colors, and so on. The libraries can be linked to your Web pages by referencing them directly:<link rel="stylesheet" href=“http://www.w3schools.com/lib/w3-colors-highway.css">To read this article in full or to leave a comment, please click here
In my last post I discussed implementing Amazon’s Alexa Voice Service on a Raspberry Pi but you can also do the same on other platforms; witness AVS driving a hacked Big Mouth Billy Bass:
Created by Brian Kane, a a teacher at Rhode Island School of Design, this is a wonderful rethink of a 20-year old, hideous … what could you call it? Toy? Thing? Conversation piece? Built on an Arduino, Kane’s Big Mouth Alexa Bass (my name, not Brian’s) is a work of genius.To read this article in full or to leave a comment, please click here
Every geek worth his nerdiness has wanted to be able to converse with their computer since we saw Star Trek's Data talk to the Enterprise's computer back in the 1960s. For most of the time since then, having a real conversation with a computer has seemed something that was really, really far away. Recently, it's got a lot closer ...Just over a year ago I reviewed Amazon’s Echo which I judged to be amazing and I still think it's amazing although even though the technology is still in its early days. The problem is that the Echo isn't really conversational as it's limited to a basic request-response model (though its occasional weird weird non-sequiturs are hysterical and TV ads from Amazon of course get hilarious responses). That said, the Echo, which uses the Alexa Voice Service, remains a compelling, useful product and since I wrote about it, Alexa’s abilities have grown rapidly. Alexa now understands a much greater range of ways to make a request, can deliver information on a wider range of topics, and has an API that has matured and expanded impressively. Here's how the Echo works: On the backend, there’s the Alexa Skills Kit (ASK) which is: Continue reading
Owners of WeMo home automation devices should upgrade them to the latest firmware version, which was released this week to fix a critical vulnerability that could allow hackers to fully compromise them.The vulnerability was discovered by researchers from security firm Invincea in the Belkin WeMo Switch, a smart plug that allows users to remotely turn their electronics on or off by using their smartphones. They confirmed the same flaw in a WeMo-enabled smart slow cooker from Crock-Pot, and they think it's probably present in other WeMo products, too.WeMo devices like the WeMo Switch can be controlled via a smartphone app that communicates with them over a local Wi-Fi network or over the Internet through a cloud service run by Belkin, the creator of the WeMo home automation platform.To read this article in full or to leave a comment, please click here
When the two major presidential candidates haven’t been focused on each other’s personal behavior or legal imbroglios, they’ve tended to discuss a few major issues such as health care, immigration reform, or battling terrorism. Yes, these are critical topics but what about cybersecurity? After all, this very campaign has featured nation state hacking, email theft, and embarrassing email disclosures from egomaniac Julian Assange and WikiLeaks. Alas, each candidate has been relatively silent about cybersecurity threats, national vulnerabilities, or what they plan to do to bridge this gap. Secretary Clinton’s policies look a lot like President Obama’s Cybersecurity National Action Plan (CNAP) but add a national security component due to her personal experience with state sponsored hacks of the DNC and John Podesta. Donald Trump seemed completely ignorant about cybersecurity issues (remember “the cyber” comments and his rant about his 10-year-old son’s computer skills?), but has since come up with some pedestrian cybersecurity policy objectives. To read this article in full or to leave a comment, please click here
The hacker who claims to have breached the Democratic National Committee isn't done trying to influence this year's election. On Friday, Guccifer 2.0 warned that Democrats might try to rig the vote next Tuesday.Guccifer 2.0 wrote the statement in a new blog post as U.S. federal agencies are reportedly bracing for cyber attacks on election day.The U.S. has already blamed Russia for allegedly meddling with the upcoming election by hacking into political targets, including the DNC, and then leaking the sensitive documents to the public.To read this article in full or to leave a comment, please click here
Echo Dot is a hands-free, voice-controlled device that uses Alexa to play & control music (either on its own, or through a connected speaker/receiver), control smart home devices, provide information, read the news, set alarms, and more. If you’re looking to buy them as gifts, or for different homes or rooms, Amazon will throw in a free one ($50 value) when you buy 5, or two free ones when you buy 10 (a $100 value). To take advantage of this limited time offer, select 6 or 12 in the quantity dropdown and add to your Shopping Cart. Enter promo code DOT6PACK or DOT12PACK at checkout where you will see the discount applied. The new Amazon Echo Dot comes in black, and now also white. See the new Amazon Echo Dot now on Amazon.To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.In the quest for securing the cloud, one key aspect is often left out of the discussion: the security impact of the cloud endpoint – most notably the imperiled browser.As enterprises and individuals increasingly move computing to the cloud, security at the endpoint has been an escalating concern. Taking matters into their own hands, many enterprise consumers are going “direct to cloud” – avoiding enterprise IT practices that would otherwise protect endpoints, connectivity and data. Meanwhile, IT executives that once viewed cloud-based shared computing and storage infrastructure as their least trustworthy option now see the cloud as the safest choice.To read this article in full or to leave a comment, please click here