As the U.S. heads toward an especially contentious national election in November, 15 states are still clinging to outdated electronic voting machines that don't support paper printouts used to audit their internal vote counts.
E-voting machines without attached printers are still being used in a handful of presidential swing states, leading some voting security advocates to worry about the potential of a hacked election.
Some makers of e-voting machines, often called direct-recording electronic machines or DREs, are now focusing on other sorts of voting technology, including optical scanners. They seem reluctant to talk about DREs; three major DRE vendors didn't respond to questions about security.To read this article in full or to leave a comment, please click here
Cybersecurity has always been a horizontal technology practice that’s roughly the same across all industry sectors. Yes, some industries have different regulations, use cases or business processes that demand specific security controls, but overall every company needs things like firewalls, IDS/IPS, threat management gateways and antivirus software regardless.Generic security requirements will remain forever, but I see a burgeoning trend transforming cybersecurity from a set of horizontal technologies to a vertical industry application. These drivers include:
Increasing business focus on cybersecurity. While it sounds like industry hype, cybersecurity has actually become a boardroom issue and corporate boards understand industry-specific risks much better than technology gibberish about malware and exploits. To accommodate these corporate executives, CISOs will need communications skills, as well as tools and technologies that help translate cybersecurity data into meaningful industry and corporate risk intelligence that can drive investment and decision making. Security intelligence vendors like BitSight and SecurityScorecard are already exploiting this need, offering industry-centric cybersecurity metrics for business use.
CISO progression. The present generation of CISOs grew up through the ranks of IT and security with career development responsibilities such as network operations and firewall administration. Yes, the next generation of CISOs will still need some Continue reading
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
There's a powerful new generation of security operations (SecOps) tools coming to market designed to help SecOps teams find and react to threats much quicker than before. The best of these tools also enable security analysts to proactively hunt for threats that might be present in their enterprise environment.
These tools bring data together from disparate sources and begin to connect the dots so analysts can dive right into the investigation without having to search for relevant data points. The products tend to eliminate the manual work of sifting through logs, finding all the relevant data, and trying to find correlations among the events.To read this article in full or to leave a comment, please click here
15% off Google OnHub AC1900 Wireless Wi-Fi RouterThe OnHub AC1900 wireless router from Google and TP-LINK is designed to make even the more complicated home networks run fast and efficiently. It supports over 100 devices at one time, providing speeds of up to 1900mbps. It's unique circular design with 13 antennas provides up to 2,500 square feet of reliable coverage. Streaming a movie or downloading large files? OnHub lets you manage speeds to specific devices or give a boost where/when needed. The On App lets you manage, prioritize and troubleshoot right from your device, at home or away. OnHub currently averages 4.5 out of 5 stars on Amazon from over 500 people (read reviews). It's typical list price of $199.99 has been reduced 15% to $169.99. See the discounted Google OnHub AC1900 wireless router now on Amazon.To read this article in full or to leave a comment, please click here
How far should a leader seek to change public opinion, to get out in front rather than follow? Lincoln famously said, “Public sentiment is everything,” but the quote concludes with, “He who moulds public sentiment… makes decisions possible.” It’s an enduring debate in the hinterland of academia where engineers seldom tread.But standards can be like that. They often package basic, universal features with more decorative additions that offer transformational improvements but are of minority interest. There’s a risk that the burden of implementing these additional features will deter some vendors, and they may shun the standard altogether. If too many follow this course, the standard will fail in the market. To read this article in full or to leave a comment, please click here
Fraud is a $1 trillion annual problem worldwide. With rapid growth in ecommerce and online banking over the past decade, fraudsters are increasingly shifting to using computers and smartphones to commit fraud. One technology that helps companies and governments spot fraud—and sometimes stop it before it starts —is device fingerprinting.
Device fingerprinting works by uniquely identifying computers, tablets and mobile phones based on various attributes (e.g., browser version, screen dimensions, list of installed fonts, etc.). So, if a fraudster were to commit fraud using a particular mobile phone and was caught and that phone was fingerprinted, it would be difficult for that fraudster to commit another transaction from the same device. However, the fingerprint changes every time a user makes a device update. It’s therefore incredibly easy to fake a new device fingerprint.To read this article in full or to leave a comment, please click here
Artificial intelligence (AI) technologies are already proliferating in the enterprise. However, many business leaders don't realize they're leveraging technologies that rely on AI, according to a new study by natural language generation (NLG) specialist Narrative Science. Despite the confusion, adoption is imminent.
Stuart Frankel, CEO and co-founder of Narrative Science.
"AI has been around for a long time," says Stuart Frankel, CEO and co-founder of Narrative Science. "While it is super-hot and very buzzy today, there are still some success stories of AI that we just don't consider AI anymore. We use it every day and we're used to it. I think that's a natural progression. Once that esoteric technology that's sort of hard to explain gets wide adoption, it's no longer AI anymore."To read this article in full or to leave a comment, please click here
Earlier this year, Cisco’s Talos division reported significant image-processing bugs to Apple, one of which could allow attackers to inject malware or remotely execute code via “iMessages, malicious webpages, MMS messages, or other malicious file attachments opened by any application.” These flaws were patched in Apple’s current operating systems in its July 18 update. Some media outlets immediately dubbed this Apple’s “Stagefright,” referring to a severe Android flaw discovered a year ago that could access or hijack an Android phone via an MMS message. But the details don’t support this level of concern, despite the seeming severity of the flaws.To read this article in full or to leave a comment, please click here
In a survey, cloud security broker vendor CipherCloud found that 86 percent of cloud applications used at workplaces are unsanctioned. That's a pretty big percentage. Obviously, the security vendors have an incentive to raise such fears about shadow IT, so take this claim with much salt. However, the issue merits attention.I don't see shadow IT as that big of deal. Moreover, I believe that CIOs can embrace, rather than fight, the rise of shadow IT for their own benefit. How?[ Download InfoWorld's quick guide and get started with Azure Mobile Services for building apps today. | Stay up on the cloud with InfoWorld's Cloud Computing newsletter. ]
There are three benefits to the CIO from departments' shadow cloud use.To read this article in full or to leave a comment, please click here
Mozilla yesterday said it will follow other browser markers by curtailing use of Flash in Firefox next month.
The open-source developer added that in 2017 it will dramatically expand the anti-Flash restrictions: Firefox will require users to explicitly approve the use of Flash for any reason by any website.
As have its rivals, Mozilla cast the limitations (this year) and elimination (next year) as victories for Firefox users, citing improved security, longer battery life on laptops and faster web page rendering.
"Starting in August, Firefox will block certain Flash content that is not essential to the user experience, while continuing to support legacy Flash content," wrote Benjamin Smedberg, the manager of Firefox quality engineering, in a post to a company blog.To read this article in full or to leave a comment, please click here
Japan Airlines (JAL) has developed new training applications for engine mechanics and flight crew trainees using the Microsoft HoloLens virtual reality headset.
Instead of using videos and printouts of cockpit panel instruments and switches, the flight crews will experience what it is like to be inside the cockpit. And engine mechanics can study and be trained as if they were working on the actual engine or cockpit instead of reading about it in manuals.
This is not JAL's first experience with a visual headset. It employed Google Glass, that much-maligned failed project from Google, at the Honolulu Airport to perform plane inspections and send and receive information to ground crews regarding passengers and baggage.To read this article in full or to leave a comment, please click here
It turns out that a couple of purchases on iTunes helped to bring down the mastermind behind KickassTorrents, one of the most popular websites for illegal file sharing.
Apple and Facebook were among the companies that handed over data to the U.S. in its investigation of 30-year-old Artem Vaulin, the alleged owner of the torrent directory service. Vaulin was arrested in Poland on Wednesday, and U.S. authorities seized seven of the site’s domains, all of which are now offline.
KickassTorrents was accused of enabling digital piracy for years, and investigators said it was the 69th most visited website on the entire Internet. It offered a list of torrent files for downloading bootleg movies, music, computer games and more, even as governments across the world tried to shut it down.To read this article in full or to leave a comment, please click here
In 1998, Congress raised the H-1B cap and then set some controversial H-1B visa rules. It prohibited the largest users of H-1B visa -- firms employing 15% or more visa workers -- from displacing U.S. workers. They also are required to make a "good faith" effort to recruit a U.S. worker for a position.
Congress then inserted a massive loophole.
U.S. workers can be displaced by H-1B-dependent employers -- such as IT outsourcing firms -- provided the visa holder has a master's degree or the company pays visa workers at least $60,000. This salary level has not changed in 18 years.
Rep. Darrell Issa, (R-Calif.)To read this article in full or to leave a comment, please click here
Ants figure out details related to the size of their colonies by bumping into fellow ants while they randomly explore. But the ants don’t have to traverse the entire colony to know how many fellow ants they’re living with. The insects can figure it out through the number of nearby encounters they have.Ad hoc wireless networks could use the same technique, say scientists from MIT. Just like ants learning about population densities help the creatures decide communally whether they need to build a new nest or not, the same could be true for sensors strewn around IoT environments.+ Also on Network World: Using IoT-enabled microscopes to fight epidemic outbreaks +To read this article in full or to leave a comment, please click here
A spear phishing tool to automate the creation of phony tweets - complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX.
Called SNAP_R (for social network automated phisher with reconnaissance), the tool runs through a target Twitter account to gather data on what topics seem to interest the subscriber. Then it writes a tweet loaded up with a link to a site containing malware and sends it.
More on Network World: FBI needs to beef-up high-tech cyber threat evaluations says DoJ Inspector General+To read this article in full or to leave a comment, please click here
An urgent call to 911 from the front desk of an Anchorage, Alaska, hotel was routed to Ontario. Local police authorities blamed it on VoIP telephony services.While VoIP does play a role in the issue, the core problem stems from improper provisioning of the phone service and is something that has happened before, when calls to 911 were routed to Northern 911, an Ontario company.This specialized, privately operated 911 center functions as a "PSAP of last resort," taking calls meant for 911 that otherwise cannot be routed correctly, intercepting them manually. After determining the location of the incident, calls are then extended over trunks to administrative lines.To read this article in full or to leave a comment, please click here
Hewlett Packard Enterprise plans to refresh its Itanium server range around the middle of next year, employing Intel's long-promised "Kittson" successor to the current Itanium 9500 series ("Poulson") chips.News of the server update plans comes from Ken Surplice, category manager for mission-critical solutions at HPE's EMEA server division.Surplice told Dutch website Computable that the company is on schedule to refresh its Integrity servers for HP-UX and OpenVMS with Intel's upcoming Kittson Itanium processors in 2017, and that the servers should be with customers mid-year.To read this article in full or to leave a comment, please click here
Experts say spectrum pilfering is going to become a major industrial problem as software-defined radio becomes more prevalent. Software-defined radio allows frequencies and bands to be simply altered in a device through coding rather than via expensive hardware changes.Locating and detecting thieves who are looting bandwidth on radio spectrum could become easier, however, once a crowdsourcing project gets going.+ Also on Network World: Auto thieves adopting cybercrime-like tactics +To read this article in full or to leave a comment, please click here
I was talking about security with a good friend of mine who runs a software development company. He’s a really smart, technology-savvy guy but his take on encryption wasn’t positive. While he completely understands the need, he hates encryption (and security in general) because he says it always gets in the way when he’s trying to get work done. In this respect, I don’t think he’s that different from most people in the high tech world or, indeed, in the business world in general. This general dislike of encryption is because encryption doesn’t seem valuable when it’s a virtual speed bump in the road to getting stuff done and its benefits, despite the huge increase in breaches and hacking, are hard to quantify. So, with the exception of the paranoid and security geeks, encryption has traditionally been seen as a belt added to the braces of other simpler and therefore more tolerable security measures.To read this article in full or to leave a comment, please click here
Tablets and laptops with Intel's 7th Generation Core chips code-named Kaby Lake should become available in the coming months.Intel is shipping Kaby Lake chips to PC makers now, CEO Brian Krzanich during Intel's earnings call Wednesday. Systems with new processors usually become available a few months after Intel delivers the chips.Kaby Lake will succeed current Core processors named Skylake. The new chip has the underpinnings of Skylake and won't necessarily be smaller in size, but it'll provide speed improvements over its predecessor, Krzanich said.That raises a question: should you wait a few months for Kaby Lake instead of upgrading to a Skylake PC now? Experts generally say you should buy a PC as and when you need it rather than wait for the next improvement to come along.To read this article in full or to leave a comment, please click here