How to handle toxic coworkersImage by ThinkstockThey slow you down, irritate you and sometimes they're just plain useless. You know who they are -- those toxic team members who never seem to actually contribute anything to projects or to your work environment but who have an uncanny ability to stay employed and come out of every situation smelling like the proverbial rose.
"While 75 percent of employers rate team work and collaboration as "very important," most employees hate working together in teams because there's inevitably at least one person who make the experience horrible. It may not be deliberate; it may be that these folks are brilliant but just lack social skills. Whatever the case, it's detrimental to the rest of the team and the company," according to Alexander Maasik, communications specialist with workplace productivity solutions company Weekdone. Here, Maasik offers the five most common enemies of teamwork, and the best way to handle them as a leader or as a co-worker.
1. False promises Image by ThinkstockTo read this article in full or to leave a comment, please click here
Pay up?Image by Flickr/Nick O’NeilIn the 2016 Executive Application & Network Security Survey, among those who have not experienced a ransom situation, the majority say they would not pay a ransom. But among the few who have experienced a ransom attack, more than half in the U.S. did not pay. One respondent indicated that paying did not guarantee that the attacker would do their part.To read this article in full or to leave a comment, please click here
The U.S. Environmental Protection Agency's new chief data scientist likens the adoption of big data analytics at the agency to the early adoption of the iPhone in 2007. Those early adopters "didn't know exactly what it was, but they wanted to use it because they perceived the value," says Robin Thottungal.To read this article in full or to leave a comment, please click here(Insider Story)
For more than 90 years, Pitney Bowes has been helping its customers conduct physical and digital commerce worldwide. In this keynote session at the recent IT Roadmap event in New York, James Fairweather, SVP of Technology and E-commerce, talks about his company’s investment in a digital infrastructure. This change moved across clouds, APIs, data, mobility and collaboration, as well as how they created a “culture of innovation” with developers and designers.To read this article in full or to leave a comment, please click here(Insider Story)
Delta said Monday morning that its flights awaiting departure were delayed because of a widespread computer outage.The airline did not provide details of the computer outage or of the number of flights affected, but said in a statement on its website that the problem had affected flights scheduled for the morning.The extent of the problem appeared to be global because the airline wrote in a number of tweets that “our systems are down everywhere.” “Flights enroute are operating normally. Delta is advising travelers to check the status of their flights this morning while the issue is being addressed,” the airline said in a brief statement.To read this article in full or to leave a comment, please click here
According to analysts from Gartner and elsewhere, every enterprise with a significant cloud presence needs a cloud access security broker to protect cloud-based data. CASB products can sit either on-premises or live in the cloud, but they all have the same basic function – providing a secure gateway for data traveling to and from the cloud, particularly with respect to SaaS applications and common cloud storage services like Box or Dropbox.To read this article in full or to leave a comment, please click here(Insider Story)
Cloud Access Security Brokers are products that can be described as firewall plus identity management plus anti-malware plus DLP plus encryption control/implementation plus threat management.CASB products have becoming increasingly important as enterprises look to extend their on-premises security policies to their cloud-based assets. We looked at three products -- CipherCloud, Bitglass, and Netskope. Each one takes a different, yet ingenious, approach to the task of stopping unauthorized, inappropriate, or uncontrolled cloud asset access and manipulation.+ MORE ON CASB: What is a cloud access security broker (CASB) and why do I need one? +To read this article in full or to leave a comment, please click here
Bitfinex, the digital currency exchange in Hong Kong that reported a bitcoin theft last week, has decided to shave a little over 36 percent from its customers' accounts and assets to make up for losses from the hack.“Upon logging into the platform, customers will see that they have experienced a generalized loss percentage of 36.067%,” Bitfinex said in a blog post Saturday. It promised an announcement later on the details of the methodology used to arrive at the losses."This is the closest approximation to what would happen in a liquidation context," Bitfinex wrote. Customers will be issued a token labeled BFX to record their losses, though the exchange is still not clear about how it will compensate them.To read this article in full or to leave a comment, please click here
The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here
The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here
Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.To read this article in full or to leave a comment, please click here
Don’t believe everything you see. It turns out even your computer monitor can be hacked.On Friday, researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.To read this article in full or to leave a comment, please click here
A group of privacy advocates and internet providers has filed a new challenge to the U.K. government's use of bulk hacking abroad.
U.K.-based Privacy International and five internet and communications providers aim to "bring the government's hacking under the rule of law," they said in a case lodged Friday with the European Court of Human Rights.
Their application challenges the U.K. Investigatory Powers Tribunal's (IPT's) February refusal to rule on whether hacking efforts outside the U.K. by the GCHQ British intelligence service comply with the European Convention on Human Rights. That decision was part of a case brought by Privacy International against GCHQ back in 2014, and it effectively meant that the U.K. government could lawfully conduct bulk hacking of computers, mobile devices, and networks located anywhere outside of the UK, the group said.To read this article in full or to leave a comment, please click here
Giant refrigerator-sized supercomputers battled each other on Thursday in a virtual contest to show that machines can find software vulnerabilities.
The result: the supercomputers time and time again detected simulated flaws in software.
It represents a technological achievement in vulnerability detection, at a time when it can take human researchers on an average a year to find software flaws. The hope is that computers can do a better job and perhaps detect and patch the flaws within months, weeks or even days.
Thursday’s contest, called the Cyber Grand Challenge, was a step in that direction. The final round of the competition pitted computers from seven teams to play the hacking game “Capture the Flag,” which revolves around detecting software vulnerabilities.To read this article in full or to leave a comment, please click here
Stop right thereAttendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by.BeerAlways a favorite, Kaspersky doles out cases of it during the opening conference reception.To read this article in full or to leave a comment, please click here
F5 Networks held its annual industry analyst conference this week within its user conference, Agility in Chicago. One of the main messages F5 tried to get across to its customer base is that it’s time to rethink security.I agree with that thesis wholeheartedly, and it is consistent with many of the posts I have written in the past year, including one I wrote about defining the new rules of security in a digital world.+ Also on Network World: Review: 5 application security testing tools compared +To read this article in full or to leave a comment, please click here
Marc Tarabella wants to swipe left on Tinder's privacy policy.The company's terms of use breach European Union privacy laws, according to Tarabella, a member of the European Parliament.Tarabella particularly dislikes the way the company gives itself the right to swipe the personal information and photos of its users, and to continue using it even if they deactivate their accounts.It's not just Tinder: Tarabella is also unhappy about how much personal information Runkeeper keeps about runners' movements, even when the app is inactive. He has the same concerns about Happn, a sort of missed-connections dating service.The lawmaker wants the European Commission to root out abusive clauses in the terms of use of a number of mobile apps, and to penalize their developers.To read this article in full or to leave a comment, please click here
The country needs a federal agency akin to the National Institutes of Health in order to fix the problems with the internet, keynoter Dan Kaminsky yesterday told a record crowd of more than 6,400 at Black Hat 2016.Private companies are dealing with the security problems they face without sharing the solutions or pushing for the underlying engineering changes that are needed to make the internet more secure, says Kaminsky, who famously discovered a serious vulnerability in DNS, which underpins the internet.The solution is a central agency to address those engineering challenges. He says all the money that is spent piecemeal on battling security needs to be channeled to this agency so it has the resources and bureaucratic bulk to escape being derailed by transient public officeholders whose policies can change dramatically and quickly.To read this article in full or to leave a comment, please click here
Over the years, developers have been dogged by a reputation for placing security as an afterthought. Get a slick, full-featured experience up and running fast, and figure out how to deal with whatever holes crop up once QA gets its hands on the code.Organizations may have had a significant hand in fostering developers' laissez-faire attitude toward security by siloing teams in separate domains and giving development, QA, ops, and security operations isolated opportunities to levy their expertise on the code.[ Learn how to be a more security-minded developer with our 17 security tips for developers. | Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
But with security and privacy increasingly top of mind among users and with companies moving more toward a devops approach to software development, developers need to shed that reputation and consider security concerns as an integral part of the development process.To read this article in full or to leave a comment, please click here
Microsoft has released .Net Framework 4.6.2, tightening security in multiple areas, including the BCL (Base Class Library). The new version also makes improvements to the SQL client, Windows Communication Foundation, the CLR (Common Language Runtime), and the ASP.Net web framework.The security focus in the BCL impacts PKI capabilities, and X.509 certificates now support the FIPS 186-3 digital signature algorithm. "This support enables X.509 certificates with keys that exceed 1024-bit," Microsoft's Stacey Haffner said. "It also enables computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512)."To read this article in full or to leave a comment, please click here